Deckard's System Scanner v20071014.68
Run by Lauren on 2008-07-21 14:05:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 4 Restore Point(s) --
4: 2008-07-21 20:05:57 UTC - RP137 - Deckard's System Scanner Restore Point
3: 2008-07-20 23:55:42 UTC - RP136 - System Checkpoint
2: 2008-07-18 08:28:50 UTC - RP135 - System Checkpoint
1: 2008-07-17 08:27:21 UTC - RP134 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 384 MiB (512 MiB recommended).System Drive D: has 0.16 GiB (less than 15%) free.-- HijackThis (run as Lauren.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:22 PM, on 7/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
G:\AdAware\aawservice.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Tiny Personal Firewall\persfw.exe
D:\WINDOWS\System32\HPZipm12.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
G:\IObit SmartDefrag\IObit SmartDefrag.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
G:\iTunes\iTunesHelper.exe
G:\SuperAntiSpyware\SUPERAntiSpyware.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
G:\Trillian\trillian.exe
D:\Documents and Settings\Lauren\Desktop\dss.exe
G:\HIJACK~1\Lauren.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SmartDefrag] "G:\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Antivirus2008y] D:\Program Files\Antivirus2008y\antvrs.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Microsoft Office PRO\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - D:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell....iler/SysPro.CABO16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=67633O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} -
http://w4s2.work4sur...e/w4sgeen10.exeO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoft...s/as2stubie.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) -
http://h30155.www3.h...llMgr_v01_6.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by111fd.bay11...es/MsnPUpld.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://go.divx.com/p...owserPlugin.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1188675217674O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn...ro.cab56649.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - G:\SuperAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - G:\AdAware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - D:\Program Files\Tiny Personal Firewall\persfw.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - G:\XBox 360 Controller\pinnacle_updater.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 9160 bytes
-- HijackThis Fixed Entries (G:\HIJACK~1\backups\) -----------------------------
backup-20080721-140334-575 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 fwdrv (Tiny Personal Firewall Driver) - d:\windows\system32\drivers\fwdrv.sys
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - d:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 SASENUM - g:\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 XBCD+ (XBCD+ Kernel Module) - d:\windows\system32\drivers\xbcd.sys <Not Verified; Redcl0ud; XBCD>
S3 catchme - d:\docume~1\lauren\locals~1\temp\catchme.sys (file missing)
S3 DCamUSBSQTECH (Dual-Mode DSC(2770)) - d:\windows\system32\drivers\sqcaptur.sys <Not Verified; Service & Quality Technology.; SQ913>
S3 TIEHDUSB - d:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>
S3 utblfilt - d:\windows\system32\drivers\utblfilt.sys <Not Verified; Aiptek; >
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "d:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "d:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 PersFw (Tiny Personal Firewall) - d:\program files\tiny personal firewall\persfw.exe <Not Verified; Tiny Software; Tiny Personal Firewall>
S2 PinnacleUpdateSvc (PinnacleUpdate Service) - g:\xbox 360 controller\pinnacle_updater.exe <Not Verified; KALiNKOsoft; pinnacle_updater.exe>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-07-20 17:00:36 384 --a------ D:\WINDOWS\Tasks\RegCure Program Check.job
2008-07-20 15:48:32 360 --a------ D:\WINDOWS\Tasks\SmartDefrag.job
2008-07-17 09:58:26 318 --a------ D:\WINDOWS\Tasks\RegCure.job
2008-06-22 07:05:02 312 --a------ D:\WINDOWS\Tasks\Scheduled Checkpoint.job
2008-06-21 07:41:20 284 --a------ D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-06-21 and 2008-07-21 -----------------------------
2008-07-16 20:22:13 0 d-------- D:\WINDOWS\system32\drivers\UMDF
2008-07-16 19:03:58 0 d-------- D:\Program Files\Netflix
2008-07-12 18:48:17 0 --a------ D:\WINDOWS\system32\winlogon.dll
2008-07-12 18:48:12 0 d-------- D:\Documents and Settings\Lauren\Application Data\Antivirus2008y
2008-07-12 18:47:49 0 d-------- D:\Program Files\Antivirus2008y
2008-06-23 19:58:23 0 d-------- D:\Program Files\Panda Security
2008-06-23 18:19:42 0 d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-23 18:18:58 0 d-------- D:\Documents and Settings\Lauren\Application Data\SUPERAntiSpyware.com
2008-06-23 17:40:19 0 d-------- D:\Documents and Settings\Lauren\Application Data\Malwarebytes
2008-06-23 17:40:08 0 d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-23 17:39:35 0 d-------- D:\Program Files\Common Files\Download Manager
2008-06-23 17:30:45 0 d-------- D:\Documents and Settings\Lauren\Application Data\Opera
2008-06-23 02:50:27 0 d-------- D:\WINDOWS\nvidia icons
2008-06-23 02:49:29 0 d-------- D:\WINDOWS\nview
-- Find3M Report ---------------------------------------------------------------
2008-05-30 17:22:48 802816 --a------ D:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 17:22:48 823296 --a------ D:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 17:22:48 823296 --a------ D:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 17:22:46 815104 --a------ D:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 17:22:46 683520 --a------ D:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 16:22:18 3596288 --a------ D:\WINDOWS\system32\qt-dx331.dll
2008-05-22 16:19:46 196608 --a------ D:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 16:19:46 81920 --a------ D:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 16:18:54 12288 --a------ D:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-02 22:46:00 1630208 --a------ D:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ D:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ D:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ D:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ D:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ D:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ D:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ D:\WINDOWS\system32\keystone.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartDefrag"="G:\IObit SmartDefrag\IObit SmartDefrag.exe" [01/09/2007 10:46 AM]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 05:19 PM]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"iTunesHelper"="G:\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="G:\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"msnmsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"SUPERAntiSpyware"="G:\SuperAntiSpyware\SUPERAntiSpyware.exe" [06/27/2008 06:49 PM]
"Antivirus2008y"="D:\Program Files\Antivirus2008y\antvrs.exe" []
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - G:\Microsoft Office PRO\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
Adobe Gamma Loader.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/23/2008 10:30:48 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{a5780613-492e-4a2a-a7fd-549610edf6cc}"= D:\Program Files\VCOM\Recovery Commander\RCHOOK.DLL [06/12/2003 01:42 PM 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
G:\SuperAntiSpyware\SASWINLO.DLL 06/27/2008 06:48 PM 294912 G:\SuperAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=D:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCScheduleCheck]
D:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
"G:\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
*Newly Created Service* - GTNDIS5
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
7966 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-07-21 14:13:25 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 383.54 MiB / 88.22 MiB
Pagefile Memory (total/avail): 731.69 MiB / 263.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.59 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 11.18 GiB total, 9.54 GiB free.
D: is Fixed (FAT32) - 7.43 GiB total, 0.16 GiB free.
E: is Removable (No Media)
F: is CDROM (No Media)
G: is Fixed (FAT32) - 74.51 GiB total, 26.73 GiB free.
\\.\PHYSICALDRIVE1 - IOMEGA ZIP 250
\\.\PHYSICALDRIVE0 - Maxtor 5T020H2 - 18.62 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 11.18 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 7.45 GiB - D:
\\.\PHYSICALDRIVE2 - WD 800BB External USB Device - 74.53 GiB - 1 partition
\PARTITION0 - Unknown - 74.53 GiB - G:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirewallOverride is set.
AV: avast! antivirus 4.8.1201 [VPS 080721-0] v4.8.1201 (ALWIL Software)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"G:\\iTunes\\iTunes.exe"="G:\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"G:\\iTunes\\LimeWire\\LimeWire.exe"="G:\\iTunes\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"G:\\FFXI\\SquareEnix\\PlayOnlineViewer\\pol.exe"="G:\\FFXI\\SquareEnix\\PlayOnlineViewer\\pol.exe:*:Enabled:PlayOnline Viewer"
"G:\\Trillian\\trillian.exe"="G:\\Trillian\\trillian.exe:*:Enabled:Trillian"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\Lauren\Application Data
CLASSPATH=.;D:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=LAUREN-G1Z1WYFU
ComSpec=D:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\Lauren
LOGONSERVER=\\LAUREN-G1Z1WYFU
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\system32\wbem;G:;D:\Program Files\Common Files\Ulead Systems\MPEG;D:\Program Files\Common Files\Ulead Systems\DVD;G:\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0703
ProgramFiles=D:\Program Files
PROMPT=$P$G
QTJAVA=D:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\Lauren\LOCALS~1\Temp
TMP=D:\DOCUME~1\Lauren\LOCALS~1\Temp
USERDOMAIN=LAUREN-G1Z1WYFU
USERNAME=Lauren
USERPROFILE=D:\Documents and Settings\Lauren
windir=D:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Lauren
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> G:\DivX Codec\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> D:\WINDOWS\ISUNINST.EXE -f"D:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"D:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> D:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> D:\WINDOWS\ISUNINST.EXE -fC:\Uninst.isu -cC:\Uninst.dll
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> D:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE D:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Advanced WindowsCare Personal 2.6.0 --> "G:\Advanced WindowsCare V2\Advanced WindowsCare V2\unins000.exe"
AI RoboForm (All Users) --> "D:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft Panorama Maker 3 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
avast! Antivirus --> D:\Program Files\Alwil Software\Avast4\aswRunDll.exe "D:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour --> D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D} /l1033
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DivX Codec --> G:\DivX Codec\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> G:\DivX Codec\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> G:\DivX Codec\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> G:\DivX Codec\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decoder Pak for Windows XP --> MsiExec.exe /X{92C5DB3D-9D6F-4324-BB11-57825F4C2635}
EVEREST Home Edition v2.20 --> "G:\EVEREST Home Edition\unins000.exe"
FINAL FANTASY XI --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{678F6475-D227-432A-94FF-806178A34520}
FINAL FANTASY XI: Chains of Promathia --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3C0619B4-4A2C-4244-8077-488E420DF907}
FINAL FANTASY XI: Rise of the Zilart --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}
FINAL FANTASY XI: Treasures of Aht Urhgan --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A606C6FF-12E7-40BE-B777-D8F360FF00CD}
FINAL FANTASY XI: Wings of the Goddess --> D:\Program Files\InstallShield Installation Information\{5B037ED7-0755-48D4-9554-808E5AF50F17}\setup.exe -runfromtemp -l0x0409
Greeting Card Factory Express Workshop --> MsiExec.exe /X{543B24A5-A285-4FE0-AD7B-2F0E49247AF9}
Guild Wars --> "G:\Guild Wars\Guild Wars\Gw.exe" -uninstall
HijackThis 2.0.2 --> "G:\HijackThis!\HijackThis.exe" /uninstall
HP Driver Diagnostics --> MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
Indeo® XP Software --> D:\WINDOWS\IsUninst.exe -f"D:\Program Files\Ligos\Indeo\UninstXP.isu"
InterActual Player --> D:\Program Files\InterActual\InterActual Player\inuninst.exe
IObit SmartDefrag Beta 2.01 --> "G:\IObit SmartDefrag\unins000.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.18.3 --> "G:\Limewire\uninstall.exe"
Linksys Wireless-G USB Network Adapter --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
Malwarebytes' Anti-Malware --> "G:\MBam\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "D:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Zoo Tycoon --> "C:\Program Files\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove
MySpaceIM --> MsiExec.exe /I{FE242C4A-4AF0-4E9F-ABFF-92CA3CEE8761}
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NJStar Japanese WP --> G:\Japlanguagepack\NJStar Japanese WP\uninst.exe
NVIDIA Drivers --> D:\WINDOWS\system32\nvuninst.exe UninstallGUI
Opera 9.50 --> MsiExec.exe /X{7472B5B4-3FB7-446F-BC78-6BBA506EC473}
Panda ActiveScan 2.0 --> D:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PhoTags Express --> D:\PROGRA~1\PHOTAG~1\Setup.exe /remove
Pinnacle Game Profiler --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\setup.exe" -l0x9
PlayOnline Viewer and Tetra Master --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{47004155-7376-403E-89E9-4C9F44AAF0D0}
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Recovery Commander --> D:\WINDOWS\RCUninstall.exe
RegCure 1.5.0.0 --> G:\RegCure\uninst.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SlimBrowser (remove only) --> "G:\SlimBrowser\uninst.exe"
Spybot - Search & Destroy --> "G:\Spybot S&D\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
Tiny Personal Firewall 2.0.15 A (221001) --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{ED5AF20A-7155-11D4-AAB3-204C4F4F5020}\Setup.exe" anything
Trillian --> G:\Trillian\trillian.exe /uninstall
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server --> MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WIRELESS DESIGN & WORK TABLET 100/200/400 --> D:\WINDOWS\IsUninst.exe -f"D:\Program Files\USB Tablet\USB Tablet Driver\Uninst.isu"
XBCD+ --> G:\XBox 360 Controller\XBCD+\uninstall.exe
Xvid 1.1.2 final uninstall --> "G:\Xvid\unins000.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type565 / Error
Event Submitted/Written: 07/21/2008 01:19:33 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application pol.exe, version 1.18.7.0, faulting module unknown, version 0.0.0.0, fault address 0x6ce1d5f3.
Processing media-specific event for [pol.exe!ws!]
Event Record #/Type559 / Warning
Event Submitted/Written: 07/20/2008 03:44:18 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{A8B94669-8654-4126-BD28-D0D2412CDED6}', feature 'Complete' failed during request for component '{E89A98DD-023B-11D2-B146-00C04F990B2B}'
Event Record #/Type558 / Error
Event Submitted/Written: 07/18/2008 00:01:47 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application pol.exe, version 1.18.7.0, faulting module unknown, version 0.0.0.0, fault address 0x6ce1d5f3.
Processing media-specific event for [pol.exe!ws!]
Event Record #/Type557 / Error
Event Submitted/Written: 07/17/2008 07:58:05 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application opera.exe, version 9.50.10063.0, faulting module unknown, version 0.0.0.0, fault address 0x300a1ae0.
Processing media-specific event for [opera.exe!ws!]
Event Record #/Type553 / Error
Event Submitted/Written: 07/16/2008 02:27:03 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application pol.exe, version 1.18.7.0, faulting module unknown, version 0.0.0.0, fault address 0x6ce1d5f3.
Processing media-specific event for [pol.exe!ws!]
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type24811 / Error
Event Submitted/Written: 07/21/2008 10:29:03 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.
Event Record #/Type24810 / Error
Event Submitted/Written: 07/21/2008 10:28:33 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Background Intelligent Transfer Service service terminated with the following error:
%%2
Event Record #/Type24807 / Error
Event Submitted/Written: 07/21/2008 10:28:33 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.
Event Record #/Type24806 / Error
Event Submitted/Written: 07/21/2008 10:28:03 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Background Intelligent Transfer Service service terminated with the following error:
%%2
Event Record #/Type24803 / Error
Event Submitted/Written: 07/21/2008 10:28:03 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.
-- End of Deckard's System Scanner: finished at 2008-07-21 14:13:25 ------------