hi Shaba.
quick question, when i run hijackthis, do i check all the boxes then Fix checked, or just get the hijackthislog?
thanks a lot
here are the results of the scan:
Main:
Deckard's System Scanner v20071014.68
Run by bukbok on 2008-07-26 21:06:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
22: 2008-07-26 13:06:28 UTC - RP256 - Deckard's System Scanner Restore Point
21: 2008-07-22 11:35:59 UTC - RP255 - Installed Adobe Reader 8.1.2
20: 2008-07-21 12:28:55 UTC - RP254 - System Checkpoint
19: 2008-07-20 09:25:52 UTC - RP253 - System Checkpoint
18: 2008-07-18 12:06:01 UTC - RP252 - System Checkpoint
-- First Restore Point --
1: 2008-06-23 11:55:50 UTC - RP235 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 9.39 GiB (less than 15%) free.-- HijackThis (run as bukbok.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:17 PM, on 7/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Reflection\rtsserv.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\bukbok\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\bukbok.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://mrc.pcmall.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = E
Ø x}½
EÀ <þ¿ÍÖM
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.megaupload.com/toolbar2.0/?c=installedR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.121.20.118:8080
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: HttpWatch Basic - {F1F69322-008F-4895-B2BF-AD194219825A} - C:\Program Files\HttpWatch\httpwatchsc.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HttpWatch Basic - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - C:\Program Files\HttpWatch\httpwatch.dll
O9 - Extra 'Tools' menuitem: HttpWatch Basic - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - C:\Program Files\HttpWatch\httpwatch.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) -
https://www.e-games.com.my/com/EGamesPlugin.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pcmall.com
O17 - HKLM\Software\..\Telephony: DomainName = pcmall.com
O23 - Service: AddFiltr - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Reflection TimeSync - WRQ, Inc. - C:\Program Files\Reflection\rtsserv.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8329 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080718-182132-757 O2 - BHO: (no name) - {0A583A73-A355-42C1-A9FF-ABA4EF03CD79} - (no file)
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 sp_rsdrv2 (Spyware Terminator Driver 2) - c:\windows\system32\drivers\sp_rsdrv2.sys
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
S0 kl1 - c:\windows\system32\drivers\kl1.sys (file missing)
S2 BDRSDRV - c:\program files\softwin\bitdefender9\bdrsdrv.sys (file missing)
S3 bdfdll - c:\program files\softwin\bitdefender9\bdfdll.sys (file missing)
S3 BDFSDRV - c:\program files\softwin\bitdefender9\bdfsdrv.sys (file missing)
S3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys (file missing)
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Reflection TimeSync - "c:\program files\reflection\rtsserv.exe" <Not Verified; WRQ, Inc.; Reflection TimeSync>
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - c:\progra~1\spywar~1\sp_rsser.exe <Not Verified; Crawler.com; Crawler Spyware Terminator>
S3 AddFiltr - "c:\program files\hewlett-packard\hp quick launch buttons\addfiltr.exe" (file missing)
S4 bdss (BitDefender Scan Server) - "c:\program files\common files\softwin\bitdefender scan server\bdss.exe" /service (file missing)
S4 LIVESRV (BitDefender Desktop Update Service) - "c:\program files\common files\softwin\bitdefender update service\livesrv.exe" /service (file missing)
S4 VSSERV (BitDefender Virus Shield) - "c:\program files\softwin\bitdefender9\vsserv.exe" /service (file missing)
S4 XCOMM (BitDefender Communicator) - "c:\program files\common files\softwin\bitdefender communicator\xcommsvr.exe" /service (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-06-26 and 2008-07-26 -----------------------------
2008-07-26 21:01:57 0 dr-h----- C:\Documents and Settings\bukbok\Recent
2008-07-22 19:36:07 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-22 19:31:37 0 d-------- C:\Documents and Settings\bukbok\Application Data\Malwarebytes
2008-07-22 19:31:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 19:31:30 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-21 18:26:00 0 d-------- C:\Program Files\HttpWatch
2008-07-16 20:56:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-07-16 19:10:04 0 d-------- C:\Program Files\Westward II - Heroes of the Frontier
2008-07-16 18:39:44 0 d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-07-16 18:35:42 0 d-------- C:\Documents and Settings\bukbok\Application Data\GameHouse
2008-07-08 20:17:50 0 d-------- C:\Program Files\Windows Grep
2008-07-05 02:46:06 5505024 --a------ C:\Documents and Settings\bukbok\ntuser.dat
2008-07-05 02:46:05 229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
-- Find3M Report ---------------------------------------------------------------
2008-07-26 20:59:24 0 d-------- C:\Program Files\Spyware Terminator
2008-07-26 20:53:36 0 d-------- C:\Documents and Settings\bukbok\Application Data\Spyware Terminator
2008-07-22 19:36:07 0 d-------- C:\Program Files\Common Files
2008-07-01 18:29:58 0 d-------- C:\Documents and Settings\bukbok\Application Data\Adobe
2008-06-24 18:37:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-24 18:28:23 0 d-------- C:\Program Files\Firefly Studios
2008-06-24 18:03:34 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-23 19:18:06 0 d-------- C:\Program Files\PopCap Games
2008-06-23 18:56:06 4096 --a------ C:\WINDOWS\d3dx.dat
2008-06-23 18:56:06 0 d-------- C:\Program Files\Sallys Salon
2008-06-17 19:36:28 0 d-------- C:\Documents and Settings\bukbok\Application Data\Youdagames
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/16/2006 04:22 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/14/2006 02:39 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/14/2006 02:41 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [08/14/2006 02:38 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [10/25/2007 03:06 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/16/2008 07:19 AM]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [01/09/2008 12:35 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [10/24/2006 04:10 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddabb.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk
backup=C:\WINDOWS\pss\Post-it® Software Notes Lite.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
"C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]
"C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDOESRV]
"C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]
"C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06fdf7a0-822d-11dc-ae0c-001a7366a102}]
AutoRun\command- m6dqm2vd.exe
explore\Command- m6dqm2vd.exe
open\Command- m6dqm2vd.exe
-- End of Deckard's System Scanner: finished at 2008-07-26 21:07:56 ------------
extra:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Genuine Intel(R) CPU T2130 @ 1.86GHz
CPU 1: Genuine Intel(R) CPU T2130 @ 1.86GHz
Percentage of Memory in Use: 34%
Physical Memory (total/avail): 1526.04 MiB / 1002.94 MiB
Pagefile Memory (total/avail): 2132.29 MiB / 1764.64 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.56 MiB
C: is Fixed (NTFS) - 74.52 GiB total, 9.39 GiB free.
D: is CDROM (No Media)
E: is CDROM (UDF)
\\.\PHYSICALDRIVE0 - SAMSUNG HM080HI - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AntivirusOverride is set.
FW: BitDefender 9 Professional Plus v7.2 (Softwin)
DisabledFW: ZoneAlarm Firewall v7.0.470.000 (Check Point, LTD.)
AV: BitDefender 9 Professional Plus v7.2 (Softwin)
Disabled OutdatedAV: avast! antivirus 4.8.1201 [VPS 080725-1] v4.8.1201 (ALWIL Software)
AV: Kaspersky Anti-Virus v7.0.0.125 (Kaspersky Lab)
Disabled[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\lrlsajrd.exe"="C:\\WINDOWS\\system32\\lrl"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\Team17\\Worms 2\\Frontend.exe"="C:\\Program Files\\Team17\\Worms 2\\Frontend.exe:*:Disabled:Worms 2 Frontend"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\bukbok\Application Data
CLASSPATH=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ANGELARLAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\bukbok
LOGONSERVER=\\ANGELARLAPTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e0c
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\bukbok\LOCALS~1\Temp
TMP=C:\DOCUME~1\bukbok\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=ANGELARLAPTOP
USERNAME=bukbok
USERPROFILE=C:\Documents and Settings\bukbok
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
webmaster
(new local, admin, net ready)irvine
(admin)angelar
(admin)bukbok
(admin)angie
angelar.ANGELARLAPTOP
Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x9 anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Baby Album --> MsiExec.exe /I{63A441D6-A84B-473A-913F-DAB1618EDCA5}
Broadcom 802.11 Wireless LAN Adapter --> "C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -Iwis30B5a.INF
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Deer Drive 1.0 --> C:\Program Files\Deer Drive\uninst.exe
Diner Dash Flo on the Go (remove only) --> C:\Program Files\Diner Dash Flo on the Go\Uninstall.exe
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_SprtHD5m\UIU32m.exe -U -ISprtHD5m.inf
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HttpWatch Basic 5.3.14 --> C:\Program Files\HttpWatch\uninstall.exe
Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{872653C6-5DDC-488B-B7C2-CF9E4D9335E5} /l1033
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.5.3 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.
--> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
O2Jam Offline v1.2 --> "C:\Program Files\O2Jam Offline\unins000.exe"
O2Jam_PH --> "C:\Program Files\e-Games\O2Jam_PH\uninstall.exe"
Post-it® Software Notes Lite --> "C:\Program Files\3M\PSNLite\Uninstall.exe" -Prog"C:\Program Files\3M\PSNLite\PsnLite.exe" -INI"C:\Program Files\3M\PSNLite\uninst.ini"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
Real Alternative 1.60 --> "C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Reflection for HP with NS/VT 9.0 --> MsiExec.exe /I{0E8949A1-CBBA-4AF6-B209-1C060164755E}
Safari --> MsiExec.exe /X{3E719879-9914-4C56-843E-96D0C3FCC3FB}
Sallys Salon --> "C:\Program Files\Sallys Salon\ReflexiveArcade\unins000.exe"
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 --> "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
Scrapbook Flair --> MsiExec.exe /I{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}
SnagIt 7 --> C:\Program Files\TechSmith\SnagIt 7\SIUNINST.EXE
Space Colony --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42C402C3-F95B-4BA2-BC90-99816AAF8159}\Setup.exe" -l0x9
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Terminator --> "C:\Program Files\Spyware Terminator\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TextPad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADBBED4F-720B-460D-AA14-D85EBC4AEF97}\Setup.exe"
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WebMate --> C:\Program Files\InstallShield Installation Information\{72651B0D-1313-4F03-96B7-47A04E2F24E1}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Grep 2.3 --> "C:\Program Files\Windows Grep\unins000.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinXMedia AVI/WMV MP4 Converter 2.1 --> C:\Program Files\WinXMedia\WinXMedia WMV MP4 Converter\uninst.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type4582 / Error
Event Submitted/Written: 07/26/2008 08:54:00 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
Event Record #/Type4580 / Error
Event Submitted/Written: 07/26/2008 08:53:00 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
Event Record #/Type4577 / Error
Event Submitted/Written: 07/25/2008 06:58:36 AM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
Event Record #/Type4575 / Error
Event Submitted/Written: 07/25/2008 06:57:35 AM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
Event Record #/Type4572 / Error
Event Submitted/Written: 07/22/2008 11:10:36 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type27401 / Error
Event Submitted/Written: 07/26/2008 09:07:29 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The SmartLinkService service has reported an invalid current state 0.
Event Record #/Type27349 / Error
Event Submitted/Written: 07/26/2008 08:54:05 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
kl1
Event Record #/Type27348 / Error
Event Submitted/Written: 07/26/2008 08:54:05 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The BDRSDRV service failed to start due to the following error:
%%3
Event Record #/Type27347 / Warning
Event Submitted/Written: 07/26/2008 08:53:52 PM
Event ID/Source: 8193 / LSASRV
Event Description:
The Security System could not establish a secured connection with the server DNS/ns1.pbi.net. No authentication protocol was available.
Event Record #/Type27346 / Warning
Event Submitted/Written: 07/26/2008 08:53:51 PM
Event ID/Source: 8192 / LSASRV
Event Description:
The Security System detected an attempted downgrade attack for
server DNS/ns1.pbi.net. The failure code from authentication protocol Kerberos
was "There are currently no logon servers available to service the logon request.
(0xc000005e)".
-- End of Deckard's System Scanner: finished at 2008-07-26 21:07:56 ------------