Deckard's System Scanner v20071014.68
Run by Bill Duke on 2008-02-18 10:31:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
75: 2008-02-18 15:32:13 UTC - RP1023 - Deckard's System Scanner Restore Point
74: 2008-02-18 15:17:35 UTC - RP1022 - Made by Registry Mechanic
73: 2008-02-18 14:06:32 UTC - RP1021 - Made by Registry Mechanic
72: 2008-02-17 23:18:39 UTC - RP1020 - Made by Registry Mechanic
71: 2008-02-17 23:01:25 UTC - RP1019 - ComboFix created restore point
-- First Restore Point --
1: 2008-01-17 05:01:51 UTC - RP949 - Made by Registry Mechanic
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Bill Duke.exe) -------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:09 AM, on 2008-02-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\YPCSER~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Bill Duke\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bill Duke.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/m ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/m ... earch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com//?oref=login
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O15 - Trusted Zone: http://*.aim.com
O15 - Trusted Zone: http://www.youtube.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8044A104-E4A8-440A-A9FF-FC4ABD011D74}: NameServer = 68.237.161.12 71.243.0.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{9768ACCE-6912-4E25-A5EA-9B06A348A818}: NameServer = 207.69.188.185,207.69.188.186
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee McShield (McShield) - Unknown owner - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 8393 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080207-235515-615 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080207-235515-703 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080207-235527-527 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080207-235527-806 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080207-235532-266 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080207-235532-510 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080207-235536-479 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080207-235536-707 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080207-235541-577 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080207-235541-651 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080207-235546-153 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080207-235546-971 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080207-235549-846 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080207-235549-860 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080207-235553-158 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080207-235553-241 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080215-080126-213 R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20080215-080126-245 F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
backup-20080215-080126-423 F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
backup-20080215-080126-508 O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - (no file)
backup-20080215-080126-512 O2 - BHO: (no name) - {2f3a22c2-3af0-4797-ac0f-eac7176984a0} - (no file)
backup-20080215-080126-521 O15 - Trusted Zone: http://*.aim.com
backup-20080215-080126-608 R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20080215-080126-715 O20 - AppInit_DLLs:
backup-20080215-080126-784 O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
backup-20080218-100743-128 R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20080218-100743-217 O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - (no file)
backup-20080218-100743-227 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
backup-20080218-100743-282 R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
backup-20080218-100743-416 O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
backup-20080218-100743-502 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
backup-20080218-100743-570 O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
backup-20080218-100743-753 R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20080218-100743-833 O20 - AppInit_DLLs:
backup-20080218-100743-950 O2 - BHO: (no name) - {2f3a22c2-3af0-4797-ac0f-eac7176984a0} - (no file)
-- File Associations -----------------------------------------------------------
.reg - regfile - DefaultIcon - unable to read value
.reg - regfile - shell\open\command - GEDZAC
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
R1 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
S0 szkg - c:\windows\system32\drivers\szkg.sys (file missing)
S3 AdfuUd (USB 2.0 (FS) ADFU Device) - c:\windows\system32\drivers\adfuud.sys
S3 BW2NDIS5 - c:\windows\system32\drivers\bw2ndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)
S3 Profos - c:\program files\common files\bitdefender\bitdefender threat scanner\profos.sys (file missing)
S3 Trufos - c:\program files\common files\bitdefender\bitdefender threat scanner\trufos.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 EarthLinkMonitor (EarthLink Monitor Service) - "c:\program files\earthlink totalaccess\wengine\wmonitor.exe" <Not Verified; Boingo Wireless, Inc.; >
R2 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>
S2 AOLService (AOL Spyware Protection Service) - c:\progra~1\common~1\aol\aolspy~1\\aolserv.exe (file missing)
S2 McShield (McAfee McShield) - c:\progra~1\mcafee.com\antivi~1\mcshield.exe (file missing)
S4 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-02-08 10:33:05 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-01-18 and 2008-02-18 -----------------------------
2008-02-17 18:09:54 60416 --a----c- C:\WINDOWS\system32\drivers\Combo-Fix.sys
2008-02-17 10:14:09 0 d------c- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-15 08:07:26 0 d------c- C:\WINDOWS\system32\Kaspersky Lab
2008-02-15 02:07:47 53248 --a----c- C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-02-14 12:17:17 68096 --a----c- C:\WINDOWS\system32\zip.exe
2008-02-14 12:17:17 98816 --a----c- C:\WINDOWS\system32\sed.exe
2008-02-14 12:17:17 80412 --a----c- C:\WINDOWS\system32\grep.exe
2008-02-14 12:17:17 73728 --a----c- C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-13 23:12:30 0 d------c- C:\Documents and Settings\Bill Duke\Application Data\Malwarebytes
2008-02-13 23:11:45 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-13 23:11:43 0 d------c- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-11 13:27:08 0 d------c- C:\Program Files\Enigma Software Group
2008-02-11 13:09:11 0 d------c- C:\Program Files\Safari
2008-02-11 09:23:00 0 dr-h---c- C:\Documents and Settings\Bill Duke\Recent
2008-02-08 23:40:42 0 d------c- C:\Documents and Settings\Bill Duke\Application Data\Opera
2008-02-08 23:40:02 0 d------c- C:\Program Files\Opera
2008-02-08 07:50:36 0 d------c- C:\WINDOWS\F34D9A5F484A4E31A9D3908CB265B289.TMP
2008-02-07 23:20:23 0 d------c- C:\Program Files\Trend Micro
2008-02-07 12:41:12 0 --a----c- C:\WINDOWS\system32\SBRC.dat
2008-02-07 12:41:12 0 --a----c- C:\WINDOWS\system32\SBFC.dat
2008-02-07 09:58:24 0 d------c- C:\Documents and Settings\Bill Duke\Application Data\Sunbelt Software
2008-02-07 08:24:30 0 d------c- C:\Program Files\Common Files\BitDefender
2008-02-07 07:51:33 0 d------c- C:\Documents and Settings\Bill Duke\.housecall6.6
2008-02-07 02:12:53 0 d------c- C:\Documents and Settings\Administrator\Application Data\Viewpoint
2008-02-05 15:49:09 0 d------c- C:\Program Files\ewido anti-malware
-- Find3M Report ---------------------------------------------------------------
2008-02-14 12:21:56 0 d------c- C:\Program Files\Common Files
2008-02-13 01:37:50 0 d------c- C:\Program Files\EarthLink TotalAccess
2008-02-11 13:10:05 0 d------c- C:\Documents and Settings\Bill Duke\Application Data\Apple Computer
2008-02-11 13:07:41 0 d------c- C:\Program Files\Apple Software Update
2008-02-07 08:13:14 0 d------c- C:\Program Files\America Online 9.0
2008-01-22 12:35:59 1744 --a----c- C:\WINDOWS\system32\d3d9caps.dat
2008-01-14 02:21:03 0 d------c- C:\Program Files\Common Files\AOL
2008-01-12 02:31:35 0 d------c- C:\Program Files\Sygate
2008-01-12 00:25:36 2560 --a----c- C:\WINDOWS\_MSRSTRT.EXE
2008-01-12 00:24:49 0 d------c- C:\Program Files\Common Files\Agnitum Shared
2008-01-08 11:39:35 0 d------c- C:\Documents and Settings\Bill Duke\Application Data\Adobe
2008-01-08 11:39:11 1158 --a----c- C:\WINDOWS\mozver.dat
2008-01-08 03:15:59 0 d------c- C:\Program Files\Java
2008-01-07 03:14:08 0 d------c- C:\Program Files\COMODO
2008-01-07 02:34:42 0 d------c- C:\Documents and Settings\Bill Duke\Application Data\Comodo
2008-01-07 01:07:50 0 d------c- C:\Program Files\Common Files\Java
2008-01-07 01:07:38 0 d------c- C:\Program Files\Common Files\Java(2)
2008-01-07 00:49:35 0 d------c- C:\Program Files\Java(2)
2008-01-04 21:34:34 0 d------c- C:\Documents and Settings\Bill Duke\Application Data\Spyware Terminator
2008-01-04 20:55:14 0 d------c- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-04 20:42:34 0 d------c- C:\Program Files\Agnitum
2008-01-04 16:01:09 0 d------c- C:\Program Files\Blaze Media Pro2
2008-01-03 20:03:20 0 d------c- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-02 16:47:00 0 d------c- C:\Program Files\McAfee
2008-01-02 16:46:58 0 d------c- C:\Program Files\Common Files\McAfee
2008-01-02 15:01:04 0 d------c- C:\Documents and Settings\Bill Duke\Application Data\AOL
2008-01-01 14:25:58 0 d------c- C:\Program Files\Lavasoft
2007-12-19 22:09:08 0 d------c- C:\Documents and Settings\Bill Duke\Application Data\Sibelius Software
2007-12-19 22:07:34 0 d------c- C:\Program Files\Sibelius Software
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 11:14 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 11:41 AM]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2006-10-30 03:12 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 AM]
"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" [2005-09-01 02:24 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-12 9:37:56 PM]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-01-26 9:35:24 PM]
AOL Companion.lnk - C:\Program Files\AOL Companion\companion.exe [2005-01-26 9:42:51 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 2:06:36 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 3:05:56 PM]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c27897-3fe5-11dc-a9fd-00038a000015}]
AutoRun\command- F:\Autorun.exe /run
Shell00\Command- F:\Autorun.exe /run
Shell01\Command- F:\Autorun.exe /action
Shell02\Command- F:\Autorun.exe /uninstall
-- End of Deckard's System Scanner: finished at 2008-02-18 10:41:37 ------------
Extra Log:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) Processor
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 639.55 MiB / 281.6 MiB
Pagefile Memory (total/avail): 1564.53 MiB / 1221.77 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1940.13 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 37.27 GiB total, 11.88 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - QUANTUM FIREBALLlct20 40 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FW: Bitdefender Firewall v8.0 (BitDefender) Disabled
FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)
FW: COMODO Firewall Pro v3.0 (COMODO)
AV: Bitdefender Antivirus v8.0 (BitDefender) Disabled
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:TaskPanl"
"C:\\Program Files\\America Online 9.0\\aol.exe"="C:\\Program Files\\America Online 9.0\\aol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:LocalSubNet:Enabled:Opera"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Bill Duke\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DUKE-A20MD19XF2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Bill Duke
LOGONSERVER=\\DUKE-A20MD19XF2
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\GTK\2.0\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 4 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0402
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\BILLDU~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\BILLDU~1\LOCALS~1\Temp
USERDOMAIN=DUKE-A20MD19XF2
USERNAME=Bill Duke
USERPROFILE=C:\Documents and Settings\Bill Duke
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Bill Duke (admin)
Administrator (admin)
Guest (new local, guest)
-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\mcafee.com\personal firewall\aol\uninst.exe" /PopUpMsgBox="N" /CheckMutx="N" /S
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{0CDCA5CD-C404-41FD-9216-9B4B3D24A7AA}
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat PDFWriter 3.03 --> C:\WINDOWS\uninst.exe -fC:\Acrobat3\DeIsL1.isu
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A00000000001}
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{8FC46258-0843-4D79-B7F0-F2B82FE6173B}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Blaze Media Pro --> "C:\Documents and Settings\All Users\Application Data\{4C2CB1B6-C45E-4307-ACEE-27BE65138599}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
EarthLink Software --> "C:\Program Files\EarthLink TotalAccess\uninstll.exe" /W
EarthLink Toolbar --> MsiExec.exe /X{B8C2A83F-20B0-49D9-BA2B-6495DD8639ED}
Entriq MediaSphere 3.5.2.2 --> "C:\Program Files\Entriq\MediaSphere\unins000.exe"
Final Draft 7 --> MsiExec.exe /I{78D62D17-D970-42DA-B8CF-5E5576293B33}
FreeAgent Go Tools --> C:\Program Files\InstallShield Installation Information\{ECD43B7A-CB3B-4AF8-91F6-C460A575E411}\setup.exe -runfromtemp -l0x0409
GTK+ 2.10.13 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
hp deskjet 5100 --> msiexec /x{15C165F1-1DAE-4476-AFB6-8723729B41E7}
HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iPod Updater 2004-08-06 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F8C106A-7DFC-45DE-8006-F9145AADF1D8} /l1033
iTunes --> MsiExec.exe /I{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft Word 2000 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
MP3 Player Utilities --> MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
Opera 9.25 --> MsiExec.exe /X{C619B312-19F3-460A-9F7B-443248379F18}
PaperPort 8.0 SE --> MsiExec.exe /I{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Safari --> MsiExec.exe /X{0CD7D421-C850-4271-8533-0269A3D39FAA}
SBC Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sibelius Scorch (ActiveX Only) --> MsiExec.exe /I{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
The GIMP 2.2.17 --> "C:\Program Files\GIMP-2.0\unins000.exe"
TotalAccess Smart Installer --> C:\Program Files\EarthLink\TotalAccess Smart Installer\UnSMI.exe
Ultra iPod Movie Converter 3.2.0607 --> "C:\Program Files\Ultra iPod Movie Converter\unins000.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
-- Application Event Log -------------------------------------------------------
Event Record #/Type1975 / Error
Event Submitted/Written: 02/18/2008 10:11:37 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
Event Record #/Type1867 / Error
Event Submitted/Written: 02/11/2008 02:42:22 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Safari.exe, version 3.523.15.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type1866 / Error
Event Submitted/Written: 02/11/2008 02:42:21 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Safari.exe, version 3.523.15.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type1856 / Error
Event Submitted/Written: 02/11/2008 01:06:23 PM
Event ID/Source: 11704 / MsiInstaller
Event Description:
Product: Apple Software Update -- Error 1704. An installation for BitDefender Total Security 2008 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?
Event Record #/Type1855 / Error
Event Submitted/Written: 02/11/2008 01:06:23 PM
Event ID/Source: 1013 / MsiInstaller
Event Description:
Product: Safari -- An installation for BitDefender Total Security 2008 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type2892 / Error
Event Submitted/Written: 02/18/2008 10:19:22 AM
Event ID/Source: 31012 / ipnathlp
Event Description:
The DNS proxy agent encountered an error while obtaining the local list
of name-resolution servers.
Some DNS or WINS servers may be inaccessible to clients on the local network.
The data is the error code.
Event Record #/Type2890 / Error
Event Submitted/Written: 02/18/2008 10:11:53 AM
Event ID/Source: 31012 / ipnathlp
Event Description:
The DNS proxy agent encountered an error while obtaining the local list
of name-resolution servers.
Some DNS or WINS servers may be inaccessible to clients on the local network.
The data is the error code.
Event Record #/Type2889 / Error
Event Submitted/Written: 02/18/2008 10:11:53 AM
Event ID/Source: 31012 / ipnathlp
Event Description:
The DNS proxy agent encountered an error while obtaining the local list
of name-resolution servers.
Some DNS or WINS servers may be inaccessible to clients on the local network.
The data is the error code.
Event Record #/Type2883 / Error
Event Submitted/Written: 02/18/2008 10:11:41 AM
Event ID/Source: 31012 / ipnathlp
Event Description:
The DNS proxy agent encountered an error while obtaining the local list
of name-resolution servers.
Some DNS or WINS servers may be inaccessible to clients on the local network.
The data is the error code.
Event Record #/Type2879 / Error
Event Submitted/Written: 02/18/2008 10:11:30 AM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.
-- End of Deckard's System Scanner: finished at 2008-02-18 10:41:37 ------------