Hi
Here is the scans as requested. just thought u should know that it took about 3 hours to complete!
Deckard's System Scanner v20070905.67
Run by Terry on 2007-10-14 13:56:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
66: 2007-10-14 00:56:53 UTC - RP536 - Deckard's System Scanner Restore Point
65: 2007-10-14 00:51:38 UTC - RP535 - Last known good configuration
64: 2007-10-14 00:51:18 UTC - RP534 - Last known good configuration
63: 2007-10-14 00:51:17 UTC - RP533 - Last known good configuration
62: 2007-10-14 00:51:17 UTC - RP532 - ComboFix created restore point
-- First Restore Point --
1: 2007-10-14 00:50:54 UTC - RP471 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 2.93 GiB (less than 15%) free.
-- HijackThis (run as Terry.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49, on 2007-10-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Terry\Desktop\dss.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\TRENDM~1\HIJACK~1\Terry.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BACEB7AF-8D88-456E-82D0-7BEB9A4410FE} - C:\WINDOWS\system32\qomjkii.dll
O2 - BHO: (no name) - {DA50CF68-25F1-438F-8C27-30FF6F86DBC9} - C:\WINDOWS\system32\ddcyw.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\D-Link\DSL-200\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\D-Link\DSL-200\dslagent.exe"
O4 - HKLM\..\Run: [EasyTuneV] "C:\Program Files\Gigabyte\ET5\GUI.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PKR Pal] "./\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM95\aim.exe" -cnetwait.odl
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) -
http://activex.camfrogweb.com/advanced/ ... module.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 1748194013
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) -
http://appdirectory.messenger.msn.com/A ... gWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cab
O20 - Winlogon Notify: qomjkii - C:\WINDOWS\SYSTEM32\qomjkii.dll
O20 - Winlogon Notify: wingby32 - wingby32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 8454 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20071012-173705-237 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20071012-173705-341 O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) -
http://stream.pussyharem.com/stream/mmp.cab
backup-20071012-173706-441 O22 - SharedTaskScheduler: excreted - {b0ded443-5e68-4001-a81b-0a0001621ab8} - C:\WINDOWS\system32\pkgvyg.dll (file missing)
backup-20071013-001921-480 O9 - Extra 'Tools' menuitem: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} -
http://www.intercasino.com (file missing) (HKCU)
backup-20071013-001921-722 O9 - Extra button: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} -
http://www.intercasino.com (file missing) (HKCU)
backup-20071013-001921-942 O8 - Extra context menu item: E&xport to Microsoft Excel -
res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 ET5Drv - c:\windows\system32\drivers\et5drv.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R3 wanusb (D-Link DSL-200 USB ADSL Modem(WAN)) - c:\windows\system32\drivers\gwausb.sys <Not Verified; GlobespanVirata Inc.; GlobespanVirata WAN ADSL USB Modem>
S2 ALIEHCD (ULi PCI to USB Enhanced Host Controller) - c:\windows\system32\drivers\aliehci.sys <Not Verified; ULi Corporation; ULi Ehci Host Controller Driver>
S3 aliroothub (USB 2.0 Root Hub) - c:\windows\system32\drivers\alirthub.sys <Not Verified; ULi Corporation; ULi Roothub Driver for USB2.0>
S3 catchme - c:\docume~1\terry\locals~1\temp\catchme.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 GVCplDrv - c:\windows\system32\drivers\gvcpldrv.sys
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2007-10-08 02:00:02 1516 --a------ C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
2007-10-03 10:38:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-09-14 and 2007-10-14 -----------------------------
2007-10-14 13:51:39 175927 ---hs---- C:\WINDOWS\system32\wycdd.ini2
2007-10-14 11:26:31 78400 --a------ C:\WINDOWS\system32\qqgqscpr.dll
2007-10-13 09:49:34 78400 --a------ C:\WINDOWS\system32\viloaitf.dll
2007-10-13 09:46:22 84032 --a------ C:\WINDOWS\system32\cnckkduq.dll
2007-10-12 23:39:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-10-12 23:35:36 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-10-12 23:35:36 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-10-12 23:35:36 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-10-12 23:35:36 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-10-12 23:35:36 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-10-12 23:35:36 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-10-12 23:35:36 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-10-12 23:35:36 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-10-12 23:35:36 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-10-12 23:35:36 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-10-12 23:35:36 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-10-12 23:35:36 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-10-12 23:35:36 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-10-12 23:35:35 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-10-12 23:35:31 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-10-12 18:07:04 78400 --a------ C:\WINDOWS\system32\qxtlcvab.dll
2007-10-12 17:59:45 174432 ---hs---- C:\WINDOWS\system32\wycdd.bak2
2007-10-12 17:39:31 0 d-------- C:\Program Files\EsetOnlineScanner
2007-10-12 14:13:46 0 d-------- C:\WINDOWS\system32\Lang
2007-10-12 05:59:31 6505 ---hs---- C:\WINDOWS\system32\wycdd.bak1
2007-10-12 05:58:51 309856 --a------ C:\WINDOWS\system32\ddcyw.dll
2007-10-12 05:53:47 34304 --a------ C:\WINDOWS\system32\qomjkii.dll
2007-10-11 19:18:39 0 d-------- C:\Program Files\Trend Micro
2007-10-10 20:34:51 0 d-------- C:\Documents and Settings\Terry\Application Data\TrojanHunter
2007-10-10 20:14:01 0 d-------- C:\Documents and Settings\Terry\.housecall6.6
2007-10-10 19:20:48 0 d-------- C:\Program Files\TrojanHunter 5.0
2007-10-07 13:48:37 118784 --a------ C:\WINDOWS\system32\DWSPYVB6.DLL <Not Verified; Desaware Inc.; SpyWorks 6.0>
2007-10-07 13:48:37 0 d-------- C:\Program Files\Nodtronics
2007-10-04 20:01:32 0 d-------- C:\Documents and Settings\Terry\Application Data\UseNeXT
2007-09-28 19:15:55 0 d-------- C:\Program Files\Common Files\Apple
2007-09-28 19:08:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-19 22:26:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-19 19:55:32 81920 --a------ C:\WINDOWS\system32\viscomwave.dll <Not Verified; Viscom Software; >
2007-09-19 19:55:32 139264 --a------ C:\WINDOWS\system32\viscomqtde.dll <Not Verified; Viscom Software
http://www.viscomsoft.com; >
2007-09-19 19:55:32 475136 --a------ C:\WINDOWS\system32\SkinCrafter.dll <Not Verified; DMSoft Technologies; SkinCrafter Module>
2007-09-19 19:55:29 0 d-------- C:\Program Files\Plato Video To iPod Converter
2007-09-16 02:30:42 0 d-------- C:\Program Files\BitComet
-- Find3M Report ---------------------------------------------------------------
2007-10-13 09:35:39 0 d-------- C:\Program Files\Common Files
2007-10-12 22:39:36 0 d-------- C:\Program Files\Java
2007-10-07 13:48:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-04 23:03:46 0 d-------- C:\Documents and Settings\Terry\Application Data\RipIt4Me
2007-09-28 20:27:11 0 d-------- C:\Documents and Settings\Terry\Application Data\CamfrogWEB
2007-09-28 19:08:52 0 d-------- C:\Program Files\Apple Software Update
2007-09-19 17:17:55 0 d-------- C:\Program Files\PKR
2007-09-10 21:09:28 0 d-------- C:\Documents and Settings\Terry\Application Data\Aim
2007-08-27 12:42:16 0 d-------- C:\Program Files\CFWebAdvancedU
2007-08-22 20:48:57 0 d-------- C:\Program Files\Windows Media Components
2007-08-08 16:30:12 19456 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2007-08-02 18:11:28 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2007-08-02 18:11:14 241664 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2007-07-27 15:49:02 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-27 15:49:02 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-18 22:09:35 164 --a------ C:\install.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BACEB7AF-8D88-456E-82D0-7BEB9A4410FE}]
2007-10-12 05:53 34304 --a------ C:\WINDOWS\system32\qomjkii.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA50CF68-25F1-438F-8C27-30FF6F86DBC9}]
2007-10-12 05:58 309856 --a------ C:\WINDOWS\system32\ddcyw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 21:54]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-01 22:28]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 22:09 C:\WINDOWS\SOUNDMAN.EXE]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2005-08-18 16:52]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42]
"DSLSTATEXE"="C:\Program Files\D-Link\DSL-200\dslstat.exe" [2005-01-21 21:04]
"DSLAGENTEXE"="C:\Program Files\D-Link\DSL-200\dslagent.exe" [2005-01-21 21:04]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [2004-06-14 12:54]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-31 12:49]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 15:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 15:45]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 19:02]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 18:42]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-14 15:38]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06]
"PKR Pal"="./\pkrpal.exe" []
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-06-21 19:57]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 16:22]
"AIM"="C:\Program Files\AIM95\aim.exe" [2002-11-14 12:50]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-09-17 13:41:53]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BACEB7AF-8D88-456E-82D0-7BEB9A4410FE}"= C:\WINDOWS\system32\qomjkii.dll [2007-10-12 05:53 34304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomjkii]
qomjkii.dll 2007-10-12 05:53 34304 C:\WINDOWS\system32\qomjkii.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingby32]
wingby32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcyw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- End of Deckard's System Scanner: finished at 2007-10-14 17:06:20 ------------
Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) 64 Processor 3500+
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 1023.48 MiB / 505.36 MiB
Pagefile Memory (total/avail): 2461.91 MiB / 2048.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1943.45 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 48.83 GiB total, 2.93 GiB free.
D: is Fixed (NTFS) - 68.36 GiB total, 68 GiB free.
E: is Fixed (NTFS) - 48.25 GiB total, 43.35 GiB free.
F: is Removable (No Media)
G: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - ST3200822A - 165.44 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 48.83 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 116.61 GiB - D: - E:
\\.\PHYSICALDRIVE1 - Brother DCP-115C USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\LimeWire\\LimeWire.exe"="D:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\mIRC\\mirc.exe"="D:\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Documents and Settings\\Terry\\Local Settings\\Temporary Internet Files\\Content.IE5\\M3SVFS18\\wowclient-downloader[1].exe"="C:\\Documents and Settings\\Terry\\Local Settings\\Temporary Internet Files\\Content.IE5\\M3SVFS18\\wowclient-downloader[1].exe:*:Enabled:Blizzard Downloader"
"D:\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"="D:\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Terry\Application Data
CLASSPATH=C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TELAINE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Terry
LOGONSERVER=\\TELAINE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 7 Stepping 10, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=070a
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Terry\LOCALS~1\Temp
TMP=C:\DOCUME~1\Terry\LOCALS~1\Temp
USERDOMAIN=TELAINE
USERNAME=Terry
USERPROFILE=C:\Documents and Settings\Terry
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Terry
(admin)
Administrator
(admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1000 Solitaire Games --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3913CAB-1406-46F2-BB62-1CB96DDAF460}\SETUP.EXE" -l0x9
101 Puzzle & Logic Games --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05108C14-956B-4723-8346-7EA8982CD2FC}\setup.exe" -l0x9
3DMark06 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOL Instant Messenger --> C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{63D45D17-7A9E-41DF-96EF-699B285AC459}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVIVO Codecs --> MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
CamfrogWEB Advanced ActiveX Plugin (remove only) --> "C:\Program Files\CFWebAdvancedU\Uninstall.exe"
D-Link DSL-200 ADSL Modem --> C:\Program Files\D-Link\DSL-200\uninstall.exe
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EasyTune5 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Gigabyte\ET5\Uninst.isu" -c"C:\Program Files\Gigabyte\ET5\uninstdrv.dll"
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iPod for Windows 2005-10-12 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5} /l1033
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Jarte --> "C:\Program Files\Jarte\unins000.exe"
K-Lite Codec Pack 2.77 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIRC --> "D:\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NOD32 Antivirus System --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PKR --> "C:\Program Files\PKR\uninstall-pkr.exe"
Plato Video To iPod Converter 3.73 --> "C:\Program Files\Plato Video To iPod Converter\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
SuperMegaSpoof 2.0 --> "C:\Program Files\MegaSpoof\unins000.exe"
TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"
VideoCAM NB --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9CA01B9A-FB39-4E17-8CA9-A8D485CBE7DD}\setup.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type140887 / Error
Event Submitted/Written: 10/14/2007 11:33:37 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application sed.cfexe, version 0.0.0.0, faulting module sed.cfexe, version 0.0.0.0, fault address 0x000106ac.
Processing media-specific event for [sed.cfexe!ws!]
Event Record #/Type140880 / Error
Event Submitted/Written: 10/14/2007 10:37:26 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type140879 / Error
Event Submitted/Written: 10/14/2007 10:37:15 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type140878 / Error
Event Submitted/Written: 10/14/2007 10:37:13 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type140877 / Error
Event Submitted/Written: 10/14/2007 10:37:10 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type29877 / Error
Event Submitted/Written: 10/14/2007 04:50:11 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.
Event Record #/Type29849 / Error
Event Submitted/Written: 10/14/2007 01:50:28 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ULi PCI to USB Enhanced Host Controller service failed to start due to the following error:
%%1058
Event Record #/Type29845 / Error
Event Submitted/Written: 10/14/2007 11:32:24 AM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.
Event Record #/Type29822 / Error
Event Submitted/Written: 10/14/2007 10:57:50 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ULi PCI to USB Enhanced Host Controller service failed to start due to the following error:
%%1058
Event Record #/Type29797 / Error
Event Submitted/Written: 10/14/2007 10:48:35 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ULi PCI to USB Enhanced Host Controller service failed to start due to the following error:
%%1058
-- End of Deckard's System Scanner: finished at 2007-10-14 17:06:20 ------------