Here are the logs
__________________
Malwarebytes' Anti-Malware 1.17
Database version: 862
5:29:28 PM 6/16/2008
mbam-log-6-16-2008 (17-29-28).txt
Scan type: Full Scan (C:\|)
Objects scanned: 190979
Time elapsed: 1 hour(s), 13 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdpsvc2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\rdpsvc2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdpsvc2 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS.0\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS.0\system32\nGpxx01 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS.0\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Log\log_2007_01_04_11_21_12.eklog (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Log\log_2007_01_04_11_21_13.eklog (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Log\log_2007_01_04_11_32_29.eklog (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Registry Backups\2007-01-04_11-26-16.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\lich.dat (Stolen.Data) -> Delete on reboot.
C:\Program Files\Common Files\System\RDPsvc2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
________________
DSS LOG
________________
MAIN
Deckard's System Scanner v20071014.68
Run by Frankie3 on 2008-06-16 17:35:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
63: 2008-06-16 21:35:42 UTC - RP156 - Deckard's System Scanner Restore Point
62: 2008-06-16 19:28:05 UTC - RP155 - Removed AVG 8.0
61: 2008-06-16 03:02:45 UTC - RP154 - Installed AVG 8.0
60: 2008-06-15 16:57:18 UTC - RP153 - System Checkpoint
59: 2008-06-14 15:56:01 UTC - RP152 - System Checkpoint
-- First Restore Point --
1: 2008-04-09 01:00:06 UTC - RP94 - Installed Desktop Doctor
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Frankie3.exe) --------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 17:36:49, on 6/16/2008
Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3244)
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VirusScan\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\WINDOWS.0\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Documents and Settings\Frankie3\Desktop\fixers\dss.exe
c:\PROGRA~1\mcafee\mpf\mc\mpfalert.exe
C:\DOCUME~1\Frankie3\Desktop\fixers\Frankie3.exe
C:\WINDOWS.0\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\virusscan\scriptcl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Frankie3\Start Menu\Programs\IMVU\Run IMVU.lnk
O16 - DPF: Web-Based Email Tools -
http://email.secures...et/Download.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1006.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) -
http://209.131.7.178...SncRz30View.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) -
http://www.auctiva.c...oad/XUpload.ocx
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: ntsvc32k - Unknown owner - C:\Program Files\Common Files\System\ntsvc32k.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 PCLEPCI - c:\windows.0\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
S2 Parclass - c:\windows.0\system32\drivers\parclass.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
S3 sysvideo32 - c:\program files\common files\system\sysvideo32.dll (file missing)
S3 winmgt32k - c:\program files\common files\system\winmgt32k.dll (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ScsiAccess - c:\program files\photodex\compupicpro\scsiaccess.exe
S2 CacheBoost Service (CacheBoost Performance Optimizer and Tuner Service) -
S2 Ken Kirkpatrick Software: The Birthday Chronicle update permissions manager. 16583. -
S2 ntsvc32k - c:\program files\common files\system\ntsvc32k.exe (file missing)
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini"
S4 freenet-darknet-8888 (Freenet 0.7 darknet-8888) -
S4 freenet-darknet-8889-8888 (Freenet 0.7 darknet-8889-8888) -
S4 freenet-darknet-8889-8889-8888 (Freenet 0.7 darknet-8889-8889-8888) -
S4 freenet-darknet-8889-8889-8889-8888 (Freenet 0.7 darknet-8889-8889-8889-8888) -
-- Device Manager: Disabled ----------------------------------------------------
Class GUID:
Description: RAID Controller
Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_B0031458&REV_80\3&13C0B0C5&0&78
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_B0031458&REV_80\3&13C0B0C5&0&78
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-06-16 03:30:01 392 --a------ C:\WINDOWS.0\Tasks\RegSweep Scheduled Scan.job
2008-06-16 03:00:02 344 --a------ C:\WINDOWS.0\Tasks\012008scan.job
2008-06-16 02:00:32 338 --a------ C:\WINDOWS.0\Tasks\McQcTask.job
2008-06-14 13:29:03 284 --a------ C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job
2008-06-11 02:20:07 350 --a------ C:\WINDOWS.0\Tasks\McDefragTask.job
2007-11-04 11:31:33 280 --a----c- C:\WINDOWS.0\Tasks\LifeChatTask.job
-- Files created between 2008-05-16 and 2008-06-16 -----------------------------
2008-06-16 16:11:00 0 d------c- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2008-06-15 23:02:50 0 d-------- C:\Program Files\AVG
2008-06-15 20:12:14 86528 --a------ C:\WINDOWS.0\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-15 20:12:14 81920 --a------ C:\WINDOWS.0\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-15 20:12:13 25600 --a------ C:\WINDOWS.0\system32\WS2Fix.exe
2008-06-15 20:12:13 289144 --a------ C:\WINDOWS.0\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-15 20:12:13 82944 --a------ C:\WINDOWS.0\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-15 20:12:13 51200 --a------ C:\WINDOWS.0\system32\dumphive.exe
2008-06-15 20:12:12 288417 --a------ C:\WINDOWS.0\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-15 20:12:12 53248 --a------ C:\WINDOWS.0\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-06-14 18:13:59 0 d-------- C:\Program Files\IMVU
2008-06-13 01:04:04 0 d-------- C:\Program Files\Enigma Software Group
2008-06-13 00:07:28 0 d-------- C:\WINDOWS.0\Photo Album Downloader for Yahoo
2008-06-04 12:09:37 0 d------c- C:\Documents and Settings\Frankie3\Application Data\Stellarium
2008-06-04 12:07:09 0 d-------- C:\Program Files\Stellarium
2008-06-02 21:14:00 0 d------c- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Apple
2008-06-02 21:07:53 0 d-------- C:\Program Files\QuickTime
2008-05-25 23:03:48 0 --a------ C:\Program Files\temp01
2008-05-25 23:03:32 0 d-------- C:\Program Files\bfgclient
2008-05-25 22:07:59 0 d------c- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Trymedia
2008-05-25 21:41:10 0 d-------- C:\Program Files\Yahoo! Games
-- Find3M Report ---------------------------------------------------------------
2008-06-16 17:33:58 0 d------c- C:\Documents and Settings\Frankie3\Application Data\IMVU
2008-06-16 16:11:04 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-15 20:13:08 1286 --a------ C:\WINDOWS.0\system32\tmp.reg
2008-06-15 12:33:01 0 d-------- C:\Program Files\Common Files
2008-06-14 21:53:18 664 --a------ C:\WINDOWS.0\system32\d3d9caps.dat
2008-06-13 10:33:17 0 d------c- C:\Documents and Settings\Frankie3\Application Data\OpenOffice.org2
2008-06-05 09:34:36 0 d-------- C:\Program Files\ArtOfIllusion
2008-06-02 21:14:03 0 d-------- C:\Program Files\Apple Software Update
2008-05-28 19:23:42 0 d-------- C:\Program Files\Yahoo!
2008-05-25 22:16:41 0 dr-h---c- C:\Documents and Settings\Frankie3\Application Data\yahoo!
2008-05-15 21:08:29 0 d-------- C:\Program Files\DiskTrix
2008-05-12 14:22:39 0 d------c- C:\Documents and Settings\Frankie3\Application Data\AdobeUM
2008-05-10 08:27:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-10 08:22:24 0 d-------- C:\Program Files\eBay
2008-04-27 20:31:25 0 d-------- C:\Program Files\Virtual Mechanics
2008-04-27 08:40:23 0 dr-h---c- C:\Documents and Settings\Frankie3\Application Data\SecuROM
2008-04-21 20:41:36 0 d-------- C:\Program Files\McAfee
2008-04-20 20:29:51 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-08 12:14:26 73216 --a------ C:\WINDOWS.0\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-03-26 17:18:50 1044480 -ra------ C:\WINDOWS.0\system32\roboex32.dll <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9.2>
2008-03-26 17:18:50 49152 -ra------ C:\WINDOWS.0\system32\inetwh32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS.0\system32\NvCpl.dll" [10/22/2006 13:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/02/2008 21:07]
C:\Documents and Settings\Frankie3\Start Menu\Programs\Startup\
IMVU.lnk - C:\Program Files\IMVU\IMVUClient.exe [6/2/2008 12:21:54 PM]
C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"6ac7piRlDG"=C:\WINDOWS.0\pojmbyjo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS.0\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Friend]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"freenet-darknet-8889-8888"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
-- End of Deckard's System Scanner: finished at 2008-06-16 17:37:31 ------------
_____________
EXTRA
_____________
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 34%
Physical Memory (total/avail): 1023.48 MiB / 670.58 MiB
Pagefile Memory (total/avail): 2460.53 MiB / 2187.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.02 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 38.16 GiB total, 14.54 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - Maxtor 4D040H2 - 38.16 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 38.16 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS.0
APPDATA=C:\Documents and Settings\Frankie3\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-AD35DCC48A
ComSpec=C:\WINDOWS.0\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Frankie3
LANG=C
LOGONSERVER=\\YOUR-AD35DCC48A
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS.0\system32;C:\WINDOWS.0;C:\WINDOWS.0\system32\wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\WINDOWS.0\system32\gs\gs7.05\bin;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.REX;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
REGINA_MACROS=C:\Program Files\PPWIZARD
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS.0
TEMP=C:\DOCUME~1\Frankie3\LOCALS~1\Temp
TMP=C:\DOCUME~1\Frankie3\LOCALS~1\Temp
USERDOMAIN=YOUR-AD35DCC48A
USERNAME=Frankie3
USERPROFILE=C:\Documents and Settings\Frankie3
windir=C:\WINDOWS.0
-- User Profiles ---------------------------------------------------------------
Frankie3
(admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS.0\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS.0\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player --> C:\WINDOWS.0\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS.0\system32\Macromed\SHOCKW~1\Install.log
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
BeamFile --> C:\PROGRA~1\BeamFile\UNWISE.EXE C:\PROGRA~1\BeamFile\INSTALL.LOG
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
Calendar Builder --> C:\PROGRA~1\CALEND~1\UNWISE.EXE C:\PROGRA~1\CALEND~1\INSTALL.LOG
Canon iP1800 series --> "C:\WINDOWS.0\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series /L0x0009
Canon iP1800 series User Registration --> C:\Program Files\Canon\IJEREG\iP1800 series\UNINST.EXE
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Citrix Presentation Server Client --> MsiExec.exe /I{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}
CompuPic Pro --> C:\Program Files\Photodex\CompuPicPro\compupic.exe . -u
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Eusing Free Registry Cleaner --> C:\PROGRA~1\Eusing Free Registry Cleaner\UNWISE.EXE C:\PROGRA~1\Eusing Free Registry Cleaner\INSTALL.LOG
Free PDF to Word Doc Converter v1.1 --> "C:\Program Files\Free PDF to Word Doc Converter\unins000.exe"
IMVU Avatar Chat Software --> C:\Program Files\IMVU\Uninstall.exe
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Magic Traffic Bot --> C:\PROGRA~1\Magic Traffic Bot\UNWISE.EXE C:\PROGRA~1\Magic Traffic Bot\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS.0\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft PowerPoint Viewer 97 --> C:\Program Files\PowerPoint Viewer\setup\setup.exe
Microsoft Speech Recognition Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS.0\INF\mscsrgpc.inf, Uninstall.NT
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS.0\INF\msTTS.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS.0\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Frankie3\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla ActiveX Control v1.7.12 --> C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe
NVIDIA Drivers --> C:\WINDOWS.0\system32\nvudisp.exe UninstallGUI
OpenOffice.org 2.3 --> MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS.0\$NtUninstallKB923723$\spuninst\spuninst.exe"
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Stellarium 0.9.1 --> "C:\Program Files\Stellarium\unins000.exe"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Turbo Lister 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
VeriSign Digital Document Signer --> C:\WINDOWS.0\IsUninst.exe -f.\plug_ins\Uninst.isu
Windows Imaging Component --> "C:\WINDOWS.0\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Connect --> "C:\WINDOWS.0\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS.0\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 3.0 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> C:\Program Files\WinZip7\WINZIP32.EXE /uninstall
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type11670 / Error
Event Submitted/Written: 06/16/2008 05:34:24 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IMVUClient.exe, version 397.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type11650 / Error
Event Submitted/Written: 06/16/2008 09:21:07 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msimn.exe, version 6.0.2900.3244, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type11619 / Error
Event Submitted/Written: 06/14/2008 09:54:57 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.3244, faulting module urlmon.dll, version 6.0.2900.3244, fault address 0x0003b5ce.
Processing media-specific event for [iexplore.exe!ws!]
Event Record #/Type11615 / Error
Event Submitted/Written: 06/14/2008 06:14:39 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application compupic.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type11605 / Error
Event Submitted/Written: 06/14/2008 09:26:43 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.3244, faulting module mshtml.dll, version 6.0.2900.3244, fault address 0x0006954d.
Processing media-specific event for [iexplore.exe!ws!]
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type39278 / Warning
Event Submitted/Written: 06/16/2008 05:33:26 PM
Event ID/Source: 825 / Rasman
Event Description:
The Network Access Protection (NAP) enforcement client failed to register with the Network Access Protection Agent (NAPAgent) service. Some network services or resources might not be available. If the problem persists, disconnect and retry the remote access connection or contact the administrator for the remote access server.
Event Record #/Type39277 / Error
Event Submitted/Written: 06/16/2008 05:33:26 PM
Event ID/Source: 10016 / DCOM
Event Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
Event Record #/Type39271 / Error
Event Submitted/Written: 06/16/2008 05:33:25 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SSDP Discovery Service service failed to start due to the following error:
%%1079
Event Record #/Type39268 / Error
Event Submitted/Written: 06/16/2008 05:33:01 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Remote Registry service failed to start due to the following error:
%%1079
Event Record #/Type39267 / Error
Event Submitted/Written: 06/16/2008 05:33:01 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The HID Input Service service terminated with the following error:
%%2
-- End of Deckard's System Scanner: finished at 2008-06-16 17:37:31 ------------
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
.help.
