Deckard's System Scanner v20071014.68
Run by Anthony on 2008-04-15 06:56:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Anthony.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:00 AM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Anthony.USER\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Anthony.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =
http://www.dell.comR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Anthony.USER\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://*.download.microsoft.comO15 - Trusted Zone:
http://*.update.microsoft.comO15 - Trusted Zone:
http://*.windowsupdate.comO15 - Trusted Zone:
http://*.windowsupdate.microsoft.comO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) -
https://rr.spinnakerweb.com/team/player ... pic1_smallO24 - Desktop Component 1: (no name) -
http://sp1.yt-thm-a01.yimg.com/image/25/f10/434987748O24 - Desktop Component 2: (no name) -
http://re3.mm-a6.yimg.com/image/3523453243--
End of file - 5517 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S4 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02\4&2FE911E8&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02\4&2FE911E8&0&00F0
Service: bcm4sbxp
-- Files created between 2008-03-15 and 2008-04-15 -----------------------------
2008-04-02 16:29:04 0 d-------- C:\Program Files\Trend Micro
2008-04-01 21:28:45 0 d-------- C:\Documents and Settings\Anthony.USER\Application Data\CyberLink
2008-03-29 13:23:06 0 d-------- C:\Documents and Settings\Anthony.USER\Application Data\Yahoo!
2008-03-29 13:23:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-29 12:33:33 0 d-------- C:\Documents and Settings\Anthony.USER\Application Data\Oberon Games
-- Find3M Report ---------------------------------------------------------------
2008-04-03 14:13:34 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-31 18:09:44 0 d-------- C:\Program Files\Yahoo! Games
2008-03-29 21:53:26 0 d-------- C:\Program Files\Norton 360
2008-03-29 12:00:46 0 d-------- C:\Program Files\Yahoo!
2008-03-10 09:02:27 0 d-------- C:\Documents and Settings\Anthony.USER\Application Data\Macromedia
2008-02-29 19:06:37 0 d-------- C:\Documents and Settings\Anthony.USER\Application Data\Symantec
2008-02-28 18:44:30 0 d-------- C:\Program Files\Symantec
2008-02-28 18:14:06 0 d-------- C:\Program Files\Common Files
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/17/2007 08:54 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 06:38 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"wltrysvc"=2 (0x2)
"NICCONFIGSVC"=2 (0x2)
"gusvc"=3 (0x3)
*Newly Created Service* - COMHOST
-- End of Deckard's System Scanner: finished at 2008-04-15 06:57:49 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Genuine Intel(R) CPU T1300 @ 1.66GHz
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 1014.37 MiB / 742.74 MiB
Pagefile Memory (total/avail): 2441.63 MiB / 2258.1 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.39 MiB
C: is Fixed (NTFS) - 50.98 GiB total, 37.09 GiB free.
D: is CDROM (CDFS)
\\.\PHYSICALDRIVE0 - Hitachi HTS541060G9SA00 - 54.49 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 50.98 GiB - C:
\PARTITION2 - Unknown - 3.46 GiB
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AntivirusOverride is set.
FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)
Disabled Outdated[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Sony Pictures Games\\Wheel of Fortune\\Wheel of Fortune.exe"="C:\\Program Files\\Sony Pictures Games\\Wheel of Fortune\\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Anthony.USER\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Anthony.USER
LOGONSERVER=\\USER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ANTHON~1.USE\LOCALS~1\Temp
TMP=C:\DOCUME~1\ANTHON~1.USE\LOCALS~1\Temp
USERDOMAIN=USER
USERNAME=Anthony
USERPROFILE=C:\Documents and Settings\Anthony.USER
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Anthony.USER
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
GearDrvs --> MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_3_0_24\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help --> MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component --> MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SuppSoft --> MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Technical Support Controls --> MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type246 / Warning
Event Submitted/Written: 04/15/2008 06:50:21 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'
Event Record #/Type245 / Warning
Event Submitted/Written: 04/15/2008 06:50:21 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.
Event Record #/Type232 / Warning
Event Submitted/Written: 04/14/2008 09:44:07 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'
Event Record #/Type231 / Warning
Event Submitted/Written: 04/14/2008 09:44:07 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.
Event Record #/Type218 / Warning
Event Submitted/Written: 04/13/2008 09:17:23 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type8977 / Warning
Event Submitted/Written: 04/08/2008 04:54:53 PM
Event ID/Source: 24832 / WPDClassInstaller
Event Description:
WPD Class Installer: This version of Windows does not support Windows Portable Device drivers, so the drivers were not installed.
Event Record #/Type8976 / Warning
Event Submitted/Written: 04/08/2008 04:54:07 PM
Event ID/Source: 24832 / WPDClassInstaller
Event Description:
WPD Class Installer: This version of Windows does not support Windows Portable Device drivers, so the drivers were not installed.
Event Record #/Type8935 / Warning
Event Submitted/Written: 04/07/2008 05:55:58 PM
Event ID/Source: 24832 / WPDClassInstaller
Event Description:
WPD Class Installer: This version of Windows does not support Windows Portable Device drivers, so the drivers were not installed.
Event Record #/Type8934 / Warning
Event Submitted/Written: 04/07/2008 05:15:05 PM
Event ID/Source: 24832 / WPDClassInstaller
Event Description:
WPD Class Installer: This version of Windows does not support Windows Portable Device drivers, so the drivers were not installed.
Event Record #/Type8907 / Warning
Event Submitted/Written: 04/06/2008 08:36:42 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
-- End of Deckard's System Scanner: finished at 2008-04-15 06:57:49 ------------
The Pc won't let you save favorites,open any kind of pop up, you can not use drop downs(like when you register on the site).
I have uninstalled IMVU once already from both my PC and my sons laptop. Do I need to try again?