SmitFraudFix v2.217
Scan done at 15:39:35.79, 29/08/2007
Run from C:\Documents and Settings\Pieter\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\BRAINB~1\bb.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\Grisoft\AVG7\avgwa.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
DSS Main Text
Deckard's System Scanner v20070826.66
Run by Pieter on 2007-08-29 15:47:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
37: 2007-08-29 14:48:57 UTC - RP467 - Deckard's System Scanner Restore Point
36: 2007-08-28 15:54:52 UTC - RP466 - Removed MSXML 4.0 SP2 (KB927978)
35: 2007-08-24 13:53:24 UTC - RP465 - System Checkpoint
34: 2007-08-15 21:06:13 UTC - RP464 - Software Distribution Service 3.0
33: 2007-08-06 22:59:04 UTC - RP463 - System Checkpoint
-- First Restore Point --
1: 2007-05-28 01:19:47 UTC - RP431 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 511 MiB (512 MiB recommended).
-- HijackThis (run as Pieter.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:50, on 29/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\BRAINB~1\bb.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pieter\Local Settings\Temporary Internet Files\Content.IE5\VIY7UT46\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Pieter.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sashowhorse.co.za/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {208D7BCC-9857-4C9E-823B-D04E72490A67} - C:\WINDOWS\mxduo.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [7u560] C:\WINDOWS\Media\7u560.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Brain Bullet] C:\PROGRA~1\BRAINB~1\bb.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZC
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1118535946584
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{674AE7D8-98E7-420A-8757-403B83332D0A}: NameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A017BA3-F875-4628-8E73-6972D8591B5D}: NameServer = 196.44.128.146 196.44.136.165
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O21 - SSODL: wmphost - {92D08B9C-93ED-4BEB-8A5C-DD0CA56D2A63} - C:\WINDOWS\wmphost.dll
O21 - SSODL: wmpdev - {70603E58-740C-415C-8364-DAC6BD6EBC6C} - C:\WINDOWS\wmpdev.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 9200 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 IABFilt (Iomega Snapshot Volume Filter) - c:\windows\system32\drivers\iabfilt.sys <Not Verified; Iomega; Iomega Volume Filter Driver>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; ; Bluetooth Software 1.3.2.7>
R3 DKbFltr (Dritek HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\dkbfltr.sys <Not Verified; Dritek System Inc.; Dritek MMKey>
R3 IPSECSHM (Nortel IPSECSHM Adapter) - c:\windows\system32\drivers\ipsecw2k.sys <Not Verified; Nortel Networks; Contivity VPN Client>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 WDMWANMP (NDIS WAN miniport) - c:\windows\system32\drivers\wdmwanmp.sys
S2 IPSECEXT (Nortel Extranet Access Protocol) - c:\windows\system32\drivers\ipsecw2k.sys <Not Verified; Nortel Networks; Contivity VPN Client>
S3 ISDN_u (ISDN USB CAPI) - c:\windows\system32\drivers\isdn_u.sys
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAN Access Server Driver
Device ID: ROOT\NET 00
Manufacturer: WIDCOMM, Inc.
Name: Bluetooth LAN Access Server Driver
PNP Device ID: ROOT\NET 00
Service: BTWDNDIS
-- Scheduled Tasks -------------------------------------------------------------
2007-08-25 08:00:00 350 --a------ C:\WINDOWS\Tasks\XoftSpy.job
2005-10-31 12:12:59 346 --a------ C:\WINDOWS\Tasks\HPFRU Task #Hewlett-Packard#hp officejet 7100 series#1122627325.job
-- Files created between 2007-07-29 and 2007-08-29 -----------------------------
2007-08-29 15:52:25 0 d-------- C:\Program Files\Trend Micro
DSS Extra Text
Deckard's System Scanner v20070826.66
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Mobile AMD Athlon XP 2500+
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 510.48 MiB / 213.27 MiB
Pagefile Memory (total/avail): 1245.18 MiB / 772.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1946.84 MiB
C: is Fixed (NTFS) - 54.63 GiB total, 20.57 GiB free.
D: is Fixed (NTFS) - 1.25 GiB total, 0.11 GiB free.
E: is CDROM (No Media)
G: is Removable (No Media)
Z: is Network (NTFS)
\\.\PHYSICALDRIVE0 - IC25N060ATMR04-0 - 55.89 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 54.63 GiB - C:
\PARTITION1 - Installable File System - 1278.61 MiB - D:
\PARTITION2 - Unknown - 7.84 MiB
\\.\PHYSICALDRIVE1 - Generic Flash R/W USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: AVG Firewall 7.5.475 v7.5.475 (GRISOFT)
AV: AVG 7.5.484 v7.5.484 (GRISOFT)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Nortel Networks\\Extranet.exe"="C:\\Program Files\\Nortel Networks\\Extranet.exe:*:Enabled:Contivity VPN Client"
"C:\\WINDOWS\\system32\\ntvdm.exe"="C:\\WINDOWS\\system32\\ntvdm.exe:*:Enabled:NTVDM.EXE"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Pieter\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PIETER-PC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Pieter
LOGONSERVER=\\PIETER-PC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;c:\Program Files\Microsoft SQL Server\90\Tools\binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Pieter\LOCALS~1\Temp
TMP=C:\DOCUME~1\Pieter\LOCALS~1\Temp
USERDOMAIN=PIETER-PC
USERNAME=Pieter
USERPROFILE=C:\Documents and Settings\Pieter
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
Pieter (admin)
Administrator (new local, admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
--> MsiExec.exe /X{EE43210C-266E-4101-8FBC-04378D5E9D42}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Agere Systems AC'97 Modem --> agrsmdel
ArcSoft Camera Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD708DF0-9F04-4CB3-821A-85804A833B4D}\setup.exe" -l0x9 -uninst
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Autodesk MapGuide® Viewer ActiveX Control Release 6 --> MsiExec.exe /I{88F7D07F-0351-46AD-ABC2-1D1F14F4C037}
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BCM Wireless Network Adapter --> C:\WINDOWS\system32\BCMWLU00.exe verbose
Brain Bullet! --> C:\Program Files\Brain Bullet!\Uninstall.exe
Focalpoint --> C:\WINDOWS\IsUninst.exe -fC:\FP\MACHINE\DeIsL1.isu
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HexDump plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\hexdump\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\hexdump\INSTALL.LOG
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Deskjet 5700 --> msiexec /x{85B1BEF2-2357-4C27-ABBE-15A1AE3AF78D}
hp officejet 7100 series --> C:\WINDOWS\system32\hpocon09.exe /u 1122627325 /d "hp officejet 7100 series"
hp officejet 7100 series - 2 --> C:\WINDOWS\system32\hpocon09.exe /u 1134731355 /d "hp officejet 7100 series"
hp officejet 7100 series - 3 --> C:\WINDOWS\system32\hpocon09.exe /u 1139227108 /d "hp officejet 7100 series"
HP Photo Printing Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\Photo Printing\hpiunPC.dll
HP Share-to-Web --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" --MAIN -l9
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Iomega Product Registration --> MsiExec.exe /X{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}
Java 2 Runtime Environment, SE v1.4.2_01 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
KeyMail Decoder --> rundll32.exe C:\WINDOWS\system32\keymail.dll,UninstallDll
Launch Manager --> C:\WINDOWS\UnInst32.exe QtZiAcer.UNI
Lavasoft VX2 Cleaner --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\INSTALL.LOG
LSP Explorer plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\LSPEXP~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\LSPEXP~1\INSTALL.LOG
Messenger-Control plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\MESSEN~1\INSTALL.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Accounting 2007 --> "c:\Program Files\Microsoft Small Business\Small Business Accounting 2007\SetupBootstrap\Setup.exe" /remove {B0717D5A-1976-482B-9ADF-F19631A541A4}
Microsoft Office Accounting 2007 --> MsiExec.exe /X{B0717D5A-1976-482B-9ADF-F19631A541A4}
Microsoft Office Accounting ADP Payroll Addin --> MsiExec.exe /I{5FA793A6-0071-42C1-9355-8F69A428C44F}
Microsoft Office Accounting Equifax Addin --> MsiExec.exe /X{8C711818-076E-475C-B95B-DF11CD9D8DBE}
Microsoft Office Accounting Fixed Asset Manager --> MsiExec.exe /X{46614A49-222A-48EF-87A9-BFD603E608E1}
Microsoft Office Accounting PayPal Addin --> MsiExec.exe /X{353D20CC-719B-4A60-AD33-D03F88C10330}
Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft PowerPoint Viewer 97 --> C:\Program Files\PowerPoint Viewer\setup\setup.exe
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Native Client --> MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nortel Networks Contivity VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF964A78-078C-11D1-B7A7-0000C0134CE6}\setup.exe" Uninstall
NTI CD & DVD-Maker 6.5 Gold --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1033 AnyText
OE/W Messengerctrl plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\OEMESS~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\OEMESS~1\INSTALL.LOG
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PrimoPDF --> "C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
PrimoPDF Redistribution Package --> MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Snapshot Viewer --> C:\Program Files\Snapshot Viewer\Setup\Setup.exe /T snap90.stf
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TBSCA 1.1 --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
TrojanHunter 4.7 --> "C:\Program Files\TrojanHunter 4.7\unins000.exe"
Tweak-SE plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\tweakse\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\tweakse\INSTALL.LOG
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Video Access Codec v1.4 --> C:\Program Files\VideoAccessCodec\Uninstall.exe
WebVideo Support --> C:\WINDOWS\main_uninstaller.exe
WIDCOMM Bluetooth Software --> MsiExec.exe /X{0F51A262-1ADF-4914-B448-78AC58C4178A}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WLAN 802.11g mini-PCI Module --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{487BC3B8-7BD9-4860-8F52-2F7E8C65B75E}
XoftSpy --> C:\Program Files\XoftSpy\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type11988 / Error
Event Submitted/Written: 08/29/2007 11:47:03 AM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 230460197.
Event Record #/Type11987 / Error
Event Submitted/Written: 08/29/2007 11:45:51 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application MSPUB.EXE, version 11.0.6565.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type11913 / Error
Event Submitted/Written: 08/29/2007 06:39:50 AM
Event ID/Source: 100 / AVG7
Event Description:
2007-08-29 05:39:50,590 PIETER-PC [003592:002644] ERROR 000 AVG7.AvgAntiSpam.UpdateRules Failed to update antispam rules: Network error
Event Record #/Type11912 / Error
Event Submitted/Written: 08/29/2007 04:39:37 AM
Event ID/Source: 100 / AVG7
Event Description:
2007-08-29 03:39:37,408 PIETER-PC [001972:000516] ERROR 000 AVG7.AvgAntiSpam.UpdateRules Failed to update antispam rules: Network error
Event Record #/Type11911 / Error
Event Submitted/Written: 08/29/2007 02:39:38 AM
Event ID/Source: 100 / AVG7
Event Description:
2007-08-29 01:39:38,707 PIETER-PC [001708:003392] ERROR 000 AVG7.AvgAntiSpam.UpdateRules Failed to update antispam rules: Network error
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type12228 / Error
Event Submitted/Written: 08/29/2007 00:02:04 AM / 08/29/2007 00:02:07 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.
Event Record #/Type12227 / Error
Event Submitted/Written: 08/29/2007 00:01:12 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.
Event Record #/Type12226 / Error
Event Submitted/Written: 08/29/2007 00:01:08 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.
Event Record #/Type12225 / Error
Event Submitted/Written: 08/29/2007 00:01:04 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.
Event Record #/Type12224 / Error
Event Submitted/Written: 08/29/2007 00:01:01 AM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.
-- End of Deckard's System Scanner: finished at 2007-08-29 15:56:25 ------------