beynac
Main text: -
Deckard's System Scanner v20070603.47
Run by Geoff Vost on 2007-06-09 at 00:06:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
49: 2007-06-08 23:06:59 UTC - RP157 - Deckard's System Scanner Restore Point
48: 2007-06-08 14:28:28 UTC - RP156 - Installed Ad-Aware SE Personal
47: 2007-06-06 22:43:14 UTC - RP155 - System Checkpoint
46: 2007-06-04 20:25:13 UTC - RP154 - System Checkpoint
45: 2007-06-03 20:22:14 UTC - RP153 - System Checkpoint
-- First Restore Point --
1: 2007-03-11 18:36:04 UTC - RP109 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Geoff Vost.exe) ------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 00:09:05, on 09/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Geoff Vost\Desktop\dss.exe
C:\DOCUME~1\GEOFFV~1\MYDOCU~1\HIGHJA~1\Geoff Vost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://mail.google.com/mail/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mbssm32] C:\WINDOWS\system32\mbssm32.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Startup: WkCalRem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) -
https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 7243283515
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 INO_FLPY - c:\windows\system32\drivers\ino_flpy.sys <Not Verified; Computer Associates; CA eTrust eTrust Antivirus/InoculateIT version 7.X/6.X/4.X>
R0 snapman (Acronis Snapshots Manager) - c:\windows\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>
R0 timounter (Acronis TrueImage Backup Archive Explorer) - c:\windows\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
R2 INO_FLTR - c:\windows\system32\drivers\ino_fltr.sys <Not Verified; Computer Associates; CA eTrust eTrust Antivirus/InoculateIT version 6.0>
R2 tifsfilter (Acronis TrueImage FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; TrueImage>
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 LogWatch (Event Log Watch) - c:\program files\ca\sharedcomponents\ca_lic\logwatnt.exe <Not Verified; Computer Associates; Computer Associates LogWatNT>
R3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module>
S3 CA_LIC_CLNT (CA License Client) - c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe <Not Verified; Computer Associates; Computer Associates lic98rmt>
S3 CA_LIC_SRVR (CA License Server) - c:\program files\ca\sharedcomponents\ca_lic\lic98rmtd.exe <Not Verified; Computer Associates; Computer Associates lic98rmtd>
-- Scheduled Tasks -------------------------------------------------------------
2007-06-08 14:40:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-05-09 and 2007-06-09 -----------------------------
2007-06-08 15:28:43 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\Lavasoft
2007-06-08 15:28:29 0 d-------- C:\Program Files\Lavasoft
2007-06-08 15:26:22 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-07 18:38:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-06-04 15:48:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-06-04 15:48:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2007-06-04 15:48:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-06-04 15:48:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2007-06-04 15:48:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-06-04 15:48:30 0 d---s---- C:\Documents and Settings\Administrator\UserData
2007-06-04 15:48:30 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-06-04 15:48:30 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-06-04 15:48:30 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-06-04 15:48:30 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-06-04 15:48:30 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-06-04 15:48:30 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-06-04 15:48:30 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-06-04 15:48:30 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-06-04 15:48:30 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-06-04 15:48:30 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-06-04 15:48:30 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-06-04 15:48:30 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-06-04 15:48:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-06-04 15:48:30 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-06-04 15:48:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-06-04 15:48:29 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-05-31 18:34:08 5767168 --a------ C:\Documents and Settings\Geoff Vost\ntuser.dat
2007-05-28 02:35:29 2917 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-05-28 02:23:33 0 d-------- C:\Program Files\iPod
2007-05-28 02:21:46 0 d-------- C:\Program Files\Apple Software Update
2007-05-27 13:11:39 0 d-------- C:\WINDOWS\network diagnostic
2007-05-12 14:50:26 0 d-------- C:\Medion
-- Find3M Report ---------------------------------------------------------------
2007-06-07 20:36:41 39570 --a------ C:\Documents and Settings\Geoff Vost\Application Data\wklnhst.dat
2007-06-04 17:32:15 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\MSN6
2007-05-31 19:06:01 0 d-------- C:\Program Files\QuickTime
2007-05-31 19:05:56 0 d-------- C:\Program Files\iTunes
2007-05-28 07:41:04 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\Apple Computer
2007-05-04 21:36:24 0 d-------- C:\Program Files\AOL 8.0
2007-05-03 23:43:49 0 d-------- C:\Program Files\Java
2007-05-03 23:40:54 0 d-------- C:\Program Files\Common Files\Java
2007-05-03 12:20:13 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\Sun
2007-05-01 14:10:25 0 d-------- C:\Documents and Settings\Geoff Vost\Application Data\Google
2007-05-01 13:34:49 0 d-------- C:\Program Files\Google
2007-05-01 13:33:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-26 17:50:02 0 d-------- C:\Program Files\Windows Media Connect 2
2007-04-23 14:04:08 0 d--h----- C:\Program Files\WindowsUpdate
2007-04-19 18:39:31 0 d-------- C:\Program Files\Messenger
2007-04-19 18:36:56 0 d-------- C:\Program Files\MSXML 4.0
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
"PRISMSTA.EXE"="PRISMSTA.EXE START"
"PCMService"="\"C:\\Program Files\\Medion Home Cinema XL II\\PowerCinema\\PCMService.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"ledpointer"="CNYHKey.exe"
"HotKey"="C:\\WINDOWS\\Twain_32\\SlimU2\\HotKey.exe"
"Dit"="Dit.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"CHotkey"="mHotkey.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PSDrvCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"mbssm32"="C:\\WINDOWS\\system32\\mbssm32.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1700dbd-6941-11d8-805d-00038a000015}]
Shell\AutoRun\command M:\setupSNK.exe
-- End of Deckard's System Scanner: finished at 2007-06-09 at 00:09:53 ---------
-------------------------------------------------------------------------------------
Extra text:
Deckard's System Scanner v20070603.47
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 1023.48 MiB / 678.88 MiB
Pagefile Memory (total/avail): 2464.45 MiB / 2239.72 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1971.21 MiB
C: is Fixed (NTFS) - 74.55 GiB total, 50.74 GiB free.
D: is Fixed (NTFS) - 68.64 GiB total, 66.84 GiB free.
E: is Fixed (FAT32) - 5.85 GiB total, 2.03 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\STHIW\\stInstall.exe"="F:\\STHIW\\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard"
"C:\\Program Files\\AOL 8.0\\waol.exe"="C:\\Program Files\\AOL 8.0\\waol.exe:*:Disabled:AOL"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Disabled:Microsoft Management Console"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Geoff Vost\Application Data
AVENGINE=C:\PROGRA~1\CA\SHARED~1\SCANEN~1
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VOST
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Geoff Vost
INOCULAN=C:\PROGRA~1\CA\ETRUST~1
LOGONSERVER=\\VOST
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\PROGRA~1\CA\SHARED~1\SCANEN~1;C:\PROGRA~1\CA\ETRUST~1;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\IMSI\FloorPlan 3D v8\Program
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\GEOFFV~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\GEOFFV~1\LOCALS~1\Temp
USERDOMAIN=VOST
USERNAME=Geoff Vost
USERPROFILE=C:\Documents and Settings\Geoff Vost
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Geoff Vost
(admin)
Administrator
(new local, admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
100,000 Clipart - Volume 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA9D74C9-858C-4346-B9F6-3F2C1D2F2249}
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Acronis True Image --> C:\Program Files\Acronis\TrueImage\MediaBuilder.exe -uninstall
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Photoshop Elements --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7646-000000000001}
AOL UK --> C:\Program Files\Common Files\aolshare\Aolunins_uk.exe
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ASAPI Update --> C:\WINDOWS\System32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
CA eTrust Antivirus --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CA\eTrust Antivirus\Uninst.isu" -c"C:\Program Files\CA\eTrust Antivirus\InoSetup.dll"
Canon Camera Window for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}
Canon i865 --> C:\WINDOWS\System32\CNMCP5m.exe "-PRINTERNAMECanon i865" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i865 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i865 Installer\Inst2\cnmi0409.dll"
Canon PhotoRecord --> MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
Canon RAW Image Task for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2236B741-6631-49AE-B76E-3E14CA01CC87}
Canon Utilities Easy-PhotoPrint --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint\EZUNINST.DLL"
Canon Utilities Easy-PhotoPrint Plus --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint Plus\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint Plus\EZUNINST.DLL"
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Cartoonist 1.1 --> "C:\Program Files\Cartoonist\unins000.exe"
CD-LabelPrint --> "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Clean 5 --> C:\PROGRA~1\Pinnacle\CLEAN5~1\UNINST~1.EXE C:\PROGRA~1\Pinnacle\CLEAN5~1\INSTALL.LOG
CloneDVD 2.2 --> "C:\Program Files\CloneDVD\unins000.exe"
dBpowerAMP Music Converter --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.1.4 --> "C:\Program Files\DVD Shrink\unins000.exe"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
eTrust Antivirus Registration --> MsiExec.exe /I{515E1B00-E2B4-4975-9900-95F66077C3AE}
FloorPlan 3D v8 --> MsiExec.exe /I{53F6009E-756A-4D3D-A0D3-B6D4CBEDA819}
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hemera Photo-Objects 5000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hemera Photo-Objects 5000\Uninst.isu"
HijackThis 1.99.1 --> C:\Documents and Settings\Geoff Vost\My Documents\highjackthis\HijackThis.exe /uninstall
Home Cinema XL II --> "C:\Program Files\Uninstall_PCM.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Image Armada --> C:\Program Files\Tangent3D\Image Armada\Uninstall\Uninstall.exe
Informations about your PC --> MsiExec.exe /I{0AB149EB-2AE0-466C-9BA4-3A718CF06432}
InstantCopy --> MsiExec.exe /I{9ACEBC7B-4D46-462A-929C-99177EC5BEA6}
iTunes --> MsiExec.exe /I{3592F5CB-B524-43AA-92F2-2377268199CC}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Label Editor --> "C:\Program Files\Steinberg\Label Editor\Uninstall.exe" "C:\Program Files\Steinberg\Label Editor\install.log"
Medi@Show --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Medion Home Cinema XL II\MediaShow\Uninst.isu"
Medion Flash XL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9
MGI PhotoSuite 4 (Remove Only) --> "C:\Program Files\MGI\MGI PhotoSuite 4\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\MGI PhotoSuite 4\Uninst.isu" -c"C:\Program Files\MGI\MGI PhotoSuite 4\System\CustomUninstall.dll"
MGI Photovista 2.02(Remove only) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\Photovista\Uninst.isu"
Microsoft AutoRoute v11.0 --> MsiExec.exe /I{8704D51E-25B7-4F23-81E7-AA4F54790220}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard - WE 2004 --> MsiExec.exe /I{045A0044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Money --> MsiExec.exe /I{1D643CD2-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money System Pack --> MsiExec.exe /I{8C64E149-54BA-11D6-91B1-00500462BE80}
Microsoft Picture It! Photo Standard 9 --> C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{B9966F27-9678-4620-9579-925E3084647E}
Microsoft Works 2004 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP F:\
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{33BEE6F3-9987-4F98-A069-97A64EC8321A}
MSN Messenger 6.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600602}
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
PowerCinema 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
PowerDirector --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Serif PagePlus 8.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDC83FD3-1A0F-46FB-8852-5E9A94294143}\Setup.exe"
Serif PanoramaPlus 1 --> MsiExec.exe /I{4E52EC9A-34A6-474F-8D84-4E8CC5D48683}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Slim USB2 Scanner --> C:\WINDOWS\RunUnDrv.exe C:\WINDOWS\Twain_32\SlimU2\PmxScan.INF DefaultUnInstall.USB.NTX86
Sonic Foundry Sound Forge 6.0b --> MsiExec.exe /I{968CB479-6163-415F-A9D3-4489BF07DAFF}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Ulead Photo Express 4.0 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}\setup.exe"
USB 2.0 Flash Drive --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3815B68D-3ADD-479A-9208-ED7FC11F4EC1}\Setup.exe" -l0x9
USB Wireless Keyboard Driver Ver1.24M --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1955A3A-EA24-4682-8641-43B5B688B09A}\Setup.exe" -l0x9
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VideoLive Mail --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FABA7C7-6DC0-11D6-9EAB-0050BAE317E1}\setup.exe" -uninstall
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WaveLab Lite --> "C:\Program Files\Steinberg\WaveLab Lite\Uninstall.exe" "C:\Program Files\Steinberg\WaveLab Lite\install.log"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
X10 Hardware(TM) --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
-- End of Deckard's System Scanner: finished at 2007-06-09 at 00:09:53 ---------
Hope this is right!
six-h