Hi kahdah. Thanks for the fast response.
I followed your instructions and here are the results:
main.txtDeckard's System Scanner v20071014.68
Run by Owner on 2008-04-06 11:55:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 2 Restore Point(s) --
2: 2008-04-06 15:55:25 UTC - RP17 - Deckard's System Scanner Restore Point
1: 2008-04-06 15:54:31 UTC - RP16 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 510 MiB (512 MiB recommended).-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:05 AM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F037D81-C739-4693-AB5B-A3A9679948FF} - c:\windows\system32\ctl3dv2h.dll
O2 - BHO: (no name) - {2FC734B8-547F-43E9-B169-6A74220C0259} - C:\WINDOWS\system32\DivXd.dll
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) -
http://dlm.tools.aka...vex-2.2.1.0.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1177605102515O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1177606220060O16 - DPF: {73F7A062-8829-11D1-B550-006097242D8D} (Voxware MetaSound Audio Decoder) -
http://support.ninth...lers/voxacm.cabO16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) -
http://dlm.tools.aka...vex-2.2.1.6.cabO20 - Winlogon Notify: trwvdinh - C:\WINDOWS\SYSTEM32\ctl3dv2h.dll
--
End of file - 2633 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\backups\) -----------------------------
backup-20080403-161031-182 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
backup-20080403-173642-344 O2 - BHO: (no name) - {0F037D81-C739-4693-AB5B-A3A9679948FF} - c:\windows\system32\ctl3dv2h.dll
backup-20080403-173642-386 O20 - Winlogon Notify: trwvdinh - C:\WINDOWS\SYSTEM32\ctl3dv2h.dll
backup-20080403-173706-569 O20 - Winlogon Notify: trwvdinh - C:\WINDOWS\SYSTEM32\ctl3dv2h.dll
backup-20080403-175627-781 O20 - Winlogon Notify: trwvdinh - C:\WINDOWS\SYSTEM32\ctl3dv2h.dll
backup-20080403-175627-926 O2 - BHO: (no name) - {0F037D81-C739-4693-AB5B-A3A9679948FF} - c:\windows\system32\ctl3dv2h.dll
backup-20080403-180712-621 O20 - Winlogon Notify: trwvdinh - C:\WINDOWS\SYSTEM32\ctl3dv2h.dll
backup-20080403-180712-704 O2 - BHO: (no name) - {0F037D81-C739-4693-AB5B-A3A9679948FF} - c:\windows\system32\ctl3dv2h.dll
backup-20080405-121835-507 O2 - BHO: (no name) - {0F037D81-C739-4693-AB5B-A3A9679948FF} - c:\windows\system32\ctl3dv2h.dll
backup-20080405-121835-735 O20 - Winlogon Notify: trwvdinh - C:\WINDOWS\SYSTEM32\ctl3dv2h.dll
backup-20080405-121926-325 O20 - Winlogon Notify: trwvdinh - C:\WINDOWS\SYSTEM32\ctl3dv2h.dll
backup-20080405-121926-930 O2 - BHO: (no name) - {0F037D81-C739-4693-AB5B-A3A9679948FF} - c:\windows\system32\ctl3dv2h.dll
backup-20080405-122010-729 O20 - Winlogon Notify: trwvdinh - C:\WINDOWS\SYSTEM32\ctl3dv2h.dll
backup-20080405-122010-907 O2 - BHO: (no name) - {0F037D81-C739-4693-AB5B-A3A9679948FF} - c:\windows\system32\ctl3dv2h.dll
backup-20080405-232403-751 O20 - Winlogon Notify: trwvdinh - C:\WINDOWS\SYSTEM32\ctl3dv2h.dll
backup-20080406-111639-457 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
backup-20080406-111639-481 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
-- File Associations -----------------------------------------------------------
.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe,2.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1"-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 jajwjfwn - c:\windows\system32\drivers\yvmpostn.dat
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_24DD&SUBSYS_019D1028&REV_02\3&172E68DD&0&EF
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_24DD&SUBSYS_019D1028&REV_02\3&172E68DD&0&EF
Service:
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&1C660DD6&0&08F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&1C660DD6&0&08F0
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-04-06 11:48:02 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
-- Files created between 2008-03-06 and 2008-04-06 -----------------------------
2008-04-05 23:05:50 0 d-------- C:\Program Files\WinBatch
2008-04-05 23:03:58 0 d-------- C:\Documents and Settings\Owner\Application Data\WinBatch
2008-04-05 23:03:33 0 d-------- C:\Program Files\WinBatch_install
2008-04-05 18:59:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-04-05 18:59:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-05 18:47:28 1294 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-05 13:09:06 36373 --a------ C:\Program Files\ffunlock.exe
2008-04-05 13:05:21 25600 --a------ C:\Program Files\md5.exe
2008-04-05 12:11:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Desktopicon
2008-04-05 08:52:12 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-05 08:52:12 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-05 08:52:12 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-05 08:52:12 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-05 08:52:12 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-05 08:52:12 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-05 08:52:12 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-05 08:52:12 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-05 08:52:11 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-05 08:52:11 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-05 08:52:11 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-05 08:52:11 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-05 08:52:11 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-05 08:52:11 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-04 08:31:23 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-04-03 23:19:21 35072 --a------ C:\WINDOWS\system32\zecobgkc.dat
2008-04-03 23:19:21 36608 --a------ C:\WINDOWS\system32\tcqdkpgy.dat
2008-04-03 17:00:37 164 --a------ C:\install.dat
2008-04-03 16:10:31 0 d-------- C:\Program Files\backups
2008-04-03 14:20:38 0 d-------- C:\www.creativeconceptsinc.net
2008-04-03 13:39:35 486449 --a------ C:\Program Files\Fixwareout.exe
2008-04-03 11:29:32 0 d-------- C:\SmitfraudFix
2008-04-03 08:10:54 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-02 23:16:29 6491392 --a------ C:\WINDOWS\system32\dunmuqjn.dat
2008-04-02 23:16:28 42752 --a------ C:\WINDOWS\system32\hkbzsfzh.dat
2008-04-02 23:16:28 638208 --a------ C:\WINDOWS\system32\cjbhmtap.dat
2008-04-02 23:16:28 109824 --a------ C:\WINDOWS\system32\aalztiwl.dat
2008-04-02 22:42:45 0 d-------- C:\Program Files\Lavasoft
2008-04-02 22:42:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-02 22:14:10 0 d-------- C:\Program Files\Common Files\Mozilla Shared
2008-04-02 22:14:09 20224 --a------ C:\WINDOWS\system32\drivers\yvmpostn.dat
2008-04-02 17:22:35 81920 --a------ C:\WINDOWS\system32\ctl3dv2h.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-02 17:22:17 0 d-------- C:\WINDOWS\system32\AppCert
2008-04-02 17:21:54 88064 --a------ C:\WINDOWS\system32\DivXd.dll
2008-03-29 20:23:58 0 d-------- C:\Program Files\SmartFTP Client
2008-03-29 20:23:38 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-03-28 20:13:22 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-03-28 20:13:22 0 d-------- C:\Program Files\Ipswitch
2008-03-28 20:07:14 0 d-------- C:\Documents and Settings\Owner\Application Data\SmartFTP
2008-03-11 16:53:04 0 d-------- C:\www.bannerexteriors.com
2008-03-10 07:30:31 313344 --a------ C:\Program Files\hjsplit.exe
2008-03-07 18:56:00 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-03-07 18:55:13 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
-- Find3M Report ---------------------------------------------------------------
2008-04-06 11:56:05 2634 --a------ C:\Program Files\hijackthis.log
2008-04-05 22:43:37 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-05 22:42:46 0 d-------- C:\Program Files\Symantec
2008-04-05 15:37:40 0 d-------- C:\Program Files\NoAdware5.0
2008-04-05 13:08:45 36277 --a------ C:\Program Files\ffunlock.zip
2008-04-05 13:01:37 0 d-------- C:\Program Files\Common Files
2008-04-05 12:32:13 532480 --a------ C:\Program Files\cwshredder.exe <Not Verified; Trend Micro Incorporated; CWShredder>
2008-04-04 06:57:36 139160 --a------ C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-04-03 22:08:21 0 d-------- C:\Program Files\Sound Forge
2008-04-02 22:54:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 13:10:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-22 00:05:03 0 d-------- C:\Program Files\DivX
2008-03-21 14:10:47 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-03-16 21:59:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-03-10 07:29:15 304957 --a------ C:\Program Files\hjsplit.zip
2008-03-07 18:55:39 335 --a------ C:\WINDOWS\nsreg.dat
2008-03-07 15:28:17 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2008-02-29 09:54:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-02-29 09:43:44 0 d-------- C:\Program Files\Google
2008-02-27 16:19:02 0 d-------- C:\Documents and Settings\Owner\Application Data\dvdcss
2008-02-21 07:40:32 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-02-17 08:45:50 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-02-15 18:17:33 0 d-------- C:\Documents and Settings\Owner\Application Data\vlc
2008-02-15 18:15:41 0 d-------- C:\Program Files\VideoLAN
2008-02-14 11:06:01 0 d-------- C:\Program Files\uTorrent
2008-02-08 10:50:17 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-25 15:25:28 100172 --ah----- C:\WINDOWS\system32\mlfcache.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F037D81-C739-4693-AB5B-A3A9679948FF}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FC734B8-547F-43E9-B169-6A74220C0259}]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [12/20/2003 09:58 PM 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\trwvdinh]
ctl3dv2h.dll 04/05/2008 07:59 AM 81920 C:\WINDOWS\system32\ctl3dv2h.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PopMenuStartUp exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PopMenuStartUp exe.lnk
backup=C:\WINDOWS\pss\PopMenuStartUp exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8og78sz65o]
C:\WINDOWS\system32\8og78sz65o.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScreenPrint32]
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
"C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NetSvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"avg8wd"=2 (0x2)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
erxufzvj
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f06c3dc2-28dd-11dc-99a1-001111bd5d90}]
AutoRun\command- F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f06c3dc4-28dd-11dc-99a1-001111bd5d90}]
AutoRun\command- F:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2008-04-06 11:57:06 ------------
extra.txtDeckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 509.98 MiB / 300.16 MiB
Pagefile Memory (total/avail): 1248.75 MiB / 1089 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.45 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 71.7 GiB total, 32.95 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 71.7 GiB - C:
\PARTITION2 - Unknown - 2.75 GiB
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before download.
Windows Internal Firewall is disabled.
AntivirusOverride is set.
FirewallOverride is set.
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=A2P
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\A2P
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=A2P
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Owner
(admin)Administrator
(new local, admin)-- Add/Remove Programs ---------------------------------------------------------
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
ACT! --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ACT\Uninst6.isu" -c"C:\Program Files\ACT\UNINSTAL.DLL"
Adobe Extension Manager CS3 --> C:\Program Files\Common Files\Adobe\Installers\c1dfd0398e272486e0e41acbed0d624\Setup.exe
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Premiere 6.0 --> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Premiere 6.0\DeIsL1.isu" -c"C:\Program Files\Adobe\Premiere 6.0\Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{413D5495-AECA-4FA7-81A9-2300AECB7EFE}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AudioCatalyst --> C:\PROGRA~1\Xing\AUDIOC~1\UNINST~1.EXE C:\PROGRA~1\Xing\AUDIOC~1\install.log
Backup Dell-Installed Programs --> MsiExec.exe /X{2A2766A4-6AE4-11D4-AC8E-52544C1966EE}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corel Uninstaller --> C:\WINDOWS\COREL\UNINST32.EXE
CorelDRAW Graphics Suite X3 --> C:\Program Files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} C:\DOCUME~1\Owner\LOCALS~1\Temp\CGSX3.log
CorelDRAW Graphics Suite X3 --> MsiExec.exe /I{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Region-Free 3.32 --> "C:\Program Files\DVD Region-Free\unins000.exe"
DVD Ripper 4 --> C:\Program Files\Xilisoft\DVD Ripper 4\Uninstall.exe
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EN --> MsiExec.exe /I{32A72502-BC2C-4C39-ACEA-BC3D463F0697}
FlashPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7E6CA4D-E79E-41A8-A633-8FB9BE3DB67C}\Setup.exe"
FLVDownload 1.0 --> "C:\Program Files\FLVDownload 1.0\unins000.exe"
FontNav --> MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2 --> "C:\Program Files\HijackThis.exe" /uninstall
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Dreamweaver 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABDA9912-5D00-11D4-BAE7-9367CA097955}\Setup.exe" mmUninstall
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Macromedia\Extension Manager\Extensions Manager Uninstaller.isu"
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{23AEBB83-CB47-4739-8A0C-92CC1E32AA2F}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Moyea FLV to Video Converter Pro version 1.25.2.0 --> "C:\Program Files\Moyea\FLV to Video Pro\unins000.exe"
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NoAdware v5.0 --> "C:\Program Files\NoAdware5.0\unins000.exe"
Office Export Wizard Addin --> MsiExec.exe /I{3BBCCEB1-BCC6-489E-86BE-450287B8B426}
PowerDVD --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CyberLink\PowerDVD\Uninst.isu"
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Riva FLV Encoder 2.0 --> "C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
Safari --> MsiExec.exe /X{0CD7D421-C850-4271-8533-0269A3D39FAA}
ScreenPrint32 v3.5 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\ScreenPrint32 v3\ST6UNST.LOG"
SmartFTP Client --> MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
SmartFTP Client 3.0 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
Sound Forge 4.0 for Windows 95 and NT (x86) --> "C:\Program Files\Sound Forge\UNINST32.EXE" C:\WINDOWS\FORGE32.INI
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
SPAMfighter --> "C:\Program Files\SPAMfighter\uninstall.exe" Remove
TC Web Conferencing --> iwexec.exe /R {8EB39AA7-4019-4550-AF6C-BE51BB27B446}
Update Manager --> MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA --> MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
Video Converter 3 --> C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WinBatch --> "C:\Program Files\WinBatch\System\uninstal.exe" 90 "C:\Program Files\WinBatch\System\WinBatch Setup.Log"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type2406 / Error
Event Submitted/Written: 04/06/2008 08:44:51 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application wmplayer.exe, version 9.0.0.3250, faulting module clvsd.ax, version 2.0.0.0, fault address 0x0001f615.
Processing media-specific event for [wmplayer.exe!ws!]
Event Record #/Type2348 / Error
Event Submitted/Written: 04/05/2008 08:31:35 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module ctl3dv2h.dll, version 5.1.2600.0, fault address 0x000039db.
Processing media-specific event for [explorer.exe!ws!]
Event Record #/Type2324 / Error
Event Submitted/Written: 04/03/2008 04:55:24 AM
Event ID/Source: 490 / ESENT
Event Description:
wuauclt (532) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Event Record #/Type2323 / Error
Event Submitted/Written: 04/03/2008 04:55:14 AM
Event ID/Source: 490 / ESENT
Event Description:
wuauclt (880) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Event Record #/Type2322 / Error
Event Submitted/Written: 04/03/2008 04:55:03 AM
Event ID/Source: 490 / ESENT
Event Description:
wuauclt (3224) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type1022 / Error
Event Submitted/Written: 04/05/2008 11:27:34 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The System Restore Service service terminated with the following error:
%%2
Event Record #/Type1021 / Error
Event Submitted/Written: 04/05/2008 11:27:27 PM
Event ID/Source: 104 / SRService
Event Description:
The System Restore initialization process failed.
Event Record #/Type1018 / Error
Event Submitted/Written: 04/05/2008 11:26:31 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type933 / Warning
Event Submitted/Written: 04/05/2008 10:44:43 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
Timed out sending notification of device interface change to window of "SAS window"
Event Record #/Type932 / Warning
Event Submitted/Written: 04/05/2008 10:44:42 PM / 04/05/2008 10:44:43 PM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.
-- End of Deckard's System Scanner: finished at 2008-04-06 11:57:06 ------------