Thread: Disappearing e-mails, spam from hell, possible hijacking, and sloooowww
View Single Post
Old 04-24-2008, 08:18 PM   #1 (permalink)
not_again_AGAIN
Registered User
 
Join Date: Apr 2008
Posts: 5
OS: XP


Disappearing e-mails, spam from hell, possible hijacking, and sloooowww
As the title stated, we get some e-mails, and not others. Spam settings have been checked and re-checked, and I have spent too many hours on my ISP's tech line. They can't tell me where the e-mails are being sent, so I suspect a hijacker(?) - an entire years worth of old e-mails has disappeared from Outlook, nowhere to be found (system restore did not help). We get around 200 spam e-mails a day, if we get e-mail at all. The pop-ups are controlled pretty well with just the Google toolbar, but it goes off a lot. Very slow system when online, LAN or hard-wired.

If you know a reliable keystroke logger detector, I'd like to check that if HJT didn't find it already.

Sorry for the long post, just trying to be detailed, and thanks so much in advance. Here's the log:

Deckard's System Scanner v20071014.68
Run by Michelle on 2008-04-24 20:51:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
24: 2008-04-25 01:52:10 UTC - RP858 - Deckard's System Scanner Restore Point
23: 2008-04-21 04:58:04 UTC - RP857 - RegCure Backup
22: 2008-04-21 04:31:18 UTC - RP856 - Installed Windows XP WgaNotify.
21: 2008-04-21 02:19:46 UTC - RP855 - Installed Java(TM) 6 Update 5
20: 2008-04-20 20:09:29 UTC - RP854 - System Checkpoint


-- First Restore Point --
1: 2008-03-24 22:11:21 UTC - RP835 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-24 20:56:05
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\programs\avgserv.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Norton AntiVirus\Navapsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Michelle\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Webshots Photo Search - res://D:\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\messenger\msmsgs.exe
O15 - Trusted Zone: https://www.ad.linksynergy.com (HKCU)
O15 - Trusted Zone: https://www.memolink.com (HKCU)
O16 - DPF: Yahoo! Fleet () - http://download.games.yahoo.com/game.../y/fltt3_x.cab
O16 - DPF: Yahoo! Literati () - http://download.games.yahoo.com/game...ts/y/tt1_x.cab
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/fhg.CAB
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v44...abblecubes.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v46...m/skillgam.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {3334504D-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/mpeg4ax.cab
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/i263_32.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} (SafeWallet Class) - http://idsm.citadelprocessing.com/Sa.../WalletCab.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1142736439765
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} () - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1208753667781
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} () - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/...ad/XUpload.ocx
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{2E82AF94-8028-4DAC-8678-227B0F592B80}: NameServer = 85.255.113.98,85.255.112.20
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{61A80911-836D-49F2-9019-C54C7E742C98}: NameServer = 85.255.113.98,85.255.112.20
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{99466AC3-AE97-4697-B27F-706B6FAF38C3}: NameServer = 85.255.113.98,85.255.112.20
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{AC05DEDB-A2E0-463D-A9EA-67D2226B877C}: NameServer = 85.255.113.98,85.255.112.20
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{B9D823AC-526A-43EF-A1F6-4A03EFEA4220}: NameServer = 85.255.113.98,85.255.112.20
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - D:\programs\avgserv.exe
O23 - Service: DNS Server DNS Server (DNS) - Sublime Solutions Pty Ltd - C:\WINNT\microsoftdrivers\etc\FireDaemon.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Indexing Server indexing Server (indexing) - Sublime Solutions Pty Ltd - C:\WINNT\microsoftdrivers\etc\FireDaemon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
O23 - Service: lxdj_device - Unknown owner - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PSPShuffleIndexer - Unknown owner - D:\Program Files\PSP Shuffle\PSPShuffleIndexer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Login Windows Login (Wlogin) - Sublime Solutions Pty Ltd - C:\WINNT\microsoftdrivers\etc\FireDaemon.exe
O24 - Desktop Component 0: - http://pbskids.org/images/homepage/homepage_bground.gif

--
End of file - 10759 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 STAC97 (Audio Driver (WDM) - SigmaTel CODEC) - c:\windows\system32\drivers\stac97.sys <Not Verified; SigmaTel, Inc.; AC'97 Audio Controller with SigmaTel CODEC device driver.>

S2 DPPSUSB (DPPSUSB.Sys Sony DPP-SV55 USB Digital Photo Printer Driver) - c:\windows\system32\drivers\dppsusb.sys <Not Verified; HMSA; DPP - SV55 USB Driver for Windows 95/98/2000>
S3 FTD2XX (VAGUSB.SYS VAG-COM USB Driver) - c:\windows\system32\drivers\vagusb.sys <Not Verified; FTDI Ltd.; FT8U232AX>
S3 NAVENG - c:\progra~1\common~1\symant~1\virusd~1\20040128.017\naveng.sys (file missing)
S3 NAVEX15 - c:\progra~1\common~1\symant~1\virusd~1\20040128.017\navex15.sys (file missing)
S3 P1171VID (Creative WebCam Notebook #2) - c:\windows\system32\drivers\p1171vid.sys (file missing)
S3 RioS30 (RioS30S driver) - c:\windows\system32\drivers\rios30.sys <Not Verified; SonicBlue Inc.; RioS30.sys>
S3 SYMIDSCO - c:\windows\system32\drivers\symidsco.sys (file missing)
S3 WebSTARXP (Scientific Atlanta WebSTAR 100 & 200 series Cable Modem) - c:\windows\system32\drivers\sacmxp1.sys <Not Verified; Scientific Atlanta; Scientific Atlanta DPX100 USB Cable Modem>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 AvgServ (AVG6 Service) - d:\programs\avgserv.exe <Not Verified; GRISOFT s.r.o; AVG6>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 DNS (DNS Server DNS Server) - c:\winnt\microsoftdrivers\etc\firedaemon.exe -s <Not Verified; Sublime Solutions Pty Ltd; FireDaemon>
S2 indexing (Indexing Server indexing Server) - c:\winnt\microsoftdrivers\etc\firedaemon.exe -s <Not Verified; Sublime Solutions Pty Ltd; FireDaemon>
S2 PSPShuffleIndexer - d:\program files\psp shuffle\pspshuffleindexer.exe -spspshuffleindexer
S2 Wlogin (Windows Login Windows Login) - c:\winnt\microsoftdrivers\etc\firedaemon.exe -s <Not Verified; Sublime Solutions Pty Ltd; FireDaemon>
S3 mcupdmgr.exe (McAfee SecurityCenter Update Manager) - c:\progra~1\mcafee.com\agent\mcupdmgr.exe (file missing)
S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-24 20:56:00 474 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (NAOBI-Earl).job
2008-04-24 20:55:00 476 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (NAOBI-Shlep).job
2008-04-24 20:54:31 482 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (NAOBI-Michelle).job
2008-04-22 19:22:06 444 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-04-20 2115 378 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-04-09 12:42:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-24 and 2008-04-24 -----------------------------

2008-04-20 2108 0 d------c- C:\Program Files\RegCure
2008-04-19 15:56:28 0 d-a----c- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-19 00:42:28 0 d------c- C:\Program Files\Panda Security


-- Find3M Report ---------------------------------------------------------------

2008-04-23 22:51:15 0 d------c- C:\Program Files\Lx_cats
2008-04-20 21:19:35 0 d------c- C:\Program Files\Java
2008-04-11 19:45:44 0 d------c- C:\Documents and Settings\Michelle\Application Data\Adobe
2008-03-14 14:35:22 0 d------c- C:\Program Files\Wal-Mart Music Downloads Store
2008-03-01 13:44:38 0 d------c- C:\Program Files\AIM
2008-03-01 13:03:04 0 d------c- C:\Documents and Settings\Michelle\Application Data\InstallShield


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McRegWiz"="C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe" []
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/13/2007 12:35 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [06/11/2007 06:16 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\NoRecentDocsHistory D_WORD]
@=1

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
backup=C:\WINDOWS\pss\Billminder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel MEDIA FOLDERS INDEXER 8.LNK]
backup=C:\WINDOWS\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerPanel.lnk]
backup=C:\WINDOWS\pss\PowerPanel.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remocon Driver.lnk]
backup=C:\WINDOWS\pss\Remocon Driver.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
backup=C:\WINDOWS\pss\Timer Recording Manager.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_CC]
D:\PROGRAMS\avgcc32.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
C:\DOCUME~1\Michelle\Desktop\misc\ABOUTB~1\PESTPA~1\CookiePatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmsod.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
C:\WINDOWS\System32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fix-It AV]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKSERV.EXE]
C:\Program Files\Sony\HotKey Utility\HKserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"D:\ipod\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdjamon]
"C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdjmon.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MISAggregator]
C:\PROGRA~1\McAfee\MCAFEE~1\MisAgg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
ICO.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFTray]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center]
C:\DOCUME~1\Michelle\Desktop\misc\ABOUTB~1\PESTPA~1\PPControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck]
C:\DOCUME~1\Michelle\Desktop\misc\ABOUTB~1\PESTPA~1\PPMemCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"D:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmaTel StacMon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Nuker]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCardDrv"=3 (0x3)
"ccPwdSvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"ScsiAccess"=2 (0x2)
"NISUM"=2 (0x2)
"ccPxySvc"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d787e7a-91b2-11dc-9464-080046b3d8d2}]




-- End of Deckard's System Scanner: finished at 2008-04-24 20:57:39 ------------



AND HERE'S THE EXTRA TXT:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 1021.48 MiB / 706.18 MiB
Pagefile Memory (total/avail): 2460.38 MiB / 2289.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.36 MiB

C: is Fixed (NTFS) - 13.97 GiB total, 2.94 GiB free.
D: is Fixed (NTFS) - 55.55 GiB total, 49.97 GiB free.
E: is CDROM (CDFS)
F: is Removable (No Media)

\\.\PHYSICALDRIVE0 - IC25N080ATMR04-0 - 74.53 GiB - 3 partitions
\PARTITION0 - Unknown - 5.01 GiB
\PARTITION1 (bootable) - Installable File System - 13.97 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 55.55 GiB - D:

\\.\PHYSICALDRIVE1 - Sony MSC-U03 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: AVG Anti-Virus 6.0.-2037079704 v6.0.-2037079704 (GRISOFT) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Lexmark 1400 Series\\app4r.exe"="C:\\Program Files\\Lexmark 1400 Series\\app4r.exe:*:Enabled:Printing Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"D:\\ipod\\iTunes.exe"="D:\\ipod\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Sony\\giga pocket\\gps.exe"="C:\\Program Files\\Sony\\giga pocket\\gps.exe:*:Disabled:Giga Pocket Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\WINDOWS\\system32\\lxdjcoms.exe"="C:\\WINDOWS\\system32\\lxdjcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Lexmark 1400 Series\\lxdjamon.exe"="C:\\Program Files\\Lexmark 1400 Series\\lxdjamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\\Program Files\\Lexmark 1400 Series\\App4R.exe"="C:\\Program Files\\Lexmark 1400 Series\\App4R.exe:*:Enabled:Printing Application"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe:*:Enabled: "
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe:*:Enabled: "
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe:*:Enabled: "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Michelle\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NAOBI
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Michelle
LOGONSERVER=\\NAOBI
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;D:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Michelle\LOCALS~1\Temp
TMP=C:\DOCUME~1\Michelle\LOCALS~1\Temp
USERDOMAIN=NAOBI
USERNAME=Michelle
USERPROFILE=C:\Documents and Settings\Michelle
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Earl (admin)
Michelle (admin)
Shlep (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{869090AE-88E6-45CE-A2B1-13D24F82CA5B}\setup.exe" /uninst
--> C:\Program Files\Installshield Installation Information\{08082022-2a50-4196-8196-a6f86d6e8f12}\QBReplace.exe {08082022-2a50-4196-8196-a6f86d6e8f12}#{01288593-26bb-4b3a-a04e-0a4ed28cc937}
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\UNINST.EXE -fd:\programs\DeIsL1.isu -cd:\programs\Uninst.dll
--> MsiExec.exe /I{17BB7031-B6D9-4D27-A3A1-B0E672A0972C}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93B80FB1-7A23-11D3-B250-00105A1F4184}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-aware 6 Personal --> D:\PROGRA~1\Lavasoft\AD-AWA~1\AD-AWA~1\UNWISE.EXE D:\PROGRA~1\Lavasoft\AD-AWA~1\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{5B433733-BB31-4B40-BCBA-DDED37626641}
APR V-Tune --> "C:\Program Files\APR\V-Tune\uninstall.exe"
AVG 6.0 Anti-Virus - FREE Edition --> D:\PROGRAMS\setup.exe /UNINSTALL
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Canon CanoScan Toolbox 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}\Setup.exe" -l0x9 anything
CDisplay 1.8 --> "D:\Program Files\CDisplay\unins000.exe"
Corel Uninstaller --> C:\WINDOWS\COREL\UNINST32.EXE
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
EMEA02 --> MsiExec.exe /X{949460AD-3C77-44FD-8D78-BF605EF28114}
Etymonix Media Raider --> C:\WINDOWS\IsUninst.exe -fd:\programs\Uninst.isu
ExtractNow --> "C:\Program Files\ExtractNow\unins000.exe"
FireBurner --> MsiExec.exe /X{850C4C12-57E2-43E4-B66B-B08B120C55F3}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Gravis Xperience 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13599F5D-20A2-449A-BA81-A7D8B98A8DF1}\Setup.exe" -u
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HotKey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\Setup.exe" -l0x9
HP OfficeJet/PSC Scrubber --> C:\WINDOWS\IsUninst.exe -fC:\HPAiOScrubber\Uninst.isu
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes --> MsiExec.exe /I{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 2.82 Full --> "D:\Program Files\K-Lite Codec Pack\unins000.exe"
LAN-Express AS IEEE 802.11 Wireless LAN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}\Setup.exe" -l0x9
Lexmark 1400 Series --> C:\Program Files\Lexmark 1400 Series\Install\x86\Uninst.exe
Lexmark Toolbar --> regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Masterworks --> C:\WINDOWS\iun3402.exe d:\Mma
Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Nero 6 Ultra Edition --> D:\programs\nero\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvsz.inf
OpenMG Limited Patch 4.7-07-14-05-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
OTOY --> RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,_RemoveGroove@16
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerPanel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCB53CB5-E82D-4F5E-BFE2-CBB200E19BEF}\Setup.exe" -l0x9
PSP Shuffle --> "D:\Program Files\PSP Shuffle\unins000.exe"
QuickBooks Pro Edition 2004 --> C:\Program Files\Installshield Installation Information\{2b02f822-a9b9-458c-80e5-3ea8c0de8471}\QBReplace.exe {2b02f822-a9b9-458c-80e5-3ea8c0de8471}#{2B02F82E-A9B9-458C-80E5-3EA8C0DE8471}
Quicken 2003 New User Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F61F2821-694C-475F-99AB-6AF2EFDF40FD} anything
QuickSFV (Remove only) --> D:\Program Files\QuickSFV\QSFVUNST.EXE D:\Program Files\QuickSFV\
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Reader Rabbit's Toddler --> C:\WINDOWS\IsUninst.exe -fd:\Uninst\DeIsL1.isu
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
Registrar Lite 2.00 --> "C:\Program Files\Registrar Lite\unwise.exe" C:\PROGRA~1\REGIST~1\INSTALL.LOG
RTC Client API v1.2 --> MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Scientific Atlanta WebSTAR 100 & 200 series Cable Modem --> UNDPX.EXE
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
SoftK56 Data Fax --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1039&DEV_7013&SUBSYS_814E104D\HXFSETUP.EXE -U -IVEN_1039&DEV_7013&SUBSYS_814E104D
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony DPP-SV55 --> C:\WINDOWS\ISUNINST.EXE -fd:\programs\Uninst.isu -cd:\programs\PROGRAM\uninst.dll
Sony Notebook Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{936FADC9-C609-471A-B6F2-A33E2E660D1A}\Setup.exe" -l0x9
Sony USB Mouse --> PMUninst.exe MouseSuite98
Sony Utilities DLL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\Setup.exe" -l0x9
Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
SpywareBlaster 4.0 --> "D:\Program Files\SpywareBlaster\unins000.exe"
USB-IR Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}\setup.exe" -l0x9
VAIO BrightColor Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}\setup.exe" -l0x9
VAIO Media Redistribution 2.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\setup.exe" -l0x9 UNINSTALL
VAIO Registration --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO Remote Commander Utility 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4570E5E0-62A2-48BD-87F3-EB7232EC4558}\Setup.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Wal-Mart Music Downloads Store --> MsiExec.exe /I{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}
Windows Defender --> MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World Book 2003 (Deluxe) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869090AE-88E6-45CE-A2B1-13D24F82CA5B}\setup.exe" -uninst
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type1442 / Error
Event Submitted/Written: 04/23/2008 07:40:28 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Event Record #/Type1439 / Error
Event Submitted/Written: 04/23/2008 07:40:27 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Event Record #/Type1438 / Error
Event Submitted/Written: 04/23/2008 07:40:27 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Event Record #/Type1435 / Error
Event Submitted/Written: 04/23/2008 07:40:15 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Event Record #/Type1434 / Error
Event Submitted/Written: 04/22/2008 09:40:11 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5575 / Warning
Event Submitted/Written: 04/24/2008 07:30:49 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00028AC1F889. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type5570 / Warning
Event Submitted/Written: 04/24/2008 07:30:26 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00028AC1F889. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type5566 / Warning
Event Submitted/Written: 04/23/2008 09:08:28 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00028AC1F889. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type5556 / Warning
Event Submitted/Written: 04/23/2008 03:29:25 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00028AC1F889. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type5553 / Warning
Event Submitted/Written: 04/23/2008 03:24:08 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00028AC1F889. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-04-24 20:57:39 ------------
not_again_AGAIN is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here