Here are the scans
Activescan Log Incident Status Location
Virus:Trj/Downloader.RDL Disinfected Operating system
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\narshad\Application Data\Mozilla\Firefox\Profiles\2vjfg34k.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\narshad\Application Data\Mozilla\Firefox\Profiles\2vjfg34k.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\narshad\Application Data\Mozilla\Firefox\Profiles\2vjfg34k.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\narshad\Application Data\Mozilla\Firefox\Profiles\2vjfg34k.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\narshad\Application Data\Mozilla\Firefox\Profiles\2vjfg34k.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\narshad\Application Data\Mozilla\Firefox\Profiles\2vjfg34k.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\narshad\Cookies\narshad@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\narshad\Cookies\
[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\narshad\Cookies\narshad@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\narshad\Cookies\narshad@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\narshad\Cookies\narshad@atwola[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\narshad\Cookies\narshad@com[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\narshad\Cookies\narshad@go[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\narshad\Cookies\narshad@questionmarket[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\narshad\Cookies\narshad@tribalfusion[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\narshad\Cookies\narshad@xiti[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\narshad\Cookies\narshad@zedo[2].txt
Adware:Adware/InternetSpeedMonitor Not disinfected C:\Program Files\True Sword 4\backuped\2\QdrModule11 .exe
Virus:Trj/Downloader.RSD Disinfected C:\Program Files\WinBudget\bin\crap.1199945787.old
Virus:Trj/Downloader.RSD Disinfected C:\Program Files\WinBudget\bin\matrix.dll
Spyware:Cookie/Atlas DMT Not disinfected C:\Temp\Cookies\narshad@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Temp\Cookies\narshad@atwola[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Temp\Cookies\narshad@doubleclick[1].txt
Adware:Adware/Adband Not disinfected C:\Temp\D20.tmp
Virus:Trj/Downloader.RUZ Disinfected C:\Temp\ismtpa8.exe
Adware:Adware/InternetSpeedMonitor Not disinfected C:\Temp\TMP31.tmp
Adware:Adware/InternetSpeedMonitor Not disinfected C:\Temp\TMP34.tmp
Virus:Trj/Downloader.RTN Disinfected C:\Temp\tmpDF.tmp
Virus:Trj/Downloader.RDL Disinfected C:\WINDOWS\system32\AppCert\wnl32.dll
Deckard Scans==============================================================================
main.txt==============================================================================
Deckard's System Scanner v20071014.68
Run by narshad on 2008-01-16 19:31:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...failed; access is denied.
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as narshad.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:39 PM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Linksys\Wireless Network PC Card\NICServ.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\rconsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\TEMP\XHB5B6.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\r390p5drn.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Cassetica\Cassetica NotesMedic Pro\NMPSystray.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\narshad\Desktop\dss.exe
C:\DOCUME~1\narshad\STARTM~1\Programs\SCANNI~1\narshad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://navigator.network.intR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://navigator.network.intR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.sauer-danfoss.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sauer-Danfoss Inc.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
http://amsadc01.netw.../wpad_sauer.datO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {70AF82A5-494D-4C50-87FF-EB6C51CF5235} - c:\windows\system32\dsauthh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {972E4C00-AC7B-400C-94E7-2AAE07791035} - C:\WINDOWS\system32\dssech.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [r390p5drn] C:\WINDOWS\system32\r390p5drn.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [r390p5drn] C:\WINDOWS\system32\r390p5drn.exe
O4 - Global Startup: NMPSystray.lnk = C:\Program Files\Cassetica\Cassetica NotesMedic Pro\NMPSystray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://navigator.network.int
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) -
http://wdownload.wea...Transporter.cab?
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) -
http://dl.tvunetworks.com/TVUAx.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.hotmail....es/MSNPUpld.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onec...lscbase4009.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://cat.webex.co...bex/ieatgpc.cabO16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) -
http://amsiis01.netw...OpType=PrintCabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = network.int
O17 - HKLM\Software\..\Telephony: DomainName = network.int
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = network.int
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = network.int
O20 - Winlogon Notify: etxiwovc - C:\WINDOWS\SYSTEM32\dsauthh.dll
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: NICSer_WPC11 - Unknown owner - C:\Program Files\Linksys\Wireless Network PC Card\NICServ.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Console (RCONSVC) - Unknown owner - C:\WINDOWS\System32\rconsvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O24 - Desktop Component 0: (no name) -
http://www.cricinfo....800/73878.1.jpg--
End of file - 7742 bytes
-- File Associations -----------------------------------------------------------
.js - JSFile - shell\open\command - %SystemRoot%\system32\NOTEPAD.EXE "%1".txt - ImageView.Document.txt - DefaultIcon - C:\PROGRA~1\UGS\TCVIS2~1\Products\PROFES~1\VisView.exe,0.txt - ImageView.Document.txt - shell\open\command - C:\PROGRA~1\UGS\TCVIS2~1\Products\PROFES~1\VisView.exe /dde.vbs - VBSFile - shell\open\command - %SystemRoot%\system32\NOTEPAD.EXE "%1"-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 aac (Adaptec RAID Miniport Driver) - c:\windows\system32\drivers\aac.sys <Not Verified; Adaptec, Inc.; Adaptec RAID Controller>
R0 aar81xx - c:\windows\system32\drivers\aar81xx.sys <Not Verified; Adaptec, Inc.; Adaptec HostRAID for Serial ATA>
R0 etrurwkx - c:\windows\system32\drivers\xvdwhdmg.dat
R0 hpdskflt (HP Disk Filter Driver) - c:\windows\system32\drivers\hpdskflt.sys <Not Verified; Hewlett-Packard Corporation; Hewlett-Packard Corporation Mobile Data Protection System>
R2 iPassP (iPass Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\ipassp.sys <Not Verified; Meetinghouse Data Communications; iPass Client 3.4.9.0>
R2 TM_CFW (Common Firewall Driver) - c:\program files\trend micro\officescan client\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Micro Common Firewall Module 1.2>
R3 Accelerometer - c:\windows\system32\drivers\accelerometer.sys <Not Verified; Hewlett-Packard Corporation; Hewlett-Packard Corporation Mobile Data Protection System>
R3 HBtnKey - c:\windows\system32\drivers\cpqbttn.sys <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
S3 eabfiltr - c:\windows\system32\drivers\eabfiltr.sys <Not Verified; Hewlett-Packard Development Company, L.P.; HPQuick Launch Buttons>
S3 eabusb - c:\windows\system32\drivers\eabusb.sys <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
S3 idisw2km - c:\windows\system32\drivers\idisw2km.sys (file missing)
S3 kbstuff (SMS Virtual Keyboard) - c:\windows\system32\drivers\kbstuff5.sys (file missing)
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 WPC11 (Instant Wireless Network PC Card V3.0 Driver) - c:\windows\system32\drivers\lswlnds.sys <Not Verified; The Linksys Group, Inc.; Instant Wireless Network PC Card>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 iPCAgent - c:\program files\ipass\ipassconnect\ipcagent.exe <Not Verified; iPass, Inc.; iPCAgent Module>
R2 Multi-user Cleanup Service - "c:\program files\lotus\notes\ntmulti.exe" <Not Verified; IBM Corp; IBM Lotus Notes/Domino>
R2 NICSer_WPC11 - c:\program files\linksys\wireless network pc card\nicserv.exe
R2 ntrtscan (OfficeScanNT RealTime Scan) - "c:\program files\trend micro\officescan client\ntrtscan.exe" <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>
R2 OfcPfwSvc (OfficeScanNT Personal Firewall) - "c:\program files\trend micro\officescan client\ofcpfwsvc.exe" <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>
R2 RCONSVC (Remote Console) - c:\windows\system32\rconsvc.exe
R2 tmlisten (OfficeScanNT Listener) - "c:\program files\trend micro\officescan client\tmlisten.exe" <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>
S3 iPassConnectEngine - c:\program files\ipass\ipassconnect\ipassconnectengine.exe <Not Verified; iPass; iPassConnectEngine Module>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-01-16 18:12:47 434 --a------ C:\WINDOWS\Tasks\At1.job
-- Files created between 2007-12-16 and 2008-01-16 -----------------------------
6137-61-37 13:76:09 0 d-------- H:\Thrust Washer
6137-61-37 13:76:09 0 d-------- H:\Test Stand
6137-61-37 13:76:09 0 d-------- H:\Standard Work
6137-61-37 13:76:09 0 d-------- H:\SCR
6137-61-37 13:76:09 0 d-------- H:\Projects
6137-61-37 13:76:09 0 d-------- H:\Personal
6137-61-37 13:76:09 0 d-------- H:\Paint Pack
6137-61-37 13:76:09 0 d-------- H:\MSSQLRS
6137-61-37 13:76:09 0 d-------- H:\H1
6137-61-37 13:76:09 0 d-------- H:\Global Standards
6137-61-37 13:76:09 0 d-------- H:\GageRnR
6137-61-37 13:76:09 0 d-------- H:\Deckard
6137-61-37 13:76:09 0 d-------- H:\Customers and Suppliers
6137-61-37 13:76:09 0 d-------- H:\CQAR
6137-61-37 13:76:09 0 d-------- H:\Controls
6137-61-37 13:76:09 0 d-------- H:\Cat Shaft Retaining Ring 06-12-07
6137-61-37 13:76:09 0 d-------- H:\Capability Template
6137-61-37 13:76:09 0 d-------- H:\4T
2008-01-16 18:28:30 83 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2008-01-16 18:28:30 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2008-01-16 18:18:47 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-16 18:18:39 0 d-------- C:\WINDOWS\LastGood
2008-01-14 22:31:58 0 d-------- C:\Documents and Settings\narshad\Application Data\True Sword
2008-01-14 22:31:42 0 d-------- C:\Program Files\True Sword 4
2008-01-14 22:24:57 246545 --a------ C:\WINDOWS\system32\libssl32.dll <Not Verified; OpenSSL <www.openssl.org>; OpenSSL>
2008-01-14 22:24:57 1188375 --a------ C:\WINDOWS\system32\libeay32.dll <Not Verified; OpenSSL <www.openssl.org>; OpenSSL>
2008-01-14 22:24:42 42240 --a------ C:\WINDOWS\system32\vtdlewls.dat
2008-01-14 22:24:42 741632 --a------ C:\WINDOWS\system32\vqsinkrp.dat
2008-01-14 22:24:42 35072 --a------ C:\WINDOWS\system32\lgryhgon.dat
2008-01-14 22:24:42 36608 --a------ C:\WINDOWS\system32\godxfogs.dat
2008-01-14 22:07:41 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-14 22:07:38 0 d-------- C:\Documents and Settings\narshad\Application Data\Mozilla
2008-01-13 22:18:14 120576 --a------ C:\WINDOWS\system32\meqzulkp.dat
2008-01-13 22:10:11 83968 --a------ C:\WINDOWS\system32\dsauthh.dll
2008-01-10 11:50:27 0 d-------- C:\Documents and Settings\narshad\Tracing
2008-01-10 00:16:26 0 d-------- C:\Program Files\WinBudget
2008-01-10 00:11:53 16384 --a------ C:\WINDOWS\system32\r390p5drn.exe
2008-01-10 00:11:40 0 d-------- C:\WINDOWS\system32\AppCert
2008-01-10 00:11:34 19584 --a------ C:\WINDOWS\system32\drivers\xvdwhdmg.dat
2008-01-10 00:11:20 83968 --a------ C:\WINDOWS\system32\dssech.dll
2008-01-09 23:16:53 0 d-------- C:\Program Files\UnRar for Windows
2008-01-03 01:53:36 0 d-------- C:\Documents and Settings\narshad\Application Data\vlc
2008-01-03 01:48:20 0 d-------- C:\Program Files\VideoLAN
2008-01-02 14:04:30 0 d-------- C:\Program Files\DIFX
2008-01-02 14:03:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Applications
2008-01-02 00:03:20 0 d-------- C:\Program Files\AWS
2008-01-02 00:03:20 0 d-------- C:\Documents and Settings\narshad\Application Data\WeatherBug
2008-01-01 18:48:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-01 16:10:58 0 d-------- C:\Documents and Settings\All Users\Application Data\live 64 math does
2007-12-31 00:06:56 0 d-------- C:\Documents and Settings\narshad\Application Data\DAEMON Tools
2007-12-31 00:06:51 0 d-------- C:\Program Files\DAEMON Tools Lite
2007-12-31 00:01:45 715248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-30 23:46:40 0 d-------- C:\Documents and Settings\narshad\Application Data\InterVideo
2007-12-30 17:46:54 0 d-------- C:\Program Files\uTorrent
2007-12-30 17:46:44 0 d-------- C:\Documents and Settings\narshad\Application Data\uTorrent
2007-12-29 01:35:17 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-12-28 19:27:58 0 d-------- C:\Program Files\Windows Live Safety Center
2007-12-28 17:53:49 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2007-12-28 17:29:53 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2007-12-28 17:26:13 0 d-------- C:\Program Files\Common Files\iS3
2007-12-28 17:26:12 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-12-25 14:37:33 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-12-25 14:37:31 0 d-------- C:\Program Files\Common Files\Motorola Shared
2007-12-25 14:36:49 5936 --a------ C:\Documents and Settings\narshad\mqdmwhnt.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2007-12-25 14:36:49 79328 --a------ C:\Documents and Settings\narshad\mqdmserd.sys <Not Verified; MCCI; Motorola USB Diag>
2007-12-25 14:36:49 92064 --a------ C:\Documents and Settings\narshad\mqdmmdm.sys <Not Verified; MCCI; Motorola USB Modem>
2007-12-25 14:36:49 9232 --a------ C:\Documents and Settings\narshad\mqdmmdfl.sys <Not Verified; MCCI; Motorola USB Modem Filter>
2007-12-25 14:36:49 4048 --a------ C:\Documents and Settings\narshad\mqdmcr.sys <Not Verified; MCCI; Motorola USB DIAG>
2007-12-25 14:36:49 6208 --a------ C:\Documents and Settings\narshad\mqdmcmnt.sys <Not Verified; MCCI; Motorola USB DIAG>
2007-12-25 14:36:49 66656 --a------ C:\Documents and Settings\narshad\mqdmbus.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2007-12-25 14:36:49 6947 --a------ C:\Documents and Settings\narshad\1198615009-(null)
2007-12-25 14:19:30 0 d-------- C:\Documents and Settings\narshad\Application Data\InstallShield
2007-12-25 14:17:51 0 d-------- C:\Program Files\Avanquest update
2007-12-25 14:17:05 22768 --a------ C:\Documents and Settings\narshad\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2007-12-25 14:16:32 0 d-------- C:\Program Files\Motorola Phone Tools
2007-12-25 14:16:31 0 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-12-22 22:13:32 0 d-------- C:\Program Files\MagicSofts
2007-12-22 21:57:35 26636 --a------ C:\WINDOWS\system32\igfxpers .exe
2007-12-22 21:57:33 26636 --a------ C:\WINDOWS\system32\hkcmd .exe
2007-12-22 21:57:32 26636 --a------ C:\WINDOWS\system32\igfxtray .exe
2007-12-22 21:35:25 0 d-------- C:\Program Files\QdrDrive
2007-12-21 12:07:58 0 d-------- C:\Program Files\Zada Solutions
-- Find3M Report ---------------------------------------------------------------
2008-01-15 09:20:44 0 d-------- C:\Program Files\Google
2008-01-10 23:43:24 0 d-------- C:\Program Files\NET6
2007-12-31 02:17:51 0 d-------- C:\Documents and Settings\narshad\Application Data\DivX
2007-12-29 00:13:35 0 d-------- C:\Program Files\Java
2007-12-28 17:32:09 0 d-------- C:\Program Files\ClearAllHistory
2007-12-28 17:26:13 0 d-------- C:\Program Files\Common Files
2007-12-28 17:20:32 0 d-------- C:\Program Files\Win64
2007-12-28 17:19:44 0 d-------- C:\Program Files\Yahoo! Games
2007-12-27 18:56:15 0 d-------- C:\Documents and Settings\narshad\Application Data\SopCast
2007-12-25 14:17:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-23 23:24:33 0 d-------- C:\Program Files\DivX
2007-12-11 16:34:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 16:33:14 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-12-11 16:33:14 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-12-11 16:33:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-11 16:33:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-11 16:33:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-11 16:33:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-11 16:32:28 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-02 02:09:16 0 d-------- C:\Program Files\Microsoft Silverlight
2007-11-17 12:24:24 0 d-------- C:\Documents and Settings\narshad\Application Data\Google
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70AF82A5-494D-4C50-87FF-EB6C51CF5235}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{972E4C00-AC7B-400C-94E7-2AAE07791035}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"POINTER"="point32.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [01/30/2006 12:00 AM C:\WINDOWS\AGRSMMSG.exe]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [08/03/2004 10:56 PM]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [09/01/2006 05:58 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"r390p5drn"="C:\WINDOWS\system32\r390p5drn.exe" [09/01/2006 05:53 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [08/29/2007 10:55 AM]
"r390p5drn"="C:\WINDOWS\system32\r390p5drn.exe" [09/01/2006 05:53 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NMPSystray.lnk - C:\Program Files\Cassetica\Cassetica NotesMedic Pro\NMPSystray.exe [10/18/2006 1:49:19 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispAppearancePage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
"NoVisualStyleChoice"=1 (0x1)
"NoColorChoice"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Intellimenus"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoTaskGrouping"=1 (0x1)
"NoAutoTrayNotify"=1 (0x1)
"NoSimpleStartMenu"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"DisablePersonalDirChange"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoActiveDesktop"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoThemesTab"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\etxiwovc]
dsauthh.dll 08/23/2001 06:00 AM 83968 C:\WINDOWS\system32\dsauthh.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geebc
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Instant Wireless Configuration Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Instant Wireless Configuration Utility.lnk
backup=C:\WINDOWS\pss\Instant Wireless Configuration Utility.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk
backup=C:\WINDOWS\pss\Program Neighborhood Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LidPolicy]
C:\Program Files\Hewlett-Packard\LidSwitch Policy\pwrschem.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fjohcyfe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##amsfil02#operations]
1\Command- .\RECYCLER\Lcass.exe
2\Command- .\RECYCLER\Lcass.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\Lcass.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##amsfil02.network.int#netapps]
1\Command- .\RECYCLER\Lcass.exe
2\Command- .\RECYCLER\Lcass.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\Lcass.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##amsfil02.network.int#operations]
1\Command- .\RECYCLER\Lcass.exe
2\Command- .\RECYCLER\Lcass.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\Lcass.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f295f5c-0892-11dc-a1cb-444553544200}]
*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK
-- Hosts -----------------------------------------------------------------------
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
7841 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-01-16 19:47:44 ------------
================================================================================
=======
extra.txt================================================================================
=======
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Genuine Intel® CPU T2400 @ 1.83GHz
CPU 1: Genuine Intel® CPU T2400 @ 1.83GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 1015.36 MiB / 468.24 MiB
Pagefile Memory (total/avail): 2441.47 MiB / 2066.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.07 MiB
C: is Fixed (NTFS) - 74.53 GiB total, 56.77 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
H: is Network (*NT5CSC)
K: is Network (Unformatted)
M: is Network (*NT5CSC)
N: is Network (Unformatted)
P: is Network (Unformatted)
T: is Network (*NT5CSC)
\\.\PHYSICALDRIVE0 - HTS541080G9SA00 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
FW: Trend Micro OfficeScan Enterprise Client Firewall v7.3 (TrendFirewall)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Windows Explorer"
"C:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"="C:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Windows Explorer"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"="C:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\narshad\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=AMSLT02625
ComSpec=C:\WINDOWS\system32\cmd.exe
devmgr_show_nonpresent_devices=1
FP_NO_HOST_CHECK=NO
HOMEDRIVE=H:
HOMEPATH=\
HOMESHARE=\\amsfil01\narshad$
lib=C:\Program Files\SQLXML 4.0\bin\
LOGONSERVER=\\AMSADC01
MINITAB_LICENSE_FILE=27003@AMSAPP05
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Autodesk Shared;n:\orant\bin;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\Temp
TMP=C:\Temp
USERDNSDOMAIN=NETWORK.INT
USERDOMAIN=NETWORK
USERNAME=narshad
USERPROFILE=C:\Documents and Settings\narshad
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
bpbuss
(admin)amcneeley
(admin)narshad
(admin)Administrator
(admin)ASauerAdmin
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
Citrix Secure Access Client --> C:\Program Files\NET6\net6vpn.exe -U
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2 --> "C:\Documents and Settings\narshad\Desktop\HijackThis.exe" /uninstall
HyperLoad - Golf Course --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CDF4815-1334-4AF3-B780-1F6526011C5A}\setup.exe" -l0x9 -uninst -removeonly
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Lotus NotesSQL Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6DB5258-547E-4DF4-B370-628739A3B4B9}\setup.exe" -l0x9 AnyText
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Live Meeting 2005 --> MsiExec.exe /I{5E8858EC-6B09-4939-99F2-5678073A0327}
Microsoft Office Live Meeting 2007 --> MsiExec.exe /I{63BEF36D-1782-4506-ABA6-6672B54641E0}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 --> "C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Backward compatibility --> MsiExec.exe /I{96327C3C-96BE-4C7A-A6F7-A71635E5949A}
Microsoft SQL Server 2005 Books Online (English) --> MsiExec.exe /I{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}
Microsoft SQL Server 2005 Tools --> MsiExec.exe /I{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft Visual Studio 2005 Premier Partner Edition - ENU --> MsiExec.exe /I{C25EF637-BE7A-4761-9B45-9069989C319F}
Minitab 15 English --> MsiExec.exe /I{0FAED7DC-4206-4F84-9A46-0ED6D5B623B8}
Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser --> MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
RCA Pearl (Model TH11, TC11 Series) Firmware Update Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D48DDA6-D5D4-4858-A4F1-4952293E0201}\setup.exe" -l0x9 -remove
SAP Interactive Excel --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Common Files\SAP\SAPActXl.isu"
SopCast 1.1.2 --> C:\Program Files\SopCast\uninst.exe
SopCore 1.1.2 --> C:\Program Files\SopCast\uninst.exe
SoundCapture --> C:\PROGRA~1\MAGICS~1\SC\UNWISE.EXE C:\PROGRA~1\MAGICS~1\SC\INSTALL.LOG
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SQLXML4 --> MsiExec.exe /I{8C62A94B-4AB6-485F-A111-93056684D340}
TVUPlayer 2.3.2.52 --> C:\Program Files\TVUPlayer\uninst.exe
UGS Teamcenter Visualization 2005 SR1 --> MsiExec.exe /I{F16C6F9E-5974-4759-87B5-D84B4DEED99B}
UnRAR for Windows --> C:\Program Files\UnRar for Windows\Uninstal.exe
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WeatherBug --> MsiExec.exe /X{70DECFBF-9119-4434-B2D3-A3C283D15E45}
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0) --> rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\RoundTable_F29D632BDCC1844B9B7688A0A4B4DA9E716B76FF\RoundTable.inf
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
-- Application Event Log -------------------------------------------------------
Event Record #/Type18879 / Error
Event Submitted/Written: 01/16/2008 06:13:48 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
Event Record #/Type18878 / Error
Event Submitted/Written: 01/16/2008 06:13:06 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
Event Record #/Type18876 / Error
Event Submitted/Written: 01/16/2008 06:12:47 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
Event Record #/Type18875 / Warning
Event Submitted/Written: 01/16/2008 05:25:10 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type18871 / Warning
Event Submitted/Written: 01/16/2008 08:30:00 AM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{6295DF2D-35EE-11D1-8707-00C04FD93327}. CoGetObject returned HRESULT 8000401A.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type4269 / Error
Event Submitted/Written: 01/16/2008 06:58:10 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.
Event Record #/Type4268 / Warning
Event Submitted/Written: 01/16/2008 06:58:10 PM
Event ID/Source: 14 / W32Time
Event Description:
The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 60 minutes.
Event Record #/Type4267 / Warning
Event Submitted/Written: 01/16/2008 06:28:56 PM
Event ID/Source: 11195 / DnsApi
Event Description:
The system failed to update and remove host (A) resource records (RRs)
for network adapter
with settings:
Adapter Name : {00A4832E-1CBA-4ADE-B09F-870C189AD50A}
Host Name : AMSLT02625
Primary Domain Suffix : network.int
DNS server list :
10.10.10.3, 10.10.10.7
Sent update to server : <?>
IP Address(es) :
10.10.114.6
The request to remove these records failed because the DNS server refused
the update request. The cause of this might be that either (a) this
computer is not allowed to update the DNS domain name specified by these
settings, or (b) because the DNS server authorized to perform updates for
the zone that contains these RRs does not support the DNS dynamic update
protocol.
Event Record #/Type4266 / Warning
Event Submitted/Written: 01/16/2008 06:28:56 PM
Event ID/Source: 11165 / DnsApi
Event Description:
The system failed to register host (A) resource records (RRs) for
network adapter
with settings:
Adapter Name : {65CEB19A-FB90-408F-84DB-7A5AC44B1787}
Host Name : AMSLT02625
Primary Domain Suffix : network.int
DNS server list :
69.5.139.3, 69.5.136.253
Sent update to server : <?>
IP Address(es) :
192.168.1.101
The reason the system could not register these RRs was because the
DNS server contacted refused the update request. The reasons for this
might be (a) you are not allowed to update the specified DNS domain name,
or (b) because the DNS server authoritative for this name