Deckard's System Scanner v20071014.68
Run by lostonearth on 2008-02-26 00:19:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as lostonearth.exe) -----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:16 AM, on 26/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Users\lostonearth\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\LOSTON~1.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.c...://ca.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.c...://ca.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 7240 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 PSDFilter - c:\windows\system32\drivers\psdfilter.sys <Not Verified; HiTRUST; >
R0 PSDNServ (PSDNSERVER) - c:\windows\system32\drivers\psdnserv.sys <Not Verified; HiTRUST; >
R0 psdvdisk - c:\windows\system32\drivers\psdvdisk.sys <Not Verified; HiTRUST; >
R0 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R1 SASDIFSV - \??\c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - \??\c:\program files\superantispyware\saskutil.sys
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AcerMemUsageCheckService (ePerformance Service) - c:\acer\empowering technology\eperformance\memcheck.exe <Not Verified; ; MemCheck.Service>
R2 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe <Not Verified; Acer Inc.; eRecoveryService>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Process Modules -------------------------------------------------------------
C:\Windows\explorer.exe (pid 1904)
2006-11-16 13:19:10 37376 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; ; MsnChatHook Dynamic Link Library>
2006-11-16 19:10:14 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2006-11-16 13:18:50 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
-- Scheduled Tasks -------------------------------------------------------------
2008-02-24 02:35:54 500 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - lostonearth.job
-- Files created between 2008-01-26 and 2008-02-26 -----------------------------
2008-02-25 11:52:56 0 d-------- C:\Users\All Users\Malwarebytes
2008-02-25 11:52:56 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-25 01:13:16 0 d-------- C:\Users\All Users\Yahoo! Companion
2008-02-25 01:12:05 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-02-25 01:11:59 0 d-------- C:\Program Files\DivX
2008-02-25 00:31:54 0 d-------- C:\Program Files\World of Warcraft
2008-02-25 00:31:54 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-02-24 19:36:18 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-02-24 19:07:55 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-02-24 19:07:49 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-24 19:07:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-23 19:00:45 0 --a------ C:\Windows\ativpsrm.bin
2008-02-23 18:36:49 0 d-------- C:\Program Files\MSXML 4.0
2008-02-23 18:10:23 0 d-------- C:\Program Files\Trend Micro
2008-02-23 17:59:28 0 d-------- C:\Windows\system32\Macromed
2008-02-23 17:59:27 0 d-------- C:\Users\All Users\InstallShield
2008-02-23 17:59:21 0 d-------- C:\Windows\Acer_Wide
2008-02-23 17:59:21 187392 --a------ C:\Windows\Acer(Wide).scr
2008-02-23 17:59:21 187392 --a------ C:\Windows\Acer(Normal).scr
2008-02-23 17:59:21 0 d-------- C:\Program Files\Acer Inc
2008-02-23 17:59:18 0 d-------- C:\Windows\Acer_Normal
2008-02-23 17:58:07 327680 --a------ C:\Windows\system32\Remove_eRecovery.exe <Not Verified; Acer Inc.; >
2008-02-23 17:58:07 16384 --a------ C:\Windows\system32\LauncheRyAgentUser.exe <Not Verified; ; LauncheRyAgentUser>
2008-02-23 17:58:07 1402880 --a------ C:\Windows\system32\ERUpdateHidden.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-23 17:58:07 16384 --a------ C:\Windows\system32\ClearEvent.exe
2008-02-23 17:58:07 360448 --a------ C:\Windows\system32\CheckD2DSystem.exe <Not Verified; Acer Inc.; CheckD2DSystem.exe>
2008-02-23 17:57:03 0 d-------- C:\Windows\system32\i386
2008-02-23 17:56:40 0 d-------- C:\Program Files\Acer Assist
2008-02-23 17:56:39 0 d-------- C:\Program Files\Acer Registration
2008-02-23 17:55:33 0 d--hs---- C:\$RECYCLE.BIN
2008-02-23 17:55:27 0 dr------- C:\Users\lostonearth\Searches
2008-02-23 17:55:11 0 dr------- C:\Users\lostonearth\Contacts
2008-02-23 17:55:03 0 d-------- C:\Program Files\Yahoo!
2008-02-23 17:53:04 0 d--hs---- C:\Users\lostonearth\Templates
2008-02-23 17:53:04 0 d--hs---- C:\Users\lostonearth\Start Menu
2008-02-23 17:53:04 0 d--hs---- C:\Users\lostonearth\SendTo
2008-02-23 17:53:04 0 d--hs---- C:\Users\lostonearth\Recent
2008-02-23 17:53:04 0 d--hs---- C:\Users\lostonearth\PrintHood
2008-02-23 17:53:04 0 d--hs---- C:\Users\lostonearth\NetHood
2008-02-23 17:53:04 0 d--hs---- C:\Users\lostonearth\My Documents
2008-02-23 17:53:04 0 d--hs---- C:\Users\lostonearth\Local Settings
2008-02-23 17:53:04 0 d--hs---- C:\Users\lostonearth\Cookies
2008-02-23 17:53:04 0 d--hs---- C:\Users\lostonearth\Application Data
2008-02-23 17:53:03 0 dr------- C:\Users\lostonearth\Videos
2008-02-23 17:53:03 0 dr------- C:\Users\lostonearth\Saved Games
2008-02-23 17:53:03 0 dr------- C:\Users\lostonearth\Pictures
2008-02-23 17:53:03 1048576 --ahs---- C:\Users\lostonearth\NTUSER.DAT
2008-02-23 17:53:03 0 dr------- C:\Users\lostonearth\Music
2008-02-23 17:53:03 0 dr------- C:\Users\lostonearth\Links
2008-02-23 17:53:03 0 dr------- C:\Users\lostonearth\Favorites
2008-02-23 17:53:03 0 dr------- C:\Users\lostonearth\Downloads
2008-02-23 17:53:03 0 dr------- C:\Users\lostonearth\Documents
2008-02-23 17:53:03 0 dr------- C:\Users\lostonearth\Desktop
2008-02-23 17:53:03 0 d--h----- C:\Users\lostonearth\AppData
2008-02-23 17:32:45 0 d-------- C:\Windows\SoftwareDistribution
2008-02-20 18:05:44 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-02-20 18:04:16 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-20 18:04:16 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-20 18:04:04 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-20 18:04:04 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 18:04:04 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 18:04:04 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 18:03:24 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
-- Find3M Report ---------------------------------------------------------------
2008-02-25 11:55:25 0 d-------- C:\Program Files\Common Files
2008-02-25 11:52:59 0 d-------- C:\Users\lostonearth\AppData\Roaming\Malwarebytes
2008-02-25 01:12:21 0 d-------- C:\Users\lostonearth\AppData\Roaming\DivX
2008-02-25 00:26:43 0 d-------- C:\Program Files\Microsoft Games
2008-02-24 19:07:49 0 d-------- C:\Users\lostonearth\AppData\Roaming\SUPERAntiSpyware.com
2008-02-24 11:29:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-24 11:23:30 0 d-------- C:\Program Files\Norton Internet Security
2008-02-24 03:24:54 0 d-------- C:\Program Files\Symantec
2008-02-24 02:38:45 174 --ahs---- C:\Program Files\desktop.ini
2008-02-24 02:35:05 0 d-------- C:\Program Files\Windows Calendar
2008-02-24 02:35:03 0 d-------- C:\Program Files\Windows Mail
2008-02-24 02:34:58 0 d-------- C:\Program Files\Windows Defender
2008-02-24 02:34:51 0 d-------- C:\Program Files\Windows Sidebar
2008-02-23 18:45:28 0 d-------- C:\Users\lostonearth\AppData\Roaming\Adobe
2008-02-23 18:04:58 0 d-------- C:\Users\lostonearth\AppData\Roaming\Acer
2008-02-23 18:04:52 0 d-------- C:\Users\lostonearth\AppData\Roaming\Leadertech
2008-02-23 18:04:41 0 d-------- C:\Users\lostonearth\AppData\Roaming\Macromedia
2008-02-23 17:59:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-23 17:59:17 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-23 17:55:17 0 d-------- C:\Users\lostonearth\AppData\Roaming\Identities
2008-02-23 17:53:34 0 d-------- C:\Program Files\Realtek
2008-02-23 16:26:49 1306 --a------ C:\Windows\CLEANUP.CMD
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [23/02/2008 06:53 PM]
"RtHDVCpl"="RtHDVCpl.exe" [01/12/2006 05:37 AM C:\Windows\RtHDVCpl.exe]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [20/11/2006 08:44 PM]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [20/11/2006 08:42 PM]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" [23/11/2006 03:24 PM]
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" [13/12/2006 10:55 AM]
"Acer Assist Launcher"="C:\Program Files\Acer Assist\launcher.exe" [04/12/2006 01:05 PM]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [17/11/2006 08:26 AM]
"eRecoveryService"="" []
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 05:38 PM]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [21/02/2008 07:50 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [23/02/2008 06:39 PM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 02:06 PM]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 4:44:06 AM]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [06/01/2006 8:51:42 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 01:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b213fc70-e277-11dc-b8cb-806e6f6e6963}]
AutoRun\command- E:\Installer.exe
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2008-02-26 00:21:13 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English
CPU 0: AMD Athlon 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 2046.94 MiB / 1367.56 MiB
Pagefile Memory (total/avail): 4313.67 MiB / 3323.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.77 MiB
C: is Fixed (NTFS) - 113.2 GiB total, 91.33 GiB free.
D: is Fixed (NTFS) - 112.85 GiB total, 109.04 GiB free.
E: is CDROM (CDFS)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
\\.\PHYSICALDRIVE0 - HDT72252 5DLA380 SCSI Disk Device - 232.88 GiB - 3 partitions
\PARTITION0 - Unknown - 6.83 GiB
\PARTITION1 (bootable) - MS-DOS V4 Huge - 113.2 GiB - C:
\PARTITION2 - Installable File System - 112.85 GiB - D:
\\.\PHYSICALDRIVE1 - Generic- Compact Flash USB Device
\\.\PHYSICALDRIVE4 - Generic- MS/MS-Pro USB Device
\\.\PHYSICALDRIVE3 - Generic- SD/MMC USB Device
\\.\PHYSICALDRIVE2 - Generic- SM/xD-Picture USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: Norton Internet Security v2007 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\lostonearth\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LOSTONEARTH-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\lostonearth
LOCALAPPDATA=C:\Users\lostonearth\AppData\Local
LOGONSERVER=\\LOSTONEARTH-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\LOSTON~1\AppData\Local\Temp
TMP=C:\Users\LOSTON~1\AppData\Local\Temp
USERDOMAIN=lostonearth-PC
USERNAME=lostonearth
USERPROFILE=C:\Users\lostonearth
windir=C:\Windows
-- User Profiles ---------------------------------------------------------------
lostonearth
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
Acer Assist --> C:\Program Files\Acer Assist\uninstall.exe
Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer ePerformance Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x9 -removeonly
Acer Picture Slide DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41581EF5-45A7-11DA-9D78-000129760D75}\Setup.exe" -uninstall
Acer Plug and Record --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\Setup.exe" -uninstall
Acer Registration --> C:\Program Files\Acer Registration\uninstall.exe
Acer ScreenSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Acer Zone MagicDirector --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\Setup.exe" -uninstall
Acer Zone Main Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\Setup.exe" -uninstall
Acer Zone MakeDisk --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\Setup.exe" -uninstall
Acer Zone SoftDMA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe" -uninstall
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Freelancer --> "C:\Program Files\Microsoft Games\Freelancer\UNINSTAL.EXE" /runtemp /addremove
Kaspersky Online Scanner --> C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NTI Backup NOW! 4.7 --> "C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x9 -removeonly
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\common\unyt.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type721 / Success
Event Submitted/Written: 02/26/2008 00:07:41 AM
Event ID/Source: 5617 / WinMgmt
Event Description:
Event Record #/Type719 / Success
Event Submitted/Written: 02/26/2008 00:07:37 AM
Event ID/Source: 5615 / WinMgmt
Event Description:
Event Record #/Type710 / Success
Event Submitted/Written: 02/26/2008 00:07:25 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.
Event Record #/Type687 / Success
Event Submitted/Written: 02/25/2008 01:36:57 PM
Event ID/Source: 903 / Software Licensing Service
Event Description:
The Software Licensing service has stopped.
Event Record #/Type676 / Error
Event Submitted/Written: 02/25/2008 01:36:54 PM
Event ID/Source: 4621 / EventSystem
Event Description:
80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type7240 / Error
Event Submitted/Written: 02/26/2008 00:07:01 AM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 12, function 0.
Please contact your system vendor for technical assistance.
Event Record #/Type7239 / Error
Event Submitted/Written: 02/26/2008 00:07:01 AM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 11, function 0.
Please contact your system vendor for technical assistance.
Event Record #/Type7238 / Error
Event Submitted/Written: 02/26/2008 00:07:01 AM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 9, function 0.
Please contact your system vendor for technical assistance.
Event Record #/Type7217 / Warning
Event Submitted/Written: 02/25/2008 01:31:34 PM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
Event Record #/Type7216 / Warning
Event Submitted/Written: 02/25/2008 01:31:34 PM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
-- End of Deckard's System Scanner: finished at 2008-02-26 00:21:13 ------------