Kahdah,
Hello and thanks for helping
here are the results.
01612656.FIL;C:\$VAULT$.AVG;BackDoor.Pigeon.1603;Deleted.;
15997234.FIL;C:\$VAULT$.AVG;Trojan.MulDrop.8316;Deleted.;
16683453.FIL;C:\$VAULT$.AVG;Trojan.Packed.149;Incurable.Moved.;
RegUBP2b-Ed.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
A0078798.reg;C:\System Volume Information\_restore{B1AE7DD7-F8CF-4244-9B35-B955D004E69A}\RP369;Trojan.StartPage.1505;Deleted.;
A0078827.reg;C:\System Volume Information\_restore{B1AE7DD7-F8CF-4244-9B35-B955D004E69A}\RP369;Trojan.StartPage.1505;Deleted.;
A0078838.reg;C:\System Volume Information\_restore{B1AE7DD7-F8CF-4244-9B35-B955D004E69A}\RP370;Trojan.StartPage.1505;Deleted.;
A0078848.reg;C:\System Volume Information\_restore{B1AE7DD7-F8CF-4244-9B35-B955D004E69A}\RP370;Trojan.StartPage.1505;Deleted.;
A0078869.reg;C:\System Volume Information\_restore{B1AE7DD7-F8CF-4244-9B35-B955D004E69A}\RP370;Trojan.StartPage.1505;Deleted.;
A0078876.vbs;C:\System Volume Information\_restore{B1AE7DD7-F8CF-4244-9B35-B955D004E69A}\RP370;Probably SCRIPT.Virus;;
A0078877.vbs;C:\System Volume Information\_restore{B1AE7DD7-F8CF-4244-9B35-B955D004E69A}\RP370;Probably SCRIPT.Virus;;
A0078878.vbs;C:\System Volume Information\_restore{B1AE7DD7-F8CF-4244-9B35-B955D004E69A}\RP370;Probably SCRIPT.Virus;;
A0078879.vbs;C:\System Volume Information\_restore{B1AE7DD7-F8CF-4244-9B35-B955D004E69A}\RP370;Probably SCRIPT.Virus;;
A0078880.vbs;C:\System Volume Information\_restore{B1AE7DD7-F8CF-4244-9B35-B955D004E69A}\RP370;Probably SCRIPT.Virus;;
A0078882.vbs;C:\System Volume Information\_restore{B1AE7DD7-F8CF-4244-9B35-B955D004E69A}\RP370;Probably SCRIPT.Virus;;
A0078884.reg;C:\System Volume Information\_restore{B1AE7DD7-F8CF-4244-9B35-B955D004E69A}\RP371;Trojan.StartPage.1505;Deleted.;
A0078897.vbs;C:\System Volume Information\_restore{B1AE7DD7-F8CF-4244-9B35-B955D004E69A}\RP371;Probably SCRIPT.Virus;;
A0079062.reg;C:\System Volume Information\_restore{B1AE7DD7-F8CF-4244-9B35-B955D004E69A}\RP376;Trojan.StartPage.1505;Deleted.;
04207500.FIL;F:\$VAULT$.AVG;Trojan.MulDrop.5061;Deleted.;
15230484.FIL;F:\$VAULT$.AVG;Trojan.Packed.149;Incurable.Moved.;
23723343.FIL;F:\$VAULT$.AVG;Trojan.MulDrop.5061;Deleted.;
68220625.FIL;F:\$VAULT$.AVG;Trojan.Packed.149;Incurable.Moved.;
Deckard's System Scanner v20071014.68
Run by Ed on 2008-03-01 01:46:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
9: 2008-02-29 17:46:30 UTC - RP377 - Deckard's System Scanner Restore Point
8: 2008-02-29 15:56:02 UTC - RP376 - System Checkpoint
7: 2008-02-28 14:59:17 UTC - RP375 - System Checkpoint
6: 2008-02-27 12:02:12 UTC - RP374 - System Checkpoint
5: 2008-02-26 11:48:02 UTC - RP373 - System Checkpoint
-- First Restore Point --
1: 2008-02-22 04:56:17 UTC - RP369 - Feb222008
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Ed.exe) --------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:36 AM, on 3/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Grisoft\DivoCodec\wakeservice.exe
C:\Documents and Settings\Ed\Desktop\dss.exe
D:\PROGRA~1\NEWFOL~1\Ed.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.lvllord.de/O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MySidesearch Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [kqduizizjds4m25tsryapcv5b32vz00f0jibfpkwntxlmcrdmqc] C:\WINDOWS\SYSTEM32\kqduizizjds4m25tsryapcv5b32vz00f0jibfpkwntxlmcrdmqc.vbs
O4 - HKLM\..\Run: [ci5ma15rjigleuyl3c2idh8zx36fff7] C:\WINDOWS\SYSTEM32\ci5ma15rjigleuyl3c2idh8zx36fff7.vbs
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\ooze love.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [pwizn3oe6joj9exw4z28czh0q58146amdbr9bk7o3c62lkimypzn3oe6joj9] C:\WINDOWS\pwizn3oe6joj9exw4z28czh0q58146amdbr9bk7o3c62lkimypzn3oe6joj9.vbs
O4 - HKCU\..\Run: [9yl2q6ng8m3irrlch0614ae292s8u] C:\WINDOWS\9yl2q6ng8m3irrlch0614ae292s8u.vbs
O4 - HKCU\..\Run: [6e1i6x167fecxadz8y] C:\WINDOWS\6e1i6x167fecxadz8y.vbs
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\New Folder\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [corn proc] C:\DOCUME~1\Ed\APPLIC~1\RECTCA~1\Wait about.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Fantastic Flame Agent.lnk = F:\Program Files\Fantastic Flame Screensaver\FantasticFlameAgent.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://F:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://F:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://F:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - F:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www1.snapfish...fishActivia.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by122fd.bay12...es/MsnPUpld.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zon...1/GAME_UNO1.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebo...otoUploader.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zon...ro.cab56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab56907.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{94F7EC62-3489-4D0A-BD13-BA7CDBE8B9E2}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\New Folder\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 10954 bytes
-- HijackThis Fixed Entries (D:\PROGRA~1\NEWFOL~1\backups\) --------------------
backup-20080222-111321-141 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:People's Republic of Thailand (PRT)
backup-20080222-111337-868 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:People's Republic of Thailand (PRT)
backup-20080222-123559-185 O2 - BHO: superiorads browser enhancer - {79F562E5-768C-4494-8E6C-824ADA4A9C2C} - C:\WINDOWS\system32\sprt_ads.dll
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 Stealth - c:\windows\system32\drivers\stealth.sys <Not Verified; Generic; STEALTH>
R1 SASDIFSV - d:\program files\new folder\sasdifsv.sys
R1 SASKUTIL - d:\program files\new folder\saskutil.sys
R3 SASENUM - d:\program files\new folder\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-03-01 01:00:04 248 --ah----- C:\WINDOWS\Tasks\AFA37C6591CCF04D.job
2008-02-27 21:56:15 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-02-01 and 2008-03-01 -----------------------------
2008-02-29 23:02:51 0 d-------- C:\Documents and Settings\Ed\DoctorWeb
2008-02-26 17:43:44 0 d-------- C:\Program Files\rect cake dash
2008-02-26 17:27:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Frag great bend logo
2008-02-26 17:24:53 0 d-------- C:\Documents and Settings\Ed\Application Data\rect cake dash
2008-02-23 16:14:27 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-23 12:28:58 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-23 12:28:35 0 d-------- C:\Documents and Settings\Ed\Application Data\SUPERAntiSpyware.com
2008-02-22 23:04:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-22 23:03:27 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-02-22 23:03:27 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-02-22 23:03:27 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-02-22 23:03:27 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-02-22 23:03:27 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-02-22 23:03:27 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-02-22 23:03:27 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-02-22 23:03:27 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-02-22 23:03:27 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-02-22 23:03:27 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-02-22 23:03:27 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-02-22 23:03:27 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-02-22 23:03:27 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-02-22 23:03:27 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-02-22 22:48:50 0 d-------- C:\Documents and Settings\Ed\Application Data\Grisoft
2008-02-22 10:33:36 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-22 10:33:35 2539 --a------ C:\WINDOWS\unins000.dat
2008-02-21 17:31:52 0 d-------- C:\Program Files\Lavasoft
2008-02-21 17:31:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-21 17:31:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-18 17:08:58 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-02-14 21:54:32 60416 --a------ C:\WINDOWS\system32\sprt_ads.dll
2008-02-14 00:29:32 0 d-------- C:\Program Files\Sierra On-Line
2008-02-11 12:49:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-11 12:25:18 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-10 20:50:04 84729 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-02-10 20:48:05 40730 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2008-02-10 20:48:02 80112 --a------ C:\WINDOWS\system32\dcads-remove.exe
2008-02-10 20:48:00 0 d-------- C:\Program Files\Dcads Games Collection
2008-02-09 21:14:20 0 d-------- C:\WINDOWS\.jagex_cache_32
2008-02-08 22:52:36 335872 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll
-- Find3M Report ---------------------------------------------------------------
2008-02-29 16:21:17 0 d-------- C:\Documents and Settings\Ed\Application Data\Skype
2008-02-29 16:18:35 0 d-------- C:\Documents and Settings\Ed\Application Data\AVG7
2008-02-27 22:01:03 0 d-------- C:\Documents and Settings\Ed\Application Data\LimeWire
2008-02-26 19:32:43 16 --a------ C:\WINDOWS\popcinfo.dat
2008-02-26 17:41:05 0 d-------- C:\Documents and Settings\Ed\Application Data\vlc
2008-02-24 13:39:18 0 d-------- C:\Program Files\QuickTime
2008-02-24 13:38:46 0 d-------- C:\Program Files\MSN Messenger
2008-02-24 13:35:18 0 d-------- C:\Program Files\iTunes
2008-02-21 17:31:26 0 d-------- C:\Program Files\Common Files
2008-02-18 17:16:11 0 d-------- C:\Documents and Settings\Ed\Application Data\Lavasoft
2008-02-11 13:04:00 0 d-------- C:\Documents and Settings\Ed\Application Data\Adobe
2008-02-11 12:51:17 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-10 20:51:09 0 d-------- C:\Documents and Settings\Ed\Application Data\CE
2008-01-23 16:28:34 0 d-------- C:\Program Files\Mplayer
2008-01-01 20:44:07 3532 --a------ C:\drmHeader.bin
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
02/08/2008 10:52 PM 335872 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 08:00 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [05/29/2003 04:28 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [05/30/2003 09:42 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [10/12/2006 03:10 AM]
"DAEMON Tools-1033"="F:\Program Files\daemon.exe" [06/19/2002 10:49 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [12/21/2007 03:04 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 10:56 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 12:10 PM]
"kqduizizjds4m25tsryapcv5b32vz00f0jibfpkwntxlmcrdmqc"="C:\WINDOWS\SYSTEM32\kqduizizjds4m25tsryapcv5b32vz00f0jibfpkwntxlmcrdmqc.vbs" []
"ci5ma15rjigleuyl3c2idh8zx36fff7"="C:\WINDOWS\SYSTEM32\ci5ma15rjigleuyl3c2idh8zx36fff7.vbs" []
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 PM]
"bend logo clock film"="C:\Documents and Settings\All Users\Application Data\Frag great bend logo\ooze love.exe" [02/29/2008 10:43 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [12/01/2006 09:28 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [09/13/2007 01:31 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"pwizn3oe6joj9exw4z28czh0q58146amdbr9bk7o3c62lkimypzn3oe6joj9"="C:\WINDOWS\pwizn3oe6joj9exw4z28czh0q58146amdbr9bk7o3c62lkimypzn3oe6joj9.vbs" []
"9yl2q6ng8m3irrlch0614ae292s8u"="C:\WINDOWS\9yl2q6ng8m3irrlch0614ae292s8u.vbs" []
"6e1i6x167fecxadz8y"="C:\WINDOWS\6e1i6x167fecxadz8y.vbs" []
"SUPERAntiSpyware"="D:\Program Files\New Folder\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]
"corn proc"="C:\DOCUME~1\Ed\APPLIC~1\RECTCA~1\Wait about.exe" [02/26/2008 05:43 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
C:\Documents and Settings\Ed\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
PowerReg Scheduler V3.exe [12/20/2006 5:38:50 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Fantastic Flame Agent.lnk - F:\Program Files\Fantastic Flame Screensaver\FantasticFlameAgent.exe [4/25/2007 4:33:26 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\New Folder\SASSEH.DLL [12/20/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\New Folder\SASWINLO.dll 02/27/2007 11:39 AM 282624 D:\Program Files\New Folder\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d683ad3-7b7a-11db-b84a-00112f8263e8}]
AutoRun\command- H:\setup.exe
dinstall\command- H:\Quake3\directx7\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25681e92-c557-11db-b8e5-00112f8263e8}]
Auto\command- tel.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56fd7790-c493-11db-b8e4-00112f8263e8}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ovhym4but00l2c01r625mskjhlfvp4d3imeisnzqo4vp7u1gptyx50l2c01.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67379e5a-caf2-11db-b8e8-00112f8263e8}]
Auto\command- sxs.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b39c886-8cae-11db-b86f-00112f8263e8}]
AutoRun\command- I:\ek.com
explore\Command- I:\ek.com
open\Command- I:\ek.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86d32244-65c5-11dc-b9b9-00112f8263e8}]
1\Command- .\RECYCLER\RECYCLER.exe
2\Command- .\RECYCLER\RECYCLER.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1f36b58-948d-11db-b87e-00112f8263e8}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe x3q7v.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1f36b5e-948d-11db-b87e-00112f8263e8}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe y4r8wcut.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1f36b5f-948d-11db-b87e-00112f8263e8}]
AutoRun\command- RavMon.exe
explore\Command- RavMon.exe -e
open\Command- RavMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3487310C-5FF6-11D2-377D-E452830CEB92}]
C:\WINDOWS\system32\win32gl\svchost.exe s
-- Hosts -----------------------------------------------------------------------
127.0.0.1 hityou.com
127.0.0.1 www.hityou.com
127.0.0.1 180searchassistant.com
127.0.0.1 www.180searchassistant.com
127.0.0.1 180solutions.com
127.0.0.1 www.180solutions.com
127.0.0.1 bis.180solutions.com
127.0.0.1 config.180solutions.com
127.0.0.1 cts.180solutions.com
127.0.0.1 downloads.180solutions.com
7980 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-03-01 01:49:29 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 511.23 MiB / 185.97 MiB
Pagefile Memory (total/avail): 1249.87 MiB / 664.06 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1912.28 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 19.53 GiB total, 4.33 GiB free.
D: is Fixed (NTFS) - 48.83 GiB total, 43.63 GiB free.
E: is Fixed (FAT32) - 6.15 GiB total, 3.68 GiB free.
F: is Fixed (NTFS) - 149.05 GiB total, 31.65 GiB free.
G: is CDROM (No Media)
H: is CDROM (CDFS)
\\.\PHYSICALDRIVE1 - ST3160212A - 149.05 GiB - 1 partition
\PARTITION0 - Installable File System - 149.05 GiB - F:
\\.\PHYSICALDRIVE0 - ST3802110A 41N3271 LEN - 74.54 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 19.53 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 55 GiB - D: - E:
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: AVG 7.5.516 v7.5.516 (Grisoft)
AV: Eset NOD32 antivirus system 2.51 v2.51 (Eset)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\LimeWire\\LimeWire.exe"="D:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"F:\\Program Files\\PC Games\\Age Of Empires\\age2_x1.exe"="F:\\Program Files\\PC Games\\Age Of Empires\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"="C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe:*:Enabled:Star Wars: Empire at War"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"F:\\Program Files\\BitComet\\BitComet.exe"="F:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"F:\\Program Files\\Halo.exe"="F:\\Program Files\\Halo.exe:*:Enabled:Halo"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"="C:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe:*:Enabled:Star Wars Galactic Battlegrounds"
"F:\\Bit downloads\\Halo\\halo.exe"="F:\\Bit downloads\\Halo\\halo.exe:*:Enabled:Halo"
"F:\\Program Files\\Quake 3 Arena [PCCD][English][newpct.com]By Nachete\\Quake3\\quake3.exe"="F:\\Program Files\\Quake 3 Arena [PCCD][English][newpct.com]By Nachete\\Quake3\\quake3.exe:*:Enabled:quake3"
"D:\\program file\\quake3.exe"="D:\\program file\\quake3.exe:*:Enabled:quake3"
"F:\\Program Files\\Quake 2 + Expansiones [PCCD][English][newpct.com]By Nachete\\Quake2\\quake2xp.exe"="F:\\Program Files\\Quake 2 + Expansiones [PCCD][English][newpct.com]By Nachete\\Quake2\\quake2xp.exe:*:Enabled:quake2xp"
"D:\\program file\\Bin32\\FarCry.exe"="D:\\program file\\Bin32\\FarCry.exe:*:Enabled:Far Cry"
"D:\\program file\\games\\half-life\\Counter-Strike\\cstrike.exe"="D:\\program file\\games\\half-life\\Counter-Strike\\cstrike.exe:*:Enabled:CounterStrike Launcher"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ed\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RUSSELL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ed
LOGONSERVER=\\RUSSELL
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ed\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ed\LOCALS~1\Temp
USERDOMAIN=RUSSELL
USERNAME=Ed
USERPROFILE=C:\Documents and Settings\Ed
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Ed
(admin)Administrator
(new local, admin)-- Add/Remove Programs ---------------------------------------------------------
--> F:\Program Files\divx\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe GoLive CS2 English --> msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe InDesign CS2 --> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 --> d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
Backyard Football 2002 --> C:\WINDOWS\IsUninst.exe -fC:\HEGames\Football2002\Uninst.isu -c"C:\HEGames\Football2002\Uninst.dll
Bejeweled 2 Deluxe --> C:\WINDOWS\iun6002ev.exe "C:\Program Files\Bejeweled 2 Deluxe\irunin.ini"
BitComet 0.91 --> F:\Program Files\BitComet\uninst.exe
Browser Optimizer Dcads --> C:\WINDOWS\system32\dcads-remove.exe
CiD Help --> C:\DOCUME~1\Ed\APPLIC~1\RECTCA~1\Wait about.exe -uninstall
Cucusoft DVD to iPod + iPod Video Converter Suite 3.12.3.22 --> "F:\Program Files\ipod-converter\unins000.exe"
Cucusoft DVD to iPod Converter 3.22 --> "F:\Program Files\Cucusoft DVD to iPod Mpeg AVI to DVD VCD SVCD Converter Pro\ipod-converter\unins000.exe"
Cucusoft iPod Movie/Video Converter 2.00 --> "C:\Program Files\Cucusoft\ipod-converter\unins000.exe"
DAEMON Tools --> MsiExec.exe /I{EDB4C5BF-3324-410F-8E1B-60AAB5868CC3}
Dcads Games Collection --> C:\Program Files\Dcads Games Collection\uninstall.exe
DivoCodec version 1.0.0.2 --> "D:\Program Files\Grisoft\DivoCodec\unins000.exe"
DivX Codec --> F:\Program Files\divx\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> F:\Program Files\divx\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> F:\Program Files\divx\ConverterUninstall.exe /CONVERTER
Enhancement Browser Tools Superiorads --> C:\WINDOWS\system32\superiorads-uninst.exe
Fantastic Flame Screensaver --> F:\Program Files\Fantastic Flame Screensaver\uninstall.exe
Far Cry --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Half-Life: Counter-Strike --> D:\PROGRA~1\games\HALF-L~1\COUNTE~1\UNWISE.EXE D:\PROGRA~1\games\HALF-L~1\COUNTE~1\INSTALL.LOG
HijackThis 2.0.2 --> "D:\program file\New Folder\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
LimeWire 4.16.6 --> "D:\LimeWire\uninstall.exe"
LIVE gaming on Windows Runtime Version 1.0.6027 --> MsiExec.exe /X{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}
Mah Jong Medley --> D:\PROGRA~1\MAHJON~1\UNWISE.EXE /U D:\PROGRA~1\MAHJON~1\INSTALL.LOG
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.12) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MySidesearch Search Assistant --> C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OLYMPUS Master 2 --> MsiExec.exe /X{F0FC1E09-AF67-47BC-9E61-90ECFEB4CE82}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Quake III Arena --> C:\WINDOWS\IsUninst.exe -f"d:\program file\QIII.isu"
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
SpeedSim --> F:\Program Files\speed\SpeedSim\uninst.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Star Wars Empire at War --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe" -l0x9 -removeonly
Star Wars Galactic Battlegrounds --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A202BDBA-753F-41B9-B649-CFB0B45FC03E}\Setup.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TVUPlayer 2.3.3.2 --> C:\Program Files\TVUPlayer\uninst.exe
VideoLAN VLC media player 0.8.6d --> D:\program file\VLC Player\VLC\uninstall.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type6883 / Success
Event Submitted/Written: 02/29/2008 04:21:33 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type6874 / Success
Event Submitted/Written: 02/28/2008 10:30:17 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type6857 / Success
Event Submitted/Written: 02/28/2008 05:02:49 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type6836 / Success
Event Submitted/Written: 02/27/2008 04:02:46 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type6827 / Success
Event Submitted/Written: 02/26/2008 04:28:44 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type145322 / Error
Event Submitted/Written: 03/01/2008 01:29:09 AM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer REN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{94F7EC62-3489-4D0A-BD13.
The master browser is stopping or an election is being forced.
Event Record #/Type145321 / Error
Event Submitted/Written: 02/29/2008 08:44:06 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}
Event Record #/Type145320 / Warning
Event Submitted/Written: 02/29/2008 08:43:34 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type145319 / Error
Event Submitted/Written: 02/29/2008 08:42:57 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type
Event Record #/Type145318 / Error
Event Submitted/Written: 02/29/2008 08:01:03 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type
-- End of Deckard's System Scanner: finished at 2008-03-01 01:49:29 ------------
Ed Zinn