Deckard's System Scanner v20071014.68
Run by Steve on 2008-07-30 16:48:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
82: 2008-07-30 20:48:44 UTC - RP1288 - Deckard's System Scanner Restore Point
81: 2008-07-30 13:52:01 UTC - RP1287 - System Checkpoint
80: 2008-07-29 13:17:24 UTC - RP1286 - Installed Ad-Aware
79: 2008-07-28 18:13:29 UTC - RP1285 - System Checkpoint
78: 2008-07-25 16:37:22 UTC - RP1284 - Removed LiveUpdate (Symantec Corporation)
-- First Restore Point --
1: 2008-05-02 18:00:58 UTC - RP1207 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Steve.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:26 PM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Documents and Settings\Steve\Desktop\dss.exe
C:\DOCUME~1\Steve\Desktop\HJT\Steve.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell4me.com/mywaybizF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {6230596F-3A44-4CDF-815B-372FA03C75D6} - C:\WINDOWS\system32\vtUnkheB.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: {7580b7d0-ad32-fa8b-39c4-802f08bca96b} - {b69acb80-f208-4c93-b8af-23da0d7b0857} - C:\WINDOWS\system32\npdcpj.dll
O2 - BHO: (no name) - {DCEDF3B9-01BC-409A-86FC-7F55164E13BC} - C:\WINDOWS\system32\urqNEVOF.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [709e8374] rundll32.exe "C:\WINDOWS\system32\mrvsbmhe.dll",b
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [main] C:\WINDOWS\system32\drivers\system.exe
O4 - HKCU\..\Run: [default] C:\Documents and Settings\Steve\winmain.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\RunOnce: [sysinit] C:\WINDOWS\system32\drivers\system.exe
O4 - HKCU\..\RunOnce: [winmz] C:\Documents and Settings\Steve\winmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0612502E-29F8-11D6-BC3C-00C0F0167E34} (CRS Inc. Data Object) -
http://www.crsdata.n...ct/CRSNInfo.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....204&clcid=0x409O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) -
http://www.crsdata.n...mgaxctrlv65.cabO16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} (Sview Control) -
http://www.swiftview...all_a_green.exeO16 - DPF: {944713E8-1F29-42D9-ABD5-557728B9AC97} (PtClickLoanWF Control) -
https://ilnet.wellsf...clickloanwf.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
https://fpdownload.m...ash/swflash.cabO16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} (PtClickLoan Control) -
https://www.clickloa...PtClickLoan.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://countrywide....ent/ieatgpc.cabO20 - Winlogon Notify: vtUnkheB - C:\WINDOWS\SYSTEM32\vtUnkheB.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O22 - SharedTaskScheduler: XenaDot Software - {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A} - (no file)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
--
End of file - 8718 bytes
-- HijackThis Fixed Entries (C:\DOCUME~1\Steve\Desktop\HJT\backups\) -----------
backup-20080729-024159-275 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
backup-20080729-024159-577 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://safesearch.cy...mallsearch.htmlbackup-20080729-024159-992 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
backup-20080729-024200-267 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20080729-024201-880 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-07-28 21:22:57 556 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Steve.job
-- Files created between 2008-06-30 and 2008-07-30 -----------------------------
2008-07-29 09:17:35 0 d-------- C:\Program Files\Lavasoft
2008-07-29 09:16:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-29 02:53:35 0 d-------- C:\VundoFix Backups
2008-07-29 00:53:47 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-07-28 21:12:01 0 d-------- C:\Program Files\Windows Sidebar
2008-07-28 21:11:59 0 d-------- C:\Program Files\Norton AntiVirus
2008-07-28 21:08:40 0 d-------- C:\Program Files\Symantec
2008-07-28 20:57:32 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-28 20:57:32 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-28 20:57:32 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-28 20:57:32 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-28 20:57:32 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-28 20:57:32 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-28 20:57:32 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-28 20:57:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-28 20:57:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-07-28 20:57:32 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-28 20:57:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-07-28 20:57:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-28 20:57:31 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-28 20:57:31 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-28 20:57:31 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-28 20:57:31 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-28 20:57:31 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-28 20:57:31 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-28 09:27:53 92160 --a------ C:\WINDOWS\system32\mrvsbmhe.dll
2008-07-28 09:26:50 116352 --a------ C:\WINDOWS\system32\npdcpj.dll
2008-07-28 09:26:47 116352 --a------ C:\WINDOWS\system32\owadiaqs.dll
2008-07-25 09:40:55 116352 --a------ C:\WINDOWS\system32\rcqlza.dll
2008-07-25 09:40:51 116352 --a------ C:\WINDOWS\system32\niqwrlmg.dll
2008-07-25 09:37:55 94848 --a------ C:\WINDOWS\system32\tfpdvseb.dll
2008-07-24 14:18:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-07-24 12:30:54 0 d-------- C:\Documents and Settings\Steve\Application Data\InstallShield
2008-07-24 09:36:10 116352 --a------ C:\WINDOWS\system32\jtovyh.dll
2008-07-24 09:36:08 116352 --a------ C:\WINDOWS\system32\sdcvqalx.dll
2008-07-23 16:57:49 3563 --ahs---- C:\WINDOWS\system32\FOVENqru.ini2
2008-07-23 16:57:39 323584 --a------ C:\WINDOWS\system32\urqNEVOF.dll
2008-07-23 16:52:53 33152 --a------ C:\WINDOWS\system32\qoMdATjJ.dll
2008-07-23 16:52:53 33152 --a------ C:\WINDOWS\system32\awtuvSmk.dll
2008-07-23 16:52:30 33152 --a------ C:\WINDOWS\system32\awtrRihi.dll
2008-07-23 16:52:29 33152 --a------ C:\WINDOWS\system32\vtUnkheB.dll
-- Find3M Report ---------------------------------------------------------------
2008-07-30 16:46:15 256 --a------ C:\WINDOWS\system32\pool.bin
2008-07-29 09:16:25 0 d-------- C:\Program Files\Common Files
2008-07-29 00:55:56 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-28 21:22:22 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-25 12:54:31 0 d-------- C:\Documents and Settings\Steve\Application Data\Symantec
2008-07-24 10:30:06 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-19 11:25:37 21504 --a------ C:\WINDOWS\jestertb.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6230596F-3A44-4CDF-815B-372FA03C75D6}]
07/23/2008 04:52 PM 33152 --a------ C:\WINDOWS\system32\vtUnkheB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
07/28/2008 09:18 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b69acb80-f208-4c93-b8af-23da0d7b0857}]
07/28/2008 09:26 AM 116352 --a------ C:\WINDOWS\system32\npdcpj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DCEDF3B9-01BC-409A-86FC-7F55164E13BC}]
07/23/2008 04:57 PM 323584 --a------ C:\WINDOWS\system32\urqNEVOF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/19/2005 08:59 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [10/19/2005 08:59 AM]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [08/15/2000 09:25 PM]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [08/15/2000 09:25 PM]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [08/15/2000 09:25 PM]
"mmtask"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [01/17/2006 01:03 PM]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [03/26/2007 08:07 AM]
"709e8374"="C:\WINDOWS\system32\mrvsbmhe.dll" [07/28/2008 09:27 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 09:47 PM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [02/07/2008 02:49 AM]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [08/23/2006 11:38 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [06/18/2003 01:00 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [10/24/2005 04:53 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"main"="C:\WINDOWS\system32\drivers\system.exe" []
"default"="C:\Documents and Settings\Steve\winmain.exe" []
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 05:40 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"sysinit"=C:\WINDOWS\system32\drivers\system.exe
"winmz"=C:\Documents and Settings\Steve\winmain.exe
C:\Documents and Settings\Steve\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:00:00 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 2:05:26 AM]
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [3/28/2007 12:32:56 PM]
DESKTOP.INI [9/3/2002 10:00:00 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [8/11/2004 3:22:40 AM]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 3:12:08 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [8/15/2000 9:25:16 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [9/13/2004 9:45:58 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6230596F-3A44-4CDF-815B-372FA03C75D6}"= C:\WINDOWS\system32\vtUnkheB.dll [07/23/2008 04:52 PM 33152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUnkheB]
vtUnkheB.dll 07/23/2008 04:52 PM 33152 C:\WINDOWS\SYSTEM32\vtUnkheB.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqNEVOF
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- End of Deckard's System Scanner: finished at 2008-07-30 16:53:22 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Celeron® CPU 2.40GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 766 MiB / 446.6 MiB
Pagefile Memory (total/avail): 1107.35 MiB / 785.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1942.47 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 74.46 GiB total, 62.26 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 74.5 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 74.46 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
AntivirusOverride is set.
FW: Norton AntiVirus v15.5.0.23 (Symantec Corporation)
FW: ZoneAlarm Firewall v6.5.737.000 (Zone Labs, Inc.)
AV: Norton AntiVirus v15.5.0.23 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Steve\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SATTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Steve
LOGONSERVER=\\SATTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Steve\LOCALS~1\Temp
TMP=C:\DOCUME~1\Steve\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=SATTER
USERNAME=Steve
USERPROFILE=C:\Documents and Settings\Steve
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Steve
(admin)Administrator
(new local, admin)-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
--> MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
--> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /i{75D6745B-2239-4182-A31F-F95CEBB35099}
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /I{75D6745B-2239-4182-A31F-F95CEBB35099}
Broadcom Management Programs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Family Lawyer 2000 --> C:\PROGRA~1\QUICKE~1\FAMILY~1\UNWISE.EXE C:\PROGRA~1\QUICKE~1\FAMILY~1\INSTALL.LOG
HijackThis 2.0.2 --> "C:\Documents and Settings\Steve\Desktop\HJT\HijackThis.exe" /uninstall
HLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPSFO --> MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_10009_100d60\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Legal Search --> C:\PROGRA~1\QUICKE~1\LEGALS~1\UNWISE.EXE C:\PROGRA~1\QUICKE~1\LEGALS~1\INSTALL.LOG
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2004 --> MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Money 2001 --> MsiExec.exe /I{D085A1B6-90A4-11D3-82B7-00C04FA309DE}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 6.0 --> MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
Microsoft Works and Money 2001 Setup Launcher --> C:\Program Files\Microsoft Works and Money 2001\Setup\Launcher.exe D:\
Microsoft WSE 2.0 SP3 Runtime --> MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}_15_5_0_23\Setup.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
Point --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85BC5C08-E73D-11D2-964D-444553540000}\SETUP.EXE" -l0x9 -uninst
Point --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F05E2B98-DA04-4FFA-8D08-DA218E6A2B47}\SETUP.EXE" -l0x9 -uninst
Point 6.1a --> MsiExec.exe /X{5F283360-B979-46F2-A359-365FE8492E75}
QuickBooks Premier: Contractor Edition 2003 --> C:\Program Files\Installshield Installation Information\{237a4b26-78c6-11d6-a394-00104bd190b1}\QBReplace.exe {237a4b26-78c6-11d6-a394-00104bd190b1}#{AD46C591-FB19-11D5-A316-00104BD190B1}
Roxio Media Manager --> MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SwiftView Viewer --> C:\Program Files\SwiftView\svinst.exe -Uninstall
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The Plain-Language Law Dictionary --> C:\PROGRA~1\QUICKE~1\THEPLA~1\UNWISE.EXE C:\PROGRA~1\QUICKE~1\THEPLA~1\INSTALL.LOG
TOSHIBA e-STUDIO350-450 Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E31CC05-1C65-4B9B-B902-45B23A280D38}\SETUP.EXE" -l0x9
VCAMCEN --> MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type18866 / Error
Event Submitted/Written: 07/28/2008 11:44:32 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 402205470.
Event Record #/Type18865 / Error
Event Submitted/Written: 07/28/2008 11:42:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application DesktopMgr.exe, version 4.2.2.12, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type18787 / Error
Event Submitted/Written: 07/28/2008 08:54:08 PM
Event ID/Source: 10 / WinMgmt
Event Description:
Event filter with query "SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct'" could not be (re)activated in namespace "//./ROOT/SecurityCenter"
because of error 0x80042002. Events may not be delivered through this filter until the
problem is corrected.
Event Record #/Type18784 / Error
Event Submitted/Written: 07/28/2008 08:53:38 PM
Event ID/Source: 10 / WinMgmt
Event Description:
Event filter with query "SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct'" could not be (re)activated in namespace "//./ROOT/SecurityCenter"
because of error 0x80042002. Events may not be delivered through this filter until the
problem is corrected.
Event Record #/Type18744 / Error
Event Submitted/Written: 07/28/2008 11:06:53 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 825761100.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type37240 / Warning
Event Submitted/Written: 07/30/2008 01:27:38 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Event Record #/Type37182 / Error
Event Submitted/Written: 07/29/2008 11:46:11 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type37179 / Error
Event Submitted/Written: 07/29/2008 11:18:02 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
eeCtrl
Fips
intelppm
SPBBCDrv
SRTSPX
SYMTDI
Event Record #/Type37178 / Error
Event Submitted/Written: 07/29/2008 11:17:16 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type37151 / Error
Event Submitted/Written: 07/29/2008 09:10:46 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
-- End of Deckard's System Scanner: finished at 2008-07-30 16:53:22 ------------