MyWebSearchSA was not in the add/remove files list, the other was however.
Additonally, a little while ago I was told I could repair system files by re-installing xp and choosing repair, well, I tried and backed out of it (it said I could press esc to close it, so I did). But now when I boot the PC it gets to a screen where I can choose to boot XP or install it, I get 5 seconds to decide before it trys installing, can I fix this? I realise I should have come here before doing someone stupid like that, but, I really was getting frustrated and only just remembered about this forum when google came up with it.
Here are the logs you want:
Deckard's System Scanner v20071014.68
Run by Timothy on 2008-03-12 07:55:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
61: 2008-03-11 21:55:53 UTC - RP61 - Deckard's System Scanner Restore Point
60: 2008-03-11 21:48:37 UTC - RP60 - Software Distribution Service 3.0
59: 2008-03-10 04:01:59 UTC - RP59 - Software Distribution Service 3.0
58: 2008-03-09 06:01:26 UTC - RP58 - Software Distribution Service 3.0
57: 2008-03-08 00:34:58 UTC - RP57 - Installed Windows XP KB894391.
-- First Restore Point --
1: 2008-02-06 22:08:35 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Timothy Halton.exe) --------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:54 AM, on 12/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Timothy Halton\Desktop\dss.exe
C:\DOCUME~1\TIMOTH~1\Desktop\TIMMY'~1\USEFUL~1\HIJACK~1\Timothy Halton.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.daemon-search.com/startpageR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search -
http://edits.mywebse...arch.jhtml?p=ZJO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1202356700750O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 8721 bytes
-- HijackThis Fixed Entries (C:\DOCUME~1\TIMOTH~1\Desktop\TIMMY'~1\USEFUL~1\HIJACK~1\backups\) --------------------------------------------------------------------------------
backup-20060410-100029-293 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://red.clientapp...//www.yahoo.combackup-20060410-100029-325 O8 - Extra context menu item: &Search -
http://bar.mywebsear...?p=ZSYYYYYYYYAUbackup-20060410-100029-502 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
backup-20060410-100029-513 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapp...rch/search.htmlbackup-20060410-100029-658 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapp...rch/search.htmlbackup-20060410-100029-688 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapp...//www.yahoo.com-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-03-06 10:09:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-02-12 and 2008-03-12 -----------------------------
2008-03-12 07:36:41 381012 --a------ C:\Program Files\Uninstall Fun Web Products.dll <Not Verified; MyWebSearch.com; My Web Search Bar for Internet Explorer, FireFox, Netscape, email clients, and messenger clients>
2008-03-08 10:42:20 0 d-------- C:\$WIN_NT$.~BT
2008-03-08 09:42:09 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-08 09:41:19 0 d-------- C:\Program Files\MSBuild
2008-03-08 09:40:04 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-03-08 09:39:40 0 d-------- C:\Program Files\Reference Assemblies
2008-03-08 09:38:55 0 d-------- C:\9b1c621a2932043a1c28f6af
2008-03-08 09:38:35 0 d-------- C:\Program Files\MSXML 6.0
2008-03-08 09:38:05 0 d-------- C:\WINDOWS\network diagnostic
2008-03-08 09:36:45 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-03-06 17:57:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-06 17:57:03 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-03-06 17:56:01 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\Xfire
2008-03-06 17:56:00 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-06 17:54:52 0 d-------- C:\Program Files\MSXML 4.0
2008-03-06 17:54:14 0 dr-h----- C:\Documents and Settings\Timothy Halton\Recent
2008-03-06 17:53:40 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\AdobeUM
2008-03-06 17:53:27 0 d-------- C:\Program Files\Common Files\HP
2008-03-06 17:53:27 0 d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-03-06 17:53:22 0 d-------- C:\Program Files\Hewlett-Packard
2008-03-06 17:53:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-03-05 12:08:38 0 d-------- C:\Program Files\Lavasoft
2008-03-05 12:08:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-04 15:01:11 0 d-------- C:\WINDOWS\pss
2008-03-03 17:27:25 0 d---s---- C:\Program Files\Xfire
2008-03-03 17:24:39 0 d-------- C:\Program Files\Rappelz
2008-02-28 10:32:15 0 d-------- C:\Program Files\iPod
2008-02-28 10:32:12 0 d-------- C:\Program Files\iTunes
2008-02-23 21:41:29 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-02-22 11:08:52 0 d-------- C:\Program Files\MyWebSearch
2008-02-21 15:41:06 0 d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-02-21 15:41:00 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\HP
2008-02-21 15:39:18 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-02-21 15:38:09 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-02-21 15:26:26 0 d-------- C:\Program Files\HP
2008-02-21 15:19:52 1470 -----n--- C:\WINDOWS\hpomdl12.dat
2008-02-21 15:19:52 130984 --a------ C:\WINDOWS\hpoins12.dat
2008-02-21 12:43:01 0 d-------- C:\Program Files\QuickTime
2008-02-17 16:22:26 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\CyberLink
2008-02-17 16:22:26 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-02-12 17:24:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
-- Find3M Report ---------------------------------------------------------------
2008-03-11 06:32:31 0 d-------- C:\Program Files\ZeroOnline
2008-03-09 17:29:22 0 d-------- C:\Program Files\Rockstar Games
2008-03-06 18:23:32 0 d-------- C:\Program Files\Flyff
2008-03-06 17:55:57 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\Azureus
2008-03-06 17:53:49 0 d-------- C:\Program Files\WindowBlinds
2008-03-05 12:07:41 0 d-------- C:\Program Files\Common Files
2008-03-04 14:37:17 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\AVG7
2008-03-03 17:24:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-03 17:24:45 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-11 14:41:57 2804224 --a------ C:\WINDOWS\system32\Grudge Movie Screensaver.scr <Not Verified; DDSoft; ScreenSaver>
2008-02-09 19:05:22 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\Grisoft
2008-02-09 18:27:43 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-02-09 18:27:09 0 d-------- C:\Program Files\Microsoft.NET
2008-02-09 18:11:55 0 d-------- C:\Program Files\DAEMON Tools
2008-02-09 18:11:53 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\DAEMON Tools
2008-02-09 18:02:20 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\Real
2008-02-09 17:57:33 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\www.TheXSoft.com
2008-02-09 17:43:04 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\Talkback
2008-02-09 17:43:02 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\Mozilla
2008-02-09 17:41:44 0 d-------- C:\Program Files\Common Files\xing shared
2008-02-09 17:41:42 0 d-------- C:\Program Files\Common Files\Real
2008-02-09 17:41:31 0 d-------- C:\Program Files\Real
2008-02-08 15:25:58 0 d-------- C:\Program Files\Pocket Tanks Deluxe
2008-02-08 14:14:54 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\WinRAR
2008-02-08 13:41:19 0 d-------- C:\Program Files\Java
2008-02-08 13:41:04 0 d-------- C:\Program Files\Common Files\Java
2008-02-08 13:40:40 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\Sun
2008-02-08 12:57:31 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\DivX
2008-02-08 12:56:23 0 d-------- C:\Program Files\DivX
2008-02-08 11:23:29 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-02-08 09:50:33 0 d-------- C:\Program Files\Windows Live
2008-02-08 09:50:17 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-08 09:21:28 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\Macromedia
2008-02-08 09:21:28 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\Adobe
2008-02-08 08:48:02 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\Opera
2008-02-08 08:47:59 0 d-------- C:\Program Files\Opera
2008-02-07 19:49:00 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\Apple Computer
2008-02-07 19:48:25 0 d-------- C:\Program Files\Apple Software Update
2008-02-07 19:48:14 0 d-------- C:\Program Files\Common Files\Apple
2008-02-07 19:26:31 0 d-------- C:\Program Files\Maple Story
2008-02-07 19:17:18 0 d-------- C:\Program Files\Eudemons Online
2008-02-07 19:11:03 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\InstallShield
2008-02-07 18:57:21 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-07 18:55:55 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-07 18:41:01 0 d-------- C:\Program Files\DVD Shrink
2008-02-07 17:55:50 0 d-------- C:\Program Files\viewsonic
2008-02-07 17:54:46 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\Leadertech
2008-02-07 17:42:41 0 d-------- C:\Program Files\Common Files\ODBC
2008-02-07 17:42:36 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-02-07 17:42:00 62 --ahs---- C:\Documents and Settings\Timothy Halton\Application Data\desktop.ini
2008-02-07 14:53:57 0 d-------- C:\Program Files\Messenger
2008-02-07 14:05:05 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-07 08:48:31 0 d-------- C:\Program Files\CyberLink
2008-02-07 08:47:03 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\Ahead
2008-02-07 08:46:55 0 d-------- C:\Program Files\Common Files\Ahead
2008-02-07 08:45:43 0 d-------- C:\Program Files\Nero
2008-02-07 08:40:03 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\Microsoft Web Folders
2008-02-07 08:39:58 0 d-------- C:\Program Files\microsoft frontpage
2008-02-07 08:35:10 0 d-------- C:\Program Files\Realtek
2008-02-07 08:28:50 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-02-07 08:22:24 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\ATI
2008-02-07 08:15:25 0 d-------- C:\Program Files\ATI Technologies
2008-02-07 08:08:26 0 d-------- C:\Documents and Settings\Timothy Halton\Application Data\Identities
2008-02-07 07:59:48 0 -rahs---- C:\MSDOS.SYS
2008-02-07 07:59:48 0 -rahs---- C:\IO.SYS
2008-02-07 07:59:48 0 --a------ C:\CONFIG.SYS
2008-02-07 07:59:48 0 --a------ C:\AUTOEXEC.BAT
2008-02-07 07:58:54 0 d--h----- C:\Program Files\WindowsUpdate
2008-02-07 07:57:33 0 d-------- C:\Program Files\Common Files\MSSoap
2008-02-07 07:57:15 0 d-------- C:\Program Files\Movie Maker
2008-02-07 07:56:11 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-07 07:55:53 0 d-------- C:\Program Files\Online Services
2008-02-07 07:55:40 0 d-------- C:\Program Files\MSN Gaming Zone
2008-02-07 07:55:26 0 d-------- C:\Program Files\Windows NT
2008-01-05 07:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-05 07:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-05 07:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-05 07:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-05 07:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-05 07:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-05 07:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-05 07:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [21/03/2007 04:49 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 08:43 PM C:\WINDOWS\Alcmtr.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [07/02/2008 01:55 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 03:40 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [23/11/2006 03:10 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [05/12/2006 10:55 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/02/2008 05:41 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 07:25 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31/01/2008 11:13 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [10/12/2006 09:52 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 01:10 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [11/08/2005 03:30 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [11/08/2005 03:30 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [27/07/2007 10:00 PM]
"@"="" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34 AM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [18/01/2008 02:51 AM]
C:\Documents and Settings\Timothy Halton\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 7:16:50 PM]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [21/02/2008 11:57:28 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 4:44:06 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/01/2007 9:40:10 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\WindowBlinds\wbsrv.dll 24/02/2008 09:05 AM 229376 C:\Program Files\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {A75BF1D0-C7C3-CB55-EE17-3225387FD154} /qb
-- End of Deckard's System Scanner: finished at 2008-03-12 07:57:39 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon 64 X2 Dual Core Processor 5200+
CPU 1: AMD Athlon 64 X2 Dual Core Processor 5200+
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 1918.42 MiB / 1297.99 MiB
Pagefile Memory (total/avail): 3811.8 MiB / 3184.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.45 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 292.97 GiB total, 237.92 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 172.78 GiB total, 172.71 GiB free.
F: is CDROM (No Media)
G: is Removable (FAT)
\\.\PHYSICALDRIVE0 - WDC WD5000AAKS-00YGA0 - 465.76 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 292.97 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 172.78 GiB - E:
\\.\PHYSICALDRIVE2 - USB DISK 2.0 USB Device - 980.53 MiB - 1 partition
\PARTITION0 - Win95 w/Extended Int 13 - 980.98 MiB - G:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: AVG 7.5.518 v7.5.518 (Grisoft)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"F:\\StubInstaller.exe"="F:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Documents and Settings\\Timothy Halton\\Desktop\\Timmy's Things\\Torrent Extractor\\Azureus.exe"="C:\\Documents and Settings\\Timothy Halton\\Desktop\\Timmy's Things\\Torrent Extractor\\Azureus.exe:*:Enabled:Azureus"
"C:\\Documents and Settings\\Timothy Halton\\Desktop\\Timmy's Things\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Timothy Halton\\Desktop\\Timmy's Things\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Timothy Halton\\Desktop\\Timmy's Things\\Games\\LieroX v0.56 Pack 1.9\\LieroX.exe"="C:\\Documents and Settings\\Timothy Halton\\Desktop\\Timmy's Things\\Games\\LieroX v0.56 Pack 1.9\\LieroX.exe:*:Enabled:LieroX"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Timothy Halton\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MASTER-RYDER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Timothy Halton
LOGONSERVER=\\MASTER-RYDER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\TIMOTH~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\TIMOTH~1\LOCALS~1\Temp
USERDOMAIN=MASTER-RYDER
USERNAME=Timothy Halton
USERPROFILE=C:\Documents and Settings\Timothy Halton
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Timothy Halton
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Eudemons Online --> C:\Program Files\InstallShield Installation Information\{2B4A545A-DF30-4FC9-B56E-EB7DAFA70792}\setup.exe -runfromtemp -l0x0009 -removeonly
Grudge Movie Screensaver --> C:\WINDOWS\system32\Grudge Movie Screensaver.scr -U
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Timothy Halton\Desktop\Timmy's Things\Useful Programs\hijackthis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Customer Participation Program 8.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet All-In-One Software 8.0 --> C:\Program Files\HP\Digital Imaging\{24557DC0-0839-496f-82F9-C4EB72EFE4FA}\setup\hpzscr01.exe -datfile hposcr12.dat
HP Imaging Device Functions 8.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Solution Center 8.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply --> MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MTA:SA DM Developer Preview 2 --> C:\Program Files\Rockstar Games\SA online\Uninstall.exe
Nero 7 Essentials --> MsiExec.exe /X{55A960A6-0CAC-4EBB-9D7E-199545391033}
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Opera 9.25 --> MsiExec.exe /X{C619B312-19F3-460A-9F7B-443248379F18}
Pocket Tanks Deluxe --> MsiExec.exe /X{5F5D8937-508B-440F-9C1B-19CB78DBB834}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Rappelz_USA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E144A786-D2DD-428B-9C1A-0EE3FA3515EA}\setup.exe" -l0x9 -removeonly
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
WindowBlinds --> C:\PROGRA~1\WI559D~1\UNWISE.EXE C:\PROGRA~1\WI559D~1\INSTALL.LOG
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
-- Application Event Log -------------------------------------------------------
Event Record #/Type1492 / Success
Event Submitted/Written: 03/12/2008 07:55:14 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type1467 / Success
Event Submitted/Written: 03/12/2008 06:54:29 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type1452 / Success
Event Submitted/Written: 03/11/2008 06:08:38 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type1444 / Error
Event Submitted/Written: 03/10/2008 08:10:05 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ZeroOnline.exe, version 1.0.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type1443 / Error
Event Submitted/Written: 03/10/2008 08:09:47 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application zeroonline.exe, version 1.0.0.1, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [zeroonline.exe!ws!]
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type2941 / Warning
Event Submitted/Written: 03/12/2008 07:50:35 AM
Event ID/Source: 20 / Print
Event Description:
Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll.
Event Record #/Type2940 / Warning
Event Submitted/Written: 03/12/2008 07:50:34 AM
Event ID/Source: 3 / Print
Event Description:
Printer Microsoft Office Document Image Writer was deleted.
Event Record #/Type2939 / Warning
Event Submitted/Written: 03/12/2008 07:50:34 AM
Event ID/Source: 4 / Print
Event Description:
Printer Microsoft Office Document Image Writer is pending deletion.
Event Record #/Type2902 / Error
Event Submitted/Written: 03/12/2008 06:53:49 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.2 for the Network Card with network address 001BFC828DAD has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
Event Record #/Type2873 / Error
Event Submitted/Written: 03/11/2008 06:08:04 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.2 for the Network Card with network address 001BFC828DAD has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
-- End of Deckard's System Scanner: finished at 2008-03-12 07:57:39 ------------
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, March 12, 2008 10:09:25 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/03/2008
Kaspersky Anti-Virus database records: 624774
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 138809
Number of viruses found: 16
Number of infected objects: 62
Number of suspicious objects: 0
Duration of the scan process: 01:08:13
Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\TIMOTH~1\LOCALS~1\Temp\~DF1FE0.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\TIMOTH~1\LOCALS~1\Temp\~DF24BB.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\TIMOTH~1\LOCALS~1\Temp\~DFF962.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\TIMOTH~1\LOCALS~1\Temp\~DFF9E8.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Timothy Halton\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\Timothy Halton\Application Data\Opera\Opera\mail\indexer\indexer.dat Object is locked skipped
C:\Documents and Settings\Timothy Halton\Application Data\Opera\Opera\mail\lexicon\lexicon.dat Object is locked skipped
C:\Documents and Settings\Timothy Halton\Application Data\Opera\Opera\mail\mailbase.dat Object is locked skipped
C:\Documents and Settings\Timothy Halton\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Timothy Halton\Desktop\Timmy's Things\Useful Programs\Nero-6.6.1.15a.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Timothy Halton\Desktop\Timmy's Things\Useful Programs\Nero-6.6.1.15a.exe RAR: infected - 1 skipped
C:\Documents and Settings\Timothy Halton\Desktop\Timmy's Things\Useful Programs\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Timothy Halton\Local Settings\Application Data\ATI\ACE\Log\MOM-0.log Object is locked skipped
C:\Documents and Settings\Timothy Halton\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Timothy Halton\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Timothy Halton\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\Working\database_C668_4E74_684E_6373\dfsr.db Object is locked skipped
C:\Documents and Settings\Timothy Halton\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\Working\database_C668_4E74_684E_6373\fsr.log Object is locked skipped
C:\Documents and Settings\Timothy Halton\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\Working\database_C668_4E74_684E_6373\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Timothy Halton\Local Settings\Application Data\Microsoft\Messenger\
[email protected]\SharingMetadata\Working\database_C668_4E74_684E_6373\tmp.edb Object is locked skipped
C:\Documents and Settings\Timothy Halton\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Timothy Halton\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Timothy Halton\Local Settings\Application Data\Microsoft\Windows Live Contacts\
[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Timothy Halton\Local Settings\Application Data\Microsoft\Windows Live Contacts\
[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Timothy Halton\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Timothy Halton\Local Settings\History\History.IE5\MSHist012008031220080313\index.dat Object is locked skipped
C:\Documents and Settings\Timothy Halton\Local Settings\Temp\~DF1612.tmp Object is locked skipped
C:\Documents and Settings\Timothy Halton\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Timothy Halton\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Timothy Halton\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Timothy Halton\ntuser.dat.LOG Object is locke