Tech Support Forum - View Single Post

WATKIJ · 07-28-2008, 05:10 PM

Cant Open Task Manager, Regedit Being Used By Another Program, Pc Runs Slow, Most Of The Time, Blank Task Bar.
Os Is Xp Home.

HIGHJACK THIS LOG.

Deckard's System Scanner v20071014.68
Run by JW126684 on 2008-07-28 17:12:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
14: 2008-07-28 22:12:37 UTC - RP14 - Deckard's System Scanner Restore Point
13: 2008-07-28 15:27:38 UTC - RP13 - Software Distribution Service 3.0
12: 2008-07-27 17:08:50 UTC - RP12 - Software Distribution Service 3.0
11: 2008-07-25 18:46:37 UTC - RP11 - Software Distribution Service 3.0
10: 2008-07-25 18:08:37 UTC - RP10 - Configured Microsoft Office Home and Student 2007

-- First Restore Point --
1: 2008-07-20 22:47:24 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).

-- HijackThis (run as JW126684.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:22 PM, on 07/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\JW126684\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\sistray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Sprint TotalAccess\TaskPanl.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\AVG8\DSS.EXE\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JW126684.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Sprint TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - ~00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\SYSTEM\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\SPRINT TOTALACCESS\TOOLBAR\ESCAMBLK.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: ElnkPubBHO Class - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\SPRINT TOTALACCESS\TOOLBAR\ELNKPUB.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Sprint TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\yaywvtt.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ElnkProtectionBHO Class - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\SPRINT TOTALACCESS\TOOLBAR\PROTCTIE.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: ElnkLegacyUninstBHO Class - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\SPRINT TOTALACCESS\TOOLBAR\UNINSTTB.DLL
O2 - BHO: UCSBrowserHelper Class - {F1D49A84-8656-43ce-AE3D-AABC1A12243E} - C:\WINDOWS\SYSTEM32\BHOUCS.DLL
O2 - BHO: (no name) - {FE5F7812-5EF2-471E-873C-33590F90664F} - C:\WINDOWS\system32\pmklk.dll (file missing)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\SPRINT TOTALACCESS\TOOLBAR\TOOLBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\JW126684\svchost.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZJxdm088YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\SPRINT TOTALACCESS\TOOLBAR\SEARCHUI.DLL/search.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Netnews - {A76AE828-7475-4F38-BCA9-278F3676E3DD} - news:worldnet.help.new-users (file missing) (HKCU)
O16 - DPF: Win32 Classes -
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {40D230B5-7444-441A-9852-F71FB050FA8E} (MozillaPluginHostCtrl Class) - https://www.t-mobilepictures.com/pho...iplugin_ie.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...37/mcfscan.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: yaywvtt - yaywvtt.dll (file missing)
O24 - Desktop Component 0: (no name) - http://us.f1.yahoofs.com/users/8f490...NyspBBbASk4o.P

--
End of file - 9640 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,-153
.com - comfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,2
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,23
.hlp - hlpfile - shell\open\command - winhelp.exe %1
.ini - inifile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,-151
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.txt - txtfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,-152

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 aslm75 - c:\windows\system32\drivers\aslm75.sys
R3 NeroCd2k - c:\windows\system32\drivers\nerocd2k.sys <Not Verified; ahead software gmbh
im stoeckmaedle 6
76307 karlsbad, germany
Fax: ++49-7248-911-888
e-mail: info@nero.com; Nero Burning Rom>

S3 BW2NDIS5 - c:\windows\system32\drivers\bw2ndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 EarthLinkMonitor (EarthLink Monitor Service) - "c:\sprint totalaccess\wengine\wmonitor.exe" <Not Verified; Boingo Wireless, Inc.; >

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-07-28 16:44:04 358 --a------ C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job
2008-06-13 17:52:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-02-19 22:33:22 462 --a------ C:\WINDOWS\Tasks\Maintenance-Disk cleanup.job
2007-02-19 22:33:22 428 --a------ C:\WINDOWS\Tasks\Maintenance-Defragment programs.job

-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

2008-07-28 17:14:48 0 d-------- C:\Program Files\Trend Micro
2008-07-28 13:36:00 0 d-------- C:\Program Files\Panda Security
2008-07-28 10:27:45 0 d-------- C:\WINDOWS\LastGood
2008-07-26 20:09:54 0 d--hs---- C:\FOUND.003
2008-07-19 23:29:03 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-19 15:43:41 0 d-------- C:\Documents and Settings\JW126684\Application Data\PCHealth
2008-07-14 10:22:10 0 d--hs---- C:\FOUND.002
2008-07-13 19:20:38 0 d--hs---- C:\FOUND.001
2008-07-13 18:50:34 0 d--hs---- C:\FOUND.000
2008-07-13 15:16:05 0 d-------- C:\Documents and Settings\JW126684\DoctorWeb
2008-07-13 00:05:16 0 d-------- C:\Documents and Settings\JW126684\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-12 23:25:29 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-12 23:22:02 0 d-------- C:\Documents and Settings\JW126684\My Documents
2008-07-12 20:28:51 0 d-------- C:\WINDOWS\McAfee.com
2008-07-12 16:57:02 0 d-------- C:\dee8a9c576a4b2aed14af641743ff4
2008-07-09 23:25:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-04 22:15:42 0 d-------- C:\Documents and Settings\Ms Watkins\Application Data\AVGTOOLBAR
2008-07-04 22:13:40 0 d--hs---- C:\Documents and Settings\Ms Watkins\!
2008-06-29 23:11:00 0 d-------- C:\Program Files\Starware381
2008-06-29 23:11:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Starware381
2008-06-28 10:56:37 0 d-------- C:\Documents and Settings\SHEA\Application Data\AVGTOOLBAR
2008-06-28 10:54:38 0 d--hs---- C:\Documents and Settings\SHEA\!

-- Find3M Report ---------------------------------------------------------------

2008-07-07 00:24:08 28160 --a------ C:\Documents and Settings\JW126684\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-06-25 15:08:34 88160 --a------ C:\Documents and Settings\JW126684\Application Data\GDIPFONTCACHEV1.DAT
2008-06-25 14:30:24 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-24 19:36:30 1 --a------ C:\WINDOWS\~sisRslt
2008-06-24 19:36:16 0 d-------- C:\Program Files\SiS VGA Utilities V3.65
2008-06-24 17:34:14 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-23 16:36:04 359 --a------ C:\945.bat
2008-06-23 16:36:02 2270208 --a------ C:\winlogon.exe
2008-06-23 16:35:46 16464 --a------ C:\csrss.exe
2008-06-23 16:35:04 24580 --a------ C:\svchost.exe
2008-06-23 16:34:40 0 --a------ C:\WINDOWS\system32\taskkill.exe
2008-06-23 11:31:26 0 d-------- C:\Documents and Settings\JW126684\Application Data\AVGTOOLBAR
2008-06-23 11:31:22 0 d-------- C:\Program Files\AVG
2008-06-21 18

40 0 d-------- C:\Program Files\Lost Worlds
2008-06-05 16:09:02 0 d-------- C:\Program Files\Common Files\Apple
2008-06-05 16:08:56 0 d-------- C:\Program Files\Hasbro Interactive
2008-06-05 16:08:48 0 d-------- C:\Program Files\Apple Software Update
2008-06-05 14:30:16 0 d-------- C:\Program Files\Apple Software Update(2)

-- Registry Dump ---------------------------------------------------------------

Unable to run batchfile; The process cannot access the file because it is being used by another process.
ComSpec: C:\WINDOWS\system32\cmd.exe

-- End of Deckard's System Scanner: finished at 2008-07-28 17:15:52 ------------

Deckard's System Scanner v20071014.68
Run by JW126684 on 2008-07-28 17:12:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
14: 2008-07-28 22:12:37 UTC - RP14 - Deckard's System Scanner Restore Point
13: 2008-07-28 15:27:38 UTC - RP13 - Software Distribution Service 3.0
12: 2008-07-27 17:08:50 UTC - RP12 - Software Distribution Service 3.0
11: 2008-07-25 18:46:37 UTC - RP11 - Software Distribution Service 3.0
10: 2008-07-25 18:08:37 UTC - RP10 - Configured Microsoft Office Home and Student 2007

-- First Restore Point --
1: 2008-07-20 22:47:24 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).

-- HijackThis (run as JW126684.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:22 PM, on 07/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\JW126684\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\sistray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Sprint TotalAccess\TaskPanl.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\AVG8\DSS.EXE\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JW126684.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Sprint TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - ~00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\SYSTEM\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\SPRINT TOTALACCESS\TOOLBAR\ESCAMBLK.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: ElnkPubBHO Class - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\SPRINT TOTALACCESS\TOOLBAR\ELNKPUB.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Sprint TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\yaywvtt.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ElnkProtectionBHO Class - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\SPRINT TOTALACCESS\TOOLBAR\PROTCTIE.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: ElnkLegacyUninstBHO Class - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\SPRINT TOTALACCESS\TOOLBAR\UNINSTTB.DLL
O2 - BHO: UCSBrowserHelper Class - {F1D49A84-8656-43ce-AE3D-AABC1A12243E} - C:\WINDOWS\SYSTEM32\BHOUCS.DLL
O2 - BHO: (no name) - {FE5F7812-5EF2-471E-873C-33590F90664F} - C:\WINDOWS\system32\pmklk.dll (file missing)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\SPRINT TOTALACCESS\TOOLBAR\TOOLBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\JW126684\svchost.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZJxdm088YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\SPRINT TOTALACCESS\TOOLBAR\SEARCHUI.DLL/search.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Netnews - {A76AE828-7475-4F38-BCA9-278F3676E3DD} - news:worldnet.help.new-users (file missing) (HKCU)
O16 - DPF: Win32 Classes -
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {40D230B5-7444-441A-9852-F71FB050FA8E} (MozillaPluginHostCtrl Class) - https://www.t-mobilepictures.com/pho...iplugin_ie.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...37/mcfscan.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: yaywvtt - yaywvtt.dll (file missing)
O24 - Desktop Component 0: (no name) - http://us.f1.yahoofs.com/users/8f490...NyspBBbASk4o.P

--
End of file - 9640 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,-153
.com - comfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,2
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,23
.hlp - hlpfile - shell\open\command - winhelp.exe %1
.ini - inifile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,-151
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.txt - txtfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,-152

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 aslm75 - c:\windows\system32\drivers\aslm75.sys
R3 NeroCd2k - c:\windows\system32\drivers\nerocd2k.sys <Not Verified; ahead software gmbh
im stoeckmaedle 6
76307 karlsbad, germany
Fax: ++49-7248-911-888
e-mail: info@nero.com; Nero Burning Rom>

S3 BW2NDIS5 - c:\windows\system32\drivers\bw2ndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 EarthLinkMonitor (EarthLink Monitor Service) - "c:\sprint totalaccess\wengine\wmonitor.exe" <Not Verified; Boingo Wireless, Inc.; >

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-07-28 16:44:04 358 --a------ C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job
2008-06-13 17:52:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-02-19 22:33:22 462 --a------ C:\WINDOWS\Tasks\Maintenance-Disk cleanup.job
2007-02-19 22:33:22 428 --a------ C:\WINDOWS\Tasks\Maintenance-Defragment programs.job

-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

2008-07-28 17:14:48 0 d-------- C:\Program Files\Trend Micro
2008-07-28 13:36:00 0 d-------- C:\Program Files\Panda Security
2008-07-28 10:27:45 0 d-------- C:\WINDOWS\LastGood
2008-07-26 20:09:54 0 d--hs---- C:\FOUND.003
2008-07-19 23:29:03 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-19 15:43:41 0 d-------- C:\Documents and Settings\JW126684\Application Data\PCHealth
2008-07-14 10:22:10 0 d--hs---- C:\FOUND.002
2008-07-13 19:20:38 0 d--hs---- C:\FOUND.001
2008-07-13 18:50:34 0 d--hs---- C:\FOUND.000
2008-07-13 15:16:05 0 d-------- C:\Documents and Settings\JW126684\DoctorWeb
2008-07-13 00:05:16 0 d-------- C:\Documents and Settings\JW126684\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-12 23:25:29 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-12 23:22:02 0 d-------- C:\Documents and Settings\JW126684\My Documents
2008-07-12 20:28:51 0 d-------- C:\WINDOWS\McAfee.com
2008-07-12 16:57:02 0 d-------- C:\dee8a9c576a4b2aed14af641743ff4
2008-07-09 23:25:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-04 22:15:42 0 d-------- C:\Documents and Settings\Ms Watkins\Application Data\AVGTOOLBAR
2008-07-04 22:13:40 0 d--hs---- C:\Documents and Settings\Ms Watkins\!
2008-06-29 23:11:00 0 d-------- C:\Program Files\Starware381
2008-06-29 23:11:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Starware381
2008-06-28 10:56:37 0 d-------- C:\Documents and Settings\SHEA\Application Data\AVGTOOLBAR
2008-06-28 10:54:38 0 d--hs---- C:\Documents and Settings\SHEA\!

-- Find3M Report ---------------------------------------------------------------

2008-07-07 00:24:08 28160 --a------ C:\Documents and Settings\JW126684\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-06-25 15:08:34 88160 --a------ C:\Documents and Settings\JW126684\Application Data\GDIPFONTCACHEV1.DAT
2008-06-25 14:30:24 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-24 19:36:30 1 --a------ C:\WINDOWS\~sisRslt
2008-06-24 19:36:16 0 d-------- C:\Program Files\SiS VGA Utilities V3.65
2008-06-24 17:34:14 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-23 16:36:04 359 --a------ C:\945.bat
2008-06-23 16:36:02 2270208 --a------ C:\winlogon.exe
2008-06-23 16:35:46 16464 --a------ C:\csrss.exe
2008-06-23 16:35:04 24580 --a------ C:\svchost.exe
2008-06-23 16:34:40 0 --a------ C:\WINDOWS\system32\taskkill.exe
2008-06-23 11:31:26 0 d-------- C:\Documents and Settings\JW126684\Application Data\AVGTOOLBAR
2008-06-23 11:31:22 0 d-------- C:\Program Files\AVG
2008-06-21 18

40 0 d-------- C:\Program Files\Lost Worlds
2008-06-05 16:09:02 0 d-------- C:\Program Files\Common Files\Apple
2008-06-05 16:08:56 0 d-------- C:\Program Files\Hasbro Interactive
2008-06-05 16:08:48 0 d-------- C:\Program Files\Apple Software Update
2008-06-05 14:30:16 0 d-------- C:\Program Files\Apple Software Update(2)

-- Registry Dump ---------------------------------------------------------------

Unable to run batchfile; The process cannot access the file because it is being used by another process.
ComSpec: C:\WINDOWS\system32\cmd.exe

-- End of Deckard's System Scanner: finished at 2008-07-28 17:15:52 ------------

EXTRA TEXT

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) CPU 2.93GHz
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 447.3 MiB / 125.7 MiB
Pagefile Memory (total/avail): 1106.45 MiB / 720.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.65 MiB

C: is Fixed (FAT32) - 76.31 GiB total, 59.88 GiB free.
D: is Fixed (FAT32) - 2.38 GiB total, 0.53 GiB free.
E: is CDROM (No Media)
G: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y080P0 - 76.33 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 76.33 GiB - C:

\\.\PHYSICALDRIVE1 - QUANTUM FIREBALL EL2.5A - 2.39 GiB - 1 partition
\PARTITION0 - Unknown - 2.39 GiB - D:

\\.\PHYSICALDRIVE2 - EPSON Stylus Storage USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Sprint TotalAccess\\TaskPanl.exe"="C:\\Sprint TotalAccess\\TaskPanl.exe:*:Enabled:TaskPanl"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\TEMP\\SP-P660ME_SZ2_utility[1]\\Upgrade.exe"="C:\\WINDOWS\\TEMP\\SP-P660ME_SZ2_utility[1]\\Upgrade.exe:*:Enabled:Upgrade"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Disabled:MySpace Instant Messenger"
"C:\\Program Files\\LimeWire\\Kieffer's Limewire\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\Kieffer's Limewire\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime Essentials"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\StubInstaller.exe"="D:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"

-- Environment Variables -------------------------------------------------------

Unable to get environment variables; The process cannot access the file because it is being used by another process.
ComSpec: C:\WINDOWS\system32\cmd.exe

-- User Profiles ---------------------------------------------------------------

JW126684 (admin)
DO (admin)
EVERETT (admin)
VICTORIA (admin)
KIEFFER (admin)
Ms Watkins (admin)
SHEA (admin)
Guest (guest)

-- Add/Remove Programs ---------------------------------------------------------

Books That Work DECK version 3.0 --> D:\DECK\3ddeck3\uninstal.exe D:\DECK\3ddeck3\install.log
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
--> "C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\ADOBE\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\ADOBE\SHOCKW~1\INSTALL.LOG
Announcements 5.0 --> C:\WINDOWS\dann5032.exe D:\ANNOUCEMENTS95\INSTALL.LOG
ASUS Probe V2.24.03 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Asus Probe\DeIsL2.isu" -c"C:\Program Files\ASUS\Asus Probe\probunis.dll"
AsusUpdate --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\AsusUpdate\Uninst.isu"
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Browser Mouse Browser Mouse 1.0 --> D:\PS2MOUSE\unins000.EXE
Acrobat.com --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
EarthLink LiteScanner --> C:\WINDOWS\SYSTEM32\UNWISE.EXE C:\WINDOWS\SYSTEM\INSTALL.LOG
EarthLink Software --> "C:\Sprint TotalAccess\uninstll.exe" /W
ENSONIQ AudioPCI --> C:\WINDOWS\uninst.exe -fd:\CREATIVE\DeIsL1.isu
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON USB Printer Devices --> epusbun.exe
Greetings Workshop --> D:\GREETING WORKSHOP\SETUP\setup.exe
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
HSP56 Modem Drivers --> ptuninst.exe
Finding Nemo: Nemo's Underwater World of Fun Special Edition --> C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\DRIVER\7\INTEL 32\IDRIVER.EXE /M{77FCC1D4-E78E-46A4-80A6-7F456FA9AC90} NemoUWF2Uninstall
Kiplinger TaxCut 1999 --> D:\TAXCUT99\removetc.exe
Lexmark Z22-Z32 Series --> LXAEDEL.EXE
Madeline 1st Grade Reading --> C:\CWONDERS\MREAD1\CWRUN.EXE Madeline1stGradeReading UninstallExe
Madeline 2nd Grade Reading --> C:\CWONDERS\MREAD2\CWRUN.EXE Madeline2ndGradeReading UninstallExe
--> C:\WINDOWS\unmrw.exe /UNINSTALL
Microsoft Publisher for Windows 95 --> D:\PROGRAM FILES\MICROSOFT PUBLISHER\Setup\Setup.exe /m
My Amazing Human Body --> C:\WINDOWS\UNINST.EXE -r"DK Multimedia\My Amazing Human Body\1.00.0182" -n"My Amazing Human Body" -fd:\DKMULT~1\MYAMAZ~1\DEISL3.ISU -cd:\DKMULT~1\MYAMAZ~1\UNINST.DLL
My First Amazing Science Explorer --> C:\WINDOWS\UNINST.EXE -r"DK Multimedia\My First Amazing Science Explorer\1.0.0018" -n"My First Amazing Science Explorer" -fd:\DKMULT~1\DEISL3.ISU -cd:\DKMULT~1\UNINST.DLL
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Operation --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Hasbro Interactive\Operation\DeIsL1.isu"
Microsoft Outlook 97 --> C:\Program Files\Microsoft Office\Office\Setup\AcmeOtlk.exe /w Outlook.stf
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
PlayMP3z --> C:\Program Files\PlayMP3z\uninstall.exe
Quicken 2001 Deluxe --> C:\WINDOWS\IsUninst.exe -fC:\QUICKENW\Uninst.isu
QuickTime for Windows (32-bit) --> C:\WINDOWS\QTW32DEL.EXE
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Creative Sound Blaster PCI Audio Drivers --> C:\AUDIOPCI\sbsetup.exe -u
Sierra Photo Home Interiors --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\PhotoHI\Uninst.isu
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem5.inf
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\WINDOWS\SiS\900\Uninst.exe
--> C:\PROGRA~1\SPRINT~1\Uninstall.exe Sprint
Virtual Assistant --> C:\WINDOWS\Motive\Sprint\MCCUninst.exe
Spy Sweeper --> C:\WINDOWS\unSpySweeper.exe
TaxCut 2001 --> D:\TAXCUT01\removetc.exe
TaxCut 2002 --> D:\TaxCut02\Program\removetc.exe
TaxCut Deluxe 2005 --> D:\TAXCUTO5\Program\removetc.exe
Acronis*True*Image --> D:\Acronis\TrueImage\MediaBuilder.exe -uninstall
UnInstaller 4 --> D:\UNINSTALLER4\RemUni32.exe D:\UNINSTALLER4
USA Explorer --> C:\WINDOWS\UNINST.EXE -r"DK Interactive Learning\USA Explorer\1.0.01" -n"USA Explorer" -fd:\SUMMER03\EVERETT\DEISL1.ISU -cd:\SUMMER03\EVERETT\UNINST.DLL
V3935 Digital Camera Driver --> C:\PROGRA~1\V3935D~1\UNWISE.EXE C:\PROGRA~1\V3935D~1\INSTALL.LOG
V3935 User's Manual --> C:\PROGRA~1\V3935C~1\UNWISE.EXE C:\PROGRA~1\V3935C~1\INSTALL.LOG
Video Add-on --> C:\Program Files\Video Add-on\uninst.exe
Visioneer 6100b Scanner Driver --> C:\WINDOWS\TWAIN_32\PAPRPORT\6100B\UNWISE.EXE C:\WINDOWS\TWAIN_32\PAPRPORT\6100B\INSTALL.LOG
Visioneer PaperPort 6.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Visioneer\PaperPort\Config\DeIsL1.isu" -y -cD:\Visioneer\PaperPort\UnInstl2.dll
Where in the World Is Carmen Sandiego? Treasures of Knowledge --> d:\summer03\everett\uninstall.exe
Windows Media Format 11 runtime --> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11 --> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
winvi (remove only) --> "C:\Program Files\winvi\uninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11 --> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
World Explorer 2.0 --> C:\WINDOWS\UNINST.EXE -r"DK Multimedia\World Explorer 2.0\2.0.19" -n"World Explorer 2.0" -fd:\DKMULT~1\DEISL2.ISU -cd:\DKMULT~1\UNINST.DLL
SpongeBob SquarePants Krabby Quest --> "C:\Program Files\WildGames\SpongeBob SquarePants Krabby Quest\Uninstall.exe"
Yahoo! Toolbar --> C:\PROGRA~1\YAHOO!\COMMON\UNYT.EXE
Yahoo! Browser Services --> C:\PROGRA~1\YAHOO!\COMMON\unyext.exe
Yahoo! Mail --> C:\WINDOWS\SYSTEM32\REGSVR32.EXE /u /s C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
Zoombinis Mountain Rescue(TM) --> d:\summer03\victoria\uninstall.exe
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Amazing Box --> MsiExec.exe /I{4EDF9A10-98DE-4B74-BEEB-6278AB134559}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Roxio PhotoSuite 5 --> MsiExec.exe /I{607CE53B-0999-4F3B-8FF1-DB1AA47548A8}
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Acrobat.com --> MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Update for Office 2007 (KB932080) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Adobe Reader 9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Nero 7 Essentials --> MsiExec.exe /X{B28B351F-1232-46EA-85EF-B8EA91641033}
Citrix Presentation Server Client --> MsiExec.exe /I{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
EarthLink Toolbar --> C:\Sprint TotalAccess\Toolbar\uninstall.exe
EarthLink FastLane --> MsiExec.exe /X{BD33CD92-3A42-4CE1-ADDE-A9B64CFFF24D}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
Safari --> MsiExec.exe /I{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE

-- Application Event Log -------------------------------------------------------

Event Record #/Type1443 / Warning
Event Submitted/Written: 07/28/2008 10:48:56 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type1442 / Warning
Event Submitted/Written: 07/28/2008 10:48:56 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type1440 / Error
Event Submitted/Written: 07/28/2008 10:46:59 AM
Event ID/Source: 1015 / Winlogon
Event Description:
A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000005. The machine
must now be restarted.

Event Record #/Type1438 / Warning
Event Submitted/Written: 07/28/2008 10:26:22 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type1437 / Warning
Event Submitted/Written: 07/28/2008 10:26:22 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type2923 / Error
Event Submitted/Written: 07/28/2008 10:48:55 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The IPSEC Services service terminated with the following error:
%%1747

Event Record #/Type2901 / Error
Event Submitted/Written: 07/28/2008 10:26:22 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The IPSEC Services service terminated with the following error:
%%1747

Event Record #/Type2885 / Warning
Event Submitted/Written: 07/26/2008 11:34:10 PM
Event ID/Source: 8 / Print
Event Description:
Printer EPSON Stylus CX7800 Series was purged.

Event Record #/Type2884 / Warning
Event Submitted/Written: 07/26/2008 11:26:51 PM
Event ID/Source: 262 / PlugPlayManager
Event Description:
The service "Spooler" vetoed a power event request.

Event Record #/Type2866 / Error
Event Submitted/Written: 07/26/2008 08:28:36 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The IPSEC Services service terminated with the following error:
%%1747

-- End of Deckard's System Scanner: finished at 2008-07-28 17:15:52 ------------