Thank you!
Main:
Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-04 13:55:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 2 Restore Point(s) --
2: 2008-07-04 19:55:52 UTC - RP234 - Deckard's System Scanner Restore Point
1: 2008-07-04 05:29:01 UTC - RP233 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 511 MiB (512 MiB recommended).-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:01 PM, on 7/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {bcbf81e2-b66c-9608-32d4-16c0009149ab} - {ba941900-0c61-4d23-8069-c66b2e18fbcb} - C:\WINDOWS\system32\qkeqnf.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Corel Family and Friends Reminders.LNK = C:\Corel\Print House Magic\cffrem.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.liv...m/quickadd.aspxO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) -
http://inst.c-wss.co...ll/gtdownlr.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1140931532018O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1149045262662O17 - HKLM\System\CCS\Services\Tcpip\..\{AF14EFD3-1D6C-41A6-8E19-BC97B35F4BDE}: NameServer = 208.39.158.2,64.56.37.246
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 7870 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*.js - unable to read key.js - unable to read key.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 NetworkX - c:\windows\system32\ckldrv.sys
R1 OMCI (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\windows\system32\cbtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 AR5211 (D-Link Adapter) - c:\windows\system32\drivers\ar5211.sys (file missing)
S3 FarStoneFireWallDrive - c:\windows\system32\drivers\fardrive.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Crypkey License - crypserv.exe <Not Verified; Kenonic Controls Ltd.; CrypKey Software Licensing System>
S2 NICSer_WPC54G - c:\program files\linksys\wireless-g notebook adapter\nicserv.exe
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-07-04 13:14:00 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-07-03 09:11:32 622 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job
-- Files created between 2008-06-04 and 2008-07-04 -----------------------------
2008-07-04 01:15:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Playrix Entertainment
2008-07-04 01:11:07 0 d-------- C:\Program Files\Fishdom
2008-07-03 22:16:50 0 d-------- C:\Program Files\Build-in-Time
2008-07-03 19:51:12 0 d-------- C:\WINDOWS\Prefetch
2008-07-03 10:00:43 0 d-------- C:\WINDOWS\system32\scripting
2008-07-03 10:00:40 0 d-------- C:\WINDOWS\l2schemas
2008-07-03 10:00:38 0 d-------- C:\WINDOWS\system32\en
2008-07-03 09:47:45 0 d-------- C:\WINDOWS\network diagnostic
2008-07-03 01:21:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-07-03 01:17:42 0 d-------- C:\Program Files\Windows Sidebar
2008-07-03 01:15:44 0 d-------- C:\Program Files\Norton Internet Security
2008-07-03 01:12:07 0 d-------- C:\Program Files\Symantec
2008-07-03 01:12:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-03 01:11:25 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-03 00:09:22 0 d-------- C:\Program Files\Trend Micro
2008-07-03 00:04:25 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-03 00:03:40 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-03 00:03:40 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-07-03 00:00:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-03 00:00:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-03 00:00:23 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-03 00:00:01 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-02 22:56:39 0 d-------- C:\Program Files\Lavasoft
2008-07-02 22:56:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-02 22:47:17 106272 --a------ C:\WINDOWS\system32\qkeqnf.dll
2008-07-02 22:47:16 106272 --a------ C:\WINDOWS\system32\ubskyvuy.dll
2008-07-02 22:47:14 85248 -----n--- C:\WINDOWS\system32\hmsgqjsq.dll
2008-07-02 20:38:56 0 d-------- C:\Documents and Settings\All Users\Application Data\FreshGames
2008-07-02 00:29:14 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-07-02 00:29:14 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2008-07-02 00:29:14 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-07-02 00:29:14 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-07-02 00:29:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-02 00:29:13 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-01 23:45:37 0 d-------- C:\VundoFix Backups
2008-07-01 22:17:14 0 d-------- C:\Program Files\Tradewinds Caravans
2008-06-29 22:54:27 0 d-------- C:\Documents and Settings\Owner\Application Data\cerasus.media
2008-06-28 16:25:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2008-06-28 00:22:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Acoustica
2008-06-28 00:22:16 0 d-------- C:\Program Files\Acoustica CD Label Maker
2008-06-27 23:57:39 86016 -ra------ C:\WINDOWS\system32\CNMCP5y.exe <Not Verified; CANON INC.; Canon BJ Raster Printer Driver Installer>
2008-06-27 23:57:38 0 d--h----- C:\BJPrinter
2008-06-27 23:55:44 0 d-------- C:\Documents and Settings\Owner\Application Data\Gtek
2008-06-27 23:55:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Gtek
2008-06-22 22:52:19 0 d-------- C:\Documents and Settings\Owner\Shared
2008-06-22 22:50:28 0 d-------- C:\Program Files\LimeWire
2008-06-22 05:39:09 0 d-------- C:\Documents and Settings\Owner\Application Data\Meridian93
2008-06-21 01:22:42 52224 --a------ C:\WINDOWS\system32\Crypserv.exe <Not Verified; Kenonic Controls Ltd.; CrypKey Software Licensing System>
2008-06-21 01:22:42 24608 --a------ C:\WINDOWS\system32\Ckldrv.sys
2008-06-21 01:22:42 27648 -ra------ C:\WINDOWS\Setup_ck.exe
2008-06-21 01:22:42 18432 --a------ C:\WINDOWS\Setup_ck.dll
2008-06-21 01:22:42 11776 --a------ C:\WINDOWS\Ckrfresh.exe
2008-06-21 01:22:42 165888 --a------ C:\WINDOWS\Ckconfig.exe <Not Verified; Kenonic Controls; CKCONFIG Application>
2008-06-21 00:52:30 0 d-------- C:\Program Files\HobbyWare
2008-06-21 00:52:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Pattern Maker for cross stitch
2008-06-19 02:28:28 0 d-------- C:\WINDOWS\NabnGrab
2008-06-19 02:28:27 0 d-------- C:\WINDOWS\Properties
2008-06-17 03:27:02 0 d-------- C:\Documents and Settings\Owner\Application Data\Darwin
2008-06-17 01:40:56 0 d-------- C:\Documents and Settings\All Users\Application Data\BigFish
2008-06-17 01:39:28 0 d-------- C:\Documents and Settings\Owner\Application Data\BigFish
2008-06-16 21:56:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
2008-06-14 12:08:20 0 d-------- C:\Documents and Settings\All Users\Application Data\VirtualFarm
2008-06-10 21:32:55 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-10 21:31:05 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-10 21:31:05 0 d-------- C:\WINDOWS\system32\drivers\UMDF
-- Find3M Report ---------------------------------------------------------------
2008-07-03 21:20:55 0 d-------- C:\Program Files\Google
2008-07-03 19:49:21 0 d-------- C:\Program Files\Messenger
2008-07-03 10:00:36 0 d-------- C:\Program Files\Movie Maker
2008-07-03 09:53:10 0 d-------- C:\Program Files\Windows NT
2008-07-03 01:33:37 0 d-------- C:\Program Files\Common Files
2008-07-03 00:42:13 0 d-------- C:\Program Files\PCSecurityShield
2008-07-03 00:42:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-03 00:02:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-30 01:46:25 76 ---hs---- C:\Documents and Settings\Owner\Application Data\.zreglib
2008-06-28 16:57:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-05-28 22:29:50 0 d-------- C:\Program Files\SlySoft
2008-05-28 20:07:31 0 d-------- C:\Program Files\Atomic Clock Sync
2008-05-28 09:17:03 0 d-------- C:\Program Files\Virtual Villagers - The Secret City
2008-05-25 22:41:14 0 d-------- C:\Documents and Settings\Owner\Application Data\gamelab
2008-05-22 23:02:19 0 --a------ C:\Program Files\temp01
2008-05-22 23:02:17 0 d-------- C:\Program Files\bfgclient
2008-05-22 22:07:47 0 d-------- C:\Program Files\SecondLife
2008-05-22 22:03:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-05-22 22:02:42 0 d-------- C:\Documents and Settings\Owner\Application Data\SecondLife
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
06/30/2008 01:44 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
07/03/2008 01:16 AM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba941900-0c61-4d23-8069-c66b2e18fbcb}]
07/02/2008 10:47 PM 106272 --a------ C:\WINDOWS\system32\qkeqnf.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [06/30/2008 01:44 PM 349552]
[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 07:59 AM C:\WINDOWS\BCMSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [05/02/2003 07:21 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [05/02/2003 07:15 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/19/2005 10:59 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/19/2005 10:59 AM]
"dwStart"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 07:47 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [02/07/2008 12:49 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/13/2008 06:12 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [06/07/2007 02:08 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 06:12 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07/03/2008 11:32 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Corel Family and Friends Reminders.LNK - C:\Corel\Print House Magic\cffrem.exe [1/2/2008 11:37:30 AM]
Wireless-G Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe [3/29/2006 8:51:18 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [07/03/2008 11:32 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 07/03/2008 11:31 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dwStart]
C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
*Newly Created Service* - COMHOST
*Newly Created Service* - SASDIFSV
-- End of Deckard's System Scanner: finished at 2008-07-04 14:07:48 ------------
Extra:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: Intel® Celeron® CPU 2.40GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 510.33 MiB / 241.81 MiB
Pagefile Memory (total/avail): 1246.91 MiB / 871.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1818.9 MiB
C: is Fixed (NTFS) - 37.21 GiB total, 12.86 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - HTS548040M9AT00 - 37.26 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JIMNPEGSMOBILE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\JIMNPEGSMOBILE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=JIMNPEGSMOBILE
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Owner
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acoustica CD/DVD Label Maker --> C:\Program Files\Acoustica CD Label Maker\cdlabel.exe UNINSTALL
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Arthur's Computer Adventure --> C:\Program Files\The Learning Company\Arthur's Computer Adventure\uninstall.exe
Atomic Clock Sync --> C:\PROGRA~1\ATOMIC~1\UNWISE.EXE C:\PROGRA~1\ATOMIC~1\INSTALL.LOG
Azada --> "C:\Program Files\Azada\ReflexiveArcade\unins000.exe"
BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
Build-in-Time --> "C:\Program Files\Build-in-Time\Uninstall.exe"
Canon PIXMA iP1500 --> C:\WINDOWS\system32\CNMCP5y.exe "-PRINTERNAMECanon PIXMA iP1500" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmi0409.dll"
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Corel Applications --> C:\WINDOWS\Corel\Uninstal.exe
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Cubis Gold 2 --> "C:\Program Files\Oberon Media\Cubis Gold 2\Uninstall.exe" "C:\Program Files\Oberon Media\Cubis Gold 2\install.log"
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell TrueMobile 1400 Dual Band WLAN Mini-PCI Card --> C:\WINDOWS\system32\BCMWLU00.exe verbose
Fishdom --> "C:\Program Files\Fishdom\Uninstall.exe"
Full Tilt Poker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -l0x9 -removeonly
Glass Eye 2000 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Dragonfly\Glass Eye 2000\DeIsL1.isu" -c"C:\Program Files\Dragonfly\Glass Eye 2000\_ISREG32.DLL"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IncrediMail Xe --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire 4.18.2 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Luxor --> "C:\Program Files\Oberon Media\Luxor\Uninstall.exe" "C:\Program Files\Oberon Media\Luxor\install.log"
Luxor - Amun Rising --> "C:\Program Files\Oberon Media\Luxor - Amun Rising\Uninstall.exe" "C:\Program Files\Oberon Media\Luxor - Amun Rising\install.log"
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Magic Match --> "C:\Program Files\Oberon Media\Magic Match\Uninstall.exe" "C:\Program Files\Oberon Media\Magic Match\install.log"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mystery Case Files Ravenhearst --> "C:\Program Files\Oberon Media\Mystery Case Files Ravenhearst\Uninstall.exe" "C:\Program Files\Oberon Media\Mystery Case Files Ravenhearst\install.log"
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Setup.exe" /X
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
Odyssey Client --> MsiExec.exe /X{99D42EC7-652B-4819-B3E6-6450C815E03F}
Pandora's Box 2 --> MsiExec.exe /X{51ED42DD-3D29-43A2-BE21-8C8D972C2549}
Pattern Maker for cross stitch - v4 --> MsiExec.exe /I{9CE2B4FB-8127-4058-B028-C5961242A480}
Pattern Maker Viewer - v4 --> MsiExec.exe /I{DE5D78ED-145E-4FA3-9D75-C92A09E1FEB1}
Sandlot Games Client Services --> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
SecondLife (remove only) --> "C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
SigmaTel AC97 Audio Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
StepMania (remove only) --> "C:\Program Files\StepMania\uninstall.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins001.exe"
TeamSpeak 2 Server RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Ultima Online: 9th Anniversary Collection --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F4D129C-6DB8-43D7-A73C-7F93D471DD0C}\setup.exe" -l0x9 -removeonly
UltraBall (remove only) --> "C:\Program Files\MumboJumbo\UltraBall\uninstall.exe"
UO Auto-Map --> c:\Program Files\UOAM\uoam.exe -uninstall
UO Treasure Hunter Tools --> MsiExec.exe /I{A80CC092-B06A-4254-838A-B49A1AEE5F32}
UOGateway --> "C:\Program Files\UOGateway\uninstall.exe"
Virtual Villagers: The Secret City --> "C:\Program Files\Virtual Villagers - The Secret City\Uninstall.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless-G Notebook Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}\Setup.exe" -l0x9
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type1405 / Error
Event Submitted/Written: 07/03/2008 08:53:28 PM
Event ID/Source: 2 / WLTRYSVC
Event Description:
SetServiceStatus() failed
Event Record #/Type1375 / Error
Event Submitted/Written: 07/03/2008 07:47:38 PM
Event ID/Source: 2 / WLTRYSVC
Event Description:
SetServiceStatus() failed
Event Record #/Type1347 / Warning
Event Submitted/Written: 07/03/2008 10:03:37 AM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Event Record #/Type1281 / Warning
Event Submitted/Written: 07/03/2008 02:01:50 AM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: warning
A LiveUpdate session is already in progress; cannot launch Automatic LiveUpdate.
Event Record #/Type1279 / Warning
Event Submitted/Written: 07/03/2008 01:56:47 AM / 07/03/2008 01:56:48 AM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: warning
A LiveUpdate session is already in progress; cannot launch Automatic LiveUpdate.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type11899 / Warning
Event Submitted/Written: 07/04/2008 01:11:30 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Event Record #/Type11550 / Error
Event Submitted/Written: 07/03/2008 00:39:20 AM / 07/03/2008 00:39:21 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Event Record #/Type11508 / Error
Event Submitted/Written: 07/02/2008 11:05:12 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Event Record #/Type11507 / Error
Event Submitted/Written: 07/02/2008 11:00:12 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Event Record #/Type11499 / Warning
Event Submitted/Written: 07/02/2008 10:53:26 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
-- End of Deckard's System Scanner: finished at 2008-07-04 14:07:48 ------------