Deckard's System Scanner v20071014.68
Run by Jamael on 2008-01-04 21:59:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
102: 2008-01-05 03:01:48 UTC - RP704 - Deckard's System Scanner Restore Point
101: 2008-01-04 21:50:36 UTC - RP703 - Removed Adobe Reader 7.0
100: 2008-01-04 21:40:23 UTC - RP702 - Removed Microsoft Outlook 2002
99: 2008-01-04 21:30:40 UTC - RP701 - Removed Microsoft Office XP Professional with FrontPage
98: 2008-01-04 21:30:30 UTC - RP700 - Removed QuickTime
-- First Restore Point --
1: 2008-02-17 02:16:28 UTC - RP603 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 82% (more than 75%).Total Physical Memory: 127 MiB (512 MiB recommended).-- HijackThis (run as Jamael.exe) ----------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-04 22:07:26
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Lexbces.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\windows
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Documents and Settings\Jamael\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://home.microsof...search.asp?p=%sR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.microsoft...amp;ar=iesearchO2 - BHO: (no name) - {23D44BCF-AA7A-41D6-8905-E808F16322EF} - C:\WINDOWS\system32\tuvvttq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\sbglanqc.dll
O2 - BHO: (no name) - {C765EB71-70C7-4525-B2B7-F59E06759A5A} - C:\WINDOWS\system32\fcywt.dll
O2 - BHO: {f50944be-8198-cbd9-9254-7875747b984e} - {e489b747-5787-4529-9dbc-8918eb44905f} - C:\WINDOWS\system32\tpjxuhpt.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [35380754] rundll32.exe "C:\WINDOWS\system32\qvcumkxh.dll",b
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Jamael\Desktop\My Content\Stuff\New Folder\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () -
http://fpdownload.ma...t/ultrashim.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macr...ash/swflash.cabO18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O20 - Winlogon Notify: ibuntu - C:\WINDOWS\system32\ibuntu.dll (file missing)
O20 - Winlogon Notify: sbglanqc - C:\WINDOWS\system32\sbglanqc.dll
O20 - Winlogon Notify: tuvvttq - C:\WINDOWS\system32\tuvvttq.dll
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\Lexbces.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 4225 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 mchInjDrv (madCodeHook DLL injection driver) - c:\windows\system32\drivers\mchinjdrv.sys
R1 sdcplh - c:\windows\system32\drivers\sdcplh.sys <Not Verified; ; SDCPLH>
R2 DgiVecp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; DeviceGuys, Inc.; DeviceGuys, Inc. Team MFP for Windows NT, 9x, and 3.1>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
S1 krnllds (Kernel CryptoModule) - c:\windows\system32\krnllds.sys (file missing)
S1 wer32 - c:\windows\system32\jkghje.dll (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
S3 TSP - c:\program files\pc tools antivirus\klif.sys <Not Verified; Kaspersky Labs; KLIF>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R3 MSControlService (Microsoft cache control) - c:\windows\system32\windows
S2 AvSynMgr (AVSync Manager) - "c:\program files\mcafee\mcafee virusscan\avsynmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Home Edition>
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_1057&DEV_5608&SUBSYS_00031668&REV_00\4&24AB0D93&0&58F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_1057&DEV_5608&SUBSYS_00031668&REV_00\4&24AB0D93&0&58F0
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-02-20 03:00:20 490 --a------ C:\WINDOWS\Tasks\MalwareBot Scheduled Scan.job
2008-02-19 11:13:24 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-12-04 and 2008-01-04 -----------------------------
2008-02-20 13:08:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-20 10:51:51 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-19 23:04:22 0 d-------- C:\Program Files\Spyware Doctor
2008-02-19 21:25:37 89152 --a------ C:\WINDOWS\system32\kowdvehj.dll
2008-02-19 21:22:42 88128 --a------ C:\WINDOWS\system32\hpfgnaka.dll
2008-02-18 21:28:00 0 d-------- C:\Documents and Settings\Jamael\Application Data\MalwareBot
2008-02-18 21:24:49 93248 --a------ C:\WINDOWS\system32\hseahpeo.dll
2008-02-17 23:09:59 87616 --a------ C:\WINDOWS\system32\jqwioprh.dll
2008-02-17 21:20:11 97344 --a------ C:\WINDOWS\system32\rgqubetp.dll
2008-02-16 23:41:28 0 d--hs---- C:\FOUND.019
2008-02-16 23:09:36 0 d--hs---- C:\FOUND.018
2008-02-16 22:39:42 2856 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-16 22:37:57 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-16 22:37:57 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-02-16 22:37:57 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-02-16 22:37:57 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-16 22:25:11 0 d-------- C:\WINDOWS\pss
2008-02-16 21:22:20 92736 --a------ C:\WINDOWS\system32\ehharijh.dll
2008-02-16 21:19:24 86080 --a------ C:\WINDOWS\system32\ceeeehpu.dll
2008-02-16 21:19:16 163904 --a------ C:\WINDOWS\system32\sbglanqc.dll
2008-02-16 21:19:14 163904 --a------ C:\WINDOWS\system32\rhbdfgih.dll
2008-02-16 21:05:32 5476352 --a------ C:\Documents and Settings\Jamael\ntuser.dat
2008-02-16 21:05:04 279234 --ahs---- C:\WINDOWS\system32\twycf.ini2
2008-02-16 21:04:54 331776 --a------ C:\WINDOWS\system32\fcywt.dll
2008-02-16 00:37:25 40448 --a------ C:\WINDOWS\system32\tuvvttq.dll
2008-02-11 16:30:58 0 d-------- C:\Program Files\New Folder
2008-02-10 23:21:27 0 d-------- C:\Program Files\Apple Software Update
2008-02-10 23:20:23 0 d-------- C:\WINDOWS\system32\DRVSTORE
2008-02-07 22:46:35 0 d-------- C:\Program Files\Common Files\Apple
2008-02-07 22:39:28 0 d-------- C:\Program Files\Apple Software Update(2)
2008-02-01 13:56:59 94784 --a------ C:\WINDOWS\system32\kmcfbgdf.dll
2008-01-26 03:58:54 0 d-------- C:\Documents and Settings\Jamael\Application Data\Opera
2008-01-24 21:24:57 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-01-24 21:20:58 17176 -----n--- C:\WINDOWS\hpomdl04.dat
2008-01-24 21:08:11 0 d-------- C:\Program Files\Hp
2008-01-17 21:38:38 0 d--hs---- C:\FOUND.017
2008-01-15 01:20:32 0 d--hs---- C:\FOUND.016
2008-01-08 15:58:56 0 d--hs---- C:\FOUND.015
2008-01-04 16:28:04 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-01-04 15:02:23 0 d-------- C:\WINDOWS\Prefetch
2008-01-04 10:19:58 7168 --a------ C:\WINDOWS\system32\windows
2008-01-04 05:21:16 87616 --a------ C:\WINDOWS\system32\qvcumkxh.dll
2008-01-04 05:18:10 94784 --a------ C:\WINDOWS\system32\tpjxuhpt.dll
2008-01-04 04:19:45 94784 --a------ C:\WINDOWS\system32\yqfmvyuf.dll
2008-01-03 22:12:36 2560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-01-03 20:46:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-01-03 20:35:29 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-03 00:40:15 87616 --a------ C:\WINDOWS\system32\ccpbdktm.dll
2008-01-03 00:40:07 94784 --a------ C:\WINDOWS\system32\iehrxnmc.dll
2008-01-02 22:15:38 0 d-------- C:\Program Files\Common Files\Network Associates
2008-01-02 22:15:37 0 d-------- C:\Program Files\McAfee
2008-01-02 03:49:18 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-02 00:10:03 94784 --a------ C:\WINDOWS\system32\hnarssig.dll
2008-01-01 23:37:31 0 d-------- C:\Documents and Settings\All Users\Templates
2008-01-01 23:37:30 0 d-------- C:\WINDOWS\system32\PreInstall
2008-01-01 23:37:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-01 23:37:26 0 d-------- C:\Documents and Settings\Jamael\Application Data\PC Tools
2008-01-01 23:37:23 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-01-01 23:37:22 0 d-------- C:\Program Files\MalwareAlarm
2007-12-31 03:50:52 0 d-------- C:\AOL OCP
2007-12-22 14:53:35 0 d-------- C:\Program Files\CinemaForge
2007-12-21 22:35:08 0 d-------- C:\Documents and Settings\Guest\Application Data\Google
-- Find3M Report ---------------------------------------------------------------
2007-11-21 21:48:28 0 d-------- C:\Documents and Settings\Jamael\Application Data\Google
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23D44BCF-AA7A-41D6-8905-E808F16322EF}]
02/16/2008 12:37 AM 40448 --a------ C:\WINDOWS\system32\tuvvttq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
02/16/2008 09:19 PM 163904 --a------ C:\WINDOWS\system32\sbglanqc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C765EB71-70C7-4525-B2B7-F59E06759A5A}]
02/16/2008 09:04 PM 331776 --a------ C:\WINDOWS\system32\fcywt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e489b747-5787-4529-9dbc-8918eb44905f}]
01/04/2008 05:18 AM 94784 --a------ C:\WINDOWS\system32\tpjxuhpt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" []
"35380754"="C:\WINDOWS\system32\qvcumkxh.dll" [01/04/2008 05:21 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HijackThis startup scan"="C:\Documents and Settings\Jamael\Desktop\My Content\Stuff\New Folder\HijackThis.exe" [02/16/2005 11:06 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/30/2006 09:49 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{23D44BCF-AA7A-41D6-8905-E808F16322EF}"= C:\WINDOWS\system32\tuvvttq.dll [02/16/2008 12:37 AM 40448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ibuntu]
ibuntu.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sbglanqc]
sbglanqc.dll 02/16/2008 09:19 PM 163904 C:\WINDOWS\system32\sbglanqc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvttq]
tuvvttq.dll 02/16/2008 12:37 AM 40448 C:\WINDOWS\system32\tuvvttq.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\fcywt.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
*Newly Created Service* - MSCONTROLSERVICE
-- Hosts -----------------------------------------------------------------------
127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 www.qoolaid.com
127.0.0.1 www.qoologic.com
127.0.0.1 www.CLKPrecision.com
127.0.0.1 www.urllogic.com
127.0.0.1 www.clkoptimizer.com
127.0.0.1 www.isearch.com
127.0.0.1 isearch.com
127.0.0.1 www.idownload.com
18 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-01-04 22:17:34 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel Celeron processor
Percentage of Memory in Use: 80%
Physical Memory (total/avail): 126.3 MiB / 24.43 MiB
Pagefile Memory (total/avail): 443.53 MiB / 162.17 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1948.1 MiB
A: is Removable (No Media)
C: is Fixed (FAT32) - 127.97 GiB total, 83.07 GiB free.
E: is CDROM (CDFS)
F: is Removable (No Media)
\\.\PHYSICALDRIVE1 - IOMEGA ZIP 250
\\.\PHYSICALDRIVE0 - WDC WD1600JB-00GVA0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 128 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\DOCUME~1\\Jamael\\LOCALS~1\\Temp\\bl4ck.com"="C:\\DOCUME~1\\Jamael\\LOCALS~1\\Temp\\bl4ck.com:*:ENABLED:0"
"C:\\WINDOWS\\System32\\a.exe"="C:\\WINDOWS\\System32\\a.exe:*:ENABLED:0"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:pando"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jamael\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JDWILLIAMS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jamael
LOGONSERVER=\\JDWILLIAMS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS;C:\WINDOWS\COMMAND
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=080a
ProgramFiles=C:\Program Files
PROMPT=$p$g
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jamael\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jamael\LOCALS~1\Temp
USERDOMAIN=JDWILLIAMS
USERNAME=Jamael
USERPROFILE=C:\Documents and Settings\Jamael
winbootdir=C:\WINDOWS
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Jamael
(admin)Administrator
(new local, admin)Guest
(guest)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Motorola\iDEN WebJAL\Uninst.isu"
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMIX.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CinemaForge --> C:\WINDOWS\system32\xmirage.exe c:\program files\CinemaForge\UninstallCF.xmfg
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
Free Mp3 Wma Converter V 1.3.0 --> "C:\Program Files\Free Audio Pack\unins000.exe"
HijackThis 1.99.1 --> C:\Documents and Settings\Jamael\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe /uninstall
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HP Driver Diagnostics --> MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
HP PSC & OfficeJet 4.2 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
iPod for Windows 2005-10-12 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140010_3d83cf8f\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Lexmark Z82 Drivers --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\DeIsL4.isu -c"C:\WINDOWS\InstZ82.dll"
LimeWire 4.13.2 --> "C:\Program Files\LimeWire\uninstall.exe"
McAfee Firewall --> MsiExec.exe /I{4471FF45-62BD-11D6-B259-00C04FF4B435}
McAfee VirusScan Professional Edition --> MsiExec.exe /I{E4DC62CE-5F95-11D6-B254-00C04FF4B435}
Microsoft XML Parser and SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero PhotoShow Express --> "C:\Program Files\Ahead\Ahead\data\Xtras\Uninstall.exe"
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
NoteWorthy Player --> C:\PROGRA~1\NOTEWO~1\UNINSTAL.EXE C:\PROGRA~1\NOTEWO~1\INSTALL.LOG
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type338 / Error
Event Submitted/Written: 01/04/2008 06:33:42 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application vsmain.exe, version 7.0.5000.0, faulting module mcscan32.dll, version 4.1.6.0, fault address 0x00029f77.
Processing media-specific event for [vsmain.exe!ws!]
Event Record #/Type336 / Error
Event Submitted/Written: 01/04/2008 06:25:19 PM / 01/04/2008 06:25:20 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Avsynmgr.exe, version 7.0.5000.0, faulting module Mcscan32.dll, version 4.1.6.0, fault address 0x00029f77.
Processing media-specific event for [Avsynmgr.exe!ws!]
Event Record #/Type332 / Error
Event Submitted/Written: 01/04/2008 04:30:29 PM
Event ID/Source: 11704 / MsiInstaller
Event Description:
Product: Microsoft Office XP Professional with FrontPage -- Error 1704. An installation for QuickTime is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?
Event Record #/Type329 / Error
Event Submitted/Written: 01/04/2008 03:06:37 PM / 01/04/2008 03:06:38 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Avsynmgr.exe, version 7.0.5000.0, faulting module Mcscan32.dll, version 4.1.6.0, fault address 0x00029f77.
Processing media-specific event for [Avsynmgr.exe!ws!]
Event Record #/Type328 / Error
Event Submitted/Written: 01/04/2008 03:00:41 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type39040 / Error
Event Submitted/Written: 01/04/2008 06:33:08 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The AVSync Manager service terminated unexpectedly. It has done this 1 time(s).
Event Record #/Type39039 / Error
Event Submitted/Written: 01/04/2008 06:33:07 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
Event Record #/Type39038 / Error
Event Submitted/Written: 01/04/2008 06:33:04 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Beep
IKFileSec
Event Record #/Type39037 / Error
Event Submitted/Written: 01/04/2008 06:33:04 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The PC Tools Security Service service hung on starting.
Event Record #/Type39036 / Error
Event Submitted/Written: 01/04/2008 06:32:09 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460
-- End of Deckard's System Scanner: finished at 2008-01-04 22:17:34 ------------