Here are the text files as requested
Deckard's System Scanner v20071014.68
Run by Kirk Bailey on 2008-07-30 20:28:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
159: 2008-07-31 00:28:49 UTC - RP227 - Deckard's System Scanner Restore Point
158: 2008-07-26 21:13:07 UTC - RP226 - Software Distribution Service 3.0
157: 2008-07-26 05:00:05 UTC - RP225 - ComboFix created restore point
156: 2008-06-26 01:09:20 UTC - RP224 - Removed Ad-Aware 2007
155: 2008-06-22 04:00:45 UTC - RP223 - Software Distribution Service 3.0
-- First Restore Point --
1: 2006-12-24 16:51:30 UTC - RP69 - Installed iTunes
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Kirk Bailey.exe) -----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:02 PM, on 7/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Linksys\Bluetooth Utility\bin\btwdins.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys\Bluetooth Utility\BTTray.exe
C:\PROGRA~1\Logitech\iTouch\kbdtray.exe
C:\Documents and Settings\Kirk Bailey\My Documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kirk Bailey.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.hotmail.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.hotmail.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {77EE6A4B-7B84-313C-46A5-3C09D8E7D282} - (no file)
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\RcMan.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Linksys\Bluetooth Utility\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 6756 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 lkbdhlpr (Logitech Keyboard Class Helper Driver) - c:\windows\system32\drivers\lkbdhlpr.sys <Not Verified; Logitech Inc.; iTouch>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.700>
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.700>
R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
R3 WBMSA (Winbond Memory Stick Storage (MS) Device Driver - A) - c:\windows\system32\drivers\wbmsa.sys <Not Verified; Winbond Electronics Corp.; Winbond Memory Stick Card Driver>
R3 wbscr (Winbond Smartcard Reader) - c:\windows\system32\drivers\wbscr.sys <Not Verified; Winbond Electronics Corp.; Winbond Smartcard Driver>
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\program files\linksys\wmp300n\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 PacketNTx (Packet helper driver) - c:\windows\system32\drivers\packetntx.sys <Not Verified; Sumix Co.; Sumix Packet Helper Driver>
S3 SymEvent - c:\program files\symantec\symevent.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX)
Device ID: PCI\VEN_10B7&DEV_9200&SUBSYS_100010B7&REV_78\4&3AB31F7F&0&08F0
Manufacturer: 3Com
Name: 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX) #2
PNP Device ID: PCI\VEN_10B7&DEV_9200&SUBSYS_100010B7&REV_78\4&3AB31F7F&0&08F0
Service: EL90XBC
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\2103670823C00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\2103670823C00
Service: NIC1394
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_2449&SUBSYS_30138086&REV_03\4&3AB31F7F&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_2449&SUBSYS_30138086&REV_03\4&3AB31F7F&0&40F0
Service: E100B
Class GUID:
Description: RAID Controller
Device ID: PCI\VEN_105A&DEV_5275&SUBSYS_0275105A&REV_01\4&3AB31F7F&0&60F0
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_105A&DEV_5275&SUBSYS_0275105A&REV_01\4&3AB31F7F&0&60F0
Service:
-- Scheduled Tasks -------------------------------------------------------------
2005-02-03 20:02:00 376 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2005-02-03 05:00:00 268 --a------ C:\WINDOWS\Tasks\defrag.job
2005-01-28 04:00:00 272 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job
-- Files created between 2008-06-30 and 2008-07-30 -----------------------------
2008-07-28 19:39:43 0 d-------- C:\Documents and Settings\Kirk Bailey\New Folder
2008-07-26 21:12:58 0 d-------- C:\Program Files\AvantGo Connect
2008-07-26 21:12:24 65613 --a------ C:\WINDOWS\system32\PPVEXP.DLL <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
2008-07-26 21:12:23 24652 --a------ C:\WINDOWS\system32\UICOM.DLL <Not Verified; Microsoft Corporation; Microsoft Pocket Office>
2008-07-26 21:12:23 77899 --a------ C:\WINDOWS\system32\RAPI.DLL <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
2008-07-26 21:12:23 36942 --a------ C:\WINDOWS\system32\PPCLOAD.DLL <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
2008-07-26 21:12:23 65615 --a------ C:\WINDOWS\system32\PMAILEXT.DLL <Not Verified; Microsoft Corporation; Microsoft Pocket Office>
2008-07-26 21:12:23 57423 --a------ C:\WINDOWS\system32\MSGSTRPC.DLL <Not Verified; Microsoft Corporation; Microsoft Pocket Office>
2008-07-26 21:12:23 114688 --a------ C:\WINDOWS\system32\MALSLIB.DLL <Not Verified; AvantGo, Inc.; AvantGo Connect>
2008-07-26 21:12:23 24653 --a------ C:\WINDOWS\system32\CEUTIL.DLL <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
2008-07-26 21:12:23 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-26 00:59:16 68096 --a------ C:\WINDOWS\zip.exe
2008-07-26 00:59:16 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-26 00:59:16 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-26 00:59:16 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-26 00:59:16 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-26 00:59:16 98816 --a------ C:\WINDOWS\sed.exe
2008-07-26 00:59:16 80412 --a------ C:\WINDOWS\grep.exe
2008-07-26 00:59:16 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-26 00:56:20 0 d-------- C:\Documents and Settings\Kirk Bailey\Application Data\Malwarebytes
2008-07-26 00:56:17 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-26 00:56:17 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-07-26 00:35:23 0 d-------- C:\Program Files\Trend Micro
2008-07-24 21:35:30 0 d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
-- Find3M Report ---------------------------------------------------------------
2008-07-29 22:18:18 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000003-00001102-00000004-00511102}.dat
2008-07-29 22:18:18 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000003-00001102-00000004-00511102}.dat
2008-07-28 20:39:36 0 d-------- C:\Program Files\quicksnooker
2008-07-27 23:28:50 0 d-------- C:\Program Files\LimeWire
2008-07-26 01:01:23 0 d-a------ C:\Program Files\Common Files
2008-06-25 21:09:22 0 d-------- C:\Program Files\Lavasoft
2008-06-17 20:32:18 0 d-------- C:\Program Files\Messenger
2008-06-17 20:32:06 0 d-------- C:\Program Files\Movie Maker
2008-06-17 20:30:29 0 d-------- C:\Program Files\Windows NT
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77EE6A4B-7B84-313C-46A5-3C09D8E7D282}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\PROGRA~1\Logitech\iTouch\iTouch.exe" [08/02/1999 04:00 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/29/2004 05:50 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" []
"RemoteCenter"="C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\RcMan.EXE" [07/03/2001 04:30 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM]
C:\Documents and Settings\Kirk Bailey\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [6/18/2008 2:58:16 PM]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Linksys\Bluetooth Utility\BTTray.exe [11/30/2004 11:55:44 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe [11/4/2002 5:09:51 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"=0 (0x0)
"Btn_Search"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^iM StartCenter.lnk]
backup=C:\WINDOWS\pss\iM StartCenter.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kirk Bailey^Start Menu^Programs^Startup^Sid Registration.lnk]
backup=C:\WINDOWS\pss\Sid Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Achyv]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Admilli Service]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\azqjcxqv]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadWare]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
C:\WINDOWS\p_981116.exe /Q:A
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\farmmext]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
C:\WINDOWS\system32\hphmon03.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KaZaA Media Desktop]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mdda]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLoads Installer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PromulGate]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\RcMan.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\WINDOWS\system32\rmctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaveNow]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SideWinderTrayV4]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\Updreg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1290A33C-85F5-4164-A1BE-7DD299D4986A}]
"C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CAISafe"=2 (0x2)
"Spooler"=2 (0x2)
"SharedAccess"=2 (0x2)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"xmlprov"=3 (0x3)
"SENS"=2 (0x2)
"Schedule"=2 (0x2)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Eventlog"=2 (0x2)
"CryptSvc"=3 (0x3)
"wuauserv"=2 (0x2)
"vsmon"=2 (0x2)
"SNDSrvc"=3 (0x3)
"IDriverT"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Pml Driver"=3 (0x3)
"aawservice"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7184a6c2-9d7d-11d6-b110-806d6172696f}]
AutoRun\command- E:\AUTORUN.exe
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8939 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-07-30 20:31:04 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 2.00GHz
Percentage of Memory in Use: 28%
Physical Memory (total/avail): 1023.48 MiB / 729.85 MiB
Pagefile Memory (total/avail): 2462.64 MiB / 2277.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.37 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 74.54 GiB total, 50.47 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is Removable (No Media)
M: is Removable (No Media)
\\.\PHYSICALDRIVE1 -
\\.\PHYSICALDRIVE0 - MAXTOR 6L080L4 - 74.55 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.54 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Kirk Bailey\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KIRKSDOMAIN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kirk Bailey
LOGONSERVER=\\KIRKSDOMAIN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\KIRKBA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\KIRKBA~1\LOCALS~1\Temp
USERDOMAIN=KIRKSDOMAIN
USERNAME=Kirk Bailey
USERPROFILE=C:\Documents and Settings\Kirk Bailey
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
q
(admin)Kirk Bailey
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\Linksys\WMP300N\UBCM\bcmwlu00.exe" verbose /rootkey="Software\Linksys\802.11\UninstallInfo" /rootdir="C:\Program Files\Linksys\WMP300N\UBCM"
--> C:\Program Files\Creative\SBAudigy\Program\Ctzapxx.EXE
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\News\CTNews.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\AudioHQ\AudioHQU.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Demo\AUDIGYDEMO.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Diagnose2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Midi.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\MiniDisc\MDC.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\PlayCenter2\Player2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Program\RDefault.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\QuickStart\QuickStart.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Recorder\Recorder.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\RemoteCenter\remote.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Sound Blaster Audigy Manual\English\CTManual.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\SoundFont.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\SurMix2\SurMix2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Taskbar\Taskbar.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Vienna\vienna.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\WaveStudio\Wstudio.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Logitech\iTouch\Uninst.isu" -c"C:\Program Files\Logitech\iTouch\LUnInst.dll
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Better Homes and Gardens Home Designer 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D503B8E-97E3-45B7-96CB-4936269B902C}\setup.exe" -l0x9 -removeonly
Big Buck Hunter --> C:\Program Files\InstallShield Installation Information\{5834E709-59A7-40CC-B3FF-9EF7E2E22D85}\setup.exe -runfromtemp -l0x0009 -removeonly
Cabela's Trophy Bucks --> MsiExec.exe /I{D17C4B85-A12C-442F-81A6-21EAB64F014A}
Fallout Tactics --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\14 Degrees East\Fallout Tactics\Uninst.isu"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB910998) --> "C:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe"
hp photosmart printer series (Remove only) --> C:\Program Files\hp photosmart\printer\hphuni03.exe
Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire PRO 4.18.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Linksys Bluetooth Utility 2.0 --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Linksys Wireless-N PCI Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA20E409-BDB4-439B-B75B-D5B193546779}\setup.exe" -l0x9
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech iTouch Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Logitech\iTouch\Uninst.isu" -c"C:\Program Files\Logitech\iTouch\LUnInst.dll
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft ActiveSync 3.8 --> "C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Office 2000 SR-1 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
NEATO MediaFACE II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1FBEAE6-B920-4309-9161-D97358E484DA}\setup.exe"
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
PowerBackup 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\Setup.exe" -uninstall
QuickSnooker --> C:\Program Files\quicksnooker\UnGins.exe "C:\Program Files\quicksnooker\install.log"
Registry Mechanic 8.0 --> "C:\Program Files\Registry Mechanic\unins000.exe" /Log
Sid Meier's Pirates! --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}
Sound Blaster Audigy --> C:\Program Files\Creative\Uninstall\CTUNINST.EXE /U:UNINST1.INI
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Unreal Tournament CTF EAL Files --> C:\WINDOWS\IsUninst.exe -fC:\UnrealTournament\Uninst.isu
Unreal Tournament Death Match EAL Files --> C:\WINDOWS\IsUninst.exe -fC:\UnrealTournament\Uninst.isu
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows XP Application Compatibility Update[Q319580] --> C:\WINDOWS\$NtUninstallQ319580$\spuninst\spuninst.exe
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
-- Application Event Log -------------------------------------------------------
No Errors/Warnings found.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
No Errors/Warnings found.
-- End of Deckard's System Scanner: finished at 2008-07-30 20:31:04 ------------