OK Done:
Main.txt:
Deckard's System Scanner v20071014.68
Run by Jack on 2008-07-05 00:39:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
56: 2008-07-05 04:39:50 UTC - RP56 - Deckard's System Scanner Restore Point
55: 2008-07-04 05:02:03 UTC - RP55 - System Checkpoint
54: 2008-07-03 04:36:48 UTC - RP54 - Installed WinZip 11.2
53: 2008-07-02 23:38:13 UTC - RP53 - System Checkpoint
52: 2008-07-01 21:42:07 UTC - RP52 - Software Distribution Service 3.0
-- First Restore Point --
1: 2008-07-01 05:10:33 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Jack.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:40:24, on 7/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jack\Desktop\dss.exe
C:\DOCUME~1\Jack\Desktop\spyware\Jack.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://downloads.ewi...oOnlineScan.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoft...s/as2stubie.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.hotmail....es/MSNPUpld.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitd...can8/oscan8.cabO18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB18 - iAnywhere Solutions, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
--
End of file - 6170 bytes
-- HijackThis Fixed Entries (C:\DOCUME~1\Jack\Desktop\spyware\backups\) --------
backup-20080701-055636-168 O2 - BHO: (no name) - {3A34559B-BA5B-4815-B90A-8CA324331961} - C:\WINDOWS\system32\mlJYqPjh.dll (file missing)
backup-20080701-055636-271 O2 - BHO: (no name) - {CD0E0A82-D31E-4AFF-9735-3CA4F3DB800C} - C:\WINDOWS\system32\urqPgHaB.dll (file missing)
backup-20080701-055636-524 O2 - BHO: (no name) - {325C8E49-876D-4C28-BA59-EF82B0F2D227} - C:\WINDOWS\system32\fccaBuUM.dll (file missing)
backup-20080701-055636-744 O2 - BHO: (no name) - {1DA6E8ED-1F9C-4FA8-BA60-42F40A19DD16} - C:\WINDOWS\system32\xxyYRlIY.dll (file missing)
backup-20080701-055636-805 O2 - BHO: (no name) - {80B3BA31-2937-43AC-B555-B135D73B5BAE} - C:\WINDOWS\system32\urqPhgGx.dll (file missing)
backup-20080701-055636-827 O2 - BHO: (no name) - {07AEC47F-ECD8-4E6E-B9FA-2FB76595FF3B} - (no file)
backup-20080701-055636-933 O20 - Winlogon Notify: urqOHAPh - C:\WINDOWS\SYSTEM32\urqOHAPh.dll
backup-20080701-055636-937 O21 - SSODL: qegbdmwf - {909155E9-5E98-435C-A674-184659F682F9} - C:\WINDOWS\qegbdmwf.dll (file missing)
backup-20080701-055636-940 O2 - BHO: (no name) - {E83A3DA2-218D-4656-BD83-FF3E1292E80F} - C:\WINDOWS\system32\urqPfCVL.dll (file missing)
backup-20080701-055636-983 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080701-055937-380 O2 - BHO: (no name) - {41B93EB1-608A-465B-A1F0-EA1DFEC3E247} - C:\WINDOWS\system32\urqOHAPh.dll
backup-20080701-055937-857 O2 - BHO: (no name) - {3A34559B-BA5B-4815-B90A-8CA324331961} - C:\WINDOWS\system32\mlJYqPjh.dll (file missing)
backup-20080701-063900-677 O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
backup-20080701-063900-760 O4 - HKLM\..\Run: [68c51179] rundll32.exe "C:\WINDOWS\system32\bxmyjsej.dll",b
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 QBCFMonitorService - "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe" <Not Verified; Intuit; QuickBooks for Windows>
S3 QBFCService (Intuit QuickBooks FCS) - "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe" <Not Verified; Intuit Inc.; QuickBooks 2007>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&BB29FA6&0&00F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&BB29FA6&0&00F0
Service:
-- Files created between 2008-06-05 and 2008-07-05 -----------------------------
2008-07-03 00:36:51 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-07-01 17:43:08 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-01 17:42:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-01 16:56:44 0 d-------- C:\Program Files\Panda Security
2008-07-01 15:59:48 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-01 15:59:36 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-01 15:59:36 0 d-------- C:\Documents and Settings\Jack\Application Data\SUPERAntiSpyware.com
2008-07-01 15:44:56 0 d-------- C:\Documents and Settings\Jack\Application Data\Malwarebytes
2008-07-01 15:44:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-01 15:44:52 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 15:43:51 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-01 14:53:13 0 d-------- C:\VundoFix Backups
2008-07-01 06:23:46 0 d--h----- C:\Documents and Settings\QBDataServiceUser18.STINSON-1.000\Templates
2008-07-01 06:23:46 0 dr------- C:\Documents and Settings\QBDataServiceUser18.STINSON-1.000\Start Menu
2008-07-01 06:23:46 0 dr-h----- C:\Documents and Settings\QBDataServiceUser18.STINSON-1.000\SendTo
2008-07-01 06:23:46 0 d--h----- C:\Documents and Settings\QBDataServiceUser18.STINSON-1.000\Recent
2008-07-01 06:23:46 0 d--h----- C:\Documents and Settings\QBDataServiceUser18.STINSON-1.000\PrintHood
2008-07-01 06:23:46 229376 --ah----- C:\Documents and Settings\QBDataServiceUser18.STINSON-1.000\NTUSER.DAT
2008-07-01 06:23:46 0 d--h----- C:\Documents and Settings\QBDataServiceUser18.STINSON-1.000\NetHood
2008-07-01 06:23:46 0 d-------- C:\Documents and Settings\QBDataServiceUser18.STINSON-1.000\My Documents
2008-07-01 06:23:46 0 d--h----- C:\Documents and Settings\QBDataServiceUser18.STINSON-1.000\Local Settings
2008-07-01 06:23:46 0 d-------- C:\Documents and Settings\QBDataServiceUser18.STINSON-1.000\Favorites
2008-07-01 06:23:46 0 d-------- C:\Documents and Settings\QBDataServiceUser18.STINSON-1.000\Desktop
2008-07-01 06:23:46 0 d---s---- C:\Documents and Settings\QBDataServiceUser18.STINSON-1.000\Cookies
2008-07-01 06:23:46 0 dr-h----- C:\Documents and Settings\QBDataServiceUser18.STINSON-1.000\Application Data
2008-07-01 06:23:46 0 d---s---- C:\Documents and Settings\QBDataServiceUser18.STINSON-1.000\Application Data\Microsoft
2008-07-01 05:15:30 238815 --ahs---- C:\WINDOWS\system32\hjPqYJlm.ini2
2008-07-01 04:29:05 0 d--h----- C:\Documents and Settings\QBDataServiceUser18.STINSON-1\Templates
2008-07-01 04:29:05 0 dr------- C:\Documents and Settings\QBDataServiceUser18.STINSON-1\Start Menu
2008-07-01 04:29:05 0 dr-h----- C:\Documents and Settings\QBDataServiceUser18.STINSON-1\SendTo
2008-07-01 04:29:05 0 d--h----- C:\Documents and Settings\QBDataServiceUser18.STINSON-1\Recent
2008-07-01 04:29:05 0 d--h----- C:\Documents and Settings\QBDataServiceUser18.STINSON-1\PrintHood
2008-07-01 04:29:05 229376 --ah----- C:\Documents and Settings\QBDataServiceUser18.STINSON-1\NTUSER.DAT
2008-07-01 04:29:05 0 d--h----- C:\Documents and Settings\QBDataServiceUser18.STINSON-1\NetHood
2008-07-01 04:29:05 0 d-------- C:\Documents and Settings\QBDataServiceUser18.STINSON-1\My Documents
2008-07-01 04:29:05 0 d--h----- C:\Documents and Settings\QBDataServiceUser18.STINSON-1\Local Settings
2008-07-01 04:29:05 0 d-------- C:\Documents and Settings\QBDataServiceUser18.STINSON-1\Favorites
2008-07-01 04:29:05 0 d-------- C:\Documents and Settings\QBDataServiceUser18.STINSON-1\Desktop
2008-07-01 04:29:05 0 d---s---- C:\Documents and Settings\QBDataServiceUser18.STINSON-1\Cookies
2008-07-01 04:29:05 0 dr-h----- C:\Documents and Settings\QBDataServiceUser18.STINSON-1\Application Data
2008-07-01 04:29:05 0 d---s---- C:\Documents and Settings\QBDataServiceUser18.STINSON-1\Application Data\Microsoft
2008-07-01 03:52:28 238040 --ahs---- C:\WINDOWS\system32\xGghPqru.ini2
2008-07-01 02:52:57 0 d-------- C:\Documents and Settings\Jack\Application Data\HouseCall 6.6
2008-07-01 02:35:36 0 d-------- C:\Documents and Settings\Jack\.housecall6.6
2008-07-01 02:34:37 0 d-------- C:\WINDOWS\Sun
2008-07-01 02:34:37 0 d-------- C:\Documents and Settings\Jack\Application Data\Sun
2008-07-01 01:10:23 254156 --ahs---- C:\WINDOWS\system32\MUuBaccf.ini2
2008-06-28 01:37:43 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-06-28 01:00:12 0 d-------- C:\WINDOWS\BDOSCAN8
2008-06-28 00:33:34 0 d-------- C:\WINDOWS\pss
2008-06-27 23:16:55 0 d-------- C:\Documents and Settings\Jack\Application Data\Symantec
2008-06-27 23:09:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-27 23:06:28 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-27 19:28:01 239395 --ahs---- C:\WINDOWS\system32\YIlRYyxx.ini2
2008-06-27 19:17:34 2210 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-27 19:16:23 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-27 19:16:23 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-27 19:16:23 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-27 19:16:23 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-27 19:16:23 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-06-27 19:16:23 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-27 17:46:56 238442 --ahs---- C:\WINDOWS\system32\LVCfPqru.ini2
2008-06-27 03:25:00 0 d-------- C:\Documents and Settings\Jack\Application Data\TmpRecentIcons
2008-06-26 17:22:59 283450 --ahs---- C:\WINDOWS\system32\BaHgPqru.ini2
2008-06-19 01:21:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-19 01:20:54 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-15 03:17:09 0 d-------- C:\WINDOWS\network diagnostic
2008-06-10 04:23:29 4608 --a------ C:\WINDOWS\system32\rnasmm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Operating System>
2008-06-10 04:23:29 9728 --a------ C:\WINDOWS\system32\rnaph.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Operating System>
2008-06-10 04:23:28 0 d-------- C:\Program Files\Juno
2008-06-10 04:10:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-10 04:03:28 0 d-------- C:\Documents and Settings\Jack\Application Data\Macromedia
2008-06-10 04:03:28 0 d-------- C:\Documents and Settings\Jack\Application Data\Adobe
2008-06-10 03:59:42 0 d-------- C:\Program Files\Lavasoft
2008-06-10 03:59:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-10 03:59:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-10 03:54:21 0 d--hs---- C:\Documents and Settings\Jack\UserData
2008-06-10 03:00:26 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-10 02:20:49 0 d-------- C:\Program Files\Avery Dennison
2008-06-10 02:20:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Avery
2008-06-10 02:20:10 0 d-------- C:\WINDOWS\Downloaded Installations
2008-06-10 01:01:28 0 d-------- C:\Documents and Settings\Jack\Contacts
2008-06-10 01:00:00 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-10 00:56:57 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-10 00:56:54 0 d-------- C:\Program Files\Windows Live
2008-06-10 00:56:47 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-09 14:39:08 0 d-------- C:\Program Files\Microsoft Works
2008-06-09 14:38:20 0 d-------- C:\Program Files\Microsoft.NET
2008-06-09 14:36:35 0 d-------- C:\WINDOWS\SHELLNEW
2008-06-09 14:36:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-09 14:35:48 0 dr-h----- C:\MSOCache
2008-06-09 03:56:42 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-09 00:20:59 327168 --a------ C:\WINDOWS\system32\RPROHTMLHelp.dll <Not Verified; Intuit Inc.; QuickBooks Point of Sale>
2008-06-09 00:20:58 206336 --a------ C:\WINDOWS\system32\VIC32.DLL <Not Verified; Catenary Systems; Victor Image Processing Library>
2008-06-09 00:20:57 1044480 --a------ C:\WINDOWS\system32\ROBOEX32.DLL <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9.2>
2008-06-09 00:20:57 49152 --a------ C:\WINDOWS\system32\INETWH32.DLL <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2008-06-09 00:20:56 167936 --a------ C:\WINDOWS\system32\ILANOT32.DLL <Not Verified; Creative Development LTD; >
2008-06-09 00:20:56 125440 --a------ C:\WINDOWS\system32\DZIP32.DLL <Not Verified; Inner Media, Inc.; DynaZIP-32>
2008-06-09 00:20:56 98304 --a------ C:\WINDOWS\system32\DUNZIP32.DLL <Not Verified; Inner Media, Inc.; DynaZIP-32>
2008-06-09 00:02:59 0 d-------- C:\Program Files\Avira
2008-06-09 00:02:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-08 23:43:32 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-08 23:18:34 0 d-------- C:\Program Files\Common Files\supportsoft
2008-06-08 23:18:14 0 d--h----- C:\Documents and Settings\QBDataServiceUser18\Templates
2008-06-08 23:18:14 0 dr------- C:\Documents and Settings\QBDataServiceUser18\Start Menu
2008-06-08 23:18:14 0 dr-h----- C:\Documents and Settings\QBDataServiceUser18\SendTo
2008-06-08 23:18:14 0 d--h----- C:\Documents and Settings\QBDataServiceUser18\Recent
2008-06-08 23:18:14 0 d--h----- C:\Documents and Settings\QBDataServiceUser18\PrintHood
2008-06-08 23:18:14 1572864 --ah----- C:\Documents and Settings\QBDataServiceUser18\NTUSER.DAT
2008-06-08 23:18:14 0 d--h----- C:\Documents and Settings\QBDataServiceUser18\NetHood
2008-06-08 23:18:14 0 d-------- C:\Documents and Settings\QBDataServiceUser18\My Documents
2008-06-08 23:18:14 0 d--h----- C:\Documents and Settings\QBDataServiceUser18\Local Settings
2008-06-08 23:18:14 0 d-------- C:\Documents and Settings\QBDataServiceUser18\Favorites
2008-06-08 23:18:14 0 d-------- C:\Documents and Settings\QBDataServiceUser18\Desktop
2008-06-08 23:18:14 0 d---s---- C:\Documents and Settings\QBDataServiceUser18\Cookies
2008-06-08 23:18:14 0 dr-h----- C:\Documents and Settings\QBDataServiceUser18\Application Data
2008-06-08 23:18:14 0 d---s---- C:\Documents and Settings\QBDataServiceUser18\Application Data\Microsoft
2008-06-08 23:18:03 1843200 --a------ C:\WINDOWS\system32\acXMLParser.dll <Not Verified; Apache Software Foundation; Xerces-C Version 2.7.0>
2008-06-08 23:15:49 0 d-------- C:\Program Files\Intuit
2008-06-08 23:15:49 0 d-------- C:\Program Files\Common Files\Intuit
2008-06-08 23:15:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-06-08 23:11:09 0 d-------- C:\Documents and Settings\All Users\Application Data\COMMON FILES
2008-06-08 23:10:55 0 d-------- C:\Program Files\MSXML 4.0
2008-06-08 22:58:43 0 d-------- C:\WINDOWS\system32\Lang
2008-06-08 22:54:22 0 d-------- C:\Program Files\Java
2008-06-08 22:54:21 0 d-------- C:\Program Files\Common Files\Java
2008-06-08 22:51:19 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-08 22:51:18 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-08 22:51:09 0 d-------- C:\Intel
2008-06-08 22:50:16 0 d-------- C:\Program Files\Intel
2008-06-08 22:50:15 0 d-------- C:\Documents and Settings\Jack\Application Data\InstallShield
2008-06-08 22:49:08 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-06-08 22:48:50 0 d-------- C:\WINDOWS\system32\RTCOM
2008-06-08 22:48:18 0 d-------- C:\Program Files\Realtek
2008-06-08 22:48:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-08 22:48:13 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-08 22:48:13 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-06-08 22:48:11 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-08 22:46:00 0 d-------- C:\WINDOWS\system32\vmm32
2008-06-08 22:46:00 0 d-------- C:\Program Files\Dell
2008-06-08 22:28:24 0 d-------- C:\Documents and Settings\Jack\Application Data\Identities
2008-06-08 22:28:18 0 d--h----- C:\Documents and Settings\Jack\Templates
2008-06-08 22:28:18 0 dr------- C:\Documents and Settings\Jack\Start Menu
2008-06-08 22:28:18 0 dr-h----- C:\Documents and Settings\Jack\SendTo
2008-06-08 22:28:18 0 dr-h----- C:\Documents and Settings\Jack\Recent
2008-06-08 22:28:18 0 d--h----- C:\Documents and Settings\Jack\PrintHood
2008-06-08 22:28:18 3145728 --ah----- C:\Documents and Settings\Jack\NTUSER.DAT
2008-06-08 22:28:18 0 d--h----- C:\Documents and Settings\Jack\NetHood
2008-06-08 22:28:18 0 dr------- C:\Documents and Settings\Jack\My Documents
2008-06-08 22:28:18 0 d--h----- C:\Documents and Settings\Jack\Local Settings
2008-06-08 22:28:18 0 dr------- C:\Documents and Settings\Jack\Favorites
2008-06-08 22:28:18 0 d-------- C:\Documents and Settings\Jack\Desktop
2008-06-08 22:28:18 0 d--hs---- C:\Documents and Settings\Jack\Cookies
2008-06-08 22:28:18 0 dr-h----- C:\Documents and Settings\Jack\Application Data
2008-06-08 22:26:31 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-08 22:26:30 0 d-------- C:\WINDOWS\Prefetch
2008-06-08 22:26:29 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-06-08 22:26:29 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-08 22:26:29 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-06-08 22:26:29 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-06-08 22:26:29 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-06-08 22:26:29 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-08 22:26:11 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-08 22:26:11 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-06-08 22:26:11 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-06-08 22:26:11 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-06-08 22:26:11 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-08 22:24:07 0 d-------- C:\WINDOWS\system32\xircom
2008-06-08 22:24:07 0 d-------- C:\Program Files\microsoft frontpage
2008-06-08 22:24:00 229376 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-06-08 22:24:00 0 d-------- C:\DELL
2008-06-08 22:23:52 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-08 22:23:38 0 -rahs---- C:\MSDOS.SYS
2008-06-08 22:23:38 0 -rahs---- C:\IO.SYS
2008-06-08 22:23:38 0 --a------ C:\CONFIG.SYS
2008-06-08 22:23:38 0 --a------ C:\AUTOEXEC.BAT
2008-06-08 22:22:49 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-08 22:22:42 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-08 22:22:41 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-06-08 22:22:33 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-08 22:22:18 0 d-------- C:\WINDOWS\system32\DirectX
2008-06-08 22:21:54 0 d---s---- C:\WINDOWS\Tasks
2008-06-08 22:21:53 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-08 22:21:51 0 d-------- C:\WINDOWS\srchasst
2008-06-08 22:21:50 0 d-------- C:\WINDOWS\system32\Macromed
2008-06-08 22:21:45 0 d-------- C:\Program Files\Movie Maker
2008-06-08 22:21:39 0 d-------- C:\WINDOWS\system32\Restore
2008-06-08 22:21:10 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-08 22:20:57 0 d-------- C:\WINDOWS\Registration
2008-06-08 22:20:51 0 d-------- C:\Program Files\Online Services
2008-06-08 22:20:47 0 d-------- C:\Program Files\Messenger
2008-06-08 22:20:44 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-08 22:20:16 0 d-------- C:\Program Files\Windows NT
2008-06-08 22:20:14 0 d-------- C:\WINDOWS\system32\MsDtc
2008-06-08 22:20:13 0 d-------- C:\WINDOWS\system32\Com
2008-06-08 18:12:01 0 d--hs---- C:\WINDOWS\Installer
2008-06-08 18:12:01 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-08 18:11:59 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-08 18:11:58 0 dr------- C:\Program Files
2008-06-08 18:11:58 0 d-------- C:\Program Files\Common Files
2008-06-08 18:11:39 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-06-08 18:11:39 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-06-08 18:11:39 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-08 18:11:39 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-06-08 18:11:39 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-06-08 18:11:39 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-06-08 18:11:39 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-06-08 18:11:39 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-06-08 18:11:39 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-06-08 18:11:39 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-06-08 18:11:39 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-06-08 18:11:39 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-06-08 18:11:39 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-06-08 18:11:39 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-06-08 18:11:39 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-08 18:11:39 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-06-08 18:11:29 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-08 18:11:29 0 d-------- C:\WINDOWS\system32\CatRoot
2008-06-08 18:11:24 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-08 18:11:24 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-08 18:11:24 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-08 18:11:24 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-08 18:11:05 0 d--hs---- C:\System Volume Information
2008-06-08 18:11:05 0 d-------- C:\Documents and Settings
2008-06-08 18:05:37 0 d-------- C:\WINDOWS
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\WinSxS
2008-06-08 18:05:37 0 dr------- C:\WINDOWS\Web
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\twain_32
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\wins
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\wbem
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\usmt
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\spool
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\ShellExt
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\Setup
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\ras
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\oobe
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\npp
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\mui
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\inetsrv
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\IME
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\icsxml
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\ias
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\export
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\drivers
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-06-08 18:05:37 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\dhcp
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\config
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\3076
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\2052
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\1054
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\1042
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\1041
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\1037
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\1033
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\1031
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\1028
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system32\1025
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\system
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\security
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\Resources
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\repair
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\Provisioning
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\PeerNet
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\pchealth
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\mui
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\msapps
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\msagent
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\Media
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\java
2008-06-08 18:05:37 0 d--h----- C:\WINDOWS\inf
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\ime
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\Help
2008-06-08 18:05:37 0 dr--s---- C:\WINDOWS\Fonts
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\ehome
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\Driver Cache
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\dell
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\Debug
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\Cursors
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\Connection Wizard
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\Config
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\AppPatch
2008-06-08 18:05:37 0 d-------- C:\WINDOWS\addins
-- Find3M Report ---------------------------------------------------------------
2008-06-08 18:11:39 62 --ahs---- C:\Documents and Settings\Jack\Application Data\desktop.ini
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [04/26/2007 14:27 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 18:43 C:\WINDOWS\Alcmtr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/16/2007 19:51]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/16/2007 19:51]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/16/2007 19:51]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 22:16]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2/27/2008 9:00:46 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [4/28/2008 11:20:00 AM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8711 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-07-05 00:41:16 ------------
extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® Dual CPU E2160 @ 1.80GHz
CPU 1: Intel® Pentium® Dual CPU E2160 @ 1.80GHz
Percentage of Memory in Use: 22%
Physical Memory (total/avail): 2037.1 MiB / 1570.89 MiB
Pagefile Memory (total/avail): 3930.09 MiB / 3476.82 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1903.41 MiB
C: is Fixed (NTFS) - 232.78 GiB total, 222.01 GiB free.
D: is Removable (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is CDROM (No Media)
I: is Removable (FAT)
\\.\PHYSICALDRIVE0 - WDC WD2500JS-75NCB3 - 232.83 GiB - 2 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 232.78 GiB - C:
\\.\PHYSICALDRIVE1 - Memorex TD Classic 003C USB Device - 243.17 MiB - 1 partition
\PARTITION0 (bootable) - Win95 w/Extended Int 13 - 245.98 MiB - I:
\\.\PHYSICALDRIVE2 - TEAC USB HS-CF Card USB Device
\\.\PHYSICALDRIVE4 - TEAC USB HS-MS Card USB Device
\\.\PHYSICALDRIVE5 - TEAC USB HS-SD Card USB Device
\\.\PHYSICALDRIVE3 - TEAC USB HS-xD/SM USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: Avira AntiVir PersonalEdition v8.0.1.18 (Avira GmbH)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Juno\\bin\\juno.exe"="C:\\Program Files\\Juno\\bin\\juno.exe:*:Enabled:Juno"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jack\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=STINSON-1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jack
LOGONSERVER=\\STINSON-1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Intuit\QBPOSSDKRuntime
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jack\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jack\LOCALS~1\Temp
USERDOMAIN=STINSON-1
USERNAME=Jack
USERPROFILE=C:\Documents and Settings\Jack
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Jack
(admin)QBDataServiceUser18.STINSON-1.000
QBDataServiceUser18.STINSON-1
(new local)-- Add/Remove Programs ---------------------------------------------------------
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office system --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Avira AntiVir Personal – Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Dell Resource CD --> MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
DesignPro 5.4 Limited Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\C1URKXMN\HijackThis.exe" /uninstall
HouseCall 6.6 --> "C:\Documents and Settings\Jack\Application Data\HouseCall 6.6\uninstaller.exe"
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Connections 12.1.12.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Juno --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11D696C6-0A0C-499A-B431-6190F9DC1904}\setup.exe" Uninstall
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007 --> MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
QuickBooks Point of Sale --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8A88636-9D7B-4755-B86E-733A52AB88A6}\Setup.exe" -l0x9 UNINSTALL
QuickBooks Pro 2008 --> msiexec.exe /I {8ED4E82B-8CEA-40DE-826C-37AC7B941F81} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2008" ADDREMOVE=1
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SupportSoft Assisted Service --> MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
Update for Office 2007 (KB932080) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinZip 11.2 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
-- Application Event Log -------------------------------------------------------
Event Record #/Type1417 / Error
Event Submitted/Written: 07/05/2008 00:33:13 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.5.2.16, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type1416 / Warning
Event Submitted/Written: 07/04/2008 08:08:27 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Monderb.318208.1C:\System Volume Information\_restore{FCE6557E-159A-4F35-98E6-CB7758DB8DA2}\RP48\A0007471.dll
Event Record #/Type1415 / Error
Event Submitted/Written: 07/04/2008 07:50:24 PM
Event ID/Source: 4 / QuickBooks
Event Description:
QuickBooks Pro 2008An attempt to LogOff without a logon.
Event Record #/Type1414 / Error
Event Submitted/Written: 07/04/2008 07:50:22 PM
Event ID/Source: 4 / QuickBooks
Event Description:
QuickBooks Pro 2008An attempt to LogOff without a logon.
Event Record #/Type1413 / Warning
Event Submitted/Written: 07/04/2008 06:16:31 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Monderb.318208.1C:\System Volume Information\_restore{FCE6557E-159A-4F35-98E6-CB7758DB8DA2}\RP48\A0007471.dll
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type1930 / Warning
Event Submitted/Written: 07/02/2008 11:04:32 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Event Record #/Type1928 / Warning
Event Submitted/Written: 07/02/2008 07:29:54 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Event Record #/Type1882 / Warning
Event Submitted/Written: 07/01/2008 04:52:40 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001AA09D8095. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type1851 / Warning
Event Submitted/Written: 07/01/2008 03:42:54 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type1800 / Error
Event Submitted/Written: 07/01/2008 03:15:40 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code c000021a, parameter1 e2e18bd8, parameter2 00000001, parameter3 00000000, parameter4 00000000.
-- End of Deckard's System Scanner: finished at 2008-07-05 00:41:16 ------------