Deckard's System Scanner v20071014.68
Run by S. ROSOMACKI on 2008-06-06 20:24:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
82: 2008-06-06 10:24:54 UTC - RP129 - Deckard's System Scanner Restore Point
81: 2008-06-05 10:45:27 UTC - RP128 - System Checkpoint
80: 2008-05-31 06:20:39 UTC - RP127 - System Checkpoint
79: 2008-05-29 00:20:26 UTC - RP126 - System Checkpoint
78: 2008-05-26 11:38:18 UTC - RP125 - System Checkpoint
-- First Restore Point --
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 2047.04 MiB / 1509.2 MiB
Pagefile Memory (total/avail): 3939.41 MiB / 3443.31 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1903.11 MiB
C: is Fixed (NTFS) - 127.99 GiB total, 82.78 GiB free.
D: is CDROM (No Media)
E: is CDROM (UDF)
F: is CDROM (No Media)
G: is Fixed (NTFS) - 337.77 GiB total, 304.37 GiB free.
H: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - ST3500320AS - 465.76 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 127.99 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 337.77 GiB - G:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\S. ROSOMACKI\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SCOTT
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\S. ROSOMACKI
LOGONSERVER=\\SCOTT
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\S64EF~1.ROS\LOCALS~1\Temp
TMP=C:\DOCUME~1\S64EF~1.ROS\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=SCOTT
USERNAME=S. ROSOMACKI
USERPROFILE=C:\Documents and Settings\S. ROSOMACKI
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
S. ROSOMACKI
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D066C0E0-A915-11D5-B078-00C0F6A04C3E}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1Click DVD Copy 4.1 --> "G:\Applications\DVD Burning File\setup\uninst.exe"
7-Zip 4.57 --> "G:\Applications\Emulator Games\ZipProgram\7-Zip\Uninstall.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Ahead Nero Burning Rom PlugIn Pack 2.0.2 by MadHacker2k4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2715D1D6-2B81-4DD5-A9DC-6EFF4D5E0993}\setup.exe" -l0x7 -removeonly
AirPlus G --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{0EA44599-1E9D-4517-A088-9588A9FAB211}
ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
AnyDVD --> "G:\Applications\DVD Burning File\AnyDVD\AnyDVD-uninst.exe" /D="G:\Applications\DVD Burning File\AnyDVD"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Attansic Ethernet Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
Attansic L1 Gigabit Ethernet Driver --> rundll32.exe C:\WINDOWS\System32\Attansic\L1\atcInst.dll,AtcUninst C:\WINDOWS\System32\Attansic\L1 x86 1969 1048 L1
Avira AntiVir Personal Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BioShock --> C:\Documents and Settings\S. ROSOMACKI\Application Data\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe -runfromtemp -l0x0009 -removeonly
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only) --> "C:\Program Files\SuperAntiSpyware\Plugins\CCleaner\uninst.exe"
CloneDVD2 --> "G:\Applications\DVD Burning File\CloneDVD\CloneDVD2-uninst.exe" /D="G:\Applications\DVD Burning File\CloneDVD"
CopyToDVD --> "G:\Applications\DVD Burning File\CopyToDVD\unins000.exe"
CopyToDVD --> "G:\Applications\DVD Burning File\CopyToDVD\unins001.exe"
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
DVD Decrypter (Remove Only) --> "G:\Applications\DVD Burning File\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "G:\Applications\DVD Burning File\DVD Shrink\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Harry Potter and the Order of the Phoenix --> G:\Applications\HarryPotter4\EAUninstall.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
LimeWire 4.16.7 --> "G:\iTunes\Lime Wire Downloads\LimeWire\uninstall.exe"
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1 --> "C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe"
Microsoft Office Access 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ACCESS /dll OSETUP.DLL
Microsoft Office Access 2007 --> MsiExec.exe /X{90120000-0015-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall EXCEL /dll OSETUP.DLL
Microsoft Office Excel 2007 --> MsiExec.exe /X{90120000-0016-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall GROOVE /dll OSETUP.DLL
Microsoft Office Groove 2007 --> MsiExec.exe /X{90120000-00BA-0000-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall POWERPOINT /dll OSETUP.DLL
Microsoft Office PowerPoint 2007 --> MsiExec.exe /X{90120000-0018-0000-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PUBLISHER /dll OSETUP.DLL
Microsoft Office Publisher 2007 --> MsiExec.exe /X{90120000-0019-0000-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WORD /dll OSETUP.DLL
Microsoft Office Word 2007 --> MsiExec.exe /X{90120000-001B-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Xbox 360 Accessories 1.1 --> MsiExec.exe /X{66F0AC35-4805-44BC-A3D4-347D4196F9B3}
Natural Mod --> C:\Program Files\Natural Mod\uninstall.exe
Nero 6 Ultra Edition --> G:\Applications\DVD Burning File\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Oblivion - BTmod 2.20 --> C:\Program Files\Bethesda Softworks\Oblivion\Data\BTmod-Uninstall.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0019-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0019-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Sony Ericsson PC Suite 1.20.224 --> MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0015-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0019-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-00BA-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Videora iPod Converter 3.07 --> G:\Applications\SonyEricsson\Phone Pics\YouTube\Video Converter 3\uninstaller.exe
ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
Warcraft III --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinFast® Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x9 -removeonly
WinFox Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C867F60-267A-11D4-BF03-0080C84D9C69}\Setup.exe" -l0x9 -uninst -removeonly
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
ZoneAlarm --> C:\Program Files\SuperAntiSpyware\ZoneAlarm Firewall\ZoneAlarm\zauninst.exe
ZoneAlarm Spy Blocker --> rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
-- Application Event Log -------------------------------------------------------
Event Record #/Type3701 / Error
Event Submitted/Written: 06/06/2008 10:55:21 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type3700 / Error
Event Submitted/Written: 06/06/2008 10:54:56 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module shell32.dll, version 6.0.2900.5512, fault address 0x0003362e.
Processing media-specific event for [explorer.exe!ws!]
Event Record #/Type3692 / Error
Event Submitted/Written: 06/06/2008 01:55:33 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type3691 / Error
Event Submitted/Written: 06/06/2008 01:54:57 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]
Event Record #/Type3690 / Error
Event Submitted/Written: 06/06/2008 01:54:52 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module shell32.dll, version 6.0.2900.5512, fault address 0x0003362e.
Processing media-specific event for [explorer.exe!ws!]
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type8691 / Warning
Event Submitted/Written: 06/05/2008 09:37:19 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type8687 / Warning
Event Submitted/Written: 06/05/2008 07:54:52 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001CF089F9A5. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type8684 / Warning
Event Submitted/Written: 06/05/2008 07:53:34 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 001CF089F9A5. The IP address being used is 169.254.94.247.
Event Record #/Type8683 / Error
Event Submitted/Written: 06/05/2008 07:52:31 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.0.164 on the
Network Card with network address 001CF089F9A5.
Event Record #/Type8682 / Warning
Event Submitted/Written: 06/05/2008 07:52:31 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001CF089F9A5. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
-- End of Deckard's System Scanner: finished at 2008-06-06 20:26:58 ------------
1: 2008-03-09 06:49:11 UTC - RP48 - Software Distribution Service 3.0
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as S. ROSOMACKI.exe) ----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:43 PM, on 6/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
G:\Applications\DVD Burning File\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\RUNDLL32.EXE
G:\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\SuperAntiSpyware\ZoneAlarm Firewall\ZoneAlarm\zlclient.exe
G:\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SuperAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\dss.exe
C:\PROGRA~1\SUPERA~1\TRENDM~1\Hcheck\S. ROSOMACKI.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE Initial
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe C:\WINDOWS\System32\wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "G:\Applications\SonyEricsson\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\SuperAntiSpyware\ZoneAlarm Firewall\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AnyDVD] "G:\Applications\DVD Burning File\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "G:\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BitDownload] "G:\Applications\Emulator Games\SuperNintendo\BitDownload\BitDownload.exe" /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windowsupd...b?1204592357633O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microsoftu...b?1204595221968O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\MICROS~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SuperAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - G:\Applications\DVD Burning File\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8351 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\SUPERA~1\TRENDM~1\Hcheck\backups\) ----
backup-20080414-222933-101 O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{2a1a0219-25bf-9478-ceae-ddd3d096d2d8}.dll" DllInit
backup-20080414-222933-279 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20080414-222933-368 O4 - Startup: PowerReg Scheduler.exe
backup-20080414-222933-464 O2 - BHO: (no name) - {BCA95E31-1FBF-4F84-8F23-1BA653007A1E} - (no file)
backup-20080414-222933-883 O2 - BHO: cpmsky browser optimizer - {3b29ed03-e58c-9743-ee07-8da57b2169a6} - C:\WINDOWS\system32\{2a1a0219-25bf-9478-ceae-ddd3d096d2d8}.dll
backup-20080414-222933-966 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
backup-20080606-123122-645 O4 - HKCU\..\Run: [tonsdrive] C:\DOCUME~1\S64EF~1.ROS\APPLIC~1\CloseWeb\load stop.exe
backup-20080606-123122-728 O4 - HKLM\..\Run: [BOOK BITS GRID FORD] C:\Documents and Settings\All Users\Application Data\Mapi Meta Book Bits\drv intra.exe
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 WFsys (WinFox Control I/O Driver) - c:\windows\system32\drivers\wfsys.sys <Not Verified; Leadtek Research Inc.; WinFox Control I/O Driver>
R4 WINFOXIO - c:\windows\system32\drivers\winfoxio.sys <Not Verified; Leadtek Research Inc.; WinFox I/O Device (Windows 2000/XP)>
S3 Cardex - c:\windows\system32\drivers\tbpanel.sys (file missing)
S3 SE27bus (Sony Ericsson Device 039 Driver driver (WDM)) - c:\windows\system32\drivers\se27bus.sys <Not Verified; MCCI; Sony Ericsson Device 039 Driver>
S3 se27unic (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)) - c:\windows\system32\drivers\se27unic.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB Ethernet Emulation>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AntiVirScheduler (Avira AntiVir Personal Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 StarWindServiceAE (StarWind AE Service) - g:\applications\dvd burning file\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller
Device ID: PCI\VEN_1969&DEV_1048&SUBSYS_82261043&REV_B0\4&625283&0&00E5
Manufacturer: Attansic
Name: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller
PNP Device ID: PCI\VEN_1969&DEV_1048&SUBSYS_82261043&REV_B0\4&625283&0&00E5
Service: AtcL001
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&1400782C&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&1400782C&0
Service: i8042prt
-- Files created between 2008-05-06 and 2008-06-06 -----------------------------
2008-06-06 18:02:07 0 d-------- C:\WINDOWS\LastGood
2008-06-06 16:14:45 0 d-------- C:\Documents and Settings\S. ROSOMACKI\Application Data\Malwarebytes
2008-06-06 16:14:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 16:14:43 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 16:12:16 1658102 --a------ C:\Program Files\mbam-setup.exe <Not Verified; Malwarebytes; Malwarebytes' Anti-Malware>
2008-06-06 12:35:07 0 dr-h----- C:\Documents and Settings\S. ROSOMACKI\Recent
2008-06-05 22:30:05 0 d-------- C:\Documents and Settings\S. ROSOMACKI\Application Data\BitDownload
2008-06-04 16:44:39 0 d-------- C:\Program Files\AviSynth 2.5
2008-05-23 16:44:25 0 d-------- C:\Documents and Settings\S. ROSOMACKI\Application Data\CopyToDvd
2008-05-21 17:44:44 0 d--h----- C:\Documents and Settings\S. ROSOMACKI\Application Data\ACV
2008-05-07 18:20:12 0 d-------- C:\WINDOWS\Prefetch
2008-05-07 18:14:27 0 d-------- C:\WINDOWS\system32\scripting
2008-05-07 18:14:27 0 d-------- C:\WINDOWS\l2schemas
2008-05-07 18:14:26 0 d-------- C:\WINDOWS\system32\en
2008-05-06 18:24:22 0 d--h----- C:\WINDOWS\PIF
-- Find3M Report ---------------------------------------------------------------
2008-06-05 21:37:26 0 d-------- C:\Documents and Settings\S. ROSOMACKI\Application Data\LimeWire
2008-06-04 16:18:19 0 d-------- C:\Program Files\SuperAntiSpyware
2008-05-07 18:14:50 0 d-------- C:\Program Files\Messenger
2008-05-07 18:14:26 0 d-------- C:\Program Files\Movie Maker
2008-05-07 18:11:39 0 d-------- C:\Program Files\Windows NT
2008-04-27 20:35:06 0 d-------- C:\Program Files\Natural Mod
2008-04-21 23:13:43 0 d-------- C:\Documents and Settings\S. ROSOMACKI\Application Data\Bioshock
2008-04-21 18:17:00 0 d-------- C:\Program Files\Anti Virus
2008-04-20 23:22:57 0 d-------- C:\Program Files\Avira
2008-04-16 12:03:35 0 d-------- C:\Documents and Settings\S. ROSOMACKI\Application Data\CyberLink
2008-04-16 12:02:01 0 d-------- C:\Program Files\CyberLink
2008-04-16 12:01:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-16 11:40:44 34308 --a------ C:\WINDOWS\system32\Chip.dll
2008-04-16 01:54:25 0 d-------- C:\Documents and Settings\S. ROSOMACKI\Application Data\Ahead
2008-04-16 01:15:19 0 d-------- C:\Program Files\MSBuild
2008-04-16 00:48:05 0 d-------- C:\Program Files\Microsoft Works
2008-04-16 00:47:58 0 d-------- C:\Program Files\Common Files
2008-04-16 00:47:49 0 d-------- C:\Program Files\Microsoft.NET
2008-04-15 19:07:11 0 d-------- C:\Documents and Settings\S. ROSOMACKI\Application Data\SlySoft
2008-04-15 18:11:24 0 d-------- C:\Program Files\GoldEsel
2008-04-15 18:11:24 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-15 18:11:24 0 d-------- C:\Program Files\Ahead
2008-04-14 23:24:47 0 d-------- C:\Program Files\InterVideo
2008-04-14 23:11:14 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-14 23:11:00 0 d-------- C:\Program Files\ZoneAlarmSB
2008-04-14 19:51:19 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-14 15:30:55 0 d-------- C:\Documents and Settings\S. ROSOMACKI\Application Data\SUPERAntiSpyware.com
2008-04-14 15:29:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-09 22:15:13 0 d-------- C:\Documents and Settings\S. ROSOMACKI\Application Data\Sun
2008-04-06 19:57:13 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-15 14:46:23 50 --a------ C:\AUTOEXEC.BAT
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
04/14/2008 11:11 PM 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [04/14/2008 11:11 PM 262144]
[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [07/08/2006 09:14 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [07/08/2006 09:15 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/25/2007 07:17 PM]
"nwiz"="nwiz.exe" [10/25/2007 07:17 PM C:\WINDOWS\system32\nwiz.exe]
"WinFoxV2"="C:\WINDOWS\System32\WF2K.exe" [08/03/2007 03:25 PM]
"WinFast2KLoadDefault"="C:\WINDOWS\System32\wf2kcpl.dll" [09/16/2005 01:35 PM]
"RTHDCPL"="RTHDCPL.EXE" [03/21/2007 04:49 PM C:\WINDOWS\RTHDCPL.exe]
"@"="" []
"Sony Ericsson PC Suite"="G:\Applications\SonyEricsson\Application Launcher\Application Launcher.exe" [10/26/2005 04:17 PM]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [09/26/2007 05:05 PM]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [12/16/2004 04:49 PM]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [07/22/2005 09:42 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/25/2007 07:17 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 10:37 PM]
"iTunesHelper"="G:\iTunes\iTunesHelper.exe" [03/30/2008 09:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 02:42 AM]
"ZoneAlarm Client"="C:\Program Files\SuperAntiSpyware\ZoneAlarm Firewall\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"AnyDVD"="G:\Applications\DVD Burning File\AnyDVD\AnyDVD.exe" [04/16/2008 11:41 AM]
"GrooveMonitor"="G:\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 10:12 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/06/2008 01:01 AM]
"SUPERAntiSpyware"="C:\Program Files\SuperAntiSpyware\SUPERAntiSpyware.exe" [06/04/2008 04:18 PM]
"BitDownload"="G:\Applications\Emulator Games\SuperNintendo\BitDownload\BitDownload.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SuperAntiSpyware\SASSEH.DLL [05/21/2008 05:14 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SuperAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SuperAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e647305d-e6bc-11dc-8979-806d6172696f}]
AutoRun\command- E:\OblivionLauncher.exe
*Newly Created Service* - WINFOXIO
-- End of Deckard's System Scanner: finished at 2008-06-06 20:26:58 ------------