first im sending you the dss logs as the kaspersky will run about 5 hours and i will do it soon as possible,
you wanted me to scan C:\cc3000\AB cc3000 is a server running program programmed by local estonian programmers and im not allowed to make any changes in there and the AB isnt a file its just shared subfolder so i cant scan it anyway
i will post kaspersky online scanners log soon as i can
so here is the dss main:
Deckard's System Scanner v20071014.68
Run by kassa on 2008-04-09 12:41:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
25: 2008-04-09 09:41:33 UTC - RP25 - Deckard's System Scanner Restore Point
24: 2008-04-08 16:49:05 UTC - RP24 - System Checkpoint
23: 2008-04-07 16:01:43 UTC - RP23 - System Checkpoint
22: 2008-04-06 11:14:34 UTC - RP22 - System Checkpoint
21: 2008-04-05 10:31:27 UTC - RP21 - Deckard's System Scanner Restore Point
-- First Restore Point --
1: 2008-03-26 02:11:45 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 248 MiB (512 MiB recommended).-- HijackThis (run as kassa.exe) -----------------------------------------------
logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-09 12:42:13
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.11)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\cc3000\Link3000\server\Server.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BaroufaSoft\Matrix Screen Locker\matrix.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Ektaco\Autor\autor.exe
C:\Documents and Settings\kassa\Desktop\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.neti.ee/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [cc3000 baasitee] subst s: C:\cc3000\AB
O4 - HKLM\..\Run: [Link 3000 - Server] C:\cc3000\Link3000\server\Server.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: autor.lnk = C:\Program Files\Ektaco\Autor\autor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Matrix Screen Locker (s).lnk = C:\Program Files\BaroufaSoft\Matrix Screen Locker\matrix.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macr...director/sw.cabO16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) -
http://office.micros...ntent/opuc2.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macr...ash/swflash.cabO17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{55DBF8D1-4639-4783-9F73-9BA7508CF4D2}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
--
End of file - 4463 bytes
-- HijackThis Fixed Entries (C:\DOCUME~1\kassa\Desktop\TROJAK~1\backups\) ------
backup-20080409-115616-221 O2 - BHO: (no name) - {92CAA87F-1E7D-4CD4-BB04-FB9432F2AE9B} - C:\WINDOWS\system32\browsew.dll (file missing)
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S1 SASKUTIL - c:\program files\superantispyware\saskutil.sys (file missing)
S3 catchme - c:\docume~1\kassa\locals~1\temp\catchme.sys (file missing)
S3 ids00035 - c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids00035.sys (file missing)
S3 klstm - c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\klstm.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-04-09 10:00:00 298 --a------ C:\WINDOWS\Tasks\offline.job
-- Files created between 2008-03-09 and 2008-04-09 -----------------------------
2008-04-09 12:03:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-09 12:03:32 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-09 12:03:30 0 d-------- C:\WINDOWS\LastGood
2008-04-05 13:07:58 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-03-27 15:56:17 0 d-------- C:\Documents and Settings\kassa\Application Data\Desktopicon
2008-03-26 06:06:03 0 d-------- C:\Program Files\SpywareBlaster
2008-03-26 05:22:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-26 05:22:32 0 d-------- C:\Documents and Settings\kassa\Application Data\SUPERAntiSpyware.com
2008-03-26 04:58:52 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-26 04:58:52 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-26 04:58:52 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-26 04:58:52 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-26 04:14:03 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-03-26 04:14:03 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-03-26 04:14:03 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-26 04:14:03 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-03-26 04:14:03 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-03-26 04:14:03 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-26 04:14:03 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-26 04:14:03 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-03-26 04:14:03 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-26 04:14:03 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-03-26 04:14:03 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-03-26 04:14:03 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-03-26 04:14:03 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-03-26 04:14:03 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-26 02:43:07 0 dr-h----- C:\Documents and Settings\kassa\Recent
2008-03-26 02:18:23 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
-- Find3M Report ---------------------------------------------------------------
2008-04-03 02:13:00 0 d-------- C:\Program Files\Common Files
2008-03-26 03:44:49 0 d-------- C:\Program Files\Hewlett-Packard
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [02.11.2004 10:03]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [02.11.2004 09:59]
"cc3000 baasitee"="subst s: C:\cc3000\AB" []
"Link 3000 - Server"="C:\cc3000\Link3000\server\Server.exe" [02.11.2004 14:25]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [21.12.2007 08:23]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 01:56]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19.01.2007 12:54]
C:\Documents and Settings\kassa\Start Menu\Programs\Startup\
autor.lnk - C:\Program Files\Ektaco\Autor\autor.exe [02.09.2002 21:57:08]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.09.2005 23:05:26]
Matrix Screen Locker (s).lnk - C:\Program Files\BaroufaSoft\Matrix Screen Locker\matrix.exe [09.02.2005 12:21:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeStartMenu"=0 (0x0)
"NoLogOff"=0 (0x0)
"NoClose"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- End of Deckard's System Scanner: finished at 2008-04-09 12:43:22 ------------
___________________________________________________________________
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Celeron® CPU 2.00GHz
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 247.48 MiB / 63.2 MiB
Pagefile Memory (total/avail): 606.37 MiB / 386.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.11 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 69.32 GiB total, 58.9 GiB free.
D: is Fixed (FAT32) - 5.2 GiB total, 3.63 GiB free.
E: is CDROM (No Media)
S: is Fixed (NTFS) - 69.32 GiB total, 58.9 GiB free.
\\.\PHYSICALDRIVE0 - WDC WD800JB-00FSA0 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 69.32 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 5.21 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
Windows Internal Firewall is enabled.
AV: AVG 7.5.519 v7.5.519 (Grisoft)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\cc3000\\programm\\CC3000.exe"="C:\\cc3000\\programm\\CC3000.exe:*:Enabled:CC3000"
"C:\\cc3000\\Link3000\\server\\Server.exe"="C:\\cc3000\\Link3000\\server\\Server.exe:*:Enabled:Server"
"C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"="C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe:*:Enabled:VNC Server for Win32"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\kassa\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CCSERVER6
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\kassa
LOGONSERVER=\\CCSERVER6
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\kassa\LOCALS~1\Temp
TMP=C:\DOCUME~1\kassa\LOCALS~1\Temp
USERDOMAIN=CCSERVER6
USERNAME=kassa
USERPROFILE=C:\Documents and Settings\kassa
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
kassa
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Documents and Settings\kassa\Desktop\HijackThis.exe" /uninstall
Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Kaardimaksete autoriseerija --> MsiExec.exe /I{1177B81F-BA32-40B5-99B0-449F1F05A1AB}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Kassasüsteem CC3000 --> MsiExec.exe /I{A1B0E2A0-201F-420C-9A31-DE0430D9751F}
LaserJet 1020 series --> C:\Program Files\Zenographics\{39BD30F1-8324-4FFE-910C-A59170F9755B}\Setup.exe -u "HPLJInstaller.dll=Hplj1020.inf"
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Matrix Screen Locker --> C:\WINDOWS\uninst.exe -f"C:\Program Files\BaroufaSoft\Matrix Screen Locker\DeIsL1.isu" -c"C:\Program Files\BaroufaSoft\Matrix Screen Locker\_ISREG32.DLL"
Microsoft Office 2000 SR-1 Small Business --> MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
PosVideo INSTALL --> MsiExec.exe /X{05FF911B-D569-4DC4-BFBB-47E070E90A57}
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Connect --> msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect --> MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
VNC 4.0 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
XnView 1.74 --> "C:\Program Files\XnView\unins000.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type9735 / Error
Event Submitted/Written: 04/09/2008 00:32:30 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.31114, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type9728 / Success
Event Submitted/Written: 04/09/2008 11:51:39 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type9713 / Success
Event Submitted/Written: 04/09/2008 01:38:53 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type9703 / Success
Event Submitted/Written: 04/09/2008 01:31:30 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type9687 / Success
Event Submitted/Written: 04/08/2008 01:46:15 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type22884 / Error
Event Submitted/Written: 04/09/2008 11:51:08 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
SASKUTIL
Event Record #/Type22883 / Warning
Event Submitted/Written: 04/09/2008 11:50:13 AM / 04/09/2008 11:50:44 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk0\D during a paging operation.
Event Record #/Type22882 / Warning
Event Submitted/Written: 04/09/2008 11:50:13 AM / 04/09/2008 11:50:44 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk0\D during a paging operation.
Event Record #/Type22881 / Warning
Event Submitted/Written: 04/09/2008 11:50:13 AM / 04/09/2008 11:50:44 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk0\D during a paging operation.
Event Record #/Type22880 / Warning
Event Submitted/Written: 04/09/2008 11:50:13 AM / 04/09/2008 11:50:44 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk0\D during a paging operation.
-- End of Deckard's System Scanner: finished at 2008-04-09 12:43:22 ------------