I have been infected w/ a virus - it started out with DOWNLOADER.EXE & TROJAN.VUNDO
I have Norton Anti Virus & Norton Internet Security - I ran their scan, but it did not eliminate the virus
I went to the symantec website and downladed FIXVUNDO.EXE & followed instructions carefully - still no fix
I have since downloaded & installed ATFCLEANER.EXE, SPYSWEEPER.EXE (WEBROOT), WINDOWS KB890830-V1.34
It seems to have gotten rid of the DOWNLOADER.EXE & TROJAN.VUNDO (At least the warnings have stopped coming up) There is still annoying pop-ups of "privacy tool" website - so I don't know if the 2 virus have been eliminated
NOW I have 2 more viruses TROJ/BCKDR-QJL & TROJ/VIRTUM-GEN
re-ran everything again - TROJ/BCKDR-QJL return - none of my antivirus will delete/eliminate this virus
I downloaded DECKARDS SCANNER and ran it.... (wouldn't let me download HIJACKTHIS through DECKARDS installation) so it installed the HIJACKTHIS clone... here are my results - hope this helps?!?!?
I have 2 results MAIN.TXT & EXTRA.TXT
can someone please help? I am @ my wits end - thanks in advance for any advice...
Deckard's System Scanner v20071014.68
Run by Owner on 2007-11-04 19:58:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 4 Restore Point(s) --
4: 2007-11-05 00:59:03 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2007-11-04 20:47:37 UTC - RP3 - Installed Java 6 Update 3
2: 2007-11-04 17:29:58 UTC - RP2 - Restore Operation
1: 2007-11-04 17:18:56 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 511 MiB (512 MiB recommended).
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-04 20:04:40
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\iDownload.com\Popup Blocker\popupblocker.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\alertic.exe
C:\Program Files\WinAmp\winampa.exe
C:\Program Files\Atari\Atari Arcade Hits 2\Atari Icon.exe
C:\Program Files\Hasbro Interactive\Atari Arcade Hits 1\Atari icon.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn...st/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {30FE5C92-3751-4821-AF7B-1B69F7C3067B} - C:\WINDOWS\system32\tuvss.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {6FA1305D-B243-75C8-D106-64550DF62945} - C:\WINDOWS\system32\uit.dll (file missing)
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll (file missing)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: {15fb16bc-0c49-066a-39c4-99decf51fd3a} - {a3df15fc-ed99-4c93-a660-94c0cb61bf51} - C:\WINDOWS\system32\cowsekle.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: Her - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} - C:\WINDOWS\system32\ramtmb.dll (file missing)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: IE Class - {E385DF17-3B18-11D6-8CF3-00304F10A79B} - C:\Program Files\iDownload.com\Popup Blocker\Helper.dll
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [Popup Blocker] "C:\Program Files\iDownload.com\Popup Blocker\popupblocker.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Iprvdso] C:\Program Files\Knpxra\Ghcw.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Atari Launcher 2] "C:\Program Files\Atari\Atari Arcade Hits 2\Atari icon.exe"
O4 - HKLM\..\Run: [Atari Launcher] "C:\Program Files\Hasbro Interactive\Atari Arcade Hits 1\Atari icon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Norton Password Manager\AcctMgr.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [e88f3759] "rundll32.exe" "C:\WINDOWS\system32\alfwtlxj.dll",b
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O4 - Global Startup: Digimax Viewer 1.0.lnk = ?
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\GREETING CARDS\AG CreataCard\agremind.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Spades () - http://download.game...nts/y/st2_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} () - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1167266843915
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.24 85.255.112.184
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.24 85.255.112.184
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\smshlyhl.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\CCPWDSVC.EXE
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\COMHOST.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Windows Notification Service (Winaltet) - Unknown owner - C:\WINDOWS\System32\winaltet.exe -srv
O24 - Desktop Component 0: - http://www.brownhair...9/jimage.jpgO24 - Desktop Component 1: - http://i9.photobucke...01/ajhot.jpgO24 - Desktop Component 2: - http://images.barnes...10295452.gifO24 - Desktop Component 3: - http://csmail.compus...nline/nonameO24 - Desktop Component 4: - http://www.importedb...ductid=16220O24 - Desktop Component 5: - http://mail.charter....o...S&v=charter
--
End of file - 15083 bytes
-- File Associations -----------------------------------------------------------
.txt - txtfile - shell\open\command - notepad.exe %1
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\windows\system32\cbtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Winalert (Windows Alert Service) - c:\windows\system32\alertic.exe -srv <Not Verified; Microsoft Corporation; Microsoft® DRM>
S2 Winaltet (Windows Notification Service) - c:\windows\system32\winaltet.exe -srv (file missing)
S3 PictureTaker - c:\windows\system32\pctkrnt.sys <Not Verified; LANovation; PictureTaker Software Family>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2007-10-29 09:49:05 498 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Norton QuickScan - Owner.job
2007-10-29 09:49:02 548 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job
2007-10-25 02:00:00 488 --a------ C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
2007-10-24 23:00:22 308 --a------ C:\WINDOWS\Tasks\Symantec Drmc.job
-- Files created between 2007-10-04 and 2007-11-04 -----------------------------
2007-11-04 18:29:18 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-11-04 18:29:11 0 d-------- C:\b3e43d4539310e128fe19e35
2007-11-04 18:27:35 0 d-------- C:\{00004495-0000-0000-5942-503B070B6CD8}
2007-11-04 18:23:00 0 d-------- C:\{8001BC26-0000-0000-C2BC-E5AC2E094943}
2007-11-04 15:58:18 0 d-------- C:\Program Files\Windows Live Safety Center
2007-11-04 15:48:54 0 d-------- C:\Program Files\Java
2007-11-04 15:47:59 0 d-------- C:\Program Files\Common Files\Java
2007-11-04 15:41:45 86080 --a------ C:\WINDOWS\system32\alfwtlxj.dll
2007-11-04 15:35:39 78912 --a------ C:\WINDOWS\system32\cowsekle.dll
2007-11-04 14:46:48 392094 --ahs---- C:\WINDOWS\system32\ssvut.ini2
2007-11-04 12:18:45 5242880 --a------ C:\Documents and Settings\Owner\ntuser.dat
2007-11-04 12:18:44 233472 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-11-04 12:04:37 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-11-04 11:38:26 0 d-------- C:\Documents and Settings\LocalService\SendTo
2007-11-04 11:38:15 0 d-------- C:\Documents and Settings\LocalService\Application Data\Identities
2007-11-04 11:37:46 0 dr------- C:\Documents and Settings\LocalService\My Documents
2007-11-04 11:37:42 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2007-11-04 11:37:42 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-11-04 10:58:48 78912 --a------ C:\WINDOWS\system32\opaffeba.dll
2007-11-04 10:55:51 86080 -----n--- C:\WINDOWS\system32\aupwltum.dll
2007-11-04 09:36:03 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-04 09:34:26 0 d-------- C:\Program Files\Webroot
2007-11-04 09:34:26 0 d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2007-11-04 09:34:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-04 09:26:00 164 --a------ C:\install.dat
2007-11-03 21:49:28 87616 --a------ C:\WINDOWS\system32\lddmgalm.dll
2007-11-03 21:46:27 81472 --a------ C:\WINDOWS\system32\ovxmjlkj.dll
2007-11-03 09:25:13 81472 --a------ C:\WINDOWS\system32\bfbgjocc.dll
2007-11-03 09:19:09 87616 --a------ C:\WINDOWS\system32\rthmvkeq.dll
2007-11-02 06:49:50 85568 --a------ C:\WINDOWS\system32\bxohqvjw.dll
2007-10-30 21:16:22 0 d-------- C:\Program Files\InCode Solutions
2007-10-30 19:33:20 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-10-30 19:33:20 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-10-30 19:33:20 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-10-30 19:33:20 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-10-30 19:33:20 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-10-30 19:33:20 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-10-30 19:33:20 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-10-30 19:33:20 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-10-30 19:33:20 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-10-30 19:33:20 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-10-30 19:33:20 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-10-30 19:33:20 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-10-30 19:33:20 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-10-30 19:33:19 524288 --ah----- C:\Documents and Settings\Administrator\ntuser.dat
2007-10-29 09:42:24 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2007-10-29 09:42:20 0 dr------- C:\Documents and Settings\LocalService\Favorites
2007-10-29 06:25:56 10 --a------ C:\WINDOWS\26171344
2007-10-29 06:25:40 77824 --a------ C:\WINDOWS\system32\alertic.exe <Not Verified; Microsoft Corporation; Microsoft® DRM>
2007-10-28 19:55:48 589 --a------ C:\WINDOWS\system32\gcppqkid.dll
2007-10-25 05:05:48 378883 ---hs---- C:\WINDOWS\system32\ssvut.bak2
2007-10-24 19:23:36 0 d-------- C:\Program Files\Norton Internet Security
2007-10-24 18:52:20 0 d-------- C:\WINDOWS\system32\System
2007-10-24 18:52:19 0 d-------- C:\Program Files\Norton Password Manager
2007-10-24 18:50:44 0 d-------- C:\Program Files\Symantec
2007-10-24 17:21:31 0 d-------- C:\Program Files\e-zshopper
2007-10-24 17:21:27 0 d-------- C:\WINDOWS\system32\acespy
2007-10-24 17:05:31 389505 ---hs---- C:\WINDOWS\system32\ssvut.bak1
2007-10-24 17:03:56 317536 --a------ C:\WINDOWS\system32\tuvss.dll
2007-10-24 16:58:57 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2007-10-24 08:19:47 0 d-------- C:\Program Files\ISM2
2007-10-24 06:49:35 0 d-------- C:\WINDOWS\system32\W?nSxS
2007-10-21 08:23:49 0 d-------- C:\Program Files\Temporary
2007-10-21 08:20:50 0 d-------- C:\Program Files\T?sks
2007-10-18 06:54:27 81920 --a------ C:\WINDOWS\148138101 <Not Verified; Microsoft Corporation; Microsoft® DRM>
2007-10-16 14:40:54 31 --ah----- C:\WINDOWS\uccspecc.sys
2007-10-16 14:40:54 0 d-------- C:\Program Files\Coupons
-- Find3M Report ---------------------------------------------------------------
2007-11-04 18:37:09 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-04 15:47:59 0 d-a------ C:\Program Files\Common Files
2007-11-04 11:38:22 0 d-------- C:\Program Files\Web Publish
2007-10-24 18:54:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2007-10-21 14:02:43 0 d-------- C:\Program Files\T?sks
2007-10-09 08:39:25 0 d-------- C:\Program Files\GREETING CARDS
2007-10-01 14:14:15 77824 --a------ C:\WINDOWS\148119614 <Not Verified; Microsoft Corporation; Microsoft® DRM>
2007-09-08 02:07:01 34304 --a------ C:\WINDOWS\148096421 <Not Verified; Microsoft; NT Service Control Module>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30FE5C92-3751-4821-AF7B-1B69F7C3067B}]
10/24/2007 05:03 PM 317536 --a------ C:\WINDOWS\system32\tuvss.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FA1305D-B243-75C8-D106-64550DF62945}]
C:\WINDOWS\system32\uit.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}]
C:\Program Files\ISM\BndDrive7.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a3df15fc-ed99-4c93-a660-94c0cb61bf51}]
11/04/2007 03:35 PM 78912 --a------ C:\WINDOWS\system32\cowsekle.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B}]
C:\WINDOWS\system32\ramtmb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E385DF17-3B18-11D6-8CF3-00304F10A79B}]
08/11/2003 07:56 PM 94208 --a------ C:\PROGRA~1\IDOWNL~1.COM\POPUPB~1\Helper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GWMDMMSG"="GWMDMMSG.exe" [07/03/2004 09:37 AM C:\WINDOWS\GWMDMMSG.exe]
"GWMDMpi"="C:\WINDOWS\GWMDMpi.exe" [07/03/2004 09:37 AM]
"ATIModeChange"="Ati2mdxx.exe" [07/03/2004 09:37 AM C:\WINDOWS\system32\Ati2mdxx.exe]
"Multi-function Keyboard"="GWHotKey.exe" [08/28/2001 11:13 AM C:\WINDOWS\GWHotKey.exe]
"Popup Blocker"="C:\Program Files\iDownload.com\Popup Blocker\popupblocker.exe" [08/20/2003 06:13 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [08/16/2004 07:11 PM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [10/03/2002 06:50 PM]
"Iprvdso"="C:\Program Files\Knpxra\Ghcw.exe" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/20/2004 01:41 PM]
"Atari Launcher 2"="C:\Program Files\Atari\Atari Arcade Hits 2\Atari icon.exe" [03/08/2000 10:21 AM]
"Atari Launcher"="C:\Program Files\Hasbro Interactive\Atari Arcade Hits 1\Atari icon.exe" [06/25/1999 02:41 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM]
"AcctMgr"="C:\Program Files\Norton Password Manager\AcctMgr.exe" [07/29/2005 09:32 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/22/2007 09:19 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM]
"e88f3759"="rundll32.exe" [08/04/2004 02:56 AM C:\WINDOWS\system32\rundll32.exe]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [10/01/2007 04:40 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [08/29/2005 12:51 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/30/2007 08:49 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"RemoveIT Pro XT"="C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digimax Viewer 1.0.lnk - C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe [4/26/2005 7:58:36 PM]
Event Planner Reminders Tray Icon.lnk - C:\Program Files\Sierra\Planner\PLNRnote.exe [11/6/2006 9:53:37 PM]
Forget Me Not.lnk - C:\Program Files\GREETING CARDS\AG CreataCard\agremind.exe [11/6/2006 9:14:08 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [5/30/2007 8:49:43 PM]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [4/5/2003 11:37:10 PM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/6/2003 1:06:58 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kddkd.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\smshlyhl.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\tuvss.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders rpasspc.dll, msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*Newly Created Service* - COMHOST
-- End of Deckard's System Scanner: finished at 2007-11-04 20:06:42 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 510.98 MiB / 146.41 MiB
Pagefile Memory (total/avail): 1247.43 MiB / 820.06 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.01 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 23.9 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - IC25N040ATCS04-0 - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: Norton Internet Security 2006 v2006 (Symantec Corporation)
AV: Spy Sweeper with AntiVirus v5.5.7.103 (Webroot Software Inc)
AV: Norton Internet Security 2006 v2006 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\kdx\\khost.exe"="C:\\WINDOWS\\kdx\\khost.exe:*:Enabled:Secure Delivery Plug-In"
"C:\\Program Files\\JavaSoft\\JRE\\1.3.1_02\\bin\\javaw.exe"="C:\\Program Files\\JavaSoft\\JRE\\1.3.1_02\\bin\\javaw.exe:*:Disabled:javaw"
"C:\\Program Files\\CompuServe 7.0\\wcs2000.exe"="C:\\Program Files\\CompuServe 7.0\\wcs2000.exe:*:Enabled:CompuServe"
"C:\\Program Files\\LimeWire\\LimeWire 4.2.6\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire 4.2.6\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\esis32\\jre\\1.3.1\\bin\\javaw.exe"="C:\\esis32\\jre\\1.3.1\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\esis32\\jre\\1.4.2\\bin\\javaw.exe"="C:\\esis32\\jre\\1.4.2\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\funkitron\\Slingo Deluxe\\Slingo-am-G.exe"="C:\\Program Files\\funkitron\\Slingo Deluxe\\Slingo-am-G.exe:*:Enabled:Slingo ®"
"C:\\Documents and Settings\\Slingo Deluxe\\Slingo-am-G.exe"="C:\\Documents and Settings\\Slingo Deluxe\\Slingo-am-G.exe:*:Enabled:Slingo ®"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=H
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\H
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=H
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Owner (admin)
Administrator (admin)
Guest (new local, guest)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
American Greetings CreataCard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B58AA53-6EB9-405E-AB6B-6B83C16235F1}\setup.exe" -l0x9 anything
Atari Arcade Hits 1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Atari Arcade Hits 1\Uninst.isu"
Atari Arcade Hits 2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Atari\Atari Arcade Hits 2\Uninst.isu"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
CC_ccProxyExt --> MsiExec.exe /I{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}
ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
ccPxyCore --> MsiExec.exe /I{30738666-9805-4926-A78F-91DA33B6C437}
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Desktop Weather by The Weather Channel --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
Digimax Viewer 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A20EF228-8545-45D8-8E2E-6D067948727E}\SETUP.EXE"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Do More 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2B7C41F-C63D-4935-B323-B60673724D63}\setup.exe" -l0x9
DVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Event Planner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1182355-1464-4B43-8986-031A86808495}\Setup.exe"
Gateway Desktop Manager --> C:\Program Files\Gateway\BMPMAN\GWBMPMAN.exe UNINSTALL
Gateway Drivers and Applications Recovery --> C:\Program Files\Gateway\HPA\GWMenu.exe UNINSTALL
Gateway Internet Links --> "C:\Program Files\SIFXINST\SIFXINST.EXE" /UnapplyFile 99A393E0-1F86-4AB7-9FE3-ACEC7E10098F /Prompt
Gateway Multi-function Keyboard --> C:\WINDOWS\gwhotkey.exe -U
Gateway Power Management --> "C:\Program Files\SIFXINST\SIFXINST.EXE" /UnapplyFile CABC148C-D45D-431C-AEC7-6E7CC31E8583 /Prompt
Gateway Rhapsody --> "C:\Program Files\SIFXINST\SIFXINST.EXE" /UnapplyFile 20BBF229-A337-40AD-9FEB-2C98CDA53D1C /Prompt
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GTW V.92 Voicemodem --> C:\WINDOWS\GWMDMU.exe verbose
Hallmark Card Studio 2003 --> C:\WINDOWS\IsUninst.exe -f"c:\program files\greeting cards\VuUninst.isu" -c"c:\program files\greeting cards\Uninstpa.DLL"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp instant support --> C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe /s CeS
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 1200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
HP Photo and Imaging 2.0 - hp psc 2200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
hp psc 2200 series --> MsiExec.exe /X{913DA816-E8E4-4467-8D22-E2DF5DBF04E4}
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
Java 2 Runtime Environment Standard Edition v1.3.1_02 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_02\Uninst.isu"
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft PowerPoint Viewer 97 --> C:\Program Files\PowerPoint Viewer\setup\setup.exe
Microsoft Streets and Trips 2002 --> MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2003 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe D:\
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
Mouse Suite --> Pmuninst.exe MouseSuite98
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4E9E-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security 2006 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe" /X
Norton Password Manager --> MsiExec.exe /I{8315D4B0-9BF2-4D63-8654-74B89D288D6E}
Norton Password Manager (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{8315D4B0-9BF2-4D63-8654-74B89D288D6E}.exe /X
Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NPM_DRM_COLLECTION --> MsiExec.exe /I{E38D4B55-212A-4016-BE7E-ED3A6153CBEA}
Popup Blocker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F36980F-B89A-42F5-A0E0-5850ED9252F4}\Setup.exe" -l0x9
PowerPak for PowerPoint Sampler --> C:\Program Files\PowerPak\UnInstall_51238.exe
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Samsung Digimax 340 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Samsung\Samsung Digimax 340\Uninst.isu"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Slingo Deluxe --> C:\PROGRA~1\FUNKIT~1\SLINGO~1\UNWISE.EXE C:\PROGRA~1\FUNKIT~1\SLINGO~1\INSTALL.LOG
Solitaire Master 3 --> C:\PROGRA~1\eGames\SOLITA~1\UNWISE.EXE C:\PROGRA~1\eGames\SOLITA~1\INSTALL.LOG
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Synaptics TouchPad --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tetris (remove only) --> "C:\Program Files\Tetris\Tetris\uninstall.exe"
USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8F7C1E5-0150-11D6-A96C-00D05908F85D}\Setup.exe" -l0x9
Virtual Key --> C:\WINDOWS\uninst.exe -fC:\WINDOWS\System32\DeIsL1.isu -cC:\WINDOWS\System32\VkUninst.dll
Watson --> MsiExec.exe /I{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}
Weather Services --> C:\WINDOWS\System32\control.exe C:\WINDOWS\System32\wxfw.cpl,4
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPhlash --> "C:\Program Files\SIFXINST\SIFXINST.EXE" /UnapplyFile 7A7A3120-0DBA-4CEC-895C-67DB0B86F7CB /Prompt
Wireless-G Notebook Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}\Setup.exe" -l0x9
-- Application Event Log -------------------------------------------------------
Event Record #/Type7681 / Error
Event Submitted/Written: 11/04/2007 07:52:00 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msimn.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type7658 / Warning
Event Submitted/Written: 11/04/2007 06:56:46 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type7654 / Warning
Event Submitted/Written: 11/04/2007 06:45:33 PM
Event ID/Source: 1020 / ASP.NET 2.0.50727.0
Event Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.
Event Record #/Type7647 / Error
Event Submitted/Written: 11/04/2007 05:48:48 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msimn.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type7621 / Error
Event Submitted/Written: 11/04/2007 02:54:42 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error
Internet connection not detected.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type2139 / Error
Event Submitted/Written: 11/04/2007 07:03:04 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Windows Notification Service service failed to start due to the following error:
%%2
Event Record #/Type2084 / Error
Event Submitted/Written: 11/04/2007 03:28:33 PM / 11/04/2007 03:28:34 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Windows Notification Service service failed to start due to the following error:
%%2
Event Record #/Type2077 / Warning
Event Submitted/Written: 11/04/2007 03:07:21 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\YOUR-0591B6C1CB on the network \Device\NetBT_Tcpip_{5BF830F0-CD2C-4320-B18C-7BB04244988A}.
The data is the error code.
Event Record #/Type2028 / Error
Event Submitted/Written: 11/04/2007 02:45:30 PM / 11/04/2007 02:45:32 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Windows Notification Service service failed to start due to the following error:
%%2
Event Record #/Type1989 / Error
Event Submitted/Written: 11/04/2007 00:48:52 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Windows Notification Service service failed to start due to the following error:
%%2
-- End of Deckard's System Scanner: finished at 2007-11-04 20:06:42 ------------