Thanks for the help.
Here are the DSS main txt and extra txt. Kaspersky show 0 viruses, 0 infections, and 0 suspicious files.
Deckard's System Scanner v20071014.68
Run by Brian on 2008-02-22 20:17:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 4 Restore Point(s) --
4: 2008-02-23 04:18:07 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-02-22 05:13:56 UTC - RP3 - Software Distribution Service 3.0
2: 2008-02-18 09:34:56 UTC - RP2 - System Checkpoint
1: 2008-02-17 08:04:55 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 511 MiB (512 MiB recommended).-- HijackThis (run as Brian.exe) -----------------------------------------------
logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-22 20:19:09
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Netstuff\AntiVirus\DSS\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://my.earthlink.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) -
http://dlm.tools.aka...vex-2.2.3.2.cabO18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Unknown owner - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Unknown owner - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Promise RAID message server (RAIDmSvr) - Unknown owner - C:\Program Files\Promise\Utility\MsgSvr.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
--
End of file - 7629 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 EL2000 (3Com 3C2000x EtherLink XL Adapter) - c:\windows\system32\drivers\el2k_xp.sys <Not Verified; 3Com Corporation; 3Com Gigabit NIC (3C2000 Family)>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
R3 MRVW245 (Linksys Wireless-N USB Network Adapter WUSB300N) - c:\windows\system32\drivers\mrvw245.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11n NIC>
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 WUSB300NSvc - "c:\program files\linksys\wusb300n\wlservice.exe" "wusb300n.exe" <Not Verified; ; WLService>
S2 PinnacleSys.MediaServer (Pinnacle Systems Media Service) - "c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe" (file missing)
S2 RAIDmAgt (Promise RAID message agent) - "c:\program files\promise\utility\msgagt.exe" (file missing)
S2 RAIDmSvr (Promise RAID message server) - "c:\program files\promise\utility\msgsvr.exe" (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: WinXP Promise FastTrak 378 Controller
Device ID: PCI\VEN_105A&DEV_3373&SUBSYS_80F51043&REV_02\4&2E98101C&0&20F0
Manufacturer: Promise Technology
Name: WinXP Promise FastTrak 378 Controller
PNP Device ID: PCI\VEN_105A&DEV_3373&SUBSYS_80F51043&REV_02\4&2E98101C&0&20F0
Service: fasttx2k
-- Scheduled Tasks -------------------------------------------------------------
2008-02-22 17:49:23 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
-- Files created between 2008-01-22 and 2008-02-22 -----------------------------
2008-02-16 21:59:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-16 13:49:06 0 d-------- C:\XPCD
2008-02-16 00:40:31 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-02-16 00:40:25 0 d-------- C:\Program Files\Security Task Manager
2008-02-09 20:50:55 0 d-------- C:\Program Files\NavFit98A
2008-02-09 20:50:48 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-02-09 20:50:46 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-02-09 19:03:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-09 19:00:23 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-02-09 19:00:23 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-02-09 19:00:23 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-02-09 19:00:23 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-02-09 19:00:23 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-02-09 19:00:23 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-02-09 19:00:23 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-02-09 19:00:23 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-02-09 19:00:23 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-02-09 19:00:23 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-02-09 19:00:23 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-02-09 19:00:23 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-02-09 19:00:23 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-02-09 19:00:23 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-02-09 19:00:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-02-09 18:42:05 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-02-09 09:32:34 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-02-09 00:42:46 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-08 23:03:41 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-08 23:03:32 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-08 23:03:31 0 d-------- C:\Documents and Settings\Brian\Application Data\SUPERAntiSpyware.com
2008-02-08 21:57:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-08 20:33:31 0 d-------- C:\Documents and Settings\Brian\Application Data\Grisoft
2008-02-08 20:28:00 0 d-------- C:\WINDOWS\pss
2008-02-08 18:56:51 0 d-------- C:\Program Files\Trend Micro
2008-02-07 21:21:50 0 d-------- C:\Program Files\uTorrent
2008-02-07 21:21:33 0 d-------- C:\Documents and Settings\Brian\Application Data\uTorrent
2008-02-07 20:25:15 0 d-------- C:\Program Files\Windows Defender
2008-02-07 19:14:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-07 19:10:35 0 d-------- C:\Program Files\SpywareBlaster
2008-02-05 22:47:05 0 d-------- C:\Program Files\Common Files\Adobe
-- Find3M Report ---------------------------------------------------------------
2008-02-22 20:01:11 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-21 23:34:05 40 --a------ C:\WINDOWS\system32\profile.dat
2008-02-14 22:23:13 0 d-------- C:\Documents and Settings\Brian\Application Data\SuperNZB
2008-02-08 23:02:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-05 22:47:05 0 d-------- C:\Program Files\Common Files
2008-01-26 12:53:24 65536 --a------ C:\WINDOWS\IFinst27.exe
2008-01-21 17:20:50 0 d-------- C:\Program Files\Linksys EasyLink Advisor
2008-01-21 17:20:48 0 d--h----- C:\Documents and Settings\Brian\Application Data\GTek
2008-01-14 22:14:18 0 d-------- C:\Documents and Settings\Brian\Application Data\Media Player Classic
2008-01-14 21:46:30 0 d-------- C:\Program Files\Smallvideosoft
2008-01-13 16:57:00 0 d-------- C:\Program Files\SuperNZB
2008-01-13 16:23:52 0 d-------- C:\Program Files\7-Zip
2008-01-12 19:42:26 0 d-------- C:\Documents and Settings\Brian\Application Data\Pinnacle Systems
2008-01-12 19:21:47 0 d-------- C:\Documents and Settings\Brian\Application Data\InstallShield
2008-01-12 19:11:02 0 d-------- C:\Documents and Settings\Brian\Application Data\Download Manager
2008-01-12 18:28:44 0 d-------- C:\Program Files\proDAD
2008-01-12 17:11:52 0 d-------- C:\Program Files\AdorageI-GfxDatas
2008-01-12 17:10:44 0 d-------- C:\Program Files\AdorageI-SAL
2008-01-12 16:56:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-12 16:34:33 0 d-------- C:\Program Files\Pinnacle
2008-01-12 16:31:37 0 d-------- C:\Program Files\Microsoft SQL Server
2008-01-12 16:24:33 0 d-------- C:\Program Files\SmartSound Software
2008-01-12 16:23:43 0 d-------- C:\Program Files\QuickTime
2008-01-12 16:21:43 95 --a------ C:\AUTOEXEC.BAT
2008-01-12 16:12:44 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-12 16:03:43 0 d-------- C:\Documents and Settings\Brian\Application Data\Roxio
2008-01-12 12:00:15 0 d-------- C:\Program Files\DivxManager
2008-01-08 18:35:41 0 d-------- C:\Program Files\AVStoDVD
2008-01-08 18:25:44 0 d-------- C:\Program Files\AviSynth 2.5
2008-01-08 18:19:00 0 d-------- C:\Program Files\Lavasoft
2008-01-08 17:15:36 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-01-08 17:15:31 0 d-------- C:\Program Files\AVS4YOU
2008-01-08 17:04:37 0 d-------- C:\Documents and Settings\Brian\Application Data\AVS4YOU
2008-01-08 15:22:55 0 d-------- C:\Program Files\DirectVobSub
2008-01-07 15:40:40 0 d-------- C:\Program Files\Combined Community Codec Pack
2008-01-04 21:43:15 0 d-------- C:\Program Files\Network Stumbler
2007-12-29 22:45:54 0 d-------- C:\Program Files\WinASO
2007-12-29 18:07:09 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-12-29 18:06:12 0 d-------- C:\Program Files\Roxio
2007-12-29 10:27:25 0 d-------- C:\Program Files\NDAS
2007-12-28 22:06:41 0 d-------- C:\Program Files\FlashGet
2007-12-28 22:05:17 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-12-27 21:33:30 0 d-------- C:\Program Files\HooTech
2007-12-22 09:21:12 0 d-------- C:\Program Files\SamsonSoft
2007-12-15 14:18:15 0 -rahs---- C:\MSDOS.SYS
2007-12-15 14:18:15 0 -rahs---- C:\IO.SYS
2007-12-15 14:18:15 0 --a------ C:\CONFIG.SYS
2007-12-15 14:15:05 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-15 06:06:37 62 --ahs---- C:\Documents and Settings\Brian\Application Data\desktop.ini
2007-12-03 16:34:26 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-11-29 12:52:32 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 01:25 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [03/14/2007 07:49 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [05/29/2003 04:28 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [05/30/2003 09:42 AM]
"Ptipbmf"="ptipbmf.dll" [06/20/2003 03:06 PM C:\WINDOWS\system32\ptipbmf.dll]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 05:38 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NDAS Device Management.lnk - C:\Program Files\NDAS\System\ndasmgmt.exe [11/27/2007 5:06:54 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"DLLPN"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2099df08-d6dd-11dc-ad11-001a70af9c59}]
Auto\command- sal.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58c1aec6-d850-11dc-ad15-000c6e63080d}]
Auto\command- sal.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dd9a12f-b677-11dc-accd-001a70af9c59}]
Auto\command- sal.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
-- End of Deckard's System Scanner: finished at 2008-02-22 20:20:06 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 3.06GHz
CPU 1: Intel® Pentium® 4 CPU 3.06GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 510.73 MiB / 149.51 MiB
Pagefile Memory (total/avail): 1249.05 MiB / 704.27 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.34 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 465.75 GiB total, 357.68 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD5000AAKS-65YGA0 - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.75 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before download.
Windows Internal Firewall is disabled.
FirewallDisableNotify is set.
FW: Symantec Client Firewall v8.7.4.110 (Symantec Corporation)
AV: Symantec AntiVirus Corporate Edition v10.1.6.6000 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Brian\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BRIAN-MEDIA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Brian
LOGONSERVER=\\BRIAN-MEDIA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Brian\LOCALS~1\Temp
TMP=C:\DOCUME~1\Brian\LOCALS~1\Temp
USERDOMAIN=BRIAN-MEDIA
USERNAME=Brian
USERPROFILE=C:\Documents and Settings\Brian
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Brian
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVStoDVD --> C:\Program Files\AVStoDVD\uninstall.exe
Combined Community Codec Pack 2007-07-22 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
CWORKS --> MsiExec.exe /I{4C1FACAF-0F15-4F91-B958-FC1D40915EAE}
DirectVobSub (remove only) --> "C:\Program Files\DirectVobSub\uninstall.exe"
Drivers Install For Linksys Easylink Advisor --> MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
ffdshow [rev 1685] [2007-12-06] --> "C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\unins000.exe"
Freez FLV to AVI/MPEG/WMV Converter --> "C:\Program Files\Smallvideosoft\Freez FLV to AVI MPEG WMV Converter\unins000.exe"
Freez FLV to MP3 Converter --> "C:\Program Files\Smallvideosoft\Freez FLV to MP3 Converter\unins000.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Linksys EasyLink Advisor 1.6 (0032) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Linksys Wireless-N USB Network Adapter WUSB300N --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCD3471D-4DDA-4DC2-8B9F-A662D0C362AC}\Setup.exe" -l0x9
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft Access 2002 Runtime --> MsiExec.exe /I{901C0409-6000-11D3-8CFE-0050048383C9}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft SQL Server Desktop Engine (PINNACLESYS) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NavFit98A --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\NavFit98A\ST6UNST.LOG"
NDAS Software 3.20.1528 --> MsiExec.exe /I{738B6229-A2BF-49BB-92C6-5328F49DAACD}
Network Stumbler 0.4.0 (remove only) --> "C:\Program Files\Network Stumbler\uninst.exe"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Pinnacle Instant DVD Recorder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x9 UNINSTALL
Pinnacle MediaServer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{460CE8B9-6EC2-458A-90D4-691631ECE9D9}\setup.exe" -l0x9 UNINSTALL
proDAD Heroglyph 2.5 --> "C:\Program Files\proDAD\Heroglyph-2.5\uninstall.exe" uninstall spcp PATHVERSION 2.5 MAINNAME Heroglyph
Promise Array Management --> C:\WINDOWS\System32\rundll32.exe ptistp.dll,UninstSCUtility C:\Program Files\Promise\Utility;Uninst Promise Array Management.isu;Promise Array Management
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
Roxio Easy Media Creator 7 Basic DVD Edition --> MsiExec.exe /I{747D1B34-A1FC-4EF3-A6AE-E86F39CEFDE5}
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Studio 10 --> "C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup2.exe" -l0x9 UNINSTALL
Studio 10 Bonus DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6A012D9C-2E2E-405A-B87C-E909F5297C3F}\Setup.exe" -l0x9 UNINSTALL
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SuperNZB v3.2.0 --> "C:\Program Files\SuperNZB\unins000.exe"
Symantec Client Security --> MsiExec.exe /I{D0E46FF4-2775-4BD9-9467-B62B702D470E}
Uninstall DivxManager --> "C:\WINDOWS\IFinst27.exe" -UC:\Program Files\DivxManager\IFU9.inf
WinASO Registry Optimizer 3.1 --> "C:\Program Files\WinASO\Registry Optimizer 3.1\unins000.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Pack 1.0 -->
ZIP Reader 8.00.0018 --> MsiExec.exe /I{856C155E-4A74-4041-B026-04F96FFD1BCD}
-- Application Event Log -------------------------------------------------------
Event Record #/Type15902 / Error
Event Submitted/Written: 02/22/2008 08:05:34 PM
Event ID/Source: 45 / Symantec AntiVirus
Event Description:
SYMANTEC TAMPER PROTECTION ALERT
Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info: Set Information Process
Action Taken: Blocked
Actor Process: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (PID 1848)
Time: Friday, February 22, 2008 8:05:34 PM
Event Record #/Type15901 / Error
Event Submitted/Written: 02/22/2008 08:05:34 PM
Event ID/Source: 45 / Symantec AntiVirus
Event Description:
SYMANTEC TAMPER PROTECTION ALERT
Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info: Set Information Process
Action Taken: Blocked
Actor Process: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (PID 1848)
Time: Friday, February 22, 2008 8:05:34 PM
Event Record #/Type15900 / Error
Event Submitted/Written: 02/22/2008 08:05:34 PM
Event ID/Source: 45 / Symantec AntiVirus
Event Description:
SYMANTEC TAMPER PROTECTION ALERT
Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info: Set Information Process
Action Taken: Blocked
Actor Process: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (PID 1848)
Time: Friday, February 22, 2008 8:05:34 PM
Event Record #/Type15899 / Error
Event Submitted/Written: 02/22/2008 08:05:34 PM
Event ID/Source: 45 / Symantec AntiVirus
Event Description:
SYMANTEC TAMPER PROTECTION ALERT
Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info: Set Information Process
Action Taken: Blocked
Actor Process: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (PID 1848)
Time: Friday, February 22, 2008 8:05:34 PM
Event Record #/Type15898 / Error
Event Submitted/Written: 02/22/2008 08:05:34 PM
Event ID/Source: 45 / Symantec AntiVirus
Event Description:
SYMANTEC TAMPER PROTECTION ALERT
Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info: Set Information Process
Action Taken: Blocked
Actor Process: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (PID 1848)
Time: Friday, February 22, 2008 8:05:34 PM
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type11698 / Warning
Event Submitted/Written: 02/22/2008 08:14:31 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver Canon i960 for Windows NT x86 Version-3 was added or updated. Files:- CNMDR5c.DLL, CNMUI5c.DLL, CNMCP5c.DLL, CNMMH5c.HLP, CNMD55c.DLL, CNMUR5c.DLL, CNMSR5c.DLL, CNMIN5c.INI, CNMPI5c.DLL, CNMSM5c.EXE, CNMSS5c.SMR, CNMSD5c.EXE, CNMSQ5c.EXE, CNMSH5c.HLP, CNMSH5c.CNT, CNMUB5c.DLL, CNMOP5c.DLL, CNMSB5c.DLL, CNMMH5c.CNT, CNB_1920.TBL, CNMP05c.DAT, CNMP15c.DAT, CNMP25c.DAT, CNMFU5c.DLL, CNMPV5c.EXE, CNMPH5c.HLP, CNMPH5c.CNT.
Event Record #/Type11670 / Error
Event Submitted/Written: 02/22/2008 05:47:14 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
fasttx2k
Event Record #/Type11669 / Error
Event Submitted/Written: 02/22/2008 05:47:14 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Pinnacle Systems Media Service service failed to start due to the following error:
%%2
Event Record #/Type11668 / Error
Event Submitted/Written: 02/22/2008 05:47:14 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Promise RAID message server service failed to start due to the following error:
%%2
Event Record #/Type11667 / Error
Event Submitted/Written: 02/22/2008 05:47:14 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Promise RAID message agent service failed to start due to the following error:
%%2
-- End of Deckard's System Scanner: finished at 2008-02-22 20:20:06 ------------