I downloaded HostXpert 4.2, and followed directions with no problems. I downloaded Deckards System Scanner and I believe I closed all windows but am unsure exactly what that envolves. ( I signed out of my MSN internet provider before continuing with the Deckards System Scanner, but if I was suppose to close windows differently please let me know) Much appreciated for all the help so far. I still have popups.
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 1.80GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 766.48 MiB / 447.33 MiB
Pagefile Memory (total/avail): 1108.13 MiB / 836.34 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1950.71 MiB
A: is Removable (Unformatted)
C: is Fixed (NTFS) - 27.91 GiB total, 20.62 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)
F: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD300BB-75DEA0 - 27.94 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 27.91 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.
AV: avast! antivirus 4.7.1098 [VPS 080222-0] v4.7.1098 (ALWIL Software)
Disabled[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Sierra\\SWAT3TGOTYDemo\\swat.exe"="C:\\Sierra\\SWAT3TGOTYDemo\\swat.exe:*:Enabled:Swat 3 : Close Quarters Battle"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\m,m,nmn,\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\m,m,nmn,\\Gunz\\GunzLauncher.exe:*:Enabled:NewApp MFC ?? ????"
"C:\\Program Files\\m,m,nmn,\\Gunz\\Gunz.exe"="C:\\Program Files\\m,m,nmn,\\Gunz\\Gunz.exe:*:Enabled:Gunz"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:NewApp MFC ?? ????"
"C:\\Program Files\\MAIET\\Gunz\\Gunz.exe"="C:\\Program Files\\MAIET\\Gunz\\Gunz.exe:*:Enabled:Gunz"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Documents and Settings\\Owner\\Desktop\\c3po_2.02b\\Diablo II.exe"="C:\\Documents and Settings\\Owner\\Desktop\\c3po_2.02b\\Diablo II.exe:*:Disabled:Diablo II"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1135968032\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1135968032\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1135968032\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1135968032\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Documents and Settings\\Owner\\My Documents\\utorrent.exe"="C:\\Documents and Settings\\Owner\\My Documents\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Documents and Settings\\Owner\\My Documents\\New Folder\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Owner\\My Documents\\New Folder\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Owner\\My Documents\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Owner\\My Documents\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GOSSAUX
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\GOSSAUX
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=GOSSAUX
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Owner
(admin)Administrator
(new local, admin)Guest
(guest)-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Chameleon Mega Camera Driver --> C:\WINDOWS\unsp1drv.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Homeschool Tracker Basic --> MsiExec.exe /I{AD528602-C32D-4E9B-A5A5-609F2A186808}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Micro Innovations Internet Access Elite Keyboard --> C:\WINDOWS\UnInst32.exe KEMailKb.UNI
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600816}
nature_3120380 Screen Saver --> C:\WINDOWS\system32\nature_3120380.scr /u
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Railroad Tycoon II - Platinum --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BED27751-CD2A-4C2F-9813-00B9B60C76FE}\setup.exe" -l0x9
SimCity 4 Deluxe --> C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
Snes9x --> C:\WINDOWS\iun3405.exe C:\Program Files\Snes9x
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type1250 / Warning
Event Submitted/Written: 02/23/2008 07:23:07 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type1249 / Error
Event Submitted/Written: 02/23/2008 07:08:58 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application avast.setup, version 4.7.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000105f8.
Processing media-specific event for [avast.setup!ws!]
Event Record #/Type1246 / Warning
Event Submitted/Written: 02/23/2008 02:57:42 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type1244 / Error
Event Submitted/Written: 02/23/2008 02:22:21 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80072ee2, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
Event Record #/Type1241 / Warning
Event Submitted/Written: 02/22/2008 08:15:00 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type25269 / Warning
Event Submitted/Written: 02/23/2008 09:50:34 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%GOSSAUX27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GOSSAUX27 can't undo changes that you allow.
For more information please see the following:
%GOSSAUX275
Scan ID: {4B35D356-7CC7-4345-977E-A69123E0D74E}
User: GOSSAUX\Owner
Name: %GOSSAUX271
ID: %GOSSAUX272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %GOSSAUX276
Alert Type: %GOSSAUX278
Detection Type: 1.1.1593.02
Event Record #/Type25268 / Warning
Event Submitted/Written: 02/23/2008 09:50:34 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%GOSSAUX27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GOSSAUX27 can't undo changes that you allow.
For more information please see the following:
%GOSSAUX275
Scan ID: {57D83857-1414-4A9C-AC04-A4BC1F94C329}
User: GOSSAUX\Owner
Name: %GOSSAUX271
ID: %GOSSAUX272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %GOSSAUX276
Alert Type: %GOSSAUX278
Detection Type: 1.1.1593.02
Event Record #/Type25267 / Warning
Event Submitted/Written: 02/23/2008 09:50:34 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%GOSSAUX27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GOSSAUX27 can't undo changes that you allow.
For more information please see the following:
%GOSSAUX275
Scan ID: {A5B0B12B-EF44-4146-BCB9-6BDF22FE87AD}
User: GOSSAUX\Owner
Name: %GOSSAUX271
ID: %GOSSAUX272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %GOSSAUX276
Alert Type: %GOSSAUX278
Detection Type: 1.1.1593.02
Event Record #/Type25266 / Warning
Event Submitted/Written: 02/23/2008 09:50:31 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%GOSSAUX27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GOSSAUX27 can't undo changes that you allow.
For more information please see the following:
%GOSSAUX275
Scan ID: {4093105B-CA75-4B09-8131-E1CF36DA94CC}
User: GOSSAUX\Owner
Name: %GOSSAUX271
ID: %GOSSAUX272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %GOSSAUX276
Alert Type: %GOSSAUX278
Detection Type: 1.1.1593.02
Event Record #/Type25265 / Warning
Event Submitted/Written: 02/23/2008 09:50:31 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%GOSSAUX27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GOSSAUX27 can't undo changes that you allow.
For more information please see the following:
%GOSSAUX275
Scan ID: {C21DD186-C074-45DB-8D87-A80FEB3117F5}
User: GOSSAUX\Owner
Name: %GOSSAUX271
ID: %GOSSAUX272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %GOSSAUX276
Alert Type: %GOSSAUX278
Detection Type: 1.1.1593.02
-- End of Deckard's System Scanner: finished at 2008-02-23 09:51:17 ------------
Deckard's System Scanner v20071014.68
Run by Owner on 2008-02-23 09:49:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
16: 2008-02-23 15:49:07 UTC - RP853 - Deckard's System Scanner Restore Point
15: 2008-02-22 21:16:03 UTC - RP852 - Software Distribution Service 3.0
14: 2008-02-22 19:28:01 UTC - RP851 - Installed Windows Defender
13: 2008-02-22 19:25:09 UTC - RP850 - Removed Windows Defender
12: 2008-02-22 19:19:46 UTC - RP849 - Installed Windows Defender
-- First Restore Point --
1: 2008-02-14 23:17:38 UTC - RP838 - Software Distribution Service 3.0
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:24 AM, on 2/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
C:\Documents and Settings\Owner\My Documents\My Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapp...rch/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/?.home=msgrR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapp...//www.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [cxrcsyq] c:\windows\system32\cxrcsyq.exe cxrcsyq
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Registration .LNK = C:\Program Files\UBISOFT\Prince of Persia The Sands of Time\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: KenoPop! by pogo -
http://game3.pogo.co...dkeno-en_US.cabO16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) -
http://simcity.ea.co...date/EARTPX.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) -
http://simcity.ea.co...ty4LotTeleX.cabO16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) -
http://simcity.ea.co...ty4PatcherX.cabO16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} -
http://us2-scripts.d..._1073_em_XP.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = HEH
O17 - HKLM\Software\..\Telephony: DomainName = HEH
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = HEH
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O24 - Desktop Component 0: (no name) -
http://us.f524.mail....e...ead=b&Idx=0--
End of file - 5737 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 DKbFltr (Dritek HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\dkbfltr.sys <Not Verified; Dritek System Inc.; Dritek Keyboard Filter>
S1 StarPortLite (StarPort Storage Controller (Lite)) - c:\windows\system32\drivers\starportlite.sys (file missing)
S2 P1100C_CT_CDI (Creative PD1100C HAL Service) - c:\windows\system32\drivers\p1100ccd.sys (file missing)
S2 PfModNT - c:\windows\system32\pfmodnt.sys (file missing)
S3 ADSFilter (ADSFilter - (Aluria Filter Driver)) - c:\windows\system32\drivers\adsfilter.sys (file missing)
S3 BW2NDIS5 - c:\windows\system32\drivers\bw2ndis5.sys (file missing)
S3 lac97inf - c:\docume~1\owner\locals~1\temp\lac97inf.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S3 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&1A671D0C&0&48F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&1A671D0C&0&48F0
Service:
Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: StarPort Storage Controller (Lite)
Device ID: ROOT\SCSIADAPTER\0000
Manufacturer: Rocket Division Software
Name: StarPort Storage Controller (Lite)
PNP Device ID: ROOT\SCSIADAPTER\0000
Service: StarPortLite
-- Scheduled Tasks -------------------------------------------------------------
2008-02-23 08:04:37 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
-- Files created between 2008-01-23 and 2008-02-23 -----------------------------
2008-02-22 23:05:57 2204 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-22 23:03:43 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-22 23:03:43 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-02-22 23:03:43 86016 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-02-22 23:03:43 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-02-22 23:03:43 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-22 23:03:42 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-02-22 23:03:42 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-02-22 17:47:52 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-22 13:28:03 0 d-------- C:\Program Files\Windows Defender
2008-02-22 12:47:26 0 d-------- C:\!KillBox
2008-02-21 19:16:18 0 d-------- C:\Program Files\Trend Micro
2008-02-20 13:45:10 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-20 13:45:10 524288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-18 14:07:13 0 d-------- C:\Documents and Settings\Owner\DoctorWeb
2008-02-16 17:02:59 0 d-------- C:\Program Files\InterActual
2008-02-15 18:10:56 0 d-------- C:\Program Files\Railroad Tycoon II - Platinum
2008-02-15 12:50:28 0 d-------- C:\WINDOWS\pss
2008-02-15 09:21:25 0 d-------- C:\Documents and Settings\All Users\Application Data\TGHomeSoft
2008-02-15 09:20:51 0 d-------- C:\Program Files\TGHome
2008-02-14 17:06:55 0 d-------- C:\Program Files\Java
2008-02-14 13:11:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-14 09:40:38 94694 --a------ C:\WINDOWS\system32\uamhxaxvp.exe
2008-01-29 02:29:20 21696 --a------ C:\WINDOWS\system32\dgpibqg.exe
2008-01-23 22:11:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
-- Find3M Report ---------------------------------------------------------------
2008-02-23 09:30:07 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2008-02-22 21:01:06 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-18 13:25:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-15 18:10:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-15 11:19:45 0 d-------- C:\Program Files\NCH Swift Sound
2008-02-14 10:05:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-01-23 22:11:03 0 d-------- C:\Program Files\Google
2008-01-18 17:44:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Petroglyph
2008-01-11 16:30:32 0 d-------- C:\Program Files\Common Files
2008-01-11 16:17:32 0 d-------- C:\Documents and Settings\Owner\Application Data\Atari
2008-01-06 18:13:59 0 d-------- C:\Program Files\EasyZip
2008-01-02 15:59:22 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-01 23:27:01 520192 --a------ C:\WINDOWS\system32\nature_3120380.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/19/2005 06:59 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/19/2005 06:59 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [12/10/2005 08:57 AM]
"KEMailKb"="C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE" [08/09/2005 02:27 AM]
"P17Helper"="P17.dll" [05/02/2005 09:38 PM C:\WINDOWS\system32\P17.dll]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 07:00 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"cxrcsyq"="c:\windows\system32\cxrcsyq.exe" [02/15/2008 12:13 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [06/14/2005 08:05 AM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 11:55 AM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 11:41 AM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\RunGame.exe
-- End of Deckard's System Scanner: finished at 2008-02-23 09:51:17 ------------