Hello,
RESULTS OF DSS SCAN:
MAIN:
Deckard's System Scanner v20071014.68
Run by staff on 2008-07-09 16:13:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
-- Last 5 Restore Point(s) --
94: 2008-07-09 22:00:11 UTC - RP397 - Deckard's System Scanner Restore Point
93: 2008-07-09 19:11:13 UTC - RP396 - Installed Java 6 Update 7
92: 2008-07-09 16:51:17 UTC - RP395 - Installed SUPERAntiSpyware Free Edition
91: 2008-07-09 16:28:06 UTC - RP394 - Virtumonde Fix
90: 2008-07-09 16:20:13 UTC - RP393 - Software Distribution Service 3.0
-- First Restore Point --
1: 2008-06-27 17:10:55 UTC - RP304 - Installed Java 6 Update 5
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as staff.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:55 PM, on 7/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\staff\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\staff.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://download.windowsupdate.comO15 - Trusted Zone:
http://*.windowsupdate.comO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoft...s/as2stubie.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onec...lscbase5036.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1215027444484O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 6823 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - AutoCADLTScriptFile - shell\open\command - C:\WINDOWS\system32\notepad.exe "%1"-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/1000 PM Network Connection
Device ID: PCI\VEN_8086&DEV_108B&SUBSYS_30918086&REV_03\4&6C79FC5&0&00E0
Manufacturer: Intel
Name: Intel® PRO/1000 PM Network Connection
PNP Device ID: PCI\VEN_8086&DEV_108B&SUBSYS_30918086&REV_03\4&6C79FC5&0&00E0
Service: e1express
-- Scheduled Tasks -------------------------------------------------------------
2008-07-09 16:10:10 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-01 16:55:37 290 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
-- Files created between 2008-06-09 and 2008-07-09 -----------------------------
2008-07-09 15:08:06 0 d-------- C:\Program Files\Trend Micro
2008-07-09 13:43:35 0 d-------- C:\Program Files\Panda Security
2008-07-09 10:51:29 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-09 10:51:18 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-09 10:51:18 0 d-------- C:\Documents and Settings\staff\Application Data\SUPERAntiSpyware.com
2008-07-09 10:29:21 0 d-------- C:\Documents and Settings\staff\Application Data\Malwarebytes
2008-07-09 10:29:17 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 10:29:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-09 09:59:28 0 d-------- C:\Program Files\Windows Defender
2008-07-08 14:20:46 0 d-------- C:\Program Files\Spyware Doctor
2008-07-08 14:20:46 0 d-------- C:\Documents and Settings\staff\Application Data\PC Tools
2008-07-08 14:14:55 0 d-------- C:\VundoFix Backups
2008-07-08 12:34:06 0 d-------- C:\Program Files\Enigma Software Group
2008-07-08 12:24:57 0 d-------- C:\Program Files\Windows Live Safety Center
2008-07-08 09:39:19 101376 --a------ C:\WINDOWS\system32\mxsfqm.dll
2008-07-08 09:39:14 101376 --a------ C:\WINDOWS\system32\bmxutvka.dll
2008-07-08 09:34:51 740904 --ahs---- C:\WINDOWS\system32\mSruwyay.ini2
2008-07-07 15:42:01 0 d-------- C:\Mark Kramer
2008-07-07 09:55:18 101376 --a------ C:\WINDOWS\system32\ibelvt.dll
2008-07-07 09:55:13 101376 --a------ C:\WINDOWS\system32\fcnqqwyc.dll
2008-07-07 09:51:14 0 d-------- C:\WINDOWS\system32\olixds18
2008-07-03 11:42:20 589948 --ahs---- C:\WINDOWS\system32\qrstAcdd.ini2
2008-07-03 10:09:27 656691 --ahs---- C:\WINDOWS\system32\VwFMmUvw.ini2
2008-07-03 09:58:53 0 d-------- C:\WINDOWS\Prefetch
2008-07-03 09:51:59 0 d-------- C:\WINDOWS\system32\scripting
2008-07-03 09:51:59 0 d-------- C:\WINDOWS\l2schemas
2008-07-03 09:51:58 0 d-------- C:\WINDOWS\system32\en
2008-07-03 09:51:57 0 d-------- C:\WINDOWS\system32\bits
2008-07-03 09:48:35 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-03 09:12:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-02 15:43:38 638946 --ahs---- C:\WINDOWS\system32\EKSrrBeg.ini2
2008-07-02 15:15:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-02 09:59:26 0 d-------- C:\Newdale
2008-07-02 09:51:12 0 d-------- C:\Weiser
2008-07-01 10:31:00 0 d-------- C:\Drum Mtn
2008-06-27 12:42:24 0 d-------- C:\Program Files\AutoCAD LT 2009
2008-06-27 12:40:57 0 d-------- C:\Program Files\MSBuild
2008-06-27 12:37:10 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-06-27 12:36:26 0 d-------- C:\Program Files\Reference Assemblies
2008-06-27 12:24:48 0 d-------- C:\install
2008-06-27 12:23:23 576865792 --a------ C:\AutoCAD_LT_2009_English_Win_32bit.exe
2008-06-27 11:10:45 664038 --ahs---- C:\WINDOWS\system32\YHQXwyxx.ini2
2008-06-27 11:05:34 0 d-------- C:\Temp
2008-06-27 11:03:46 0 d--h----- C:\$AVG8.VAULT$
2008-06-27 10:55:32 0 d-------- C:\Documents and Settings\staff\Application Data\LimeWire
2008-06-27 10:55:18 0 d-------- C:\Program Files\LimeWire
2008-06-27 09:16:55 0 d-------- C:\Documents and Settings\staff\Application Data\Auslogics
2008-06-27 09:16:51 0 d-------- C:\Program Files\Auslogics
2008-06-26 16:08:48 0 d-------- C:\Program Files\Common Files\Protexis
2008-06-26 16:06:55 0 d-------- C:\Program Files\Common Files\Corel
2008-06-26 16:06:21 0 d-------- C:\Program Files\Corel
2008-06-26 12:07:09 0 d-------- C:\Edwards Creek
2008-06-25 14:33:56 0 d-------- C:\Documents and Settings\staff\Application Data\Help
2008-06-24 12:30:51 0 d-------- C:\WINDOWS\pss
2008-06-24 12:26:33 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-24 12:26:33 0 d-------- C:\Documents and Settings\staff\Application Data\AVGTOOLBAR
2008-06-24 12:26:25 0 d-------- C:\Program Files\AVG
2008-06-24 12:26:24 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-24 12:16:52 0 d-------- C:\Program Files\Lavasoft
2008-06-24 12:16:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 12:15:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-23 09:23:30 0 d-------- C:\Documents and Settings\staff\Application Data\DeepBurner
2008-06-23 09:23:16 0 d-------- C:\Program Files\Astonsoft
2008-06-20 14:41:10 0 d-------- C:\Documents and Settings\LocalService\Application Data\Softland
2008-06-20 13:39:42 0 dr-hs---- C:\Documents and Settings\All Users\Application Data\Temp
2008-06-20 13:39:41 2289152 --a------ C:\WINDOWS\SaveTo.exe <Not Verified; ActMask Co.,Ltd -
http://www.ALL2PDF.com; SaveTo>
2008-06-20 13:39:40 880640 --a------ C:\WINDOWS\system32\SaveTo.dll
2008-06-20 13:39:40 1391616 --a------ C:\WINDOWS\system32\ActPDF.dll
2008-06-20 12:05:55 10240 --a------ C:\WINDOWS\system32\virport.dll
2008-06-18 14:10:25 0 d-------- C:\Marys River
2008-06-18 12:16:21 0 d-------- C:\crane creek
2008-06-17 14:19:57 0 d-------- C:\NED_33397907
2008-06-12 10:41:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-12 10:39:40 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-12 10:39:40 0 d-------- C:\Program Files\Autodesk
2008-06-12 10:39:40 0 d-------- C:\Documents and Settings\staff\Application Data\Autodesk
2008-06-11 14:10:53 2516 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-06-11 14:10:53 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\D6EAA9BF9F.sys
2008-06-11 14:10:34 0 d-------- C:\Documents and Settings\staff\Application Data\Corel
2008-06-11 14:08:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-06-11 12:46:48 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-10 13:22:24 0 d-------- C:\worlddemographylesson
2008-06-09 14:18:09 0 d-------- C:\Favorability05
2008-06-09 10:30:17 0 d-------- C:\TungMtnTemp
2008-06-09 10:29:31 0 d-------- C:\GBGISModel05
2008-06-09 10:08:19 0 d-------- C:\Railroad Valley
-- Find3M Report ---------------------------------------------------------------
2008-07-09 13:13:07 0 d-------- C:\Program Files\Java
2008-07-03 09:52:23 0 d-------- C:\Program Files\Messenger
2008-07-03 09:51:57 0 d-------- C:\Program Files\Movie Maker
2008-07-03 09:48:18 0 d-------- C:\Program Files\Windows NT
2008-06-27 09:28:44 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-27 09:28:04 0 d-------- C:\Program Files\Google
2008-06-27 09:27:23 0 d-------- C:\Program Files\Common Files
2008-06-24 12:23:00 0 d-------- C:\Program Files\Norton AntiVirus
2008-06-24 12:02:03 0 d-------- C:\Documents and Settings\staff\Application Data\U3
2008-06-10 12:12:02 0 d-------- C:\Program Files\RockWare
2008-06-09 10:56:20 0 d-------- C:\Program Files\UTMFlyer
2008-06-03 12:40:27 0 d-------- C:\Documents and Settings\staff\Application Data\ESRI
2008-06-03 10:07:50 0 d-------- C:\Program Files\ArcGIS
2008-05-28 09:35:10 0 d-------- C:\Program Files\ESRI
2008-05-28 09:26:40 0 d-------- C:\Program Files\Common Files\ESRI
2008-05-28 09:24:36 0 d-------- C:\Program Files\Leica Geosystems
2008-05-28 09:20:19 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-05-21 11:39:19 0 d-------- C:\Documents and Settings\staff\Application Data\Google
2008-05-16 10:49:41 0 d-------- C:\Documents and Settings\staff\Application Data\AdobeUM
2008-05-15 15:39:07 0 d-------- C:\Program Files\Canon
2008-05-13 15:36:19 0 d-------- C:\Documents and Settings\staff\Application Data\Xfire
2008-05-13 15:24:10 0 d-------- C:\Documents and Settings\staff\Application Data\Mozilla
2008-05-13 10:27:03 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-13 10:26:51 0 d-------- C:\Documents and Settings\staff\Application Data\Leadertech
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/02/2008 04:19 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/02/2008 04:19 PM 2055960]
[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [08/12/2005 02:43 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/02/2008 04:19 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [06/03/2004 01:51 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [08/31/2007 01:01 PM]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [08/09/2005 05:35 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 06:12 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/13/2008 06:12 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07/09/2008 12:38 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [07/09/2008 12:37 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 07/09/2008 12:37 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8772 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-07-09 16:21:53 ------------
EXTRA:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® D CPU 3.20GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 1021.88 MiB / 517.17 MiB
Pagefile Memory (total/avail): 2459 MiB / 1814.62 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1880.77 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 111.78 GiB total, 82.8 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is CDROM (CDFS)
I: is Removable (FAT)
\\.\PHYSICALDRIVE0 - ST3120811AS - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.78 GiB - C:
\\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device
\\.\PHYSICALDRIVE3 - Generic STORAGE DEVICE USB Device
\\.\PHYSICALDRIVE1 - SanDisk U3 Cruzer Micro USB Device - 972.69 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 973.43 MiB - I:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\staff\Application Data
ARCGISHOME=C:\Program Files\ArcGIS\
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC11
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\staff
LOGONSERVER=\\PC11
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\ATI Technologies\ATI.ACE\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0602
ProgramFiles=C:\Program Files
PROMPT=$P$G
PYTHONPATH=C:\Program Files\ArcGIS\bin
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\staff\LOCALS~1\Temp
TMP=C:\DOCUME~1\staff\LOCALS~1\Temp
USERDOMAIN=PC11
USERNAME=staff
USERPROFILE=C:\Documents and Settings\staff
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
staff
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{107254A0-0ADF-11D4-9397-00D0B7020B38}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
ArcGIS Desktop Evaluation Edition --> MsiExec.exe /I{811676F5-41BA-4CB3-9A8C-BFA4596A9301}
ArcGIS Tutorial Data --> MsiExec.exe /I{1032F58F-D319-42C1-A25F-2D3C9A26705B}
ASUS Enhanced Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{F9AD857F-0492-4AC2-9A77-241360ADBB3C}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AusLogics Registry Defrag --> "C:\Program Files\Auslogics\AusLogics Registry Defrag\unins000.exe"
AutoCAD LT 2009 - English --> C:\Program Files\AutoCAD LT 2009\Setup\Setup.exe /P {5783F2D7-7009-0409-0002-0060B0CE6BBA} /M ACADLT
Autodesk Design Review 2009 --> C:\Program Files\Autodesk\Autodesk Design Review\Setup\Setup.exe /P {450063AA-643B-417C-8CF5-405BA3F4EF40} /M ADR
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CorelDRAW Graphics Suite X4 --> MsiExec.exe /I{44A27085-0616-4181-A0C3-81C7ECA17F73}
CorelDRAW Graphics Suite X4 - Capture --> MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF012}
CorelDRAW Graphics Suite X4 - Content --> MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF016}
CorelDRAW Graphics Suite X4 - Draw --> MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF013}
CorelDRAW Graphics Suite X4 - Filters --> MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF017}
CorelDRAW Graphics Suite X4 - FontNav --> MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF019}
CorelDRAW Graphics SUite X4 - ICA --> MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF010}
CorelDRAW Graphics Suite X4 - IPM --> MsiExec.exe /I{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}
CorelDRAW Graphics Suite X4 - Lang EN --> MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF100}
CorelDRAW Graphics Suite X4 - PP --> MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF014}
CorelDRAW Graphics Suite X4 - VBA --> MsiExec.exe /I{BF439B41-0252-48DE-8B8B-0430CB26A181}
CorelDRAW® Graphics Suite X4 --> c:\Program Files\Corel\CorelDRAW Graphics Suite X4\Setup\SetupARP.exe /arp
CorelDRAW® Graphics Suite X4 - Windows Shell Extension --> c:\Program Files\Common Files\Corel\Shared\Shell Extension\Uninst.exe
CorelDRAW® Graphics Suite X4 - Windows Shell Extension --> MsiExec.exe /X{CE2DA11A-917F-4CF5-AB55-755EC115DD10}
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel Audio Studio 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}\setup.exe" -l0x9
Intel® PRO Network Connections --> MsiExec.exe /I{205C26CB-6D52-458C-A87F-1EE77F9625C6}
Java 2 Runtime Environment, SE v1.4.2_11 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142110}
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 4.18.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Python 2.4.1 --> C:\Python24\\Python24\UNWISE.EXE C:\Python24\\Python24\INSTALL.LOG
RockWorks 14 --> "C:\Program Files\RockWare\unins000.exe"
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\Setup.exe" -l0x9 -remove -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Trillian --> I:\System\Apps\58EA136C-7E57-4416-B59E-394C46DD505B\Exec\Trillian.exe /uninstall
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
-- Application Event Log -------------------------------------------------------
Event Record #/Type9865 / Warning
Event Submitted/Written: 07/09/2008 03:55:36 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type9861 / Warning
Event Submitted/Written: 07/09/2008 03:05:03 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type9858 / Error
Event Submitted/Written: 07/09/2008 01:43:47 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Event Record #/Type9857 / Error
Event Submitted/Written: 07/09/2008 01:43:47 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Event Record #/Type9853 / Warning
Event Submitted/Written: 07/09/2008 01:38:04 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type20536 / Warning
Event Submitted/Written: 07/09/2008 04:17:09 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PC1127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PC1127 can't undo changes that you allow.
For more information please see the following:
%PC11275
Scan ID: {6BF192D0-486F-4E26-8AB8-F57CFE31E485}
User: PC11\staff
Name: %PC11271
ID: %PC11272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %PC11276
Alert Type: %PC11278
Detection Type: 1.1.1593.02
Event Record #/Type20535 / Warning
Event Submitted/Written: 07/09/2008 04:17:09 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PC1127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PC1127 can't undo changes that you allow.
For more information please see the following:
%PC11275
Scan ID: {CDA0B27F-CE46-4C56-BA8B-F6FBB00F18BA}
User: PC11\staff
Name: %PC11271
ID: %PC11272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %PC11276
Alert Type: %PC11278
Detection Type: 1.1.1593.02
Event Record #/Type20534 / Warning
Event Submitted/Written: 07/09/2008 04:17:09 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PC1127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PC1127 can't undo changes that you allow.
For more information please see the following:
%PC11275
Scan ID: {13758925-6D30-4219-A50F-53F6A216AF2B}
User: PC11\staff
Name: %PC11271
ID: %PC11272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %PC11276
Alert Type: %PC11278
Detection Type: 1.1.1593.02
Event Record #/Type20533 / Warning
Event Submitted/Written: 07/09/2008 04:17:07 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PC1127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PC1127 can't undo changes that you allow.
For more information please see the following:
%PC11275
Scan ID: {9DDFFBD9-F2A9-479E-9B58-2E4BF9076896}
User: PC11\staff
Name: %PC11271
ID: %PC11272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %PC11276
Alert Type: %PC11278
Detection Type: 1.1.1593.02
Event Record #/Type20532 / Warning
Event Submitted/Written: 07/09/2008 04:17:07 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PC1127 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PC1127 can't undo changes that you allow.
For more information please see the following:
%PC11275
Scan ID: {CDCA2BBC-04F2-4172-976C-7D4DFD9FC140}
User: PC11\staff
Name: %PC11271
ID: %PC11272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %PC11276
Alert Type: %PC11278
Detection Type: 1.1.1593.02
-- End of Deckard's System Scanner: finished at 2008-07-09 16:21:53 ------------