[quote name=\'guestolo\' post=\'425886\' date=\'Apr 4 2008, 10:15 PM\']Download
[color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on
dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open;
main.txt, which will be maximized and
extra.txt, which will be minimized.
Post back just the Whole contents of
Main.txt and
Extra.txt[/quote]
Hi Questolo-
Here are the contents of both filesfrom dss.exe as requested...
Was the HIJACK log that I uploaded not useful?
Thanks #### Main.txt #####
Deckard's System Scanner v20071014.68
Run by meenavips on 2008-04-17 00:02:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as meenavips.exe) -------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-17 00:03:57
Platform: Windows 2000 Service Pack 3 (5.00.2195)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\system32\SMSS.EXE
C:\WINNT\system32\WINLOGON.EXE
C:\WINNT\system32\SERVICES.EXE
C:\WINNT\system32\LSASS.EXE
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Linksys\Wireless Network PC Card\NICServ.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Dantz\Retrospect\wdsvc.exe
C:\WINNT\system32\mstask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\wbem\WinMgmt.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\tp4mon.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\promon.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\ThinkPad\Utilities\TP98.EXE
C:\Program Files\ThinkPad\Utilities\TPHKMGR.EXE
C:\WINNT\system32\prpcui.exe
C:\Program Files\ThinkPad\Utilities\TPONSCR.EXE
C:\WINNT\system32\WDBtnMgr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\CFGSAFE\AUTOCHK.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Linksys\Wireless Network PC Card\WPC11CFG.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
E:\MyDoc-06062005\Tools+Software\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ieR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://my.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://www.google.com/search?q=%sR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ieR1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieR1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 172.16.0.17 oracle2.lifedata.ldl oracle2
O1 - Hosts: 172.16.0.20 oracle1.lifedata.ldl oracle1
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IBMPMSVC] %SystemRoot%\System32\ibmpmsvc.exe -helper
O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [TP98UTIL] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98.EXE /s
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: HotSync Manager.lnk = ?
O4 - Startup: Microsoft Office Outlook.lnk = ?
O4 - Global Startup: AUTOCHK.LNK = C:\CFGSAFE\AUTOCHK.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: DSW IPSec Client.lnk = ?
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\Wireless Network PC Card\WPC11Cfg.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwa...director/sw.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} () -
http://download.microsoft.com/download/0/A...01F/wmvadvd.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/...b?1173584509918O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553518000} () -
http://download.macromedia.com/pub/shockwa...ash/swflash.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/get/flash...ent/swflash.cabO18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINNT\system32\webcheck.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - IBM Corp. - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC11 - Unknown owner - C:\Program Files\Linksys\Wireless Network PC Card\NICServ.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\wdsvc.exe
--
End of file - 9926 bytes
-- HijackThis Fixed Entries (E:\MYDOC-~1\TOOLS_~1\backups\) --------------------
backup-20051014-192216-237 O8 - Extra context menu item: &Search -
http://kl.bar.need2find.com/KL/menusearch.html?p=KLbackup-20051014-195555-488 O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
backup-20060531-235839-592 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.meloco.com/index.php?i=smbackup-20060531-235842-776 O2 - BHO: (no name) - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - (no file)
backup-20060531-235842-555 O4 - HKLM\..\Run: [pop06ap] C:\WINNT\pop06ap2.exe
backup-20060531-235842-951 O15 - Trusted Zone: *.media-motor.net
backup-20060531-235842-853 O15 - Trusted Zone: *.mmohsix.com
backup-20060531-235842-120 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204backup-20060531-235843-840 O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - ms-its:mhtml:file://c:\nesunem.mht!
http://adgate.info/zscript/mma.chm::/joysavsht.cabbackup-20060531-235843-164 O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} -
http://awbeta.net-nucleus.com/FIX/WinATS.cabbackup-20060531-235843-220 O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - ms-its:mhtml:file://c:\nesunec.mht!
http://adgate.info/zscript/mca.chm::/speedtest2.dllbackup-20060531-235843-492 O18 - Filter: text/html - (no CLSID) - (no file)
backup-20060601-195249-692 O4 - HKLM\..\Run: [pop06ap] C:\WINNT\pop06ap2.exe
backup-20060601-195250-166 O15 - Trusted Zone: *.media-motor.net
backup-20060601-195250-945 O15 - Trusted Zone: *.mmohsix.com
-- File Associations -----------------------------------------------------------
[color=\"red\"].txt - txtfile - DefaultIcon - C:\Program Files\JGsoft\EditPadLite\EditPad.exe,0[/color]
[color=\"red\"].txt - txtfile - shell\open\command - notepad.exe %1[/color]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 Gernuwa - c:\winnt\system32\drivers\gernuwa.sys <Not Verified; Symantec Corporation; pcAnywhere>
R1 AW_HOST - c:\winnt\system32\drivers\aw_host5.sys <Not Verified; Symantec Corporation; pcAnywhere>
R1 awecho - c:\winnt\system32\drivers\awechomd.sys <Not Verified; Symantec Corporation; pcAnywhere>
R1 awlegacy - c:\winnt\system32\drivers\awlegacy.sys <Not Verified; Symantec Corporation; pcAnywhere>
R1 Smapint - c:\winnt\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT(tm) Operating System>
R1 TDSMAPI - c:\winnt\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\winnt\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWR - c:\winnt\system32\drivers\tppwr.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R2 PMEM - c:\winnt\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT(tm) Operating System>
R2 PRPC - c:\winnt\system32\drivers\prpc.sys <Not Verified; Intel Corp.; Intel® SpeedStep(tm) technology applet>
R2 V7 - c:\winnt\system32\drivers\v7.sys
R3 cwcspud (Crystal SoundFusion(tm) Driver) - c:\winnt\system32\drivers\cwcspud.sys <Not Verified; Crystal Semiconductor Corporation; Crystal WDM PCI Driver>
R3 cwcwdm (Crystal SoundFusion(tm) WDM Driver) - c:\winnt\system32\drivers\cwcwdm.sys <Not Verified; Crystal Semiconductor Corporation; Crystal WDM PCI Driver>
R3 hpoid407 (IEEE-1284.4 Driver hpoid407) - c:\winnt\system32\drivers\hpoid407.sys <Not Verified; HP; HP Dot4 Windows 2000>
R3 hpoius07 (USB to IEEE-1284.4 Translation Driver hpoius07) - c:\winnt\system32\drivers\hpoius07.sys <Not Verified; HP; HP Dot4Usb Windows 2000>
R3 IBMPMDRV - c:\winnt\system32\drivers\ibmpmdrv.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R3 ltck000c (Xircom MPCI+ Modem 56 WinGlobal Driver) - c:\winnt\system32\drivers\ltck000c.sys <Not Verified; Xircom, Inc.; Xircom MPCI+ Modem 56 WinGlobal>
R3 NSCIRDA (NSC Infrared Device Driver) - c:\winnt\system32\drivers\nscirda.sys <Not Verified; National Semiconductor Corporation; NSC Fast Infrared Driver.>
R3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\winnt\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 S3SavageMX - c:\winnt\system32\drivers\s3savmxm.sys <Not Verified; S3 Incorporated; S3 Savage/MX, Savage/IX Miniport Driver>
R3 TwoTrack (IBM PS/2 TrackPoint Filter Driver) - c:\winnt\system32\drivers\twotrack.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
R3 WDCFX_AT (USB Storage Adapter FX_AT (WDC)) - c:\winnt\system32\drivers\wdcfx_at.sys <Not Verified; Cypress Semiconductor; Cypress USB Mass Storage Adapter>
S3 cwcspud3 (Crystal SoundFusion(tm) SPuD3 Driver) - c:\winnt\system32\drivers\cwcspud3.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
S3 ltmodem5 (LT Modem Driver) - c:\winnt\system32\drivers\ltmdmnt.sys <Not Verified; LT; LT V.90 Data+Fax+Voice Modem Version 5.41G6>
S3 neo20xx - c:\winnt\system32\drivers\neo20xx.sys <Not Verified; NeoMagic Corporation; Microsoft® Windows ® 2000 Operating System>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 IBMPMSVC (IBM PM Service) - c:\winnt\system32\ibmpmsvc.exe <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R2 Irmon (Infrared Monitor) - c:\winnt\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
R2 NICSer_WPC11 - c:\program files\linksys\wireless network pc card\nicserv.exe
R2 RetroLauncher (Retrospect Launcher) - c:\program files\dantz\retrospect\retrorun.exe <Not Verified; Dantz Development Corporation; Retrospect>
R2 RetroWDSvc (Retrospect WD Service) - c:\progra~1\dantz\retros~1\wdsvc.exe <Not Verified; Dantz Development Corporation; Retrospect>
S3 awhost32 (pcAnywhere Host Service) - c:\program files\symantec\pcanywhere\awhost32.exe <Not Verified; Symantec Corporation; pcAnywhere>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
-- Files created between 2008-03-17 and 2008-04-17 -----------------------------
2008-04-16 08:39:18 16384 --a-----t C:\WINNT\System32\Perflib_Perfdata_3f4.dat
2008-04-09 10:25:59 16384 --a------ C:\WINNT\System32\Perflib_Perfdata_548.dat
2008-03-18 17:07:07 0 d-------- C:\Documents and Settings\Default User\Application Data\Google
-- Find3M Report ---------------------------------------------------------------
2008-02-02 10:29:34 16384 --a------ C:\WINNT\System32\Perflib_Perfdata_504.dat
2008-01-17 15:40:18 1416 --a------ C:\WINNT\System32\d3d8caps.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="tp4mon.exe" [11/30/99 11:40p C:\WINNT\system32\tp4mon.exe]
"Synchronization Manager"="mobsync.exe" [12/07/99 04:00a C:\WINNT\system32\mobsync.exe]
"IBMPMSVC"="C:\WINNT\System32\ibmpmsvc.exe" [03/22/00 01:11a]
"XircWinModem4"="ltcm000c.exe" []
"Promon.exe"="Promon.exe" [10/12/99 09:06a C:\WINNT\system32\promon.exe]
"SoundFusion"="cwcprops.cpl" [02/04/00 05:30p C:\WINNT\system32\cwcprops.cpl]
"TP98UTIL"="C:\PROGRA~1\ThinkPad\UTILIT~1\TP98.exe" [03/30/00 10:35a]
"TpHotkey"="C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe" [03/22/00 12:32p]
"PRPCMonitor"="PRPCUI.exe" [01/06/00 08:00a C:\WINNT\system32\prpcui.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/18/04 12:20a]
"WD Button Manager"="WDBtnMgr.exe" [06/06/05 09:01p C:\WINNT\system32\WDBtnMgr.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/20/07 05:10p]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/14/05 02:37p]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/30/06 09:49p]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/16/07 09:47a]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Documents and Settings\meenavips\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [6/18/2004 9:36:18 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 11/01/04 11:50a 8704 C:\WINNT\system32\PCANotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\4d325e44-9433-4e21-b96b-74dd37668bdc]
C:\WINNT\System32\bmocnoq.exe
-- Hosts -----------------------------------------------------------------------
172.16.0.17 oracle2.lifedata.ldl oracle2
172.16.0.20 oracle1.lifedata.ldl oracle1
-- End of Deckard's System Scanner: finished at 2008-04-17 00:04:57 ------------
################################
#### extra.txt #####
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows 2000 Professional (build 2195) SP 3.0
Architecture: X86; Language: English
CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 383.48 MiB / 157.77 MiB
Pagefile Memory (total/avail): 921.6 MiB / 705.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1950.73 MiB
C: is Fixed (FAT32) - 11.23 GiB total, 6.04 GiB free.
D: is CDROM (No Media)
E: is Fixed (FAT32) - 74.5 GiB total, 57.05 GiB free.
\\.\PHYSICALDRIVE0 - HITACHI_DK23AA-12B - 11.24 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 11.24 GiB - C:
\\.\PHYSICALDRIVE1 - WD 800BB External USB Disk - 74.53 GiB - 1 partition
\PARTITION0 - Unknown - 74.52 GiB - E:
-- Security Center -------------------------------------------------------------
AUOptions is not configured.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\meenavips\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SOHNIR
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\
LOGONSERVER=\\SOHNIR
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\PROGRAM FILES\THINKPAD\UTILITIES;C:\Program Files\Symantec\pcAnywhere\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0806
ProgramFiles=C:\Program Files
PROMPT=$P$G
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\MEENAV~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MEENAV~1\LOCALS~1\Temp
USERDOMAIN=SOHNIR
USERNAME=meenavips
USERPROFILE=C:\Documents and Settings\meenavips
windir=C:\WINNT
-- User Profiles ---------------------------------------------------------------
meenavips
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> MsiExec.exe /X{2642BE09-1F9F-4E18-AAD4-0258B9BCE611}
Ad-Aware SE Personal --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINNT\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Shockwave Player --> C:\WINNT\system32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINNT\system32\MACROMED\SHOCKW~2\Install.log
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
APC PowerChute Personal Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E83DE21D-AE48-49CC-8DB4-C45598CEB96E} /l1033
Canon Camera TWAIN Driver 6.4 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{7ED43999-945D-4466-9DDF-B0059F1743CB} /l1033
Canon Camera Window for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}
Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DE286975-ACF1-45B8-9EF7-34E162B2C817}
Canon PhotoRecord --> MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}
Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
ConfigSafe --> C:\WINNT\ILUNINST.EXE C:\CFGSAFE
DVDExpress --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Mediamatics\DVDExpress\Uninst.isu" -c"C:\Program Files\Mediamatics\DVDExpress\mydll.dll"
ewido anti-malware --> C:\Program Files\ewido anti-malware\Uninstall.exe
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
HijackThis 1.99.1 --> C:\Documents and Settings\meenavips\My Documents\Tools+Software\HijackThis.exe /uninstall
hp instant support --> C:\PROGRA~1\HEWLET~1\AIO\HPIS\Uninstall.exe CeS
hp officejet g series --> C:\WINNT\System32\hpocon09.exe /u 1105813184 /d "hp officejet g series"
Intel SpeedStep technology Applet --> C:\WINNT\IsUninst.exe -f"C:\WINNT\System32\Intel® SpeedStep(tm) technology Applet.isu"
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3CB41017-F5CA-4C56-934C-ED02156251E6}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{B76D4A7F-FF11-4420-947C-C3AD624B9DBA}
JGsoft EditPad Lite 5.4.0 --> C:\WINNT\UnDeploy.exe "C:\Program Files\JGsoft\EditPadLite\Deploy.log"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.5 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Need2Find Bar --> rundll32 C:\PROGRA~1\NEED2F~1\bar\1.bin\Nd2fnBar.dll,O
Palm Desktop and Synchronization Software --> MsiExec.exe /X{13EDFFFE-DCF2-448A-A653-3C4CD60D99B4}
PC-Doctor for Windows NT --> C:\WINNT\UNWISE.EXE C:\PROGRA~1\PC-DOC~1\INSTALL.LOG
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PocketMirror 3.1.5 (Standard Edition) --> C:\WINNT\IsUninst.exe -f"C:\Program Files\palmOne\Chapura\PocketMirror\DeIsL1.isu" -cC:\PROGRA~1\palmOne\Chapura\POCKET~1\UninstEx.dll
QuickTime --> C:\WINNT\unvise32qt.exe C:\WINNT\System32\QuickTime\Uninstall.log
Retrospect 6.5 --> MsiExec.exe /I{73B69C5C-87D6-471E-B695-0BD736C4B644}
S3 Gamma Utility --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3 Gamma'
S3DuoVue Utility --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Duovue'
Self Test Practice Test Engine --> C:\PROGRA~1\SELFTEST\UNWISE.EXE C:\PROGRA~1\SELFTEST\INSTALL.LOG
Self Test Software: Exam 1Z0-030 --> C:\PROGRA~1\SELFTEST\EXAMFI~1\EXAMID~1\UNWISE.EXE C:\PROGRA~1\SELFTEST\EXAMFI~1\EXAMID~1\INSTALL.LOG
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.4 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Symantec pcAnywhere --> MsiExec.exe /I{115E8183-866A-11D3-97DF-0000F8D8F2E9}
ThinkPad Configuration --> C:\WINNT\IsUninst.exe -f"C:\Program files\ThinkPad\Utilities\Uninst.isu" -c"C:\Program files\ThinkPad\Utilities\tpinst32.dll"
ThinkPad Information --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Thinkpad\Thinkpad Information\tpi.isu" -c"C:\Program Files\Thinkpad\Thinkpad Information\uninstal.dll"
Uninstall Access ThinkPad only --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Thinkpad\Thinkpad Information\Uninst.isu" -c"C:\Program Files\Thinkpad\Thinkpad Information\uninsatp.dll"
USB Storage Adapter FX_AT (WDC) --> WDCUN.exe WDCFX_AT
VNC 4.0 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\setup.exe" -l0x9 VpnUninstall
Western Digital USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F9C3BDA6-E360-4D10-A1FA-222DC45E01B5}\setup.exe" -l0x9 NotFirstInstall -removeonly
Windows 2000 Service Pack 3 --> C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wireless Network PC Card Configuration Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{612E2F17-1BEF-4F15-A4E7-8BE501B561C0}\Setup.exe" -l0x9
Yahoo! extras --> C:\Program Files\Yahoo!\Common\unycust.exe /S
Yahoo! Install Manager --> C:\WINNT\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINNT\System32\regsvr32 /u /s C:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
Yahoo! Messenger Explorer Bar --> C:\WINNT\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\YHEXBM~1.DLL
-- Application Event Log -------------------------------------------------------
Event Record #/Type1452 / Warning
Event Submitted/Written: 04/13/2008 05:54:57 PM / 04/13/2008 05:55:00 PM
Event ID/Source: 61 / WinMgmt
Event Description:
WMI ADAP was unable to process the PerfProc performance library due to a time violation in the collect function
Event Record #/Type1447 / Warning
Event Submitted/Written: 04/09/2008 00:14:09 PM
Event ID/Source: 4100 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber {6295DF2D-35EE-11D1-8707-00C04FD93327}. CoCreateInstanceEx returned HRESULT 80080005.
Event Record #/Type1443 / Warning
Event Submitted/Written: 04/08/2008 06:34:32 AM / 04/08/2008 06:34:33 AM
Event ID/Source: 61 / WinMgmt
Event Description:
WMI ADAP was unable to process the PerfDisk performance library due to a time violation in the open function
Event Record #/Type1440 / Warning
Event Submitted/Written: 04/04/2008 07:35:16 AM
Event ID/Source: 61 / WinMgmt
Event Description:
WMI ADAP was unable to process the PerfDisk performance library due to a time violation in the open function
Event Record #/Type1437 / Warning
Event Submitted/Written: 04/02/2008 07:45:59 AM
Event ID/Source: 61 / WinMgmt
Event Description:
WMI ADAP was unable to process the PerfDisk performance library due to a time violation in the open function
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type13256 / Error
Event Submitted/Written: 04/16/2008 11:59:25 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register with DCOM within the required timeout.
Event Record #/Type13255 / Error
Event Submitted/Written: 04/16/2008 11:58:54 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register with DCOM within the required timeout.
Event Record #/Type13254 / Error
Event Submitted/Written: 04/16/2008 11:58:24 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register with DCOM within the required timeout.
Event Record #/Type13253 / Error
Event Submitted/Written: 04/16/2008 03:26:13 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register with DCOM within the required timeout.
Event Record #/Type13252 / Error
Event Submitted/Written: 04/16/2008 03:25:43 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register with DCOM within the required timeout.
-- End of Deckard's System Scanner: finished at 2008-04-17 00:04:57 ------------
################################
