Thanks so much for the help. Smitfraudfix removed the desktop background. . . impressive. Here are the logs from both programs:
Deckard's System Scanner v20071014.68
Run by William Procopio on 2008-02-28 19:43:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 81% (more than 75%).-- HijackThis (run as William Procopio.exe) ------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-28 19:47:24
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\William Procopio\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://home.microsof...search.asp?p=%sR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.microsoft...amp;ar=iesearchF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {711C06FE-C1C3-4843-8E3D-B599121AABD1} - C:\WINDOWS\system32\mlljh.dll (file missing)
O2 - BHO: Microsoft copyright - {971D5B7B-F7DF-43ee-B771-6B7FA09975C3} - sipov.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [netsv32] C:\WINDOWS\sv.exe
O4 - HKLM\..\Run: [netzip] C:\WINDOWS\svzip.exe
O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [netw] C:\WINDOWS\svw.exe
O4 - HKLM\..\Run: [netx] C:\WINDOWS\svx.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\William Procopio\Local Settings\Application Data\cftmon.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Ncao] "C:\DOCUME~1\WILLIA~1\APPLIC~1\FNTS~1\msconfig.exe" -vt yazb
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\William Procopio\Local Settings\Application Data\cftmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.www.caremark.com (HKCU)
O15 - Trusted Zone:
https://line6.net (HKCU)
O15 - Trusted Zone: *.line6.net (HKCU)
O15 - Trusted Zone:
http://service1.symantec.com (HKCU)
O15 - Trusted Zone:
http://www.symantec.com (HKCU)
O15 - Trusted Zone:
http://xponentialmusic.org (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
https://activatemyfi...oad/tgctlcm.cabO16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) -
http://www.cyberlink...xp/CheckDVD.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1092947926171O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx...owserPlugin.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.ma...ent/swflash.cabO16 - DPF: {E5C97835-6865-443E-8C33-671D9C71A6D0} (LedaX Control) -
https://www.clientsp...d/RapidocsX.cabO18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: abfbdacbbfeacb - C:\WINDOWS\system32\abfbdacbbfeacb.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: System Event Notification SENSUPS (SENSUPS) - Unknown owner - C:\WINDOWS\system32\~.exe srv
O23 - Service: Dell Wireless WLAN Tray Service (WLTRYSVC) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE
--
End of file - 9618 bytes
-- File Associations -----------------------------------------------------------
.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 OMCI (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; ; Bluetooth Software 1.4.1 Build 5>
R2 portD (CMS PortIO Service) - c:\windows\system32\drivers\portd2k.sys <Not Verified; CMS Peripherals, Inc.; BounceBack>
R3 L6DP - c:\windows\system32\drivers\l6dp.sys <Not Verified; Line 6; Line 6 Device Proxy>
S3 ATIXPGAA - c:\dell\drivers\r75495\atixpgaa.sys <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators>
S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 BW2NDIS5 - c:\windows\system32\drivers\bw2ndis5.sys (file missing)
S3 GPWADrv (Service for L6 GuitarPort Driver (WDM)) - c:\windows\system32\drivers\gpwadrv.sys <Not Verified; Line 6; GuitarPort>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
S2 SENSUPS (System Event Notification SENSUPS) - c:\windows\system32\~.exe srv (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3A321F38&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3A321F38&0&00F0
Service: bcm4sbxp
-- Scheduled Tasks -------------------------------------------------------------
2008-02-20 12:35:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-01-28 and 2008-02-28 -----------------------------
2008-02-28 19:39:19 0 d-------- C:\WINDOWS\LastGood
2008-02-28 19:32:48 0 dr-h----- C:\Documents and Settings\William Procopio\Recent
2008-02-28 19:28:21 3874 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-28 15:53:20 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-02-28 14:34:02 0 d-------- C:\My Music
2008-02-28 14:33:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-02-28 14:13:10 516096 --a------ C:\WINDOWS\system32\ExTab.dll <Not Verified; Exontrol Inc.; ExTab Module>
2008-02-28 14:13:10 307200 --a------ C:\WINDOWS\system32\ExPMenu.dll <Not Verified; Exontrol Inc.; ExPopupMenu Control>
2008-02-28 14:13:10 602112 --a------ C:\WINDOWS\system32\ExMenu.dll <Not Verified; Exontrol Inc.; ExMenu Control>
2008-02-28 14:13:10 1753088 --a------ C:\WINDOWS\system32\ExGrid.dll <Not Verified; Exontrol Inc.; ExGrid Module>
2008-02-28 14:13:10 614400 --a------ C:\WINDOWS\system32\ExButton.dll <Not Verified; Exontrol Inc.; ExButton Module>
2008-02-28 14:13:08 118784 --a------ C:\WINDOWS\system32\eWebControl.dll <Not Verified; eSellerate Inc.; >
2008-02-28 14:13:08 356352 --a------ C:\WINDOWS\system32\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-02-28 14:13:08 0 d-------- C:\Program Files\Common Files\eSellerate
2008-02-28 14:08:09 1634304 --a------ C:\WINDOWS\system32\3D Windows XP.scr
2008-02-28 12:06:02 0 d-------- C:\Program Files\ACW
2008-02-28 10:54:11 0 d-------- C:\sUBs
2008-02-28 10:35:18 0 d-------- C:\Program Files\Trend Micro
2008-02-25 10:50:51 122385 --a------ C:\WINDOWS\system32\abfbdacbbfeacb.dll
2008-02-23 17:27:42 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-23 17:27:42 2552 --a------ C:\WINDOWS\unins000.dat
2008-02-23 09:31:55 12906 ---hs---- C:\WINDOWS\system32\drivers\spools.exe
2008-01-31 20:07:54 0 d-------- C:\Program Files\pdf-tools
-- Find3M Report ---------------------------------------------------------------
2008-02-28 14:13:08 0 d-------- C:\Program Files\Common Files
2008-02-28 14:08:00 0 d-------- C:\Program Files\Secure PC Solutions
2008-02-28 14:07:05 0 d-------- C:\Documents and Settings\William Procopio\Application Data\Line 6
2008-02-28 13:58:27 2 --a------ C:\WINDOWS\FixReportFound
2008-02-28 13:58:27 4 --a----c- C:\WINDOWS\FixFound
2008-02-27 08:55:22 0 d-------- C:\Documents and Settings\William Procopio\Application Data\AdobeUM
2008-02-25 08:37:11 1009 --ahs---- C:\WINDOWS\system32\2962003880.dat
2008-01-15 00:18:17 0 d-------- C:\Program Files\Dell
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{711C06FE-C1C3-4843-8E3D-B599121AABD1}]
C:\WINDOWS\system32\mlljh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{971D5B7B-F7DF-43ee-B771-6B7FA09975C3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [08/21/2004 05:04 PM]
"EPSON Stylus Photo RX500"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.exe" [06/01/2003 03:00 PM]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [04/29/2004 01:15 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [03/03/2003 12:29 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/05/2005 08:30 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/24/2006 02:24 AM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM]
"netsv32"="C:\WINDOWS\sv.exe" []
"netzip"="C:\WINDOWS\svzip.exe" []
"netc"="C:\WINDOWS\svc.exe" []
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [12/19/2005 09:08 AM]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 04:59 AM C:\WINDOWS\BCMSMMSG.exe]
"netw"="C:\WINDOWS\svw.exe" []
"netx"="C:\WINDOWS\svx.exe" []
"autoload"="C:\Documents and Settings\William Procopio\Local Settings\Application Data\cftmon.exe" [02/23/2008 03:50 PM]
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" [02/23/2008 09:31 AM]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [01/22/2008 07:43 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ncao"="C:\DOCUME~1\WILLIA~1\APPLIC~1\FNTS~1\msconfig.exe" []
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" [02/23/2008 09:31 AM]
"autoload"="C:\Documents and Settings\William Procopio\Local Settings\Application Data\cftmon.exe" [02/23/2008 03:50 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ntuser"=C:\WINDOWS\system32\drivers\spools.exe
"autoload"=C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe
C:\Documents and Settings\William Procopio\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoStartBanner"=01000000
"ClearRecentDocsOnExit"=01000000
"NoRecentDocsHistory"=01000000
"NoRecentDocsNetHood"=01000000
"NoWinKeys"=01000000
"NoSMMyPictures"=01000000
"NoNetworkConnections"=01000000
"NoStrCmpLogical"=01000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\abfbdacbbfeacb]
C:\WINDOWS\system32\abfbdacbbfeacb.dll 02/25/2008 10:50 AM 122385 C:\WINDOWS\system32\abfbdacbbfeacb.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Propel Accelerator]
C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"btwdins"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60bbfe66-7f79-11d9-8c15-000f1f1624f0}]
AutoRun\command- E:\JDSecure\Windows\JDSecure20.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b057c20e-e635-11dc-ace4-886797ccf143}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.4d5.net
127.0.0.1 4d5.net
127.0.0.1 media.popuptraffic.com
127.0.0.1 scripps.com
127.0.0.1 www.sitefinder.verisign.com
127.0.0.1 adsremote.scripps.com
127.0.0.1 mas.scripps.com
127.0.0.1 scripps.com
127.0.0.1 googlesyndication.com
127.0.0.1 pagead2.googlesyndication.com
8037 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-02-28 19:51:46 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 77%
Physical Memory (total/avail): 511.21 MiB / 114.82 MiB
Pagefile Memory (total/avail): 1245.64 MiB / 783.78 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.94 MiB
C: is Fixed (NTFS) - 37.21 GiB total, 6.18 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - FUJITSU MHT2040AH - 37.26 GiB - 2 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)
AV: Windows Live OneCare v1.0.0 (Microsoft Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:TaskPanl"
"C:\\Program Files\\Netscape\\Netscape\\Netscp.exe"="C:\\Program Files\\Netscape\\Netscape\\Netscp.exe:*:Enabled:Netscape"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\Kensington\\MouseWorks\\k_update.exe"="C:\\Program Files\\Kensington\\MouseWorks\\k_update.exe:*:Enabled:Kensington Digital Update of installed software via the Web."
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Codemasters\\Insane Demo\\Game.exe"="C:\\Codemasters\\Insane Demo\\Game.exe:*:Disabled:INSANE"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\William Procopio\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.1_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DARWIN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\William Procopio
LOGONSERVER=\\DARWIN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.1_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp
USERDOMAIN=DARWIN
USERNAME=William Procopio
USERPROFILE=C:\Documents and Settings\William Procopio
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
William Procopio
(admin)Kim Burns
Kim
Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ArcSoft Camera Suite --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Camera Suite\Uninst.isu"
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\Setup.exe" -l0x9
ASIO4ALL v2 --> C:\Program Files\ASIO4ALL v2\uninstall.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.3 --> "C:\Program Files\Audacity\unins000.exe"
BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet
BitTornado 0.3.17 --> C:\Program Files\BitTornado\uninst.exe
BounceBack Professional --> C:\WINDOWS\system32\BBUninstall.exe
Broadcom 440x 10/100 Integrated Controller --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Canon Camera Access Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{901F8ED7-13E8-43EF-B738-2FE89B0588EB} /l1033
Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}
Canon Camera Window DSLR 5 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 6 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}
Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4DBBF091-FACD-422C-B43C-786335BD5398}
Canon PhotoRecord --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
Canon PowerShot A40 WIA Driver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PowerShot A40 WIA\Uninst.isu" -c"C:\Program Files\Canon\PowerShot A40 WIA\UNSTD113.dll"
Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44E24545-F317-4498-B7CD-240DE7BA8DE2}
Canon Utilities PhotoStitch 3.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu"
Canon Utilities RAW Image Converter --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\RAW Image Converter\Uninst.isu"
Canon Utilities RemoteCapture 2.2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\RemoteCapture\Uninst.isu"
Canon ZoomBrowser EX (E) --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CK Becky Higgins' Creative Clips --> C:\CKBROW~1\UNWISE.EXE C:\CKBROW~1\CKCREA~1.LOG
CK Font Organizer --> C:\PROGRA~1\CKFONT~1\UNWISE.EXE C:\PROGRA~1\CKFONT~1\INSTALL.LOG
CMN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C8FC80-E542-11D3-8F7F-009027591AA8}\setup.exe"
Dell Bluetooth Software --> MsiExec.exe /X{0F51A262-1ADF-4914-B448-78AC58C4178A}
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EPSON CardMonitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
EPSON Copy Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B53B71D-9E2F-42B8-9123-96354872D166}\setup.exe" -l0x9 MyUninstall
EPSON PhotoStarter3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5983C895-DDA4-45D9-A8D1-877D5DE7693E}\Setup.exe" -l0x9 uninst
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON RX500 Reference Guide --> C:\Program Files\epson\guide\rx500_e\uninstall.exe
EPSON Scan --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\Setup.exe" -l0x9 UNINSTALL
EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\Setup.exe" -l0x9 Uninstall
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
Family Feud --> "C:\Program Files\Verizon Online\Family Feud\Uninstall.exe" "C:\Program Files\Verizon Online\Family Feud\install.log"
GoldWave v5.08 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.08" "C:\Program Files\GoldWave\unstall.log"
GTOneCare --> MsiExec.exe /X{72690A58-4C2A-4CDE-928C-DF925B125F43}
GuitarPort 2.51 (Remove Only) --> C:\Program Files\Line6\GuitarPort\Uninstall.exe
GuitarPort Drivers 2.8.9.0 (Remove Only) --> C:\Program Files\Line6\Tools\Driver Archive\GuitarPort\2.8.9.0\Uninstall.exe
GuitarPort Drivers 3.0.0.4 (Remove Only) --> C:\Program Files\Line6\Tools\Driver Archive\GuitarPort\3.0.0.4\Uninstall.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
ImageTool --> C:\WINDOWS\uninst.exe -f"c:\program files\image tool\DeIsL1.isu" -c"c:\program files\image tool\_ISREG32.DLL"
InterVideo WinDVD 8 --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
iolo technologies' System Mechanic 5 --> C:\PROGRA~1\iolo\SYSTEM~2\UNWISE.EXE C:\PROGRA~1\iolo\SYSTEM~2\INSTALL.LOG
iTunes --> MsiExec.exe /I{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6}
Java 2 Runtime Environment, SE v1.4.1_02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
Kensington MouseWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C78937F-0C8E-11D9-A3EB-0001025FA304}\setup.exe" -l0x9 -u
KRISTAL Audio Engine --> C:\Program Files\Kreatives.org\KRISTAL Audio Engine\Uninstall.exe
Line 6 Drivers 3.2.7.0 (Remove Only) --> C:\Program Files\Line6\Tools\Driver Archive\All Drivers\3.2.7.0\Uninstall.exe
Line 6 Drivers 3.2.9.2 (Remove Only) --> C:\Program Files\Line6\Tools\Driver Archive\All Drivers\3.2.9.2\Uninstall.exe
Line 6 Drivers 3.3.3.6 (Remove Only) --> C:\Program Files\Line6\Tools\Driver Archive\All Drivers\3.3.3.6\Uninstall.exe
Line 6 Monkey 1.13 (Remove Only) --> C:\Program Files\Line6\Tools\Line 6 Monkey\Uninstall.exe
Line 6 Monkey 1.15 (Remove Only) --> C:\Program Files\Line6\Tools\Line 6 Monkey\Uninstall.exe
Line 6 Monkey 1.16 (Remove Only) --> C:\Program Files\Line6\Tools\Line 6 Monkey\Uninstall.exe
Line 6 Monkey 1.18 (Remove Only) --> C:\Program Files\Line6\Tools\Line 6 Monkey\Uninstall.exe
LiveUpdate 1.7 (Symantec Corporation) --> C:\Program Files\\Symantec\LiveUpdate\LSETUP.EXE /U
LucasArts' Jedi Knight --> C:\WINDOWS\uninst.exe -f"C:\Program Files\LucasArts\Jedi Knight\DeIsL1.isu"
LucasArts' Outlaws --> C:\WINDOWS\uninst.exe -f"C:\Program Files\LucasArts\Outlaws\DeIsL1.isu"
Magic ISO Maker v4.9 (build 0144) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Pro Step by Step Interactive --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FC7D8E1-F14F-11D4-943A-00E02950B496}\setup.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Protection Service --> MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Live OneCare Resources v2.0.2500.22 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{E6A31482-989E-4E3C-B0C0-1ED4DBD5BC83}
Microsoft Windows OneCare Live v2.0.2500.22 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft Windows OneCare Live v2.0.2500.22 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Netscape (7.1) --> C:\WINDOWS\NSUninst.exe /ua "7.1b1 (en)"
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
QuickTime --> MsiExec.exe /I{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE}
Radio@Netscape Plus --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Radio@Netscape Plus\uninst.isu" -c"C:\Program Files\Radio@Netscape Plus\program\uninst.dll"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
SigmaTel AC97 Audio Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
SiSoftware Sandra Lite 2005 (Win64/32/CE) --> "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\unins000.exe"
SiSoftware Sandra Lite 2005.SR1 (Win64/32/CE) --> "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\unins000.exe"
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
StuffIt Expander 8.0 --> MsiExec.exe /X{DB74D322-389F-4C0C-810C-081D88CA62B1}
Symantec AntiVirus Client --> MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
The Ultimate Troubleshooter --> C:\PROGRA~1\ANSWER~1\TROUBL~1\UNWISE.EXE C:\PROGRA~1\ANSWER~1\TROUBL~1\INSTALL.LOG
TuneXP 1.5 --> C:\WINDOWS\iun6002.exe "C:\Program Files\TuneXP\irunin.ini"
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Unreal Tournament --> C:\UnrealTournament\System\Setup.exe uninstall "UnrealTournament"
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XQDC X-Setup Pro 7.0.300.Final1 --> "C:\Program Files\X-Setup Pro\unins000.exe"
Yahoo! Toolbar --> rundll32.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YCOMP5~1.DLL,DllCommand ui
-- Application Event Log -------------------------------------------------------
Event Record #/Type5490 / Warning
Event Submitted/Written: 02/27/2008 09:40:07 AM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Could not scan 1 files inside C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit158.zip due to extraction errors encountered by the Decomposer Engines.
Event Record #/Type5489 / Warning
Event Submitted/Written: 02/27/2008 09:40:07 AM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Could not scan 1 files inside C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit157.zip due to extraction errors encountered by the Decomposer Engines.
Event Record #/Type5488 / Warning
Event Submitted/Written: 02/27/2008 09:40:07 AM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Could not scan 1 files inside C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit156.zip due to extraction errors encountered by the Decomposer Engines.
Event Record #/Type5487 / Warning
Event Submitted/Written: 02/27/2008 09:40:06 AM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Could not scan 1 files inside C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit155.zip due to extraction errors encountered by the Decomposer Engines.
Event Record #/Type5486 / Warning
Event Submitted/Written: 02/27/2008 09:40:06 AM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Could not scan 1 files inside C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit154.zip due to extraction errors encountered by the Decomposer Engines.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type53959 / Warning
Event Submitted/Written: 02/28/2008 10:59:30 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 009096AE497A. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type53952 / Warning
Event Submitted/Written: 02/28/2008 10:44:21 AM
Event ID/Source: 20169 / RemoteAccess
Event Description:
Unable to contact a DHCP server. The Automatic Private IP Address 169.254.71.105 will be
assigned to dial-in clients. Clients may be unable to access resources on
the network.
Event Record #/Type53951 / Error
Event Submitted/Written: 02/28/2008 10:44:21 AM
Event ID/Source: 20106 / RemoteAccess
Event Description:
Unable to add the interface {91A86EF0-5112-4D31-B674-E362039AAB05} with the Router Manager for the IP protocol. The
following error occurred: Cannot complete this function.
Event Record #/Type53938 / Error
Event Submitted/Written: 02/28/2008 10:44:14 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The HidServ service terminated with the following error:
%%126
Event Record #/Type53937 / Error
Event Submitted/Written: 02/28/2008 10:44:14 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Task Scheduler service failed to start due to the following error:
%%1053
-- End of Deckard's System Scanner: finished at 2008-02-28 19:51:46 ------------
SmitFraudFix v2.298
Scan done at 19:26:17.65, Thu 02/28/2008
Run from C:\Documents and Settings\William Procopio\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 www.4d5.net
127.0.0.1 4d5.net
127.0.0.1 media.popuptraffic.com
127.0.0.1 scripps.com
127.0.0.1 www.sitefinder.verisign.com
127.0.0.1 adsremote.scripps.com
127.0.0.1 mas.scripps.com
127.0.0.1 scripps.com
127.0.0.1 googlesyndication.com
127.0.0.1 pagead2.googlesyndication.com
127.0.0.1 rcm.amazon.com
127.0.0.1 view.popupsponsor.com
127.0.0.1 www.popuptraffic.com
127.0.0.1 mediamgr.ugo.com
127.0.0.1 www.mediamgr.ugo.com
127.0.0.1 ads.gamespy.com
127.0.0.1 www.ads.gamespy.com
127.0.0.1 ads.hitcents.com
127.0.0.1 www.ads.hitcents.com
127.0.0.1 web2.realtracker.com
127.0.0.1 www.web2.realtracker.com
127.0.0.1 www2.addfreestats.com
127.0.0.1 www.addfreestats.com
127.0.0.1 addfreestats.com
127.0.0.1 www.systemsoap.com
127.0.0.1 ar.atwola.com
127.0.0.1 atwola.com
127.0.0.1 www.atwola.com
127.0.0.1 systemsoap.com
127.0.0.1 img.rn11.com
127.0.0.1 rn11.com
127.0.0.1 www.sitepoint.com
127.0.0.1 sitepoint.com
127.0.0.1 opennetinitiative.net
127.0.0.1 www.opennetinitiative.net
127.0.0.1 hc2.humanclick.com
127.0.0.1 humanclick.com
127.0.0.1 www.humanclick.com
127.0.0.1 clickability.com
127.0.0.1 www.clickability.com
127.0.0.1 adserver.anm.co.uk
127.0.0.1 adserver.news.com.au
127.0.0.1 ads2.newtimes.com
127.0.0.1 ads.newtimes.com
127.0.0.1 ads.tripod.lycos.de
127.0.0.1 ads.telegraph.co.uk
127.0.0.1 ads.thestar.com
127.0.0.1 ads.techtv.com
127.0.0.1 adsrv.bankrate.com
127.0.0.1 www.megago.com
127.0.0.1 megago.com
127.0.0.1 exit.megago.com
127.0.0.1 www.searching.net
127.0.0.1 searching.net
127.0.0.1 as.casalemedia.com
127.0.0.1 casalemedia.com
127.0.0.1 www.casalemedia.com
127.0.0.1 is.casalemedia.com
127.0.0.1 ads.warcry.com
127.0.0.1 www.ads.warcry.com
127.0.0.1 ads.warcry.com
127.0.0.1 ads.gorillanation.com
127.0.0.1 gorillanation.com
127.0.0.1 www.gorillanation.com
127.0.0.1 affiliates.barenecessities.com
127.0.0.1 www.starchamber.net
127.0.0.1 starchamber.net
127.0.0.1 ssl-images.amazon.com
127.0.0.1 la1-w-merry.universalinteractive.com
127.0.0.1 beveragebistro.com
127.0.0.1 www.beveragebistro.com
127.0.0.1 www.anarchy-online.com
127.0.0.1 www.rarebeer.com
127.0.0.1 www.qksrv.net
127.0.0.1 qksrv.net
127.0.0.1 books.textbookx.com
127.0.0.1 www.textbookx.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100