i will try this again i have just been through this but once again received the windows ie has encountered a problem which then closes all windows before i had managed to send you the finnished reply , really really annoying but ok lets try again, firstly the kaspersky came up clean , saying no problems found, so here is the main and the extra text , thanks for showing me how to that by the way .........
Deckard's System Scanner v20071014.68
Run by kenny on 2008-04-03 16:46:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
21: 2008-04-03 15:46:30 UTC - RP171 - Deckard's System Scanner Restore Point
20: 2008-04-02 18:08:08 UTC - RP170 - System Checkpoint
19: 2008-04-01 16:02:25 UTC - RP169 - System Checkpoint
18: 2008-03-31 07:33:39 UTC - RP168 - Installed ACDSee Pro 2.
17: 2008-03-30 16:05:33 UTC - RP167 - Removed Daredevil Pinball
-- First Restore Point --
1: 2008-03-12 14:08:33 UTC - RP151 - Installed TMPGEnc DVD Author 3 with DivX Authoring Trial Version
Performed disk cleanup.
Percentage of Memory in Use: 83% (more than 75%).Total Physical Memory: 256 MiB (512 MiB recommended).System Drive C: has 4.35 GiB (less than 15%) free.-- HijackThis (run as kenny.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:46:55, on 03/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\gsicon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\kenny\desktop\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\kenny.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - S-1-5-18 Startup: OpenOffice.org 2.2.lnk.disabled (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.2.lnk.disabled (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
http://www.symantec....sa/LSSupCtl.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail....es/MSNPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1195985419839O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -
http://download.divx...owserPlugin.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://javadl-esd.su...ows-i586-jc.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn...ro.cab56649.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
http://www.symantec....sa/SymAData.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
https://secure.logme...trl.cab?lmi=100O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 6929 bytes
-- HijackThis Fixed Entries (D:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20071231-074648-268 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080308-182541-513 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabbackup-20080308-182541-534 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 glausb (GlobespanVirata USB ADSL LAN Modem) - c:\windows\system32\drivers\glausb.sys <Not Verified; GlobespanVirata Inc.; GlobespanVirata LAN ADSL USB Modem>
R3 pdiddcci (DDC/CI monitor) - c:\windows\system32\drivers\pdiddcci.sys <Not Verified; Portrait Displays, Inc.; Portrait Displays DDC/CI Monitor Device Driver>
S3 bDMusicb - c:\documents and settings\kian\local settings\temp\bdmusicb.sys
S3 catchme - c:\docume~1\kenny\locals~1\temp\catchme.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 DTSRVC (Portrait Displays Display Tune Service) - c:\program files\common files\portrait displays\shared\dtsrvc.exe
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: SiS 900-Based PCI Fast Ethernet Adapter
Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_0C56105B&REV_90\3&61AAA01&0&20
Manufacturer: SiS
Name: SiS 900-Based PCI Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_0C56105B&REV_90\3&61AAA01&0&20
Service: SISNIC
-- Process Modules -------------------------------------------------------------
C:\WINDOWS\explorer.exe (pid 1936)
2006-12-20 14:55:48 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>
-- Scheduled Tasks -------------------------------------------------------------
2008-03-31 22:27:58 622 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - kenny.job
2008-03-21 18:15:01 376 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
-- Files created between 2008-03-03 and 2008-04-03 -----------------------------
2008-04-02 21:06:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-02 21:06:35 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-02 13:01:54 0 dr-h----- C:\Documents and Settings\kenny\Recent
2008-03-31 08:41:32 0 d-------- C:\Documents and Settings\kenny\Application Data\ACD Systems
2008-03-31 08:34:09 0 d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-03-31 08:33:58 0 d-------- C:\Program Files\Common Files\ACD Systems
2008-03-31 08:33:58 0 d-------- C:\Program Files\ACD Systems
2008-03-30 15:46:09 0 d-------- C:\Program Files\uTorrent
2008-03-30 15:45:57 0 d-------- C:\Documents and Settings\kenny\Application Data\uTorrent
2008-03-23 18:13:53 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-23 18:13:53 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-23 18:13:53 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-23 18:13:53 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-23 13:34:28 1610 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-12 15:19:21 0 d-------- C:\Documents and Settings\kenny\Application Data\Pegasys Inc
2008-03-12 15:08:41 0 d-------- C:\Program Files\Pegasys Inc
2008-03-10 20:19:42 161961 --a------ C:\Documents and Settings\kian\????? ??? ??????
2008-03-09 13:00:26 262144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-03-09 13:00:26 395776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-03-09 13:00:26 112640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-03-09 13:00:26 2255360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-03-09 13:00:24 0 d-------- C:\Program Files\Cucusoft
2008-03-08 10:56:14 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-08 10:32:08 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-08 10:31:35 0 d-------- C:\Program Files\Windows Live
2008-03-08 10:31:07 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-04 15:30:51 0 d-------- C:\Program Files\Lavasoft
2008-03-04 15:30:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
-- Find3M Report ---------------------------------------------------------------
2008-04-01 22:23:09 0 d-------- C:\Documents and Settings\kenny\Application Data\OpenOffice.org2
2008-04-01 13:24:59 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-31 22:46:37 0 d-------- C:\Program Files\Canon
2008-03-31 09:35:58 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-31 08:33:58 0 d-------- C:\Program Files\Common Files
2008-03-30 18:13:44 0 d-------- C:\Program Files\Norton Internet Security
2008-03-30 16:30:12 0 d-------- C:\Program Files\Real
2008-03-30 16:30:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-28 14:28:35 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-16 19:23:52 0 d-------- C:\Program Files\EPSON Print CD
2008-03-14 10:05:33 0 d-------- C:\Documents and Settings\kenny\Application Data\Ahead
2008-03-04 15:29:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 11:59:37 0 d-------- C:\Program Files\Buena Vista Games
2008-02-17 14:23:56 0 d-------- C:\Program Files\Alcohol Soft
2008-02-16 10:19:04 0 dr-h----- C:\Documents and Settings\kenny\Application Data\SecuROM
2008-02-14 00:44:45 3452 --a------ C:\WINDOWS\unins000.dat
2008-02-14 00:30:35 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-06 14:07:23 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-01 12:11:10 586240 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
25/08/2007 04:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
02/02/2008 00:58 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [25/08/2007 04:51 316784]
[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSLAGENTEXE"="dslagent.exe" [15/01/2003 10:05 C:\WINDOWS\system32\dslagent.exe]
"SoundMan"="SOUNDMAN.EXE" [26/02/2004 17:53 C:\WINDOWS\SOUNDMAN.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [31/01/2008 14:15]
"GSICONEXE"="gsicon.exe" [08/01/2003 11:36 C:\WINDOWS\system32\gsicon.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [29/09/2004 06:23]
"Device Detector"="DevDetect.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 12:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 14:55 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor .exe" -NoStart
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
*Newly Created Service* - COMHOST
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8072 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-04-03 16:48:10 ------------
and the extra text .................
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 82%
Physical Memory (total/avail): 255.48 MiB / 45.59 MiB
Pagefile Memory (total/avail): 616.11 MiB / 244.93 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1903.55 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 31.25 GiB total, 4.35 GiB free.
D: is Fixed (NTFS) - 37.26 GiB total, 12.3 GiB free.
E: is Fixed (NTFS) - 43.28 GiB total, 16.48 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
\\.\PHYSICALDRIVE1 - ST340014A - 37.27 GiB - 1 partition
\PARTITION0 - Installable File System - 37.26 GiB - D:
\\.\PHYSICALDRIVE0 - WDC WD800JB-00JJC0 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 31.25 GiB - C:
\PARTITION1 - Installable File System - 43.28 GiB - E:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FW: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AV: Norton Internet Security v15.0.0.60 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\kenny\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME-011E505B0A
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\kenny
LOGONSERVER=\\HOME-011E505B0A
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\kenny\LOCALS~1\Temp
TMP=C:\DOCUME~1\kenny\LOCALS~1\Temp
USERDOMAIN=HOME-011E505B0A
USERNAME=kenny
USERPROFILE=C:\Documents and Settings\kenny
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
kenny
(admin)kian
(admin)anat
(admin)Administrator
(new local, admin)-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
ACDSee Pro 2 --> MsiExec.exe /I{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ArcSoft Camera Suite --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Camera Suite\Uninst.isu"
Camera RAW Plug-In for EPSON Creativity Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F92229B-8CE2-4482-8047-9DBF49CA5F58}\SETUP.EXE" -l0x9 UNINST
Canon PhotoRecord --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
Canon PowerShot A40 WIA Driver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PowerShot A40 WIA\Uninst.isu" -c"C:\Program Files\Canon\PowerShot A40 WIA\UNSTD113.dll"
Canon Utilities PhotoStitch 3.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu"
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
EAX4 Unified Redist --> MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8890B12-4E4C-4E53-9ECB-96193BBA7767}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x9 UNINST
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESPR265_270 User's Guide --> C:\Program Files\EPSON\TPMANUAL\ESPR265_270\ENG\USE_G\DOCUNINS.EXE
FIFA 08 --> MsiExec.exe /X{0A2A5039-B37F-489D-B1DC-A5258DF9E697}
HijackThis 2.0.2 --> "d:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ImageMixer VCD/DVD2 for OLYMPUS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Mega Codec Pack 3.4.5 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OLYMPUS Master --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
OLYMPUS Master 2 --> MsiExec.exe /X{45FCADDB-0B29-457E-83A1-D245C62A716C}
OLYMPUS Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{776EA8AC-D8D6-4528-92A2-0235F2B511F1}\Setup.exe" OLYMPUS Studio
OpenOffice.org 2.2 --> MsiExec.exe /I{3DC13672-7F8E-4937-A169-996A3658B325}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Romat Telecom Ltd - Adsl Modem --> C:\Program Files\Romat\Adsl\uninstall.exe
SDK --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9
SmartControl II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FDA7A7CB-F1DE-42A9-83A6-27BE6CD6E8F3}\setup.exe" -l0x9 -removeonly
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Star Wars Jedi Knight Jedi Academy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}\Setup.exe" -l0x9
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec Technical Support Web Controls --> MsiExec.exe /X{9743AF47-B746-4324-B4C4-512E67D04370}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The Chronicles of Narnia --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{57FA1C3F-CDBE-4092-9423-B83D66CD4978}
TMPGEnc DVD Author 3 with DivX Authoring Trial Version --> MsiExec.exe /I{CF96BF8E-10A6-4912-942F-E83ABE7BE771}
VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
äðñéëä øôåðæì --> C:\Program Files\Common Files\Knowledge Adventure\Uninstall\RapunzelUn.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type11654 / Error
Event Submitted/Written: 04/02/2008 11:49:20 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]
Event Record #/Type11617 / Error
Event Submitted/Written: 04/02/2008 00:02:43 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module ieui.dll, version 7.0.5730.13, fault address 0x000061b1.
Processing media-specific event for [iexplore.exe!ws!]
Event Record #/Type11592 / Error
Event Submitted/Written: 04/01/2008 10:58:23 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]
Event Record #/Type11590 / Error
Event Submitted/Written: 04/01/2008 10:38:29 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]
Event Record #/Type11586 / Error
Event Submitted/Written: 04/01/2008 10:35:26 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 479851305.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type18392 / Error
Event Submitted/Written: 04/02/2008 11:47:39 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}
Event Record #/Type18391 / Error
Event Submitted/Written: 04/02/2008 11:25:29 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}
Event Record #/Type18256 / Error
Event Submitted/Written: 03/31/2008 08:04:14 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
Event Record #/Type18216 / Error
Event Submitted/Written: 03/31/2008 03:06:48 PM
Event ID/Source: 4321 / NetBT
Event Description:
The name "WORKGROUP :1d" could not be registered on the Interface with IP address 172.16.2.111.
The machine with the IP address 172.16.4.213 did not allow the name to be claimed by
this machine.
Event Record #/Type18159 / Error
Event Submitted/Written: 03/31/2008 07:56:20 AM
Event ID/Source: 4321 / NetBT
Event Description:
The name "WORKGROUP :1d" could not be registered on the Interface with IP address 172.16.2.111.
The machine with the IP address 172.16.2.224 did not allow the name to be claimed by
this machine.
-- End of Deckard's System Scanner: finished at 2008-04-03 16:48:10 ------------
sending it quick before it gets wiped off again ....