Hi! The problem is still there...I can hardly access any links except from google or from favourites.
Deckard's System Scanner v20071014.68
Run by Ruxandra on 2008-05-22 10:46:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
11: 2008-05-22 07:46:12 UTC - RP47 - Deckard's System Scanner Restore Point
10: 2008-05-21 14:20:08 UTC - RP46 - System Checkpoint
9: 2008-05-20 14:10:03 UTC - RP45 - ComboFix created restore point
8: 2008-05-19 14:08:02 UTC - RP44 - System Checkpoint
7: 2008-05-18 13:20:20 UTC - RP43 - System Checkpoint
-- First Restore Point --
1: 2008-05-13 22:37:26 UTC - RP37 - System Checkpoint
Performed disk cleanup.
Total Physical Memory: 352 MiB (512 MiB recommended).-- HijackThis (run as Ruxandra.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46, on 2008-05-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Webshots\webshots.scr
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Documents and Settings\Ruxandra\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ruxandra.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.c...//www.yahoo.comO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF18459.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {9741D652-F7F9-11D6-A72A-F1877F3F0B34} - C:\Program Files\PCVoz8\pcviecmd1.exe (file missing)
O9 - Extra 'Tools' menuitem: PCVoz. Extract page Text - {9741D652-F7F9-11D6-A72A-F1877F3F0B34} - C:\Program Files\PCVoz8\pcviecmd1.exe (file missing)
O9 - Extra button: (no name) - {9741D65D-F7F9-11D6-A72A-F1877F3F0B34} - C:\Program Files\PCVoz8\pcviecmd2.exe (file missing)
O9 - Extra 'Tools' menuitem: PCVoz. Read current frame - {9741D65D-F7F9-11D6-A72A-F1877F3F0B34} - C:\Program Files\PCVoz8\pcviecmd2.exe (file missing)
O9 - Extra button: (no name) - {F7F22BAE-FA71-11D6-A72A-F9DDE093273B} - C:\Program Files\PCVoz8\pcviecmd3.exe (file missing)
O9 - Extra 'Tools' menuitem: PCVoz. Read document - {F7F22BAE-FA71-11D6-A72A-F9DDE093273B} - C:\Program Files\PCVoz8\pcviecmd3.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone:
http://*.photobucket.comO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{40DF8A08-CFF1-4A32-A375-4900BD17C04E}: NameServer = 193.231.100.130 193.231.100.134
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 7537 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080325-212720-981 O24 - Desktop Component 0: (no name) -
http://www.interstud...ue_iglesias.jpgbackup-20080326-200549-149 O4 - S-1-5-21-220523388-1645522239-682003330-1003 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User '?')
backup-20080327-162739-858 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabbackup-20080514-121147-567 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.webshots....art/client/RAND-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R2 AMON - c:\windows\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ScReadSpool (SolidPDFConverterReadSpool) - c:\program files\soliddocuments\solidconverterpdf\scpdf\solidpdfservice.exe <Not Verified; VoyagerSoft, LLC; Solid Converter PDF>
S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Process Modules -------------------------------------------------------------
C:\WINDOWS\system32\winlogon.exe (pid 692)
2004-11-15 04:01:50 140288 --a------ C:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-11-15 04:01:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-19 14:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>
2007-04-10 11:30:46 200064 --a------ C:\WINDOWS\system32\WgaLogon.dll <Not Verified; Microsoft Corporation; Windows Genuine Advantage>
C:\WINDOWS\system32\svchost.exe (pid 896)
2004-11-15 04:01:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
C:\WINDOWS\system32\svchost.exe (pid 1000)
2004-11-15 04:01:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-06 12:35:43 270336 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2004-11-15 04:01:50 140288 --a------ C:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
C:\WINDOWS\system32\svchost.exe (pid 1776)
2004-11-15 04:01:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
C:\WINDOWS\explorer.exe (pid 420)
2004-11-15 04:01:51 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2005-03-22 12:44:32 250368 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll <Not Verified; Nokia; Phone Browser>
2005-03-22 11:49:38 466944 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll <Not Verified; Nokia; PCSCM>
2007-06-11 18:16:02 6144 --a------ C:\Program Files\Yahoo!\Messenger\idle.dll <Not Verified; Yahoo! Inc.; Yahoo! Messenger>
2007-02-27 13:39:26 61440 --a------ C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware Context Menu Extension>
2006-09-14 01:20:24 126464 --a------ C:\Program Files\WinRAR\RarExt.dll
2007-01-04 15:41:58 110592 --a------ C:\Program Files\eSnips\SnipContextMenu.dll <Not Verified; eSnips Ltd.; SnipContextMenu>
2008-05-06 12:35:42 57344 --a------ C:\Program Files\ESET\nodshex.dll
2006-12-28 23:20:26 28160 --a------ C:\Program Files\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll <Not Verified; ABBYY Software; ABBYY FineReader>
-- Scheduled Tasks -------------------------------------------------------------
2008-05-20 21:55:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-09 17:16:49 396 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
-- Files created between 2008-04-22 and 2008-05-22 -----------------------------
2008-05-20 17:14:04 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-05-20 17:09:34 68096 --a------ C:\WINDOWS\zip.exe
2008-05-20 17:09:34 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-20 17:09:34 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-20 17:09:34 98816 --a------ C:\WINDOWS\sed.exe
2008-05-20 17:09:34 80412 --a------ C:\WINDOWS\grep.exe
2008-05-20 17:09:34 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-20 17:09:33 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-20 17:09:33 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-18 14:56:44 0 d-------- C:\WINDOWS\Lhsp
2008-05-18 14:54:20 0 d-------- C:\WINDOWS\speech
2008-05-18 14:53:11 57856 --a------ C:\WINDOWS\system32\pcvsrtools.dll
2008-05-18 14:53:03 0 d-------- C:\Program Files\PCVoz8
2008-05-18 14:52:44 71680 --a------ C:\WINDOWS\ST5UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-14 12:15:30 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-10 21:58:40 0 d-------- C:\Program Files\MSECache
2008-05-06 12:36:16 270336 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-05-06 12:36:16 502368 --a------ C:\WINDOWS\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>
2008-04-22 18:15:08 0 d-------- C:\Program Files\Panda Security
-- Find3M Report ---------------------------------------------------------------
2008-05-22 01:50:05 0 d-------- C:\Documents and Settings\Ruxandra\Application Data\SolidDocuments
2008-04-30 00:48:42 0 d-------- C:\Program Files\AV Music Morpher Gold
2008-04-23 09:52:42 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-23 09:48:36 0 d-a------ C:\Program Files\Common Files
2008-04-20 14:25:56 0 d-------- C:\Program Files\Common Files\Panda Software
2008-04-16 12:33:46 0 d-------- C:\Program Files\Winamp
2008-04-11 11:13:52 0 d-------- C:\Program Files\Webshots
2008-04-08 23:54:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-01 13:04:18 0 d-------- C:\Program Files\TuneUp Utilities 2007
2008-03-30 20:17:02 0 d-------- C:\Documents and Settings\Ruxandra\Application Data\Winamp
2008-03-28 01:21:28 0 d-------- C:\Program Files\ScanSpyware v3.8
2008-03-27 11:16:10 0 --a------ C:\Autoexec.bat
2008-03-26 23:26:18 0 d-------- C:\Program Files\SpywareBlaster
2008-03-26 18:34:26 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-26 18:32:10 0 d-------- C:\Program Files\MSN Messenger
2008-03-26 18:29:17 0 d-------- C:\Program Files\Google
2008-03-26 18:29:14 0 d-------- C:\Program Files\eSnips
2008-03-22 19:49:03 0 d-------- C:\Program Files\Trend Micro
2008-03-20 16:39:27 1158 --a------ C:\WINDOWS\mozver.dat
2008-03-20 16:35:07 0 --a------ C:\WINDOWS\nsreg.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-06 12:35]
"combofix"="C:\WINDOWS\system32\CF18459.exe" [2004-08-04 05:56]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 18:16]
C:\Documents and Settings\Ruxandra\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-11-26 14:27:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
-- End of Deckard's System Scanner: finished at 2008-05-22 10:47:28 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Unknown CPU Typ
Percentage of Memory in Use: 72%
Physical Memory (total/avail): 351.48 MiB / 96.26 MiB
Pagefile Memory (total/avail): 1237.38 MiB / 918.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1897.01 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 9.77 GiB total, 1.89 GiB free.
D: is Fixed (FAT32) - 13.66 GiB total, 10.91 GiB free.
E: is Fixed (FAT32) - 13.66 GiB total, 7.51 GiB free.
F: is Fixed (FAT32) - 1.17 GiB total, 0.27 GiB free.
G: is CDROM (No Media)
H: is Removable (No Media)
M: is Fixed (NTFS) - 232.88 GiB total, 138.04 GiB free.
\\.\PHYSICALDRIVE0 - Maxtor 6E040L0 - 38.29 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 9.77 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 28.52 GiB - D: - E: - F:
\\.\PHYSICALDRIVE1 - WDC WD2500AAJB-00WGA0 - 232.88 GiB - 1 partition
\PARTITION0 - Installable File System - 232.88 GiB - M:
\\.\PHYSICALDRIVE2 - Canon MP460Storage USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: Eset NOD32 antivirus system 2.51 v2.51 (Eset)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Octoshape Streaming Services\\Ruxandra\\OctoshapeClient.exe"="C:\\Program Files\\Octoshape Streaming Services\\Ruxandra\\OctoshapeClient.exe:*:Enabled:OctoshapeClient"
"C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe"="C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe:*:Enabled:Dr SpeedTouch"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"D:\\DC++\\DCPlusPlus.exe"="D:\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:YServer Module"
"F:\\utorrent\\utorrent.exe"="F:\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\\Documents and Settings\\Ruxandra\\Local Settings\\Temp\\Rar$EX00.250\\StrongDC.exe"="C:\\Documents and Settings\\Ruxandra\\Local Settings\\Temp\\Rar$EX00.250\\StrongDC.exe:*:Enabled:StrongDC++"
"D:\\Strongdc++\\StrongDC.exe"="D:\\Strongdc++\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ruxandra\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ADINA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ruxandra
LOGONSERVER=\\ADINA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ruxandra\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ruxandra\LOCALS~1\Temp
USERDOMAIN=ADINA
USERNAME=Ruxandra
USERPROFILE=C:\Documents and Settings\Ruxandra
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Ruxandra
(admin)Administrator
(new local, admin)-- Add/Remove Programs ---------------------------------------------------------
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe"
AV Music Morpher Gold --> C:\Program Files\AV Music Morpher Gold\uninstall.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Free Video to JPG Converter version 1.2 --> "C:\Program Files\DVDVideoSoft\Free Video to JPG Converter\unins000.exe"
Free Video to Mp3 Converter version 2.8 --> "C:\Program Files\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
Free YouTube Download 1.3 --> "C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
L&H TTS3000 Espańol --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSSPE.inf, Uninstall
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v1.9 --> "C:\Program Files\Eset\unins000.exe"
O&O Defrag Professional Edition --> MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
Octoshape Streaming Services --> C:\Program Files\Octoshape Streaming Services\Ruxandra\uninst.exe
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Webshots Desktop --> "C:\Program Files\Webshots\unins000.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type21449 / Error
Event Submitted/Written: 05/20/2008 11:08:16 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 251092335.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.
Event Record #/Type21448 / Error
Event Submitted/Written: 05/20/2008 11:08:11 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application pcvoz.exe, version 2.0.0.107, faulting module msvbvm50.dll, version 5.2.82.44, fault address 0x00058dc9.
Processing media-specific event for [pcvoz.exe!ws!]
Event Record #/Type21209 / Warning
Event Submitted/Written: 05/16/2008 11:47:36 PM
Event ID/Source: 2002 / LoadPerf
Event Description:
The MOF file created for the Outlook service could not be loaded. The
error code returned by the MOF Compiler is contained in the Record Data.
Before the performance counters of this service can be collected by WMI
the MOF file will need to be loaded manually. Contact the vendor of this
service for additional information.
Event Record #/Type21208 / Error
Event Submitted/Written: 05/16/2008 11:47:36 PM
Event ID/Source: 3006 / LoadPerf
Event Description:
Unable to read the performance counter strings of the 018 language ID.
The Win32 status returned by the call is the first DWORD in Data section.
Event Record #/Type21194 / Error
Event Submitted/Written: 05/15/2008 01:50:01 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application YahooMessenger.exe, version 8.1.0.402, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type3358 / Error
Event Submitted/Written: 05/22/2008 10:33:40 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}
Event Record #/Type3357 / Error
Event Submitted/Written: 05/22/2008 10:33:39 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}
Event Record #/Type3354 / Error
Event Submitted/Written: 05/22/2008 10:32:37 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}
Event Record #/Type3353 / Error
Event Submitted/Written: 05/22/2008 10:32:35 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}
Event Record #/Type3329 / Warning
Event Submitted/Written: 05/21/2008 10:36:47 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
-- End of Deckard's System Scanner: finished at 2008-05-22 10:47:28 ------------
Edited by Kristina, 22 May 2008 - 02:05 AM.