K...here we go...
Deckard's System Scanner v20071014.68
Run by NORT on 2008-02-05 17:28:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 4 Restore Point(s) --
4: 2008-02-06 01:28:53 UTC - RP6 - Deckard's System Scanner Restore Point
3: 2008-02-05 18:44:05 UTC - RP5 - ComboFix created restore point
2: 2008-02-05 17:43:59 UTC - RP4 - geeks to go
1: 2008-02-05 17:42:39 UTC - RP3 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as NORT.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30, on 2008-02-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\CDProxyServ.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\iolo\System Mechanic Professional 7\IoloSGCtrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Zune\ZuneNss.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe
C:\Documents and Settings\NORT\Desktop\dss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\HIJACK~1\NORT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://my.msn.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://my.msn.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {40ACE2A2-1BF0-48BB-A31B-8A05B83EB2EC} - C:\WINDOWS\system32\vtsqp.dll (file missing)
O2 - BHO: (no name) - {43659DCC-5A02-0CFE-0216-5E00B9BC8EE9} - C:\WINDOWS\system32\flccnim.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {98663E21-9CCE-4CF6-863C-911A9523A66F} - C:\WINDOWS\system32\nnnkllm.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\zwggodaj.dll (file missing)
O2 - BHO: {c2932369-d29c-ca8b-5b74-f191df5e153f} - {f351e5fd-191f-47b5-b8ac-c92d9632392c} - C:\WINDOWS\system32\iulagvfe.dll (file missing)
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional 7\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [1052b0e9] rundll32.exe "C:\WINDOWS\system32\btnskhpm.dll",b
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [iolo Task Agent] C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe
O4 - HKCU\..\Run: [Iinl] "C:\WINDOWS\ICROSO~1\attrib.exe" -vt ndrv
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Popup Blocker - Add to Black List - C:\Program Files\iolo\Common\Lib\AddToPSBlackList.htm
O8 - Extra context menu item: Popup Blocker - Add to White List - C:\Program Files\iolo\Common\Lib\AddToPSWhiteList.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\npjava131_04.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) -
http://esupport.sony.com/VaioInfo.CABO16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
https://components.v...w_schematic.aspO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) -
http://gamingzone.ub...s/GSManager.cabO16 - DPF: {819F8533-D935-4183-B692-587F8D56AC3C} (iolo.AV.OnlineVirusScanner) -
http://www.iolo.com/...x/AVCheckUp.ocxO20 - Winlogon Notify: nnnkllm - nnnkllm.dll (file missing)
O20 - Winlogon Notify: zwggodaj - zwggodaj.dll (file missing)
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 7\IoloSGCtrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8507 bytes
-- File Associations -----------------------------------------------------------
.js - JSFile - shell\open\command - NOTEPAD.EXE %1.reg - regfile - shell\open\command - NOTEPAD.EXE %1.scr - scrfile - shell\open\command - NOTEPAD.EXE %1.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 $sys$cor - c:\windows\system32\drivers\$sys$cor.sys <Not Verified; First 4 Internet; Essential System Tools>
R0 XPacket (iolo Personal Firewall Driver) - c:\windows\system32\xpacket.sys <Not Verified; iolo technologies, LLC; iolo Firewall>
R1 $sys$crater - c:\windows\system32\$sys$filesystem\crater.sys <Not Verified; First 4 Internet; Essential System Tools>
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S0 vkquwexg - c:\windows\system32\drivers\combo-fix.sys (file missing)
S1 eeCtrl (Symantec Eraser Control driver) - c:\program files\common files\symantec shared\eengine\eectrl.sys (file missing)
S3 catchme - c:\docume~1\nort\locals~1\temp\catchme.sys (file missing)
S3 nsysaudm - c:\docume~1\nort\locals~1\temp\nsysaudm.sys (file missing)
S3 SGUARD - c:\windows\system32\drivers\sguard.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 $sys$DRMServer (Plug and Play Device Manager) - c:\windows\system32\$sys$filesystem\$sys$drmserver.exe <Not Verified; First 4 Internet Ltd; >
R2 CD_Proxy (XCP CD Proxy) - c:\windows\cdproxyserv.exe <Not Verified; ; CdProxy Application>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\FE8B728004603
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\FE8B728004603
Service: NIC1394
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: MTP Device
Device ID: ROOT\WPD\0000
Manufacturer: (Standard MTP-compliant devices)
Name: MTP Device
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
-- Scheduled Tasks -------------------------------------------------------------
2008-01-31 07:59:20 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-01-05 and 2008-02-05 -----------------------------
2008-02-05 16:45:30 3508 --a------ C:\Start_.cmd
2008-02-05 16:45:28 0 d-------- C:\327882R2FWJFW
2008-02-05 12:35:28 60416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys
2008-02-05 10:11:11 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-05 10:11:11 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-05 10:11:11 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-05 10:07:51 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-02-04 21:00:57 0 d-------- C:\Documents and Settings\NORT\Application Data\Grisoft
2008-02-04 20:58:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-01 05:09:54 0 d-------- C:\Program Files\Common Files\iS3
2008-01-31 05:08:16 2855 --a------ C:\WINDOWS\system32\uvpapuuh.PIF
2008-01-30 19:23:29 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-30 16:10:58 8126464 --a------ C:\Documents and Settings\NORT\ntuser.dat
2008-01-28 16:37:43 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-01-28 16:35:59 0 d-------- C:\WINDOWS\system32\wnis6
2008-01-28 16:35:58 0 d-------- C:\WINDOWS\system32\nip4
2008-01-28 16:35:58 0 d-------- C:\WINDOWS\system32\ets1
2008-01-28 16:35:58 0 d-------- C:\WINDOWS\system32\comg9
2008-01-28 16:35:11 0 d-------- C:\WINDOWS\system32\nGpxx18
2008-01-24 10:52:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 10:46:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-19 08:10:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-18 22:42:39 196608 --a------ C:\WINDOWS\system32\avisynth.dll
2008-01-18 22:42:09 33280 --a------ C:\WINDOWS\system32\HUFFYUV.DLL <Not Verified; Disappearing Inc.; Huffyuv>
2008-01-18 22:20:19 0 d-------- C:\Documents and Settings\NORT\Application Data\Apple Computer
2008-01-18 22:05:22 0 d-------- C:\Program Files\QuickTime
2008-01-18 22:04:17 0 d-------- C:\Program Files\Apple Software Update
2008-01-18 22:04:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-17 23:48:03 0 d-------- C:\Program Files\Common Files\Real
2008-01-17 06:54:04 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-01-11 08:57:41 0 d-------- C:\Documents and Settings\NORT\Application Data\DivX
2008-01-10 21:14:59 0 d-------- C:\Program Files\Common Files\Download Manager
2008-01-10 21:05:22 0 d-------- C:\Documents and Settings\NORT\Application Data\AVS4YOU
2008-01-10 21:03:37 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-01-10 21:03:11 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-01-10 21:03:11 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-01-09 18:11:41 0 d-------- C:\Documents and Settings\NORT\Shared
2008-01-09 17:57:10 0 d-------- C:\Documents and Settings\NORT\LimeWire Store Purchased
2008-01-09 17:57:10 0 d-------- C:\Documents and Settings\NORT\LimeWire Shared
2008-01-09 17:57:10 0 d-------- C:\Documents and Settings\NORT\LimeWire Saved
2008-01-09 17:56:36 0 d-------- C:\Documents and Settings\NORT\.limewire
2008-01-09 17:56:32 0 d-------- C:\Documents and Settings\NORT\Incomplete
2008-01-09 17:56:12 0 d-------- C:\Documents and Settings\NORT\Application Data\LimeWire
2008-01-09 17:53:40 0 d-------- C:\Program Files\Java
2008-01-09 17:52:21 0 d-------- C:\Program Files\Common Files\Java
2008-01-09 17:51:47 0 d-------- C:\Program Files\LimeWire
-- Find3M Report ---------------------------------------------------------------
2008-01-09 04:26:22 34 --a------ C:\Documents and Settings\NORT\Application Data\pcouffin.log
2008-01-09 04:25:54 47360 --a------ C:\Documents and Settings\NORT\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-01-09 04:25:54 1144 --a------ C:\Documents and Settings\NORT\Application Data\pcouffin.inf
2008-01-09 04:25:54 7887 --a------ C:\Documents and Settings\NORT\Application Data\pcouffin.cat
2007-12-25 06:05:46 0 d-------- C:\Program Files\Zune
2007-12-19 07:08:36 16 --a------ C:\WINDOWS\popcinfo.dat
2007-12-14 17:13:10 23040 --a------ C:\WINDOWS\system32\smrgdf.exe
2007-11-20 22:34:00 35840 --a------ C:\WINDOWS\system32\iolobtdfg.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40ACE2A2-1BF0-48BB-A31B-8A05B83EB2EC}]
C:\WINDOWS\system32\vtsqp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43659DCC-5A02-0CFE-0216-5E00B9BC8EE9}]
C:\WINDOWS\system32\flccnim.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98663E21-9CCE-4CF6-863C-911A9523A66F}]
C:\WINDOWS\system32\nnnkllm.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
C:\WINDOWS\system32\zwggodaj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f351e5fd-191f-47b5-b8ac-c92d9632392c}]
C:\WINDOWS\system32\iulagvfe.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-09-19 09:41]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-08-23 03:24]
"iolo AntiVirus"="C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" [2007-12-07 12:16]
"ioloDelayModule"="C:\Program Files\iolo\System Mechanic Professional 6\delay.exe" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 14:16]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [2008-01-11 10:55]
"SystemGuardAlerter"="C:\Program Files\iolo\System Mechanic Professional 7\SystemGuardAlerter.exe" [2008-01-11 10:55]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 17:54]
"1052b0e9"="C:\WINDOWS\system32\btnskhpm.dll" []
"combofix"="C:\WINDOWS\system32\kmd.exe" [2004-08-04 00:56]
"iolo Personal Firewall"="C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" [2007-12-10 16:15]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"iolo Task Agent"="C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe" []
"Iinl"="C:\WINDOWS\ICROSO~1\attrib.exe" []
"System Mechanic Popup Blocker"="C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe" [2007-11-03 11:45]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)
"NoViewOnDrive"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{98663E21-9CCE-4CF6-863C-911A9523A66F}"= C:\WINDOWS\system32\nnnkllm.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkllm]
nnnkllm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zwggodaj]
zwggodaj.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- End of Deckard's System Scanner: finished at 2008-02-05 17:33:44 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 1.50GHz
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 511.53 MiB / 222.27 MiB
Pagefile Memory (total/avail): 1248.57 MiB / 857.51 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.56 MiB
A: is Removable (No Media)
C: is Fixed (FAT32) - 15.97 GiB total, 4.64 GiB free.
D: is Fixed (NTFS) - 39.9 GiB total, 16.55 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
\\.\PHYSICALDRIVE1 -
\\.\PHYSICALDRIVE0 - ST360020A - 55.9 GiB - 2 partitions
\PARTITION0 (bootable) - Unknown - 16 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 39.9 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before download.
Windows Internal Firewall is disabled.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
FW: iolo Personal Firewall® v1.5 (iolo technologies, LLC)
DisabledAV: iolo AntiVirus® v1.5 (iolo technologies, LLC)
Disabled[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\ubi.com\\Core\\GS4.exe"="C:\\Program Files\\ubi.com\\Core\\GS4.exe:*:Enabled:ubi.com Game Service"
"C:\\Program Files\\Red Storm Entertainment\\Ghost Recon\\GhostRecon.exe"="C:\\Program Files\\Red Storm Entertainment\\Ghost Recon\\GhostRecon.exe:*:Enabled:GhostRecon"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\Microsoft Games\\Halo\\HALO.EXE"="C:\\Program Files\\Microsoft Games\\Halo\\HALO.EXE:*:Disabled:Halo"
"C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"="C:\\Program Files\\Sierra On-Line\\SIGSPat.exe:*:Disabled:SIGSPat"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SysMech6.exe"="C:\\Program Files\\iolo\\System Mechanic Professional 6\\SysMech6.exe:*:Disabled:Start System Mechanic Professional 6"
"C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire 4.0.8\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire 4.0.8\\LimeWire.exe:*:Disabled:LimeWire: The most advanced file sharing program on the planet."
"C:\\Program Files\\IOLO\\System Mechanic Professional 7\\Personal Firewall\\ioloFW.exe"="C:\\Program Files\\IOLO\\System Mechanic Professional 7\\Personal Firewall\\ioloFW.exe:*:Enabled:iolo Firewall®"
"C:\\Program Files\\IOLO\\System Mechanic Professional 7\\AntiVirus\\ioloAV.exe"="C:\\Program Files\\IOLO\\System Mechanic Professional 7\\AntiVirus\\ioloAV.exe:*:Enabled:iolo AntiVirus®"
"C:\\Program Files\\IOLO\\System Mechanic Professional 7\\AntiVirus\\iAVEmailScanner.exe"="C:\\Program Files\\IOLO\\System Mechanic Professional 7\\AntiVirus\\iAVEmailScanner.exe:*:Enabled:iolo AntiVirus® Email Protection"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\NORT\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VAIO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\NORT
LOGONSERVER=\\VAIO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\NORT\LOCALS~1\Temp
TMP=C:\DOCUME~1\NORT\LOCALS~1\Temp
USERDOMAIN=VAIO
USERNAME=NORT
USERPROFILE=C:\Documents and Settings\NORT
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Owner
(admin)NORT
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21313051-BEA2-11D4-8FA4-00B0D02D2438}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6CAF07A2-BEA4-11D4-8FA4-00B0D02D2438}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7052066D-7016-11D5-B89E-00B0D0D26B88}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B960F4A0-BEEF-4170-86CD-57CABE6237E6}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D54AAC0A-BE99-11D4-8FA4-00B0D02D2438}\setup.exe" UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AFD-GridMaps_v2.0 --> C:\Program Files\Red Storm Entertainment\Ghost Recon\Mods\Uninstal.exe
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Authentium AntiVirus SDK - 2 --> MsiExec.exe /I{C67DF120-4DD3-11D4-A3CA-005004AD2A5B}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Bejeweled 2 Deluxe 1.0 --> C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
CopyToDVD --> "C:\Program Files\vso\CopyToDVD\unins000.exe"
DVD Shrink 3.2 --> "D:\DVD Shrink 3.2.0.15\unins000.exe"
DVDFab Platinum 4.0.5.0 --> "C:\Program Files\DVDFab Platinum 4\unins000.exe"
Ghost Recon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}\Setup.exe"
Gunslinger's Realism Mod 4.0 --> C:\Program Files\Common Files\System\SELECT YOUR GHOST RECON MODS FOLDER\Uninstal.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\DOCUME~1\NORT\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis.zip\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp photosmart printer series (Remove only) --> C:\Program Files\hp photosmart\printer\hphuni03.exe
iolo technologies' System Mechanic Professional 7 --> "C:\Program Files\iolo\System Mechanic Professional 7\unins000.exe"
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
LimeWire 4.8.1 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.41 .1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0009 UNINSTALL
Macromedia Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Mavis Beacon Teaches Typing --> C:\Program Files\Mindscape\Mavis Beacon 5\UNINST.EXE UNINST.INF
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motion JPEG Software Decoder --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sony\Motion JPEG Software Decoder\Uninst.isu"
Music Visualizer Library 1.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\Setup.exe"
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
OpenMG Secure Module --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A228A09C-4826-42E0-A3D8-95B2BAAB5049}\setup.exe" UNINSTALL
Palm --> MsiExec.exe /X{0030188A-533E-42EE-9837-E044F10E4369}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
ResumeMaker --> C:\PROGRA~1\RESUME~1\UNWISE.EXE C:\PROGRA~1\RESUME~1\INSTALL.LOG
Sierra Cooking Light Express --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\LEXPRESS\Uninst.isu
SonicStage CD-R Writing Module --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F3CB4DC0-4FC0-11D5-9254-0000F460E7A9}\Setup.exe"
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony DV Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
SplashPhoto --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A96D3ED0-E7B3-41F6-8BB5-F3C63D80901D}\setup.exe" -l0x9
Support Actions Win2K,WinXP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48BE827A-2D06-4804-90C3-4F2F8460F9D4}\setup.exe"
TurboTax Premier Investments 2006 --> C:\Program Files\TurboTax\Premier 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2006\Uninstall.log" -NoGui
ubi.com --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\setup.exe" UNINSTALL-L0x9 -uninst
VAIO Grid Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21CF3E6E-1659-433E-B6CE-165D793560DA}\setup.exe"
VAIO Help & Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6060E6A1-5342-4D2B-8F66-B6D6E20BBD03}\setup.exe"
VAIO Registration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6DF804A8-2CC2-4D22-A958-4534F6EC3C76}\setup.exe"
VAIO Support --> "c:\program files\support.com\client\bin\tgfix.exe" /rm /nq
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Zune --> MsiExec.exe /X{7583239A-D4BE-48CA-A253-396122B3D3E9}
Zune Language Pack (ES) --> MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
-- Application Event Log -------------------------------------------------------
Event Record #/Type5673 / Warning
Event Submitted/Written: 02/04/2008 11:03:07 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type5662 / Error
Event Submitted/Written: 02/04/2008 08:30:54 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Ad-Aware2007.exe, version 7.0.2.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type5636 / Error
Event Submitted/Written: 02/03/2008 00:10:07 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application DVD Shrink 3.2.exe, version 3.2.0.15, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type5631 / Error
Event Submitted/Written: 02/02/2008 07:29:46 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 452615105.
Event Record #/Type5629 / Error
Event Submitted/Written: 02/02/2008 07:29:33 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Explorer.EXE, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type34455 / Error
Event Submitted/Written: 02/05/2008 00:44:37 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
eeCtrl
Event Record #/Type34448 / Error
Event Submitted/Written: 02/05/2008 00:30:33 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The combofix service failed to start due to the following error:
%%1053
Event Record #/Type34447 / Error
Event Submitted/Written: 02/05/2008 00:30:33 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the combofix service to connect.
Event Record #/Type34397 / Error
Event Submitted/Written: 02/05/2008 10:18:52 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
eeCtrl
Event Record #/Type34361 / Error
Event Submitted/Written: 02/05/2008 09:31:08 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
eeCtrl
-- End of Deckard's System Scanner: finished at 2008-02-05 17:33:44 ------------
This topic is locked
Sign In
Create Account
