Thanks!
I did get a white desktop background, BTW.
Here's the results:
SmitFraudFix v2.329
Scan done at 8:57:38.60, Thu 07/10/2008
Run from F:\Documents and Settings\Pete\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3251FBC5-BB4D-4FDE-96FC-80C75B1185A0}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3251FBC5-BB4D-4FDE-96FC-80C75B1185A0}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3251FBC5-BB4D-4FDE-96FC-80C75B1185A0}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Deckard's System Scanner v20071014.68
Run by Pete on 2008-07-10 09:09:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
78: 2008-07-10 13:09:34 UTC - RP78 - Deckard's System Scanner Restore Point
77: 2008-07-09 16:49:56 UTC - RP77 - Last known good configuration
76: 2008-07-09 16:49:51 UTC - RP76 - Software Distribution Service 3.0
75: 2008-07-09 16:49:51 UTC - RP75 - System Checkpoint
74: 2008-07-09 16:49:51 UTC - RP74 - System Checkpoint
-- First Restore Point --
1: 2008-07-09 16:49:41 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Pete.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:10:16, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
F:\Program Files\Spyware Doctor\pctsAuxs.exe
F:\Program Files\Spyware Doctor\pctsSvc.exe
F:\Program Files\Spyware Doctor\pctsTray.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
F:\Program Files\D-Link AirPlus G\AirPlus.exe
F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
F:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
F:\Program Files\Skype\Plugin Manager\skypePM.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\MSN Messenger\usnsvc.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Documents and Settings\Pete\Desktop\dss.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
F:\PROGRA~1\TRENDM~1\HIJACK~1\Pete.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {874EA085-3B7B-412B-91AE-7291A94978D0} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D01A8B68-D46E-42C1-B967-9043543B6E0D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ISTray] "F:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RoboForm] "F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Customize Menu - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: geBtTkiH - geBtTkiH.dll (file missing)
O21 - SSODL: fsrpknov - {DB12EC73-2A4F-471B-88E7-DC7C3B43D555} - F:\WINDOWS\fsrpknov.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Program Files\Spyware Doctor\pctsSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///F:\WINDOWS\privacy_danger\index.htm
--
End of file - 6858 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 W8100PCI (D-Link AirPlus G Wireless Driver) - f:\windows\system32\drivers\mrv8k51.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11 NIC>
S3 ATICDSDr - f:\docume~1\pete\locals~1\temp\{1735a~1\atiicdxx.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "f:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_D6008086&REV_10\4&FB75CB&0&10A4
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_D6008086&REV_10\4&FB75CB&0&10A4
Service: rtl8139
-- Files created between 2008-06-10 and 2008-07-10 -----------------------------
2008-07-10 08:51:57 25600 --a------ F:\WINDOWS\system32\WS2Fix.exe
2008-07-10 08:51:57 289144 --a------ F:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-10 08:51:57 86528 --a------ F:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-10 08:51:57 288417 --a------ F:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-10 08:51:57 53248 --a------ F:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-07-10 08:51:57 82944 --a------ F:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-10 08:51:57 51200 --a------ F:\WINDOWS\system32\dumphive.exe
2008-07-10 08:51:57 81920 --a------ F:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-10 00:25:48 0 d-------- F:\WINDOWS\system32\FxsTmp
2008-07-09 19:52:11 0 d-------- F:\Program Files\Trend Micro
2008-07-09 17:13:48 0 dr-h----- F:\Documents and Settings\Pete\Recent
2008-07-09 12:50:29 112256 --a------ F:\WINDOWS\system32\ytqlnffy.dll
2008-07-09 12:49:31 1529 --ahs---- F:\WINDOWS\system32\DeffOXyb.ini2
2008-07-09 12:40:23 29568 --a------ F:\WINDOWS\system32\cbXNFxwX.dll
2008-07-09 12:39:57 0 d-------- F:\Documents and Settings\Pete\Application Data\TmpRecentIcons
2008-07-09 12:39:43 167936 --a------ F:\WINDOWS\gpefaowr.exe
2008-07-09 12:39:43 348160 --a------ F:\WINDOWS\fsrpknov.dll
2008-07-09 12:39:43 163840 --a------ F:\WINDOWS\enxw.exe
2008-07-08 20:38:38 0 d-------- F:\10Kone
2008-07-08 20:05:02 0 d-------- F:\Program Files\Affiliate ID Manager
2008-07-08 18:17:05 0 d-------- F:\Small Business Bookseller
2008-07-08 16:38:09 0 d-------- F:\AX Gold
2008-07-07 18:11:51 0 d-------- F:\Dropshipping
2008-07-05 19:09:36 0 d-------- F:\Documents and Settings\Pete\Application Data\gtk-2.0
2008-07-05 19:09:35 0 d-------- F:\Documents and Settings\Pete\.thumbnails
2008-07-05 19:05:04 0 d-------- F:\Documents and Settings\Pete\.gimp-2.4
2008-07-05 19:04:17 0 d-------- F:\Program Files\GIMP-2.0
2008-07-03 19:19:50 0 d-------- F:\5000 Images
2008-07-03 16:48:55 0 d-------- F:\Documents and Settings\LocalService\Application Data\Help
2008-07-02 22:41:52 0 d-------- F:\WINDOWS\pss
2008-07-02 13:04:43 0 d-------- F:\Ebay Stuff
2008-06-29 22:25:02 21648 --a------ F:\WINDOWS\system\CTL3DV2.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-06-29 22:24:06 0 d-------- F:\XFORMSCD
2008-06-29 22:23:58 20976 --a------ F:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-06-29 22:23:55 0 d-------- F:\Documents and Settings\Pete\WINDOWS
2008-06-29 20:27:16 1085 --a------ F:\WINDOWS\EReg011.dat
2008-06-29 20:21:59 0 d-------- F:\Documents and Settings\All Users\Application Data\SBT
2008-06-29 20:21:46 0 d-------- F:\Program Files\Snapshot Viewer
2008-06-29 10:58:01 0 d-------- F:\Documents and Settings\Pete\Application Data\FileMaker
2008-06-29 10:57:57 0 d-------- F:\Program Files\Webservice Detlev Reimer
2008-06-26 20:01:10 0 d-------- F:\Documents and Settings\Pete\Contacts
2008-06-26 20:00:18 0 d------c- F:\WINDOWS\system32\DRVSTORE
2008-06-26 19:59:44 0 d-------- F:\Program Files\MSN Messenger
2008-06-26 19:54:24 56 --ah----- F:\WINDOWS\system32\ezsidmv.dat
2008-06-26 19:54:23 0 d-------- F:\Documents and Settings\Pete\Application Data\skypePM
2008-06-26 19:53:00 0 d-------- F:\Documents and Settings\Pete\Application Data\Skype
2008-06-26 19:52:30 0 d-------- F:\Program Files\Skype
2008-06-26 19:52:29 0 d-------- F:\Program Files\Common Files\Skype
2008-06-26 19:52:21 0 d-------- F:\Documents and Settings\All Users\Application Data\Skype
2008-06-25 21:30:51 1902 --a------ F:\WINDOWS\system32\tmp.reg
2008-06-25 10:01:14 0 d-------- F:\Program Files\HyperVRE
2008-06-25 09:47:01 0 d-------- F:\HyperVRE
2008-06-23 14:10:29 0 d-------- F:\Buzz
2008-06-22 22:26:46 0 d-------- F:\Forms
2008-06-22 10:47:47 0 d-------- F:\Online Payment Protector
2008-06-21 17:10:47 0 d-------- F:\WINDOWS\Sun
2008-06-21 16:28:51 0 d-------- F:\Cube Cart
2008-06-21 11:30:04 0 d-------- F:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-21 11:23:24 0 d-------- F:\Program Files\Windows Media Connect 2
2008-06-21 11:22:29 0 d-------- F:\WINDOWS\system32\LogFiles
2008-06-21 11:22:29 0 d-------- F:\WINDOWS\system32\drivers\UMDF
2008-06-21 10:26:48 286720 --a------ F:\WINDOWS\system32\swb_uninst.exe <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-06-21 08:25:17 0 d-------- F:\Templates
2008-06-21 07:55:04 0 d-------- F:\Surefire Wealth
2008-06-20 20:27:40 0 d-------- F:\Program Files\KeywordMaster
2008-06-19 15:52:00 0 d-------- F:\WINDOWS\system32\Lang
2008-06-19 14:47:44 40960 -r------- F:\WINDOWS\system32\ChCfg.exe
2008-06-19 14:47:25 0 d-------- F:\WINDOWS\system32\RTCOM
2008-06-19 14:46:38 0 d-------- F:\Program Files\Realtek
2008-06-19 14:46:29 487424 -r------- F:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-19 14:40:08 516096 -----n--- F:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-06-19 14:39:44 0 d-------- F:\WINDOWS\system32\ReinstallBackups
2008-06-19 14:25:33 0 d-------- F:\Program Files\MSXML 4.0
2008-06-19 14:25:15 0 d-------- F:\TempEI4
2008-06-17 10:00:04 0 d-------- F:\Jeremy Burns
2008-06-16 16:48:40 25 --a------ F:\WINDOWS\SW_Win2146X32.DLL
2008-06-16 16:47:20 0 d-------- F:\Documents and Settings\Pete\Application Data\Help
2008-06-16 16:34:18 0 d-------- F:\Internet Pie
2008-06-16 16:16:28 0 d-------- F:\Wholesale Sources Directory
2008-06-16 16:10:17 0 d-------- F:\Internet Marketing Worx
2008-06-16 12:37:04 0 d-------- F:\Documents and Settings\Pete\Application Data\OpenOffice.org2
2008-06-15 08:36:06 0 d-------- F:\ZZ Websites
2008-06-15 07:03:27 0 d-------- F:\Documents and Settings\Pete\Application Data\FileZilla
2008-06-15 06:37:04 0 d-------- F:\Program Files\Affiliate Manager
2008-06-15 06:10:00 0 d-------- F:\Graphics
2008-06-15 05:58:33 0 d-------- F:\PLR
2008-06-14 23:09:45 0 d-------- F:\Program Files\OpenOffice.org 2.4
2008-06-14 23:08:53 0 d-------- F:\Program Files\Java
2008-06-14 23:08:52 0 d-------- F:\Program Files\Common Files\Java
2008-06-14 23:08:43 0 d-------- F:\Documents and Settings\Pete\Application Data\Sun
2008-06-14 22:39:58 72704 --a------ F:\WINDOWS\system32\odbctl32.dll <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-06-14 22:38:56 368912 --a------ F:\WINDOWS\system32\VBAR332.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-14 22:38:56 294912 --a------ F:\WINDOWS\system32\msxbse35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 166672 --a------ F:\WINDOWS\system32\mstext35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 262144 --a------ F:\WINDOWS\system32\msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 250128 --a------ F:\WINDOWS\system32\mspdox35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 168720 --a------ F:\WINDOWS\system32\msltus35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 1238288 --a------ F:\WINDOWS\system32\msjt4jlt.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 1050896 --a------ F:\WINDOWS\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 252688 --a------ F:\WINDOWS\system32\msexcl35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:56 344064 --a------ F:\WINDOWS\system32\msexch35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:55 44304 --a------ F:\WINDOWS\system32\msrpfs35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:55 415504 --a------ F:\WINDOWS\system32\msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-06-14 22:38:55 24848 --a------ F:\WINDOWS\system32\msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:55 123664 --a------ F:\WINDOWS\system32\msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-14 22:38:55 39424 --a------ F:\WINDOWS\system32\JETCOMP.exe <Not Verified; Microsoft Corporation; Microsoft® Database Compact Utility>
2008-06-14 22:38:39 0 d-------- F:\Program Files\ProVenture
2008-06-14 22:38:38 0 d-------- F:\Program Files\Common Files\MySoftware
2008-06-14 22:37:43 0 d-------- F:\WINDOWS\system32\Temp
2008-06-14 17:01:41 0 d-------- F:\Program Files\FileZilla FTP Client
2008-06-14 16:05:33 0 d-------- F:\Documents and Settings\Pete\Application Data\WinRAR
2008-06-14 15:34:03 0 d-------- F:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240B6.TMP
2008-06-14 14:59:29 339968 --a------ F:\WINDOWS\system32\cdintf.dll <Not Verified; AMYUNI Consultants
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-06-14 14:56:23 0 d-------- F:\Program Files\Common Files\AnswerWorks 4.0
2008-06-14 14:55:30 0 d-------- F:\Program Files\Common Files\Intuit
2008-06-14 14:55:25 0 d-------- F:\Program Files\Intuit
2008-06-14 14:54:02 0 d-------- F:\Documents and Settings\All Users\Application Data\Intuit
2008-06-14 14:47:17 0 d-------- F:\DownLoads
2008-06-14 12:52:29 4096 --a------ F:\Documents and Settings\All Users\Application Data\ScheduledItems
2008-06-14 12:48:54 0 d-------- F:\WINDOWS\system32\Backup
2008-06-14 12:48:54 0 d-------- F:\Documents and Settings\Pete\Application Data\IsolatedStorage
2008-06-14 12:48:51 1890 --ahs---- F:\WINDOWS\system32\KGyGaAvL.sys
2008-06-14 12:48:51 56 -r-hs---- F:\WINDOWS\system32\240B7AE127.sys
2008-06-14 12:48:36 0 d-------- F:\WINDOWS\SQLHotfix
2008-06-14 12:47:12 0 d-------- F:\Documents and Settings\Pete\Application Data\ACT
2008-06-14 12:45:59 306688 --a------ F:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-06-14 12:44:39 0 d-------- F:\Program Files\Microsoft SQL Server
2008-06-14 12:34:13 0 d-------- F:\WINDOWS\system32\URTTemp
2008-06-14 11:44:18 0 d-------- F:\Wholesale Lists
2008-06-14 10:51:56 0 d-------- F:\Program Files\CCleaner
2008-06-14 09:47:23 0 d-------- F:\Documents and Settings\All Users\Application Data\RoboForm
2008-06-14 09:46:45 0 d-------- F:\Program Files\Siber Systems
2008-06-14 09:39:54 0 d-------- F:\Documents and Settings\All Users\Application Data\Adobe
2008-06-14 09:39:49 0 d-------- F:\Program Files\Common Files\Adobe
2008-06-14 09:38:58 0 d-------- F:\Program Files\Adobe Media Player
2008-06-14 09:38:48 0 d-------- F:\Documents and Settings\Pete\Application Data\Macromedia
2008-06-14 09:38:47 0 d-------- F:\Documents and Settings\Pete\Application Data\Adobe
2008-06-14 09:31:39 0 d-------- F:\Directories
2008-06-14 09:31:01 0 d-------- F:\Design Shrine
2008-06-14 09:30:46 0 d-------- F:\CashFlow Websites
2008-06-14 09:11:41 0 d-------- F:\VAULT
2008-06-14 08:20:35 0 d-------- F:\Program Files\EditPlus 3
2008-06-14 08:20:35 0 d-------- F:\Documents and Settings\Pete\Application Data\EditPlus 3
2008-06-13 22:41:09 0 d-------- F:\Program Files\Avira
2008-06-13 22:41:09 0 d-------- F:\Documents and Settings\All Users\Application Data\Avira
2008-06-13 22:34:25 0 d-------- F:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-13 22:33:44 0 d-------- F:\Program Files\Common Files\PC Tools
2008-06-13 22:32:12 0 d-------- F:\Documents and Settings\LocalService\Application Data\Google
2008-06-13 22:32:11 0 dr------- F:\Documents and Settings\LocalService\Favorites
2008-06-13 22:21:36 0 d-------- F:\Documents and Settings\Pete\Application Data\Google
2008-06-13 21:55:58 0 d-------- F:\WINDOWS\system32\PreInstall
2008-06-13 21:55:56 0 d--h----- F:\WINDOWS\$hf_mig$
2008-06-13 21:53:32 0 d-a------ F:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 21:53:21 0 d-------- F:\Program Files\Spyware Doctor
2008-06-13 21:53:21 0 d-------- F:\Documents and Settings\Pete\Application Data\PC Tools
2008-06-13 21:53:20 0 d-------- F:\Documents and Settings\All Users\Application Data\Google
2008-06-13 21:53:17 0 d-------- F:\Program Files\Google
2008-06-13 21:40:12 0 d-------- F:\WINDOWS\system32\SoftwareDistribution
2008-06-13 21:35:41 256896 -ra------ F:\WINDOWS\system32\drivers\MRV8K51.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11 NIC>
2008-06-13 21:35:41 0 d-------- F:\Program Files\D-Link AirPlus G
2008-06-13 21:35:40 0 d--h----- F:\Program Files\InstallShield Installation Information
2008-06-13 21:35:31 0 d-------- F:\Program Files\Common Files\InstallShield
2008-06-13 18:15:15 0 d-------- F:\WINDOWS\ShellNew
2008-06-13 18:14:09 0 d-------- F:\Documents and Settings\Pete\Application Data\Microsoft Web Folders
2008-06-13 18:06:20 0 d---s---- F:\Documents and Settings\Pete\UserData
2008-06-13 17:44:04 0 d-------- F:\Documents and Settings\Pete\Application Data\Identities
2008-06-13 17:43:52 0 d--h----- F:\Documents and Settings\Pete\Templates
2008-06-13 17:43:52 0 dr------- F:\Documents and Settings\Pete\Start Menu
2008-06-13 17:43:52 0 dr-h----- F:\Documents and Settings\Pete\SendTo
2008-06-13 17:43:52 0 d--h----- F:\Documents and Settings\Pete\PrintHood
2008-06-13 17:43:52 2883584 --ah----- F:\Documents and Settings\Pete\NTUSER.DAT
2008-06-13 17:43:52 0 d--h----- F:\Documents and Settings\Pete\NetHood
2008-06-13 17:43:52 0 dr------- F:\Documents and Settings\Pete\My Documents
2008-06-13 17:43:52 0 d--h----- F:\Documents and Settings\Pete\Local Settings
2008-06-13 17:43:52 0 dr------- F:\Documents and Settings\Pete\Favorites
2008-06-13 17:43:52 0 d-------- F:\Documents and Settings\Pete\Desktop
2008-06-13 17:43:52 0 d---s---- F:\Documents and Settings\Pete\Cookies
2008-06-13 17:43:52 0 dr-h----- F:\Documents and Settings\Pete\Application Data
2008-06-13 17:40:54 0 d-------- F:\WINDOWS\SoftwareDistribution
2008-06-13 17:40:53 0 d-------- F:\WINDOWS\Prefetch
2008-06-13 17:40:52 0 d---s---- F:\WINDOWS\system32\Microsoft
2008-06-13 17:40:52 0 d--h----- F:\Documents and Settings\LocalService\Local Settings
2008-06-13 17:40:52 0 d---s---- F:\Documents and Settings\LocalService\Cookies
2008-06-13 17:40:52 0 d-------- F:\Documents and Settings\LocalService\Application Data
2008-06-13 17:40:52 0 d---s---- F:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-13 17:40:51 262144 --ah----- F:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-13 17:40:04 225280 --ah----- F:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-13 17:40:04 0 d--h----- F:\Documents and Settings\NetworkService\Local Settings
2008-06-13 17:40:04 0 d---s---- F:\Documents and Settings\NetworkService\Cookies
2008-06-13 17:40:04 0 d-------- F:\Documents and Settings\NetworkService\Application Data
2008-06-13 17:40:04 0 d---s---- F:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-13 17:37:23 0 d-------- F:\WINDOWS\system32\xircom
2008-06-13 17:37:23 0 d-------- F:\Program Files\microsoft frontpage
2008-06-13 17:37:21 225280 --ah----- F:\Documents and Settings\Default User\NTUSER.DAT
2008-06-13 17:36:22 0 d--hs---- F:\Documents and Settings\All Users\DRM
2008-06-13 17:36:13 0 dr------- F:\WINDOWS\Offline Web Pages
2008-06-13 17:36:13 0 d---s---- F:\WINDOWS\Downloaded Program Files
2008-06-13 17:36:03 0 d--h----- F:\Program Files\WindowsUpdate
2008-06-13 17:35:42 0 d-------- F:\WINDOWS\system32\DirectX
2008-06-13 17:35:06 0 d---s---- F:\WINDOWS\Tasks
2008-06-13 17:35:05 0 d-------- F:\Program Files\Common Files\MSSoap
2008-06-13 17:35:00 0 d-------- F:\WINDOWS\srchasst
2008-06-13 17:34:59 0 d-------- F:\WINDOWS\system32\Macromed
2008-06-13 17:34:49 0 d-------- F:\Program Files\Movie Maker
2008-06-13 17:34:40 0 d-------- F:\WINDOWS\system32\Restore
2008-06-13 17:34:21 21640 --a------ F:\WINDOWS\system32\emptyregdb.dat
2008-06-13 17:34:06 0 d-------- F:\WINDOWS\Registration
2008-06-13 17:33:41 0 d-------- F:\Program Files\Online Services
2008-06-13 17:33:36 0 d-------- F:\Program Files\Messenger
2008-06-13 17:33:32 0 d-------- F:\Program Files\MSN Gaming Zone
2008-06-13 17:32:46 0 d-------- F:\Program Files\Windows NT
2008-06-13 17:32:43 0 d-------- F:\WINDOWS\system32\MsDtc
2008-06-13 17:32:41 0 d-------- F:\WINDOWS\system32\Com
2008-06-13 13:17:01 0 d--hs---- F:\WINDOWS\Installer
2008-06-13 13:17:00 0 d-------- F:\Program Files\Common Files\ODBC
2008-06-13 13:16:56 0 d-------- F:\Program Files\Common Files\SpeechEngines
2008-06-13 13:16:55 0 dr------- F:\Program Files
2008-06-13 13:16:55 0 d-------- F:\Program Files\Common Files
2008-06-13 13:16:29 0 d--h----- F:\Documents and Settings\Default User\Templates
2008-06-13 13:16:29 0 dr------- F:\Documents and Settings\Default User\Start Menu
2008-06-13 13:16:29 0 dr-h----- F:\Documents and Settings\Default User\SendTo
2008-06-13 13:16:29 0 d--h----- F:\Documents and Settings\Default User\Recent
2008-06-13 13:16:29 0 d--h----- F:\Documents and Settings\Default User\PrintHood
2008-06-13 13:16:29 0 d--h----- F:\Documents and Settings\Default User\NetHood
2008-06-13 13:16:29 0 d-------- F:\Documents and Settings\Default User\My Documents
2008-06-13 13:16:29 0 dr-h----- F:\Documents and Settings\Default User\Local Settings
2008-06-13 13:16:29 0 d-------- F:\Documents and Settings\Default User\Favorites
2008-06-13 13:16:29 0 d-------- F:\Documents and Settings\Default User\Desktop
2008-06-13 13:16:29 0 d---s---- F:\Documents and Settings\Default User\Cookies
2008-06-13 13:16:29 0 d--h----- F:\Documents and Settings\All Users\Templates
2008-06-13 13:16:29 0 dr------- F:\Documents and Settings\All Users\Start Menu
2008-06-13 13:16:29 0 d-------- F:\Documents and Settings\All Users\Favorites
2008-06-13 13:16:29 0 dr------- F:\Documents and Settings\All Users\Documents
2008-06-13 13:16:29 0 d-------- F:\Documents and Settings\All Users\Desktop
2008-06-13 13:15:12 0 d-------- F:\WINDOWS\system32\CatRoot2
2008-06-13 13:15:12 0 d-------- F:\WINDOWS\system32\CatRoot
2008-06-13 13:15:07 0 dr-h----- F:\Documents and Settings\Default User\Application Data
2008-06-13 13:15:07 0 d---s---- F:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-13 13:15:06 0 dr-h----- F:\Documents and Settings\All Users\Application Data
2008-06-13 13:15:06 0 d---s---- F:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-13 13:14:40 0 d--hs---- F:\System Volume Information
2008-06-13 13:14:40 0 d-------- F:\Documents and Settings
2008-06-13 13:06:28 0 d-------- F:\WINDOWS
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\WinSxS
2008-06-13 13:06:28 0 dr------- F:\WINDOWS\Web
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\twain_32
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\wins
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\wbem
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\usmt
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\spool
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\ShellExt
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\Setup
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\ras
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\oobe
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\npp
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\mui
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\inetsrv
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\IME
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\icsxml
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\ias
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\export
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\drivers
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\drivers\etc
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\drivers\disdn
2008-06-13 13:06:28 0 dr-hs--c- F:\WINDOWS\system32\dllcache
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\dhcp
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\config
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\3com_dmi
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\3076
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\2052
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1054
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1042
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1041
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1037
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1033
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1031
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1028
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system32\1025
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\system
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\security
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Resources
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\repair
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Provisioning
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\PeerNet
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\pchealth
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\mui
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\msapps
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\msagent
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Media
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\java
2008-06-13 13:06:28 0 d--h----- F:\WINDOWS\inf
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\ime
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Help
2008-06-13 13:06:28 0 dr--s---- F:\WINDOWS\Fonts
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Driver Cache
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Debug
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Cursors
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Connection Wizard
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\Config
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\AppPatch
2008-06-13 13:06:28 0 d-------- F:\WINDOWS\addins
-- Find3M Report ---------------------------------------------------------------
2008-06-13 13:16:29 62 --ahs---- F:\Documents and Settings\Pete\Application Data\desktop.ini
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{874EA085-3B7B-412B-91AE-7291A94978D0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D01A8B68-D46E-42C1-B967-9043543B6E0D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="F:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 15:14]
"avgnt"="F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06]
"RTHDCPL"="RTHDCPL.EXE" [10/14/2005 21:51 F:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 22:43 F:\WINDOWS\Alcmtr.exe]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25]
"Adobe Reader Speed Launcher"="F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 22:16]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="F:\Program Files\Skype\Phone\Skype.exe" [05/30/2008 15:54]
"MsnMsgr"="F:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54]
"RoboForm"="F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [07/06/2008 16:48]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///F:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"fsrpknov"= {DB12EC73-2A4F-471B-88E7-DC7C3B43D555} - F:\WINDOWS\fsrpknov.dll [07/09/2008 08:09 348160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBtTkiH]
geBtTkiH.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 F:\WINDOWS\system32\byXOffeD
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
"F:\Program Files\Spyware Doctor\pctsTray.exe"
-- End of Deckard's System Scanner: finished at 2008-07-10 09:11:57 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 958.48 MiB / 507.13 MiB
Pagefile Memory (total/avail): 2314.33 MiB / 1784.89 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.16 MiB
A: is Removable (No Media)
C: is Fixed (FAT32) - 5.99 GiB total, 4.23 GiB free.
E: is CDROM (No Media)
F: is Fixed (NTFS) - 149.04 GiB total, 133.07 GiB free.
\\.\PHYSICALDRIVE0 - WDC WD1600AAJS-00WAA0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - F:
\\.\PHYSICALDRIVE1 - WDC WD64AA - 6.01 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 6.01 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: Spyware Doctor with AntiVirus v (PC Tools)
AV: Avira AntiVir PersonalEdition v8.0.1.18 (Avira GmbH)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\MSN Messenger\\msnmsgr.exe"="F:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"F:\\Program Files\\MSN Messenger\\livecall.exe"="F:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\WINDOWS\\system32\\usmt\\migwiz.exe"="F:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"F:\\Program Files\\ACT\\ACT for Win 7\\Act7.exe"="F:\\Program Files\\ACT\\ACT for Win 7\\Act7.exe:*:Enabled:ACT! 7.x/2005"
"F:\\Program Files\\MSN Messenger\\msnmsgr.exe"="F:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"F:\\Program Files\\MSN Messenger\\livecall.exe"="F:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"F:\\Program Files\\Skype\\Phone\\Skype.exe"="F:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=F:\Documents and Settings\All Users
APPDATA=F:\Documents and Settings\Pete\Application Data
CLIENTNAME=Console
CommonProgramFiles=F:\Program Files\Common Files
COMPUTERNAME=MAIN
ComSpec=F:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=F:
HOMEPATH=\Documents and Settings\Pete
LOGONSERVER=\\MAIN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=F:\WINDOWS\system32;F:\WINDOWS;F:\WINDOWS\System32\Wbem;F:\Program Files\Microsoft SQL Server\80\Tools\Binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=F:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=F:
SystemRoot=F:\WINDOWS
TEMP=F:\DOCUME~1\Pete\LOCALS~1\Temp
TMP=F:\DOCUME~1\Pete\LOCALS~1\Temp
USERDOMAIN=MAIN
USERNAME=Pete
USERPROFILE=F:\Documents and Settings\Pete
windir=F:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Pete
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> F:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player --> MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Affiliate ID Manager - Version No.1 --> "F:\Program Files\Affiliate Manager\unins000.exe"
AI RoboForm (All Users) --> "F:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
ATI Display Driver --> rundll32 F:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal – Free Antivirus --> F:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Business Legal Forms --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{0E4DBFE2-EEA4-11D3-96D0-00A0CC3F8931}\setup.exe"
CCleaner (remove only) --> "F:\Program Files\CCleaner\uninst.exe"
D-Link AirPlus G Wireless LAN Adapter --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{B5749E57-AD4A-4B1B-ABC5-885FDBC286C9}\Setup.exe" -l0x9
EditPlus 3 --> F:\Program Files\EditPlus 3\remove.exe
FileZilla Client 3.0.11.1 --> F:\Program Files\FileZilla FTP Client\uninstall.exe
GIMP 2.4.6 --> "F:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "f:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111 --> "F:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "F:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "F:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HyperVRE 1.8 --> "F:\Program Files\HyperVRE\unins000.exe"
Java 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KeywordMaster --> "F:\Program Files\KeywordMaster\unins000.exe"
Mail List --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{8A42AEAD-D4E6-42A8-9815-8AB9FFBC96B0}\setup.exe" -l0x9
Meta Whiz 1.0 --> F:\WINDOWS\system32\swb_uninst.exe "C:\Program Files\Meta Whiz 1.0\uninst.log"
Microsoft Compression Client Pack 1.0 for Windows XP --> "F:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "F:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
OpenOffice.org 2.4 --> MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
Promobuddy2 --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{AE237488-91BB-476C-AD1C-514D8FDD278B}\Setup.exe" -l0x9
ProVenture Invoices --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{3513E1A8-276E-46B6-8EDF-14730D167D97}\setup.exe" -l0x9
QuickBooks Customer Manager Version 2 --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{DBCA9AEA-7E95-46B7-B809-F605FE21AD26}\setup.exe" -l0x9
QuickBooks Premier: Mfg and Whsle Edition 2005 --> msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="wholesale" QBFULLNAME="QuickBooks Premier: Mfg and Whsle Edition 2005" ADDREMOVE=1
Realtek High Definition Audio Driver --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spyware Doctor 5.5 --> F:\Program Files\Spyware Doctor\unins000.exe /LOG
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "F:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> F:\Program Files\WinRAR\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type1026 / Success
Event Submitted/Written: 07/10/2008 09:06:32 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type1025 / Warning
Event Submitted/Written: 07/10/2008 09:06:23 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
BAT/Fake.PrivdangerF:\Documents and Settings\Pete\Local Settings\Temp\install-privacy-danger.bat
Event Record #/Type1024 / Warning
Event Submitted/Written: 07/10/2008 09:05:55 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'
Event Record #/Type1023 / Warning
Event Submitted/Written: 07/10/2008 09:05:55 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.
Event Record #/Type1019 / Warning
Event Submitted/Written: 07/10/2008 08:51:44 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
DR/Tool.Reboot.F.108F:\Documents and Settings\Pete\Local Settings\Temporary Internet Files\Content.IE5\K1AZOLI7\SmitfraudFix[1].exe
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type3594 / Error
Event Submitted/Written: 07/10/2008 09:04:52 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type3593 / Error
Event Submitted/Written: 07/10/2008 08:56:29 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
avgio
avipbb
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
pctfw2
RasAcd
Rdbss
ssmdrv
Tcpip
WS2IFSL
Event Record #/Type3592 / Error
Event Submitted/Written: 07/10/2008 08:56:29 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type3591 / Error
Event Submitted/Written: 07/10/2008 08:56:01 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31
Event Record #/Type3590 / Error
Event Submitted/Written: 07/10/2008 08:56:01 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31
-- End of Deckard's System Scanner: finished at 2008-07-10 09:11:57 ------------