Trojan Nir Cmd

  1. 01-02-2008  #1
    doctom
    doctom is offline Full Member

    Trojan Nir Cmd

    I have been getting a reference to this viris (Trojan Nir Cmd) on a regular basis with my virus scan.

    A web search reveals it may be related to some virus protection installed on my computer.

    I have:AVG (paid)
    spyware doctor (just downloaded newest version)
    ad-aware (just downloaded newest version)
    Registry mechanic (did not reregister for paid)
    Spybot (just downloaded newest version)

    Anyone have any ideas why I'm slow and Nir Cmd comes up?

    Doctom

  3. 01-02-2008  #2
    VopThis
    VopThis is offline Senior Member (Canada)
    Most probably you have been using ComboFix - and nircmd.exe is a part of ComboFix. Is this the case?

    Nircmd.exe is a commandline tool used in many removal tools:
    http://www.nirsoft.net/utils/nircmd.html

    Some scanners flag commandline tools as "bad" because malware may also use this command line tool.



    If you wish to proceed, please post a HijackThis LOG and Uninstall List as per instructions here:

    http://www.d-a-l.com/help/showthread.php?t=32403
  4. 02-02-2008  #3
    doctom
    doctom is offline Full Member
    Vincent P

    Thank you for your response. I saved combofix from last fall when Neal helped me through a virus problem.

    Then about two weeks ago, with my computer lagging slow I decided to run combofix (Neal suggested I rename it--kitty kat). My thinking was that perhaps something was in a temporary file which was causing my slowdown.

    My comp. worked a little better but I was still suspicious. Hence my post to D.A.L..

    Do you think I should do anything else?

    Thanks again..................Tom H
  5. 02-02-2008  #4
    VopThis
    VopThis is offline Senior Member (Canada)
    Lets learn a little more about your PC:


    Please download Deckard's System Scanner (DSS) to your desktop.
    • Close all applications and windows.
    • Double-click on dss.exe to run it, and follow the prompts.
    • When the scan is complete, a text file will open - Main.txt
    • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
    • An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
    • Please go to that FOLDER and also copy the contents of Extra.txt to your post as well.

    Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

    What DSS will do:
    • Create a new System Restore point in Windows XP and Vista.
    • Clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
    • Check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed.
    Post Logs:
    • DSS Scan Results: contents of:
      • 1) Main.txt
      • 2) Extra.txt
  6. 03-02-2008  #5
    doctom
    doctom is offline Full Member
    Vincent P:

    Following your request from your last post, here are the two logs which you prefered from DSS:

    Deckard's System Scanner v20071014.68
    Run by Owner on 2008-02-02 19:37:37
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    87: 2008-02-03 00:37:48 UTC - RP124 - Deckard's System Scanner Restore Point
    86: 2008-02-02 17:40:53 UTC - RP123 - System Checkpoint
    85: 2008-02-01 16:24:04 UTC - RP122 - System Checkpoint
    84: 2008-01-31 11:15:06 UTC - RP121 - Ad-Aware Restore Point 2008-01-31 06:14:58
    83: 2008-01-31 03:09:33 UTC - RP120 - Made by Registry Mechanic


    -- First Restore Point --
    1: 2007-11-05 23:22:41 UTC - RP38 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 480 MiB (512 MiB recommended).


    -- HijackThis (run as Owner.exe) -----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:39:50 PM, on 2/2/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\keyhook.exe
    C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\SPAMfighter\S***ent.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Verizon Online\bin\mpbtn.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Documents and Settings\Owner\Desktop\dss.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http//cgi.verizon.net.bookmarks
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - blank (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\S***ent.exe" update delay 60
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
    O16 - DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} (McciUtilsSpecialFolder Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093533026256
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136590576828
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://owa.thecsgroup.com/Remote/msrdp.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.novabeheer.nl:9001/act...CamControl.cab
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/2...l/gtdownls.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
    O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - https://download.verizon.net/sfp/Cab...WebInstall.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 8470 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
    R2 DgivEcp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; DeviceGuys, Inc.; DeviceGuys, Inc. Team MFP for Windows NT, 9x, and 3.1>
    R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.7) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.7>

    S3 ENTECH - c:\windows\system32\drivers\entech.sys (file missing)
    S3 UXDCMN - d:\winstress\winstress\uxdcmn.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    All services whitelisted.


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2008-02-02 16:50:13 364 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


    -- Files created between 2008-01-02 and 2008-02-02 -----------------------------

    2008-01-31 23:53:07 0 dr-h----- C:\Documents and Settings\Owner\Recent
    2008-01-30 20:59:09 0 d-------- C:\Program Files\Spyware Doctor
    2008-01-29 22:53:59 0 d-------- C:\Program Files\Lavasoft
    2008-01-29 22:53:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-29 22:50:40 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-21 20:16:01 0 d-------- C:\Program Files\FlashPlayer Plus
    2008-01-05 12:11:08 0 d-------- C:\Program Files\AvantGo Connect
    2008-01-05 12:10:22 65613 --a------ C:\WINDOWS\system32\PPVEXP.DLL <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
    2008-01-05 12:10:22 114688 --a------ C:\WINDOWS\system32\MALSLIB.DLL <Not Verified; AvantGo, Inc.; AvantGo Connect>
    2008-01-05 12:10:21 24652 --a------ C:\WINDOWS\system32\UICOM.DLL <Not Verified; Microsoft Corporation; Microsoft Pocket Office>
    2008-01-05 12:10:21 73803 --a------ C:\WINDOWS\system32\RAPI.DLL <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
    2008-01-05 12:10:21 36942 --a------ C:\WINDOWS\system32\PPCLOAD.DLL <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
    2008-01-05 12:10:21 65615 --a------ C:\WINDOWS\system32\PMAILEXT.DLL <Not Verified; Microsoft Corporation; Microsoft Pocket Office>
    2008-01-05 12:10:21 57423 --a------ C:\WINDOWS\system32\MSGSTRPC.DLL <Not Verified; Microsoft Corporation; Microsoft Pocket Office>
    2008-01-05 12:10:19 53325 --a------ C:\WINDOWS\system32\CEUTIL.DLL <Not Verified; Microsoft Corporation; Microsoft ActiveSync>


    -- Find3M Report ---------------------------------------------------------------

    2008-02-02 10:08:17 0 d-------- C:\Program Files\SPAMfighter
    2008-01-29 22:50:40 0 d-------- C:\Program Files\Common Files
    2008-01-29 22:38:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
    2008-01-06 11:49:44 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
    2008-01-05 12:11:14 0 d-------- C:\Program Files\Microsoft ActiveSync
    2008-01-05 10:42:19 0 d-------- C:\Program Files\palmOne
    2008-01-02 15:07:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
    2007-12-31 20:04:53 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2007-12-18 19:55:11 0 d-------- C:\Program Files\Common Files\Ankiro
    2007-12-18 19:53:41 0 d-------- C:\Program Files\Common Files\Application
    2007-11-24 17:46:57 50 --a------ C:\WINDOWS\system32\BRIDF04A.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [01/02/2004 11:11 AM]
    "Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\Motive SB.exe" [01/04/2005 08:28 AM]
    "EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM _EXEC.EXE" [12/20/2001 09:42 AM]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/25/2005 01:46 AM]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/02/2007 05:29 PM]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [09/23/2007 12:38 PM]
    "SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [05/25/2004 09:16 AM]
    "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [07/20/2004 09:34 AM]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\S***ent.exe" [01/02/2008 05:03 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]

    C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
    HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [4/13/2004 5:03:10 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [11/24/2007 5:25:30 PM]
    Verizon Online Support Center.lnk - C:\Program Files\Verizon Online\bin\matcli.exe [12/23/2004 5:11:14 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
    "ClearRecentDocsOnExit"=1 (0x1)
    "NoRecentDocsMenu"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
    backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
    backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TimeLeft.lnk]
    backup=C:\WINDOWS\pss\TimeLeft.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    %systemroot%\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    C:\WINDOWS\system32\\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
    C:\Program Files\Registry Mechanic\RegMech.exe /S

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\removecpl]
    RemoveCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
    C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
    C:\WINDOWS\SiSUSBrg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
    "C:\Program Files\SPAMfighter\S***ent.exe" update delay 60

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]




    -- End of Deckard's System Scanner: finished at 2008-02-02 19:41:47 ------

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Home Edition (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
    CPU 1: Intel(R) Pentium(R) 4 CPU 2.80GHz
    Percentage of Memory in Use: 74%
    Physical Memory (total/avail): 479.53 MiB / 123.79 MiB
    Pagefile Memory (total/avail): 777.61 MiB / 163.39 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1933.13 MiB

    A: is Removable (No Media)
    C: is Fixed (NTFS) - 74.53 GiB total, 61.64 GiB free.
    D: is CDROM (No Media)
    E: is Removable (No Media)

    \\.\PHYSICALDRIVE0 - WDC WD800BB-00DKA0 - 74.53 GiB - 1 partition
    \PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:

    \\.\PHYSICALDRIVE1 - Brother MFC-210C USB Device



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    AntivirusOverride is set.


    [HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]

    [HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
    "C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE:*:Enabled:Connection Manager"


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Owner\Application Data
    CLASSPATH=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=AMA-BQSACCGEC9L
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Owner
    LOGONSERVER=\\AMA-BQSACCGEC9L
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\sys tem32\wbem;C:\Program Files\QuickTime\QTSystem
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 5, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0205
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
    TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
    USERDOMAIN=AMA-BQSACCGEC9L
    USERNAME=Owner
    USERPROFILE=C:\Documents and Settings\Owner
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    Owner (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\PROGRA~1\VERIZO~1\Uninstall.exe Verizon
    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Secrets of the Masters Trading Game\ST6UNST.000"
    --> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
    --> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00C6-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00D1-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF03DA-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\Setup.exe" -l0x9 -uninst
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
    Adobe Acrobat 4.0, 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
    Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
    Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
    AeroCrafter CD 8th Edition --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\AeroCrafter CD 8th Edition\ST5UNST.LOG"
    AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    Belkin Wireless Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45401A03-BDF0-448F-9B0F-3882B96F6692}\setup.exe" -l0x9
    Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40A6C96D-808E-41DD-8716-617AB6B0F1F1}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
    DirectX Media Runtime 5.1 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DXM51.INF,Uninstall.NT
    Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe"
    ImageMixer VCD/DVD2 for OLYMPUS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
    J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
    J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
    J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
    Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
    LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
    Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL /L9
    Logitech Gaming Software --> MsiExec.exe /X{FAAA508A-05C0-488B-BFC2-F9217E545A81}
    Logitech MouseWare 9.42 .1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
    Logitech Resource Center --> C:\PROGRA~1\RESOUR~1\rem\UNWISE.EXE /s C:\PROGRA~1\RESOUR~1\rem\INSTALL.LOG
    Logitech User's Guide --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBE0FCA1-4E95-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
    Microsoft ActiveSync 3.7 --> "C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
    Microsoft Flight Simulator 2004 A Century of Flight --> "C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
    Microsoft Office 2000 SR-1 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
    Microsoft Office 2000 SR-1 Small Business --> MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe"
    Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
    Move Networks Player for Internet Explorer --> "C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\unins000.exe"
    Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
    Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
    OLYMPUS Master --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
    Palm Desktop --> MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
    PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
    Punch! Professional Home Design --> C:\PROGRA~1\PUNCH!~1\UNWISE.EXE C:\PROGRA~1\PUNCH!~1\INSTALL.LOG
    QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\I Driver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Registry Mechanic 5.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
    Secrets of the Masters Trading Game --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Secrets of the Masters Trading Game\ST6UNST.LOG"
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
    SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,r,0
    SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
    SPAMfighter --> "C:\Program Files\SPAMfighter\uninstall.exe" Remove
    Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
    SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
    TWAIN Driver --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\twain.isu
    Verizon Online --> C:\WINDOWS\system32\VerizonUninstaller.exe
    Verizon Online Support Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00A1-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
    Verizon SmartCall --> C:\PROGRA~1\VERIZO~1\SMARTC~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\SMARTC~1\INSTALL.LOG
    Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
    Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    Zing! DWF file viewer --> C:\Program Files\Zing! Viewer\zing_uninstall.exe


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type2780 / Error
    Event Submitted/Written: 01/30/2008 08:37:18 PM
    Event ID/Source: 11706 / MsiInstaller
    Event Description:
    Product: Microsoft Office 2000 SR-1 Small Business -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Small Business. The Windows installer cannot continue.

    Event Record #/Type2779 / Warning
    Event Submitted/Written: 01/30/2008 08:36:47 PM
    Event ID/Source: 1001 / MsiInstaller
    Event Description:
    Detection of product '{00030409-78E1-11D2-B60F-006097C998E7}', feature 'ThemesAdditionalFiles' failed during request for component '{FCC3E6FE-999C-11D1-8594-00AA00A425A5}'

    Event Record #/Type2772 / Error
    Event Submitted/Written: 01/30/2008 08:13:07 AM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
    Processing media-specific event for [!ws!]

    Event Record #/Type2732 / Warning
    Event Submitted/Written: 01/25/2008 07:05:52 AM
    Event ID/Source: 1524 / Userenv
    Event Description:
    Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

    Event Record #/Type2629 / Error
    Event Submitted/Written: 01/13/2008 11:15:52 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application outlook.exe, version 9.0.0.6604, faulting module unknown, version 0.0.0.0, fault address 0x7dcc9b70.
    Processing media-specific event for [outlook.exe!ws!]



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type49563 / Error
    Event Submitted/Written: 02/02/2008 07:40:27 PM
    Event ID/Source: 7016 / Service Control Manager
    Event Description:
    The BrSplService service has reported an invalid current state 0.

    Event Record #/Type49562 / Error
    Event Submitted/Written: 02/02/2008 04:59:11 PM
    Event ID/Source: 1002 / Dhcp
    Event Description:
    The IP address lease 192.168.1.100 for the Network Card with network address 00115018DDBD has been
    denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

    Event Record #/Type49552 / Error
    Event Submitted/Written: 02/01/2008 0426 PM
    Event ID/Source: 1002 / Dhcp
    Event Description:
    The IP address lease 192.168.1.101 for the Network Card with network address 00115018DDBD has been
    denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

    Event Record #/Type49529 / Error
    Event Submitted/Written: 02/01/2008 10:07:51 AM
    Event ID/Source: 7034 / Service Control Manager
    Event Description:
    The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).

    Event Record #/Type49525 / Error
    Event Submitted/Written: 02/01/2008 10:07:50 AM
    Event ID/Source: 7022 / Service Control Manager
    Event Description:
    The PC Tools Security Service service hung on starting.



    -- End of Deckard's System Scanner: finished at 2008-02-02 19:41:47 ------------

    Thanks for the review of these logs!!!!!!

    Tom H.
  7. 03-02-2008  #6
    VopThis
    VopThis is offline Senior Member (Canada)
    84: 2008-01-31 11:15:06 UTC - RP121 - Ad-Aware Restore Point 2008-01-31 06:14:58
    83: 2008-01-31 03:09:33 UTC - RP120 - Made by Registry Mechanic
    As the average user begins to add more and more security and other processes (already have Spyware Doctor and AVG AS) on a resource challenged PC, it is not uncommon to see the following behavior:
    • Boot and shutdown times become excessive.
    • Hard drive activity becomes excessive (memory swaps to disk).
    • MSCONFIG being used to TRY and help reduce the load (often marginal results).
    • Missing very advisable tools such as real-time always on anti-virus - you are missing one.


    Total Physical Memory: 480 MiB (512 MiB recommended).

    Percentage of Memory in Use: 74%
    Physical Memory (total/avail): 479.53 MiB / 123.79 MiB
    Pagefile Memory (total/avail): 777.61 MiB / 163.39 MiB



    Your PC would preform much better with an additional 512MB RAM memory. Plus, your PC is open to virus attacks - you at least need to run an online antivirus scan in case some malware is also currently making things worse. TRY:

    http://www.eset.com/onlinescan/
  8. 03-02-2008  #7
    doctom
    doctom is offline Full Member
    Vincent P:

    I tried ESET via your link. No go------I use Firefox they want IE. So I went back to the IExplorer without the scan working.

    Absent ESET not working on my computer, can I defer the cost of additional RAM by eliminating some (I thought I was using a minimum of software applications) of my "excess".

    Thanks for the review and observation.

    Tom H
  9. 03-02-2008  #8
    VopThis
    VopThis is offline Senior Member (Canada)
    Save 20% on AVG Internet Security 2012 Suite!
    The behavior of IE is quite perplexing and could be indicative of a virus on your PC. Unfortunately, most online tools do require IE. Your can try running eset's NOD32 as a thirty day free trial. It has one of the lowest memory footprints for any antivirus product.


    can I defer the cost of additional RAM by eliminating some
    512MB is barely enough for most PCs these days. Go to your task manager (Ctrl+Alt+Delete), use the 'Processes' TAB, and see what what happens when you try to load most apps (try IE). You can sort (click) on the TITLE BAR for CPU or MEMORY (footprint). You will often notice a significant spike in memory usage requirements which may necessitate swapping memory in-use to disk and vice versa. For every 512MB of memory the system also uses up to 512MB of virtual (swappable) disk storage.


    In your current strategy, you have inadvisedly decided to not run an antivirus tool and may now need to stop running other useful security tools tools if that is what you need to do.

    By loading certain tools, you will still have memory usage tracks for memory resident (guard) portions of certain tools - run 'Process Explorer' to see what process is associated with which vendor:

    http://technet.microsoft.com/en-us/s.../bb896653.aspx

    Sort (click) on the 'company name' TITLE BAR.
    Last edited by VopThis; 03-02-2008 at 03:54 PM.
+ Reply to Thread
« slow vista startup | Visual C++ Runtime Library problems »