From DSS - main text, extra text:
Deckard's System Scanner v20071014.68
Run by Haydon on 2008-02-21 17:48:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
52: 2008-02-21 21:48:18 UTC - RP1446 - Deckard's System Scanner Restore Point
51: 2008-02-21 18:53:26 UTC - RP1445 - Spybot-S&D Spyware removal
50: 2008-02-21 09:10:31 UTC - RP1444 - Spybot-S&D Spyware removal
49: 2008-02-21 08:03:44 UTC - RP1443 - malswab
48: 2008-02-20 09:00:04 UTC - RP1442 - System Checkpoint
-- First Restore Point --
1: 2007-12-23 19:51:48 UTC - RP1395 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 4.12 GiB (less than 15%) free.-- HijackThis (run as Haydon.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:26 PM, on 21/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\TWFyaW5lcg\command.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Haydon\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Haydon.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.theweathe...es/CANS0057.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://www.home.eastlink.ca/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {19D610D9-3209-429F-AF48-6F57F895022A} - (no file)
O2 - BHO: (no name) - {3F44E7A7-E296-403E-A230-B386863BDBEA} - C:\WINDOWS\system32\ssttt.dll
O2 - BHO: (no name) - {4AE2EFE4-757A-469B-B03F-7A6D54C83D20} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9A534752-2DB3-457D-930E-33EB5729EE86} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {D55B9DF4-9828-42D3-AB6E-F957C5BFC53E} - (no file)
O2 - BHO: (no name) - {DCD8E9AF-DACB-4243-8145-876D17F3F4D3} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BM9770bf99] Rundll32.exe "C:\WINDOWS\system32\yiodgmef.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Dkvfkbb] C:\WINDOWS\??crosoft\s?ool32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Haydon\Application Data\DownloadPlus.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cabO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) -
http://www.wildtange...ave/Install.cabO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.t...ivex/hcImpl.cabO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akama...meInstaller.exeO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://207.188.7.150...ip/RdxIE601.cabO16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} (MavenBootInstallerAXControl Class) -
http://client.maven....otInstaller.cabO16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -
http://launch.gamesp...nch/alaunch.cabO16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
http://www.bitdefend...bitdefender.cabO16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) -
http://www.installen...gine/isetup.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) -
http://install.wildt...all/install.cabO16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -
http://games-dl.real...ArcadeRdxIE.cabO16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} -
http://us.dl1.yimg.c...ropper1_1us.cabO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWFyaW5lcg\command.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) -
http://rana.lilypadr...h/slides/05.JPG--
End of file - 8934 bytes
-- File Associations -----------------------------------------------------------
.js - unable to read key.js - unable to read key-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 oreans32 - c:\windows\system32\drivers\oreans32.sys
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R3 WmBEnum (Logitech Virtual Bus Enumerator Driver) - c:\windows\system32\drivers\wmbenum.sys <Not Verified; Logitech Inc.; Logitech WingMan Software>
R3 WmXlCore (Logitech WingMan Translation Layer Driver) - c:\windows\system32\drivers\wmxlcore.sys <Not Verified; Logitech Inc.; Logitech WingMan Software>
S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
S3 HPUATA (HP CD Writer Plus Controller Driver) - c:\windows\system32\drivers\hpuata.sys <Not Verified; SCM Microsystems Inc.; USBAT Mass Storage Class Client driver>
S3 vsdatant - c:\windows\system32\vsdatant.sys (file missing)
S3 WmFilter (Logitech WingMan HID Filter Driver) - c:\windows\system32\drivers\wmfilter.sys <Not Verified; Logitech Inc.; Logitech WingMan Software>
S3 WmVirHid (Logitech Virtual Hid Device Driver) - c:\windows\system32\drivers\wmvirhid.sys <Not Verified; Logitech Inc.; Logitech WingMan Software>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>
R2 cmdService (Command Service) - c:\windows\twfyaw5lcg\command.exe
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\363D110600
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\363D110600
Service: NIC1394
-- Scheduled Tasks -------------------------------------------------------------
2008-02-21 17:41:36 414 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
-- Files created between 2008-01-21 and 2008-02-21 -----------------------------
2008-02-21 17:36:23 91712 --a------ C:\WINDOWS\system32\yiodgmef.dll
2008-02-21 17:34:17 91712 --a------ C:\WINDOWS\system32\uvyoakkw.dll
2008-02-21 17:33:23 177366 --ahs---- C:\WINDOWS\system32\tttss.ini2
2008-02-21 17:03:53 317440 -----n--- C:\WINDOWS\system32\ssttt.dll
2008-02-21 16:55:39 687592 --a------ C:\WINDOWS\system32\atmtd.dll
2008-02-21 16:21:59 0 d-------- C:\VundoFix Backups
2008-02-21 12:59:37 0 d-------- C:\Program Files\Trend Micro
2008-02-21 03:50:57 186186 --ahs---- C:\WINDOWS\system32\kjllm.ini2
2008-02-20 03:53:42 181005 --ahs---- C:\WINDOWS\system32\stutv.ini2
2008-02-19 01:31:30 0 d-------- C:\Program Files\KingMania
2008-02-18 23:14:52 0 d-------- C:\Program Files\Gazillionaire III
2008-02-18 17:38:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-02-18 17:37:57 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-02-18 17:37:57 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-02-18 17:37:57 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-02-18 17:37:57 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-02-18 17:37:57 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-02-18 17:37:57 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-02-18 17:37:57 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-02-18 17:37:57 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-02-18 17:37:57 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-02-18 17:37:57 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-02-18 17:37:57 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-02-18 17:37:57 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-02-18 17:37:57 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-02-18 17:37:57 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-02-18 15:00:39 0 dr-h----- C:\$VAULT$.AVG
2008-02-18 14:35:28 0 d-------- C:\Documents and Settings\Haydon\Application Data\AVG7
2008-02-18 14:35:12 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-18 14:34:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-18 14:34:44 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-17 13:21:00 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-17 13:21:00 3453 --a------ C:\WINDOWS\unins000.dat
2008-02-16 20:45:20 172582 --ahs---- C:\WINDOWS\system32\rqtss.ini2
2008-02-16 20:43:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-02-16 20:40:32 0 d-------- C:\Program Files\RABCO
2008-02-16 20:40:31 0 d-------- C:\WINDOWS\??crosoft
2008-02-16 20:40:21 0 d--hs---- C:\WINDOWS\TWFyaW5lcg
2008-02-16 20:40:14 0 d-------- C:\WINDOWS\system32\lp6
2008-02-16 20:40:14 0 d-------- C:\WINDOWS\system32\kap8
2008-02-16 20:40:14 0 d-------- C:\WINDOWS\system32\er2
2008-02-16 20:40:13 0 d-------- C:\Documents and Settings\Haydon\Application Data\?ymbols
2008-02-16 20:40:11 0 d-------- C:\WINDOWS\system32\nGpxx01
2008-02-16 20:40:10 0 d-------- C:\Temp
2008-02-14 23:21:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
-- Find3M Report ---------------------------------------------------------------
2008-02-20 17:34:59 0 d-------- C:\Program Files\Soulseek
2008-02-18 13:48:24 0 d-------- C:\Documents and Settings\Haydon\Application Data\?ymbols
2008-02-17 15:37:40 0 d-------- C:\Program Files\Messenger
2008-02-17 15:37:22 0 d-------- C:\Program Files\Common Files
2008-02-17 13:16:45 0 d-------- C:\Documents and Settings\Haydon\Application Data\uTorrent
2008-02-16 20:16:13 0 d-------- C:\Documents and Settings\Haydon\Application Data\Canon
2008-02-05 02:30:34 0 d-------- C:\Documents and Settings\Haydon\Application Data\iWin
2008-01-29 00:31:28 0 d-------- C:\Documents and Settings\Haydon\Application Data\PlayFirst
2008-01-20 06:37:28 0 d-------- C:\Program Files\Styrateg
2008-01-09 03:39:38 0 d-------- C:\Documents and Settings\Haydon\Application Data\Adobe
2008-01-08 02:03:51 0 d-------- C:\Program Files\Farm Frenzy
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19D610D9-3209-429F-AF48-6F57F895022A}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F44E7A7-E296-403E-A230-B386863BDBEA}]
21/02/2008 05:03 PM 317440 --------- C:\WINDOWS\system32\ssttt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AE2EFE4-757A-469B-B03F-7A6D54C83D20}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A534752-2DB3-457D-930E-33EB5729EE86}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D55B9DF4-9828-42D3-AB6E-F957C5BFC53E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DCD8E9AF-DACB-4243-8145-876D17F3F4D3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [03/06/2002 10:38 AM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 01:50 AM]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [09/12/2004 09:12 PM]
"Logitech Utility"="Logi_MwX.Exe" [17/12/2003 09:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"SoundMan"="SOUNDMAN.EXE" [03/08/2006 04:12 AM C:\WINDOWS\soundman.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [18/02/2008 02:50 PM]
"BM9770bf99"="C:\WINDOWS\system32\yiodgmef.dll" [21/02/2008 05:36 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 11:54 AM]
"@"="" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [13/03/2007 05:09 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43 AM]
"Dkvfkbb"="C:\WINDOWS\??crosoft\s?ool32.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0E0A2AD5-1ADC-4EC3-90FC-0FB793C9259E}"= C:\WINDOWS\system32\xxyxyww.dll [ ]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssttt.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PC Alert 4.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PC Alert 4.lnk
backup=C:\WINDOWS\pss\PC Alert 4.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
-- Hosts -----------------------------------------------------------------------
127.0.0.1 desktop.kazaa.com
127.0.0.1 www.altnetp2p.com
127.0.0.1 alpha.kazaa.com
127.0.0.1 shop.kazaa.com
127.0.0.1 www.bonzi.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 www.b3d.com
127.0.0.1 media.altnet.com
127.0.0.1 www.altnet.com
127.0.0.1 dev.bde.com.au
2 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-02-21 17:56:40 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon XP 2600+
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 511.48 MiB / 200.95 MiB
Pagefile Memory (total/avail): 2016.68 MiB / 1687.71 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.1 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 4.12 GiB free.
D: is Fixed (NTFS) - 37.26 GiB total, 1.01 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD800JB-00DUA3 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 37.26 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before install.
Windows Internal Firewall is enabled.
AV: AVG 7.5.516 v7.5.516 (Grisoft)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kazaa Lite K++\\Kazaa.kpp"="C:\\Program Files\\Kazaa Lite K++\\Kazaa.kpp:*:Enabled:Kazaa"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:The All-Seeing Eye"
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Disabled:btdownloadgui"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Disabled:btdownloadgui"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Documents and Settings\\Haydon\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Haydon\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Haydon\Application Data
BLASTER=A220 I5 D1 T3 P330
CLASSPATH=C:\Program Files\Java\j2re1.4.1\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MARINER-F85ZVME
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Haydon
LOGONSERVER=\\MARINER-F85ZVME
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.1\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Haydon\LOCALS~1\Temp
TMP=C:\DOCUME~1\Haydon\LOCALS~1\Temp
USERDOMAIN=MARINER-F85ZVME
USERNAME=Haydon
USERPROFILE=C:\Documents and Settings\Haydon
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Haydon
(admin)Administrator
(new local, admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ivx D4 4.5.1 (remove only) --> "C:\Program Files\3ivx\3ivx D4 4.5.1\uninstall.exe"
Ad-aware 6 Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Download Manager 1.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
ArcSoft PhotoBase 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}\setup.exe" -l0x9 -uninst
ArcSoft PhotoStudio 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}\setup.exe" -l0x9 -uninst
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Canon Camera Window for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{093625E3-7B87-49D3-AA53-AD0FCFABAF49}
Canon CanoScan Toolbox 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x9
Canon i950 --> C:\WINDOWS\system32\CNMCP4d.exe "-PRINTERNAMECanon i950" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i950 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i950 Installer\Inst2\cnmi0409.dll"
Canon PhotoRecord --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities File Viewer Utility 1.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{EF0DD8B7-471C-463B-A298-6066C2FABAF5}
Canon Utilities PhotoStitch 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{03CDDD00-BD57-4326-9480-4C74449AF597}
Canon Utilities RemoteCapture 2.7 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CanoScan LiDE20,30 Manual --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B360A8E5-C171-4AAE-9777-65B3CDB0072C}\setup.exe" -l0x9
Cool Edit Pro --> C:\WINDOWS\cep1unin.exe
Cool Edit Pro 2.0 --> C:\Program Files\coolpro2\cep2unin.exe
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
GTK+ Runtime 2.6.8 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
Haali Media Splitter --> "C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
Java 2 Runtime Environment Standard Edition v1.3.1_04 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_04\Uninst.isu"
Java 2 Runtime Environment, SE v1.4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD0159C9-17FB-11D6-A76A-00B0D079AF64}\setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
Kazaa Lite K++ v2.4.1 --> "C:\Program Files\Kazaa Lite K++\unins000.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Mayawaka --> C:\PROGRA~1\SHOCKW~1.COM\Mayawaka\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\Mayawaka\INSTALL.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSI MSIDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\mtbs.exe c
OmniPage SE --> MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
PC Alert 4 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\PC Alert 4\Uninst.isu"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RABCO --> "C:\Program Files\RABCO\un_RABCOSetup_16230.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Remove DivX Codec --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Codec\UninstalDivXCodec.log
SafeCast Shared Components --> C:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
SmartFTP Client 2.0 --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
Softdiv MP3 to WAV Converter 2.5 --> "C:\Program Files\Softdiv MP3 to WAV Converter\unins000.exe"
Soulseek Client 153 release candidate 1 --> C:\WINDOWS\UnGins.exe "C:\Program Files\Soulseek\install.log"
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
VideoLAN VLC media player 0.8.1 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WASTE --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WASTE\Uninst.isu"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WingMan Software --> MsiExec.exe /X{435673AB-6821-416D-806A-E477DFA60A42}
WinPatrol --> C:\WINDOWS\uninst.exe -f"C:\Program Files\BillP Studios\WinPatrol\DeIsL1.isu" -c"C:\Program Files\BillP Studios\WinPatrol\_ISREG32.DLL"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wolfenstein - Enemy Territory --> C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type6234 / Error
Event Submitted/Written: 02/21/2008 05:36:33 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.20121, faulting module unknown, version 0.0.0.0, fault address 0x026c13e4.
Processing media-specific event for [firefox.exe!ws!]
Event Record #/Type6212 / Error
Event Submitted/Written: 02/21/2008 03:00:58 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type6211 / Error
Event Submitted/Written: 02/21/2008 02:37:50 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.20121, faulting module vtutt.dll, version 0.0.0.0, fault address 0x000282a0.
Processing media-specific event for [firefox.exe!ws!]
Event Record #/Type6205 / Error
Event Submitted/Written: 02/21/2008 00:49:15 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 638239796.
Event Record #/Type6204 / Error
Event Submitted/Written: 02/21/2008 00:49:05 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type70644 / Error
Event Submitted/Written: 02/21/2008 05:40:17 PM / 02/21/2008 05:41:17 PM
Event ID/Source: 1 / sr
Event Description:
The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'vdeznzew.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
Event Record #/Type70587 / Warning
Event Submitted/Written: 02/21/2008 04:06:59 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type70547 / Warning
Event Submitted/Written: 02/20/2008 09:34:07 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type70546 / Warning
Event Submitted/Written: 02/20/2008 06:25:11 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type70545 / Warning
Event Submitted/Written: 02/20/2008 05:28:07 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
-- End of Deckard's System Scanner: finished at 2008-02-21 17:56:40 ------------