DDS log here:
Hi there, I hope this helps:
Deckard's System Scanner v20071014.68
Run by security on 2008-06-20 12:53:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
78: 2008-06-20 16:53:31 UTC - RP549 - Deckard's System Scanner Restore Point
77: 2008-06-19 18:02:01 UTC - RP548 - ComboFix created restore point
76: 2008-06-19 15:56:43 UTC - RP547 - System Checkpoint
75: 2008-06-18 14:23:58 UTC - RP546 - System Checkpoint
74: 2008-06-16 23:01:58 UTC - RP545 - Installed Java(TM) 6 Update 6
-- First Restore Point --
1: 2008-06-03 01:22:46 UTC - RP472 - Software Distribution Service 3.0
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 511 MiB (512 MiB recommended).
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-20 12:54:40
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\Program Files\McAfee.com\Agent\McTskshd.exe
C:\Program Files\McAfee.com\VSO\mcvsrte.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\McAfee.com\VSO\McShield.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\Dell\AccessDirect\DadApp.exe
C:\WINDOWS\SYSTEM32\DSentry.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\Documents and Settings\security\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://hispeed.rogers.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Rogers Hi-Speed Internet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DadApp] "C:\Program Files\Dell\AccessDirect\dadapp.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\McAfee.com\VSO\McShield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - C:\Program Files\McAfee.com\VSO\mcvsrte.exe
--
End of file - 6564 bytes
-- File Associations -----------------------------------------------------------
.js - unable to read key
.js - unable to read key
.txt - unable to read key
.txt - unable to read key
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S2 BASFND - c:\windows\system32\drivers\basfnd.sys (file missing)
S3 FreshIO - c:\program files\freshdevices\freshdiagnose\freshio.sys
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-06-19 20:11:01 416 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (OM-Eileen).job
2007-09-16 16:39:09 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-05-14 18:01:05 292 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
-- Files created between 2008-05-20 and 2008-06-20 -----------------------------
2008-06-20 12:52:09 0 d-------- C:\Documents and Settings\security\Application Data\Yahoo!
2008-06-20 12:46:53 0 d-------- C:\Documents and Settings\security\Application Data\Mozilla
2008-06-17 15:57:36 0 d-------- C:\Documents and Settings\Eileen\Application Data\Malwarebytes
2008-06-17 15:57:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 15:57:28 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 11:07:04 0 d-------- C:\Documents and Settings\security\Application Data\GTek
2008-06-17 11:04:20 0 d--h----- C:\Documents and Settings\security\NetHood
2008-06-17 11:04:20 0 dr------- C:\Documents and Settings\security\My Documents
2008-06-17 11:04:20 0 d--h----- C:\Documents and Settings\security\Local Settings
2008-06-17 11:04:20 0 dr------- C:\Documents and Settings\security\Favorites
2008-06-17 11:04:20 0 d-------- C:\Documents and Settings\security\Desktop
2008-06-17 11:04:20 0 d---s---- C:\Documents and Settings\security\Cookies
2008-06-17 11:04:20 0 dr-h----- C:\Documents and Settings\security\Application Data
2008-06-17 11:04:20 0 d-------- C:\Documents and Settings\security\Application Data\Sun
2008-06-17 11:04:20 0 d-------- C:\Documents and Settings\security\Application Data\Sonic
2008-06-17 11:04:20 0 d-------- C:\Documents and Settings\security\Application Data\Identities
2008-06-17 11:04:19 0 d--h----- C:\Documents and Settings\security\Templates
2008-06-17 11:04:19 0 dr------- C:\Documents and Settings\security\Start Menu
2008-06-17 11:04:19 0 dr-h----- C:\Documents and Settings\security\SendTo
2008-06-17 11:04:19 0 dr-h----- C:\Documents and Settings\security\Recent
2008-06-17 11:04:19 0 d--h----- C:\Documents and Settings\security\PrintHood
2008-06-17 11:04:19 786432 --ah----- C:\Documents and Settings\security\NTUSER.DAT
2008-06-16 19:02:06 0 d-------- C:\Program Files\Common Files\Java
2008-06-14 11:30:54 68096 --a------ C:\WINDOWS\zip.exe
2008-06-14 11:30:54 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-14 11:30:54 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-14 11:30:54 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-14 11:30:54 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-14 11:30:54 98816 --a------ C:\WINDOWS\sed.exe
2008-06-14 11:30:54 80412 --a------ C:\WINDOWS\grep.exe
2008-06-14 11:30:54 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-09 19:19:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-06-05 22:27:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-05 22:27:08 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-05 14:07:51 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-06-04 09:19:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-04 09:16:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-03 21:02:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-03 01:22:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-03 01:22:37 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-03 01:22:37 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-03 01:22:37 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-03 01:22:37 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-03 01:22:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-06-03 01:22:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-06-03 01:22:37 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-03 01:22:36 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-03 01:22:36 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-03 01:22:36 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-03 01:22:36 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-03 01:22:36 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-03 01:22:36 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-03 01:22:36 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-03 01:22:36 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-03 01:22:35 2097152 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-02 21:09:56 0 d-------- C:\Temp
-- Find3M Report ---------------------------------------------------------------
2008-06-19 16:50:02 0 d-------- C:\Program Files\OpenOffice.org1.1.0
2008-06-16 19:03:01 0 d-------- C:\Program Files\Java
2008-06-16 19:02:06 0 d-------- C:\Program Files\Common Files
2008-05-27 09:55:25 0 d-------- C:\Program Files\Macromedia
2008-05-18 16:17:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-18 16:14:34 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-02 08:31:32 1014220 --a------ C:\Program Files\jackiepic.JPG
2008-03-31 20:37:22 16758784 --a------ C:\Program Files\gimp-2.4.5-i686-setup.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/19/2005 08:59 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [05/13/2004 07:23 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [05/14/2004 09:35 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/06/2003 03:04 AM]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [02/13/2003 03:01 AM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [12/12/2003 04:22 PM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [03/15/2004 08:40 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 06:29 PM]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 12:05 PM]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [08/08/2003 06:02 PM]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [08/17/2003 09:50 PM]
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [11/01/2002 06:47 PM]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [08/13/2003 12:27 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [04/25/2008 04:37 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [11/13/2007 05:46 PM]
C:\Documents and Settings\security\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 11:00:00 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 11:00:00 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BCMSMMSG"=BCMSMMSG.exe
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
*Newly Created Service* - DSPROCT
-- End of Deckard's System Scanner: finished at 2008-06-20 12:55:58 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Celeron(R) CPU 2.40GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 510.33 MiB / 242.13 MiB
Pagefile Memory (total/avail): 1244.04 MiB / 948.51 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.95 MiB
C: is Fixed (NTFS) - 27.9 GiB total, 14.23 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - IC25N030ATMR04-0 - 27.95 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 27.9 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
AUState says computer is ready and waiting.
Windows Internal Firewall is enabled.
AntiVirusDisableNotify is set.
AV: McAfee VirusScan v (McAfee)
Outdated
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled
xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*
isabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*
isabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled
xpsp2res.dll,-22019"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\security\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\security
LOGONSERVER=\\OM
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\security\LOCALS~1\Temp
TMP=C:\DOCUME~1\security\LOCALS~1\Temp
USERDOMAIN=OM
USERNAME=security
USERPROFILE=C:\Documents and Settings\security
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Eileen
(admin)
Andre
(admin)
security
(admin)
Administrator
(admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AccessDirect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{417B79C9-CDB4-477F-952D-840CEFC57A6C}\setup.exe" -l0x9
ACDSee for PENTAX 2.0 --> MsiExec.exe /I{D8320DD6-FE47-41DE-B116-4158B7AE3F37}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Apple Software Update --> MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
Avery DesignPro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\setup.exe" -uninst
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet
Canon i350 --> C:\WINDOWS\System32\CNMCP53.exe "-PRINTERNAMECanon i350" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i350 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i350 Installer\Inst2\cnmi0409.dll"
Corel Applications --> C:\WINDOWS\Corel\Uninstal.exe
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Enter the Internet Registry --> "C:\Program Files\Enter the Internet Registry\uninstall.exe"
FreshDiagnose --> "C:\Program Files\FreshDevices\FreshDiagnose\unins000.exe"
GIMP 2.4.5 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
HijackThis 2.0.2 --> "C:\Documents and Settings\Eileen\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Macromedia Dreamweaver 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABDA9912-5D00-11D4-BAE7-9367CA097955}\Setup.exe" mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" mmUninstall
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee VirusScan --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=1 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard 2004 --> MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Motorola Driver Installation 3.4.0 --> MsiExec.exe /I{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NetAlyzer 0.3 --> "C:\Program Files\PepiMK Software\NetAlyzer\unins000.exe"
OpenOffice.org 2.3 --> MsiExec.exe /I{54C93A8C-A15A-4439-BE64-2342202D4FF0}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RunAlyzer --> "C:\Program Files\Spybot - Search & Destroy\RunAlyzer\unins000.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
SigmaTel MSCN Audio Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}\setup.exe" -l0x9 -remove
SmartFTP --> MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update Manager (remove only) --> "C:\Program Files\Rogers\Update Manager\uninst.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WordPerfect Office 11 --> MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type4878 / Warning
Event Submitted/Written: 06/20/2008 00:46:38 PM
Event ID/Source: 5028 / McLogEvent
Event Description:
VirusScan McShield service received an invalid filename from the NaiFiltr device driver.
Received name = \GLOBAL??\TFSWIFS
Process = tfswctrl.exe
Event Record #/Type4865 / Warning
Event Submitted/Written: 06/19/2008 02:06:42 PM
Event ID/Source: 5028 / McLogEvent
Event Description:
VirusScan McShield service received an invalid filename from the NaiFiltr device driver.
Received name = \GLOBAL??\TFSWIFS
Process = tfswctrl.exe
Event Record #/Type4856 / Warning
Event Submitted/Written: 06/19/2008 10:08:13 AM
Event ID/Source: 5028 / McLogEvent
Event Description:
VirusScan McShield service received an invalid filename from the NaiFiltr device driver.
Received name = \Cdfs
Process = System
Event Record #/Type4855 / Warning
Event Submitted/Written: 06/19/2008 10:08:13 AM
Event ID/Source: 5028 / McLogEvent
Event Description:
VirusScan McShield service received an invalid filename from the NaiFiltr device driver.
Received name = \GLOBAL??\TFSWIFS
Process = System
Event Record #/Type4854 / Warning
Event Submitted/Written: 06/19/2008 10:08:08 AM
Event ID/Source: 5028 / McLogEvent
Event Description:
VirusScan McShield service received an invalid filename from the NaiFiltr device driver.
Received name = \TfsCd
Process = System
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type76737 / Warning
Event Submitted/Written: 06/20/2008 00:52:15 PM
Event ID/Source: 4 / bcm4sbxp
Event Description:
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.
Event Record #/Type76723 / Warning
Event Submitted/Written: 06/19/2008 08:16:07 PM
Event ID/Source: 4 / bcm4sbxp
Event Description:
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.
Event Record #/Type76706 / Error
Event Submitted/Written: 06/19/2008 08:10:54 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The BASFND service failed to start due to the following error:
%%2
Event Record #/Type76702 / Error
Event Submitted/Written: 06/19/2008 08:09:49 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type76697 / Error
Event Submitted/Written: 06/19/2008 08:08:48 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
-- End of Deckard's System Scanner: finished at 2008-06-20 12:55:58 ------------
