This is the OTMoveIt2 result:
Explorer killed successfully
< C:\WINDOWS\system32\??ool32.exe /u >
C:\WINDOWS\system32\ѕрool32.exe moved successfully.
File/Folder C:\WINDOWS\system32\umtlpwi.dll not found.
< purity >
Explorer started successfully
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06042008_200245
If this is of any importance, the same AVG resident shield warning popped up once I clicked the Moveit! button.
This is the main.txt file, followed by the extra.txt file:
Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-04 20:12:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
64: 2008-06-05 00:13:04 UTC - RP761 - Deckard's System Scanner Restore Point
63: 2008-06-04 22:52:36 UTC - RP760 - ComboFix created restore point
62: 2008-06-04 22:35:31 UTC - RP759 - ComboFix created restore point
61: 2008-06-04 21:39:54 UTC - RP758 - ComboFix created restore point
60: 2008-06-02 23:59:51 UTC - RP757 - System Checkpoint
-- First Restore Point --
1: 2008-03-07 20:13:05 UTC - RP698 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 448 MiB (512 MiB recommended).-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:05 PM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.dogpile.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://javadl-esd.su...ows-i586-jc.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} -
http://ax.phobos.app.../ITDetector.cabO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
--
End of file - 7573 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080602-193213-203 O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) -
http://upload.facebo...toUploader5.cabbackup-20080602-193214-298 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebo...otoUploader.cabbackup-20080602-193214-719 O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} -
http://www.mtv.com/o...e/bin/setup.exebackup-20080602-193214-748 O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) -
http://upload.facebo...toUploader3.cabbackup-20080602-193215-178 O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -
http://cdn.digitalci....1.11_en_dl.cabbackup-20080602-193215-193 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
http://www.nick.com/.../GrooveAX27.cabbackup-20080602-193215-403 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx...owserPlugin.cabbackup-20080602-193216-523 O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) -
http://upload.facebo...Uploader4_5.cabbackup-20080602-193216-798 O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
http://pdl.stream.ao.../ampx_en_dl.cabbackup-20080602-193216-949 O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) -
http://download.toon....3.1/ttinst.cabbackup-20080603-170949-218 O4 - HKCU\..\Run: [Eqjmb] C:\WINDOWS\system32\??ool32.exe
backup-20080604-195650-101 R3 - URLSearchHook: (no name) - {DF8B9FAB-734A-549B-1C01-5CF00AC769E8} - (no file)
backup-20080604-195650-146 O15 - Trusted IP range:
http://202.67.220.225backup-20080604-195650-163 O15 - Trusted Zone:
http://www.winantivirus.combackup-20080604-195650-180 O2 - BHO: (no name) - {85A22F91-9C73-E2F0-2051-EC5B212166E0} - C:\WINDOWS\system32\umtlpwi.dll
backup-20080604-195650-211 O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windup...Bridge-c139.cabbackup-20080604-195650-225 O15 - Trusted IP range:
http://59.148.220.121backup-20080604-195650-231 O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
backup-20080604-195650-254 O15 - Trusted IP range:
http://62.4.84.53backup-20080604-195650-276 O2 - BHO: (no name) - {05739444-8970-42BD-839B-96D4BE97DCD6} - C:\WINDOWS\system\ofntrdv.dll (file missing)
backup-20080604-195650-417 O15 - Trusted Zone:
http://download.cdn.winsoftware.combackup-20080604-195650-438 O15 - Trusted Zone:
http://www.winantiviruspro.combackup-20080604-195650-477 O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
backup-20080604-195650-484 O2 - BHO: (no name) - {F00A6036-D081-FF56-DDEE-A70FD59D48E3} - C:\WINDOWS\system32\brjpxkc.dll (file missing)
backup-20080604-195650-492 O15 - Trusted Zone:
http://scanner.sysprotect.combackup-20080604-195650-777 R3 - URLSearchHook: (no name) - {F00A6036-D081-FF56-DDEE-A70FD59D48E3} - C:\WINDOWS\system32\brjpxkc.dll (file missing)
backup-20080604-195650-815 O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
backup-20080604-195650-859 O15 - Trusted IP range:
http://85.12.25.90backup-20080604-195650-880 R3 - URLSearchHook: (no name) - {85A22F91-9C73-E2F0-2051-EC5B212166E0} - C:\WINDOWS\system32\umtlpwi.dll
backup-20080604-195650-912 O2 - BHO: (no name) - {1BA20B00-206F-4B8E-828F-EDFA5C05E7A9} - C:\WINDOWS\system32\jkhfg.dll (file missing)
backup-20080604-195650-921 O15 - Trusted Zone:
http://*.systemdoctor.combackup-20080604-195650-968 O15 - Trusted Zone:
http://locator.cdn.imageservr.combackup-20080604-195650-976 O15 - Trusted IP range:
http://82.98.235.58backup-20080604-195651-197 O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll (file missing)
backup-20080604-195651-555 O20 - Winlogon Notify: ofntrdv - C:\WINDOWS\system\ofntrdv.dll (file missing)
backup-20080604-195651-759 O20 - AppInit_DLLs:
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39>
R3 wg111nd5 (NETGEAR WG111 802.11g Wireless USB Adapter Driver) - c:\windows\system32\drivers\wg111nd5.sys <Not Verified; NETGEAR, Inc.; NETGEAR 802.11g Wireless LAN>
S3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt92>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-05-04 and 2008-06-04 -----------------------------
2008-06-04 17:40:35 0 d-------- C:\cmdcons
2008-06-04 17:39:35 68096 --a------ C:\WINDOWS\zip.exe
2008-06-04 17:39:35 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-04 17:39:35 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-04 17:39:35 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-04 17:39:35 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-04 17:39:35 98816 --a------ C:\WINDOWS\sed.exe
2008-06-04 17:39:35 80412 --a------ C:\WINDOWS\grep.exe
2008-06-04 17:39:35 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-01 16:14:09 0 d-------- C:\Program Files\Trend Micro
2008-05-24 17:23:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-17 14:48:53 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-05-17 14:47:09 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-05-09 18:07:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
-- Find3M Report ---------------------------------------------------------------
2008-06-04 17:41:00 0 d-------- C:\Program Files\Common Files
2008-06-03 17:28:31 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-05-26 10:07:10 0 d-------- C:\Program Files\Google
2008-05-24 17:23:14 0 d-------- C:\Program Files\Lavasoft
2008-05-24 17:22:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-24 17:09:21 0 d-------- C:\Program Files\DivX
2008-05-22 10:49:32 0 d-------- C:\Program Files\Kodak
2008-05-18 16:32:04 0 d-------- C:\Program Files\Common Files\AOL
2008-05-18 16:28:31 0 d-------- C:\Program Files\LimeWire
2008-05-18 16:28:04 0 d-------- C:\Program Files\AIM
2008-05-18 16:22:42 0 d-------- C:\Program Files\iTunes
2008-05-18 16:22:31 0 d-------- C:\Program Files\iPod
2008-05-17 14:47:53 0 d-------- C:\Program Files\Viewpoint
2008-05-17 14:47:17 0 d-------- C:\Documents and Settings\Owner\Application Data\Panasonic
2008-05-17 14:45:44 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-05-17 14:45:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-08 19:03:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-04-08 19:02:22 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-06 11:19:21 0 d-------- C:\Program Files\Bonjour
2008-04-06 11:18:02 0 d-------- C:\Program Files\QuickTime
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/03/2004 08:29 PM]
"nwiz"="nwiz.exe" [03/03/2004 08:29 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [03/03/2004 08:29 PM]
"nForce Tray Options"="sstray.exe" [09/03/2003 04:25 AM C:\WINDOWS\system32\sstray.exe]
"CHotkey"="zHotkey.exe" [05/18/2004 04:30 AM C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [09/19/2003 08:09 PM C:\WINDOWS\ShowWnd.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/01/2003 05:42 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 09:50 PM]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [03/12/2004 01:18 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/15/2008 02:51 PM]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [10/15/2004 08:40 PM]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [10/05/2001 08:34 PM]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [08/23/2001 05:52 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [06/07/2003 01:32 PM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [09/17/2004 08:52 PM]
"Microsoft Windows DLL Services Configuration"="windir32.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [02/03/2007 06:12 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"Aim6"="" []
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [3/30/2006 7:04:07 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [8/7/2001 7:06:54 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
-- End of Deckard's System Scanner: finished at 2008-06-04 20:14:44 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon™ XP 3000+
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 447.48 MiB / 137.16 MiB
Pagefile Memory (total/avail): 1058.66 MiB / 757.25 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.59 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 149.05 GiB total, 137.44 GiB free.
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
\\.\PHYSICALDRIVE0 - WDC WD1600BB-22GUA0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.05 GiB - C:
\\.\PHYSICALDRIVE1 - eM Bay Reader USB Device
\\.\PHYSICALDRIVE2 - eM Bay Reader USB Device
\\.\PHYSICALDRIVE3 - eM Bay Reader USB Device
\\.\PHYSICALDRIVE4 - eM Bay Reader USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)
AV: AVG 7.5.524 v7.5.524 (Grisoft)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=US
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\US
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\iTunes\Plug-Ins\Qloud;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=US
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
Owner
(admin)Administrator
(new local, admin)-- Add/Remove Programs ---------------------------------------------------------
--> MsiExec.exe /X{85808CBD-8E3E-4F04-B626-167115874290} /Q
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
Give4Free Plugin --> C:\Program Files\Give4Free Plugin\uninstall.exe
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar5.dll"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iPod for Windows 2005-10-12 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Microsoft Encarta Encyclopedia Standard 2002 --> MsiExec.exe /I{01001202-823E-46CD-A70E-BEE818F97169}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2002 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\
Microsoft Works 6.0 --> MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvuaudio.exe UninstallGUI
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
-- Application Event Log -------------------------------------------------------
Event Record #/Type12835 / Error
Event Submitted/Written: 05/31/2008 00:18:19 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.40413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type12674 / Error
Event Submitted/Written: 05/21/2008 05:25:16 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.4.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type81702 / Warning
Event Submitted/Written: 06/04/2008 08:09:46 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000FB502D8CB. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type81672 / Warning
Event Submitted/Written: 06/04/2008 06:39:46 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000FB502D8CB. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type81643 / Error
Event Submitted/Written: 06/04/2008 05:52:50 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The DP1112 service failed to start due to the following error:
%%2
Event Record #/Type81640 / Warning
Event Submitted/Written: 06/04/2008 05:52:24 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000FB502D8CB. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type81639 / Warning
Event Submitted/Written: 06/04/2008 05:52:24 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000FB502D8CB. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
-- End of Deckard's System Scanner: finished at 2008-06-04 20:14:44 ------------
This topic is locked
Sign In
Create Account
