Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon XP 1700+
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 1535.48 MiB / 1121.11 MiB
Pagefile Memory (total/avail): 3434.89 MiB / 3064.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.53 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 76.68 GiB total, 15.78 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - IC35L080AVVA07-0 - 76.69 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.68 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: ZoneAlarm Pro Firewall v7.0.473.000 (Check Point, LTD.)
AV: avast! antivirus 4.8.1201 [VPS 080620-0] v4.8.1201 (ALWIL Software)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\dlbtcoms.exe"="C:\\WINDOWS\\system32\\dlbtcoms.exe:*:Enabled:Photo AIO Printer 922 Server"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Vern Musil\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME-C0IG4074DU
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Vern Musil
LOGONSERVER=\\HOME-C0IG4074DU
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0602
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\VERNMU~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\VERNMU~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=HOME-C0IG4074DU
USERNAME=Vern Musil
USERPROFILE=C:\Documents and Settings\Vern Musil
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Vern Musil
(admin)Administrator.HOME-C0IG4074DU
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Creative\SBLive\Program\Upddrv2k.EXE
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\News\CTNews.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Creative Rhythmania\Rhythm.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Diagnose.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Keytar\Keytar.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Midi.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\PlayCenter2\Player2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Recorder\Recorder.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\RemoteCenter\remote.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Restore.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SoundFont.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SurMixer.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\WaveStudio\Wstudio.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acoustica CD/DVD Label Maker --> C:\Program Files\Acoustica CD Label Maker\cdlabel.exe UNINSTALL
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
Cheetah CD Burner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{808C1CB2-5632-4ABF-B4D2-4B54519E3A9A}\Setup.exe"
Cheetah DVD Burner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}\Setup.exe"
CreataCard Gold 3 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\CreataCard\Gold\DeIsL1.isu"
Creative Jukebox Driver --> C:\Program Files\Creative\Jukebox Driver\DrvUnins.exe /s
Creative NOMAD II Driver --> C:\Program Files\Creative\NOMAD2 Driver\DrvUnins.exe /s
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
ffdshow [rev 1953] [2008-05-04] --> "C:\Program Files\ffdshow\unins000.exe"
FrostWire 4.13.5 --> C:\Program Files\FrostWire\Uninstall.exe
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Magic DVD Ripper V5.3 build 4 --> "C:\Program Files\MagicDVDRipper\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2002 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\
Microsoft Works 6.0 --> MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Photodex Presenter --> C:\Program Files\Photodex Presenter\uninst.exe
ProShow Gold --> C:\Program Files\Photodex\ProShowGold\proshow.exe . -u
RegistryFix v6.2 --> "C:\Program Files\RegistryFix\unins000.exe"
Sound Blaster Live! --> C:\Program Files\Creative\Uninstall\CTUNINST.EXE /U:UNINST1.INI
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Essentials Media Codec Pack 1.0 --> C:\Program Files\Essentials Codec Pack\uninst.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.2 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe
ZoneAlarm Pro --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type659 / Error
Event Submitted/Written: 06/21/2008 10:54:57 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <
http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type658 / Error
Event Submitted/Written: 06/21/2008 10:54:57 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <
http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type657 / Error
Event Submitted/Written: 06/21/2008 10:54:57 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <
http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type656 / Error
Event Submitted/Written: 06/21/2008 10:54:57 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <
http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type655 / Error
Event Submitted/Written: 06/21/2008 10:54:57 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <
http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type2205 / Error
Event Submitted/Written: 06/20/2008 03:07:18 AM / 06/20/2008 03:07:21 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Task Scheduler service failed to start due to the following error:
%%5
Event Record #/Type2201 / Error
Event Submitted/Written: 06/20/2008 03:04:40 AM
Event ID/Source: 4321 / NetBT
Event Description:
The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.100.
The machine with the IP address 192.168.1.101 did not allow the name to be claimed by
this machine.
Event Record #/Type2200 / Error
Event Submitted/Written: 06/20/2008 02:59:30 AM
Event ID/Source: 4321 / NetBT
Event Description:
The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.100.
The machine with the IP address 192.168.1.101 did not allow the name to be claimed by
this machine.
Event Record #/Type2199 / Error
Event Submitted/Written: 06/20/2008 02:57:36 AM
Event ID/Source: 4321 / NetBT
Event Description:
The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.100.
The machine with the IP address 192.168.1.101 did not allow the name to be claimed by
this machine.
Event Record #/Type2198 / Error
Event Submitted/Written: 06/20/2008 02:52:26 AM
Event ID/Source: 4321 / NetBT
Event Description:
The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.100.
The machine with the IP address 192.168.1.101 did not allow the name to be claimed by
this machine.
-- End of Deckard's System Scanner: finished at 2008-06-21 11:02:31 ------------
Deckard's System Scanner v20071014.68
Run by Vern Musil on 2008-06-21 10:52:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
98: 2008-06-21 15:52:28 UTC - RP98 - Deckard's System Scanner Restore Point
97: 2008-06-21 10:23:12 UTC - RP97 - Last known good configuration
96: 2008-06-21 10:23:06 UTC - RP96 - Software Distribution Service 3.0
95: 2008-06-21 10:23:06 UTC - RP95 - Installed Windows Defender
94: 2008-06-21 10:23:06 UTC - RP94 - Last known good configuration
-- First Restore Point --
1: 2008-06-21 10:22:53 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Vern Musil.exe) ------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:16 AM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\dlbtcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\PCRescue3.0\PCRescue.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Documents and Settings\Vern Musil\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Vern Musil.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {f02f6ba3-af81-4627-8f91-136634a63650} - C:\WINDOWS\system32\khfeCrPH.dll (file missing)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] "C:\Program Files\Essentials Codec Pack\update.exe" -silent
O4 - HKLM\..\Run: [PCRescue] "C:\Program Files\PCRescue3.0\PCRescue.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [e8bd5f5b] rundll32.exe "C:\WINDOWS\system32\ufpkggwp.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SearchAndDestroyT] "C:\Program Files\Search And Destroy\SearchAndDestroy.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: dlbt_device - - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 4889 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080618-172226-109 O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
backup-20080618-172226-713 O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
backup-20080618-172226-870 O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
backup-20080618-172226-996 O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
backup-20080618-183631-115 O2 - BHO: Ask Search Assistant BHO - {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
backup-20080618-183631-613 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
backup-20080618-183631-632 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
backup-20080618-183631-730 R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
backup-20080618-183632-110 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
backup-20080618-183632-369 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080619-024759-536 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
backup-20080619-024759-552 O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
backup-20080619-164126-151 O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080620-174621-323 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1209863800375backup-20080620-174621-530 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
All drivers whitelisted.
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ScsiAccess - c:\program files\photodex\proshowgold\scsiaccess.exe
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-06-21 10:46:15 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-06-15 03:30:00 436 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
-- Files created between 2008-05-21 and 2008-06-21 -----------------------------
2008-06-21 07:47:50 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\TrojanHunter
2008-06-21 07:00:09 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-06-21 05:06:55 0 d-------- C:\Program Files\Windows Defender
2008-06-21 04:53:04 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\SendTo
2008-06-21 04:52:36 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Identities
2008-06-21 04:52:07 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\NetHood
2008-06-21 04:52:07 0 dr------- C:\Documents and Settings\LocalService.NT AUTHORITY\My Documents
2008-06-21 04:52:02 0 dr-h----- C:\Documents and Settings\LocalService.NT AUTHORITY\Recent
2008-06-21 04:52:02 0 dr------- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
2008-06-21 04:52:01 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Desktop
2008-06-21 04:29:02 81408 --a------ C:\WINDOWS\system32\ufpkggwp.dll
2008-06-21 04:27:42 7103 --ahs---- C:\WINDOWS\system32\HPrCefhk.ini2
2008-06-21 04:02:04 0 --a------ C:\WINDOWS\system32\MSVolume.dll
2008-06-21 04:01:48 0 d-------- C:\WINDOWS\Search And Destroy
2008-06-21 04:00:55 0 d-------- C:\Program Files\Search And Destroy
2008-06-20 17:23:04 0 d-------- C:\Documents and Settings\Administrator.HOME-C0IG4074DU\Application Data\Mozilla
2008-06-18 17:41:20 0 d-------- C:\Program Files\Lavasoft
2008-06-18 17:40:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-18 03:01:24 0 d-------- C:\Program Files\Trend Micro
2008-06-17 17:30:07 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2008-06-16 17:15:47 164 --a------ C:\install.dat
2008-06-16 17:02:44 63 --a------ C:\WINDOWS\system\SysSD.dll
2008-06-16 14:04:24 0 d-------- C:\Program Files\SpywareBlaster
2008-06-15 20:35:00 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Google
2008-06-15 15:06:56 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2008-06-15 15:06:27 0 d-------- C:\Program Files\FlashGet
2008-06-15 10:51:09 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Leadertech
2008-06-15 10:49:27 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-15 10:48:41 5120 --a------ C:\sgxty.exe
2008-06-15 10:48:01 93696 --a------ C:\iwfgofxx.exe
2008-06-15 10:47:56 65456 --a------ C:\WINDOWS\system32\narqwe.sys
2008-06-15 10:47:49 407094 --a------ C:\setupupdate.exe
2008-06-15 05:19:02 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
2008-06-14 18:11:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Software
2008-06-14 17:15:27 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Axara
2008-06-14 17:14:41 0 d-------- C:\Program Files\Common Files\Axara
2008-06-14 17:14:40 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2008-06-14 17:14:39 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-14 17:14:39 524288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-14 17:14:39 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-06-14 17:14:38 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-06-06 03:09:07 0 d-------- C:\Program Files\Essentials Codec Pack
2008-06-06 03:05:05 200704 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-06-06 03:05:05 114688 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-06-06 03:05:05 34820 --a------ C:\WINDOWS\system32\ffdshow.reg
2008-06-06 03:05:01 0 d-------- C:\Program Files\Cucusoft
2008-06-06 03:04:33 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-25 07:36:13 0 d-------- C:\Program Files\Acoustica CD Label Maker
2008-05-24 11:46:15 0 d-------- C:\Program Files\MagicDVDRipper
-- Find3M Report ---------------------------------------------------------------
2008-06-18 17:40:50 0 d-------- C:\Program Files\Common Files
2008-06-17 17:13:45 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Mozilla
2008-06-16 17:20:07 0 d--h----- C:\Program Files\Google
2008-06-15 20:39:34 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-06-15 20:34:00 0 d-------- C:\Program Files\VideoLAN
2008-06-15 08:06:02 92 --a------ C:\Documents and Settings\Vern Musil\Application Data\burnaware.ini
2008-05-23 14:27:04 0 d-------- C:\Program Files\DVD Decrypter
2008-05-23 14:26:26 0 d-------- C:\Program Files\DVD Shrink
2008-05-19 17:55:18 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\RegistrySmart
2008-05-19 17:18:20 0 d-------- C:\Program Files\ACW
2008-05-12 03:04:23 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-11 18:45:48 0 d-------- C:\Program Files\DivX
2008-05-11 18:27:38 30 --a------ C:\WINDOWS\G@
2008-05-11 18:21:37 0 d-------- C:\Program Files\Creative
2008-05-11 14:17:58 0 d-------- C:\Program Files\ffdshow
2008-05-11 14:13:28 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\vlc
2008-05-11 14:04:42 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Media Player Classic
2008-05-11 14:03:31 0 d-------- C:\Program Files\XP Codec Pack
2008-05-11 13:36:51 0 d-------- C:\Program Files\AC3Filter
2008-05-11 13:36:50 0 d-------- C:\Program Files\AskSBar
2008-05-10 09:53:08 0 d-------- C:\Program Files\FrostWire
2008-05-10 00:00:14 0 d-------- C:\Program Files\PCRescue3.0
2008-05-09 16:31:23 0 d-------- C:\Program Files\CreataCard
2008-05-07 17:29:38 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\DivX
2008-05-06 14:27:33 0 d-------- C:\Program Files\Java
2008-05-05 16:33:42 0 d-------- C:\Program Files\MP3Gain
2008-05-05 16:27:54 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\FrostWire
2008-05-05 16:17:25 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Sun
2008-05-05 13:54:37 0 d-------- C:\Program Files\Photodex Presenter
2008-05-05 13:54:36 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Netscape
2008-05-05 13:54:17 0 d-------- C:\Program Files\Photodex
2008-05-05 13:51:38 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Photodex
2008-05-04 17:54:26 0 d-------- C:\Program Files\messenger
2008-05-04 12:28:00 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-05-04 12:28:00 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-04 09:23:19 0 d-------- C:\Program Files\Cheetah Burner
2008-05-04 07:27:42 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Adobe
2008-05-04 07:25:57 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-04 07:20:46 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Macromedia
2008-05-04 06:37:38 0 d-------- C:\Program Files\Aspect one
2008-05-04 06:31:11 0 d-------- C:\Program Files\Acoustica MP3 To Wave Converter PLUS
2008-05-04 05:20:18 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Acoustica
2008-05-04 04:54:34 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-03 21:11:33 0 d-------- C:\Program Files\Movie Maker
2008-05-03 21:11:18 0 d-------- C:\Program Files\Windows NT
2008-05-03 20:17:25 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-03 19:02:19 0 d-------- C:\Program Files\Codec Pack - All In 1
2008-05-03 18:38:22 0 d-------- C:\Program Files\RegistryFix
2008-05-03 13:39:37 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\WinRAR
2008-05-03 13:02:02 0 d-------- C:\Program Files\Microsoft Works
2008-05-03 12:48:51 0 d-------- C:\Program Files\Microsoft Works Suite 2002
2008-05-03 09:09:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-03 08:40:39 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Identities
2008-05-03 08:26:09 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-03 07:49:45 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-03 07:44:24 0 d-------- C:\Program Files\NoAdware4
2008-05-03 03:14:02 62 --ahs---- C:\Documents and Settings\Vern Musil\Application Data\desktop.ini
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 16:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 16:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 16:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-21 15:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 15:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 15:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 15:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f02f6ba3-af81-4627-8f91-136634a63650}]
C:\WINDOWS\system32\khfeCrPH.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/02/2008 09:07 PM]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [06/12/2001 03:20 AM]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [02/22/2007 09:26 AM]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [11/10/2004 02:36 PM]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [04/08/2007 11:44 AM]
"PCRescue"="C:\Program Files\PCRescue3.0\PCRescue.exe" [06/24/2005 09:53 AM]
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 02:56 AM C:\WINDOWS\system32\rundll32.exe]
"e8bd5f5b"="C:\WINDOWS\system32\ufpkggwp.dll" [06/21/2008 04:29 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [03/25/2008 07:08 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 06:19 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [03/23/2006 12:13 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/04/2007 07:31 AM]
"SearchAndDestroyT"="C:\Program Files\Search And Destroy\SearchAndDestroy.exe" []
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfeCrPH
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk]
backup=C:\WINDOWS\pss\CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users.windows^start menu^programs^startup^sonic cineplayer quick launch.lnk]
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
C:\Program Files\Creative\SBLive\Program\AHQInit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Disc Detector]
C:\Program Files\Creative\ShareDLL\CtNotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NOMAD Detector]
"C:\Program Files\Creative\SBLive\PlayCenter2\CTNMRUN.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\Updreg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe
-- End of Deckard's System Scanner: finished at 2008-06-21 11:02:31 ------------