Ok so here are the logs from everything I was told to do. hopefully I did it right!
I did get a pop up security warning as I was pasting this to the reply so..there might be more still!
Thanks in advance for your help!
File/Folder C:\Windows\system32\CfgUiSh.dll not found.
File move failed. C:\Windows\system32\axyzmfup.exe scheduled to be moved on reboot.
C:\ProgramData\vbeieiiz moved successfully.
C:\ProgramData\ywrxcmqs moved successfully.
Folder move failed. C:\ProgramData\mdsncbkj scheduled to be moved on reboot.
< Purity >
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04282008_151102
Deckard's System Scanner v20071014.68
Run by Kristie on 2008-04-28 15:23:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
15: 2008-04-28 16:50:49 UTC - RP93 - Scheduled Checkpoint
14: 2008-04-27 18:18:44 UTC - RP92 - Scheduled Checkpoint
13: 2008-04-26 07:26:40 UTC - RP91 - Removed WinZip 11.1
12: 2008-04-26 05:20:04 UTC - RP90 - ComboFix created restore point
11: 2008-04-26 03:04:53 UTC - RP89 - Restore Operation
-- First Restore Point --
1: 2008-04-12 16:41:06 UTC - RP79 - Scheduled Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Kristie.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:25:31 PM, on 4/28/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\vqcluejs\harajmvg.exe
C:\Users\Kristie\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kristie.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.myspace.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...a...&pf=desktopO1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [vqcluejs] C:\ProgramData\vqcluejs\harajmvg.exe
O4 - HKCU\..\Run: [pywnqewy] C:\Windows\system32\axyzmfup.exe
O4 - HKCU\..\Run: [vbeieiiz] C:\ProgramData\vbeieiiz\afebujcr.exe
O4 - HKCU\..\Run: [ywrxcmqs] C:\ProgramData\ywrxcmqs\tkzclmfu.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7520 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080427-195756-121 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20080427-195756-214 O2 - BHO: (no name) - {3F9F4E73-695E-C0FD-9DC2-033AFA92E7DE} - C:\Windows\system32\CfgUiSh.dll
backup-20080427-195756-272 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
backup-20080427-195756-818 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
backup-20080427-195756-871 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
backup-20080427-195756-939 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
backup-20080428-150533-385 O4 - HKLM\..\Policies\Explorer\Run: [1TlD6abmQm] C:\ProgramData\mdsncbkj\adopqxap.exe
backup-20080428-150533-665 O4 - HKCU\..\Run: [vbeieiiz] C:\ProgramData\vbeieiiz\afebujcr.exe
backup-20080428-150533-875 O4 - HKCU\..\Run: [ywrxcmqs] C:\ProgramData\ywrxcmqs\tkzclmfu.exe
backup-20080428-150533-885 O4 - HKCU\..\Run: [pywnqewy] C:\Windows\system32\axyzmfup.exe
backup-20080428-150726-135 O4 - HKCU\..\Run: [pywnqewy] C:\Windows\system32\axyzmfup.exe
backup-20080428-150726-334 O4 - HKCU\..\Run: [vbeieiiz] C:\ProgramData\vbeieiiz\afebujcr.exe
backup-20080428-150726-996 O4 - HKCU\..\Run: [ywrxcmqs] C:\ProgramData\ywrxcmqs\tkzclmfu.exe
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
All drivers whitelisted.
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 KodakSvc (Kodak AiO Device Service) - "c:\program files\kodak\printer\center\kodaksvc.exe" <Not Verified; Eastman Kodak Company; KodakSvc>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-04-17 20:33:12 404 --a------ C:\Windows\Tasks\EasyShare Registration Task.job
-- Files created between 2008-03-28 and 2008-04-28 -----------------------------
2008-04-28 07:33:41 0 d-------- C:\Users\All Users\vqcluejs
2008-04-27 19:36:58 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-27 09:43:10 0 d-------- C:\Users\All Users\wfyqysdr
2008-04-26 22:35:49 0 d-------- C:\Users\All Users\cakocuoq
2008-04-26 11:55:18 0 d-------- C:\Program Files\Panda Security
2008-04-26 10:35:18 0 d-------- C:\Users\All Users\lmepphds
2008-04-26 10:02:47 0 d-------- C:\Program Files\Enigma Software Group
2008-04-26 09:04:39 0 d-------- C:\Users\All Users\mzmghygo
2008-04-26 00:32:10 0 d-------- C:\Program Files\Trend Micro
2008-04-25 23:51:31 0 d-------- C:\Program Files\CCleaner
2008-04-25 23:01:40 0 d-------- C:\VundoFix Backups
2008-04-25 22:19:38 68096 --a------ C:\Windows\zip.exe
2008-04-25 22:19:38 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-25 22:19:38 98816 --a------ C:\Windows\sed.exe
2008-04-25 22:19:38 80412 --a------ C:\Windows\grep.exe
2008-04-25 22:19:38 73728 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-25 22:19:37 49152 --a------ C:\Windows\VFind.exe
2008-04-25 22:19:37 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-25 22:19:37 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-25 21:02:35 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-25 20:55:50 0 -rahs---- C:\MSDOS.SYS
2008-04-25 20:55:50 0 -rahs---- C:\IO.SYS
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\WINWGPX.EXE
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\winsystem.exe
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\winlogonpc.exe
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\vcatchpi.dll
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\temp#01.exe
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\taack.exe
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\taack.dat
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\sysreq.exe
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\ssvchost.exe
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\ssvchost.com
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\ssurf022.dll
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\sncntr.exe
2008-04-25 14:30:33 0 d-------- C:\Windows\system32\smp
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\Rundl1.exe
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\regm64.dll
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\regc64.dll
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\psoft1.exe
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\psof1.exe
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\ps1.exe
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\newsd32.exe
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\netode.exe
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\mwin32.exe
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\mtr2.exe
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\msvchost.exe
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\mssecu.exe
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\msnbho.dll
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\msgp.exe
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\hxiwlgpm.exe
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\hxiwlgpm.dat
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\hoproxy.dll
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\dpcproxy.exe
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\bdn.com
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\awtoolb.dll
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\anticipator.dll
2008-04-25 14:30:33 4096 --a------ C:\Windows\system32\akttzn.exe
2008-04-25 14:30:25 126976 --a------ C:\Users\All Users\vsnitczg.dll
2008-04-25 14:30:25 0 d-------- C:\Users\All Users\mdsncbkj
2008-04-25 14:30:19 98304 --a------ C:\Windows\system32\axyzmfup.exe
-- Find3M Report ---------------------------------------------------------------
2008-04-26 11:34:38 0 d-------- C:\Users\Kristie\AppData\Roaming\Google
2008-04-26 09:53:52 0 d-------- C:\Program Files\Yahoo!
2008-04-26 09:53:37 0 d-------- C:\Program Files\Google
2008-04-26 00:25:54 0 d-------- C:\Program Files\Real
2008-04-26 00:25:54 0 d-------- C:\Program Files\Common Files\Real
2008-04-26 00:25:44 0 d-------- C:\Users\Kristie\AppData\Roaming\Real
2008-04-25 20:57:28 0 d-------- C:\Program Files\Common Files
2008-04-25 20:08:41 0 d-------- C:\Program Files\Picasa2
2008-04-25 14:19:35 0 d-------- C:\Users\Kristie\AppData\Roaming\LimeWire
2008-04-13 22:46:25 0 d-------- C:\Users\Kristie\AppData\Roaming\Corel
2008-04-13 22:22:04 1682 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-04-13 19:36:49 0 d-------- C:\Program Files\Rhapsody
2008-04-09 14:11:03 0 d-------- C:\Program Files\Windows Mail
2008-04-05 20:47:14 0 d-------- C:\Users\Kristie\AppData\Roaming\Roxio
2008-04-04 15:09:28 0 d-------- C:\Program Files\World of Warcraft
2008-04-03 22:11:37 0 d-------- C:\Program Files\Java
2008-03-20 14:15:59 0 d-------- C:\Program Files\Lavasoft
2008-03-20 14:15:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-20 12:35:10 0 d-------- C:\Program Files\Corel
2008-03-11 18:25:44 0 d-------- C:\Program Files\Realtek
2008-03-11 18:21:59 0 d-------- C:\Program Files\HP
2008-03-11 18:21:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-11 18:05:19 0 d-------- C:\Users\Kristie\AppData\Roaming\WinBatch
2008-03-11 09:44:44 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-08 09:39:23 0 d-------- C:\Users\Kristie\AppData\Roaming\Adobe
2008-03-06 21:50:02 0 d-------- C:\Program Files\Common Files\Corel
2008-03-06 21:35:38 0 d-------- C:\Program Files\Kodak
2008-03-06 21:35:15 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-06 09:47:07 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-03-06 09:35:50 0 d-------- C:\Users\Kristie\AppData\Roaming\Ideazon
2008-03-06 09:33:23 0 d-------- C:\Program Files\Ideazon
2008-03-05 17:31:23 0 d-------- C:\Users\Kristie\AppData\Roaming\muvee Technologies
2008-03-04 22:13:50 0 d-------- C:\Users\Kristie\AppData\Roaming\WildTangent
2008-03-04 19:26:42 0 d-------- C:\Program Files\ffvfw
2008-03-04 17:58:50 0 d-------- C:\Users\Kristie\AppData\Roaming\Ulead Systems
2008-03-04 17:50:31 0 d-------- C:\Program Files\Windows Media Components
2008-03-04 17:49:45 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-03-04 17:49:38 0 d-------- C:\Program Files\Ulead Systems
2008-03-04 17:49:38 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-03 20:23:25 0 d-------- C:\Program Files\Alwil Software
2008-03-03 20:09:29 174 --ahs---- C:\Program Files\desktop.ini
2008-03-03 20:05:14 0 d-------- C:\Program Files\Windows Calendar
2008-03-03 20:04:40 0 d-------- C:\Program Files\Windows Defender
2008-03-03 20:04:09 0 d-------- C:\Program Files\Windows Sidebar
2008-03-03 19:32:07 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-03 19:04:13 0 d-------- C:\Program Files\MSXML 4.0
2008-03-03 18:02:22 0 d-------- C:\Program Files\LimeWire
2008-03-03 17:58:34 0 d-------- C:\Users\Kristie\AppData\Roaming\Vso
2008-03-03 17:58:33 34 --a------ C:\Users\Kristie\AppData\Roaming\pcouffin.log
2008-03-03 17:54:24 7887 --a------ C:\Users\Kristie\AppData\Roaming\pcouffin.cat
2008-03-03 17:54:21 0 d-------- C:\Program Files\MagicDVDCopier
2008-03-03 17:50:28 0 d-------- C:\Program Files\Common Files\Java
2008-03-03 17:08:28 0 --a------ C:\Windows\nsreg.dat
2008-03-03 17:08:21 0 d-------- C:\Users\Kristie\AppData\Roaming\Mozilla
2008-03-03 16:50:44 0 d-------- C:\Users\Kristie\AppData\Roaming\Hewlett-Packard
2008-03-03 16:48:33 0 d-------- C:\Users\Kristie\AppData\Roaming\Snapfish
2008-03-03 16:48:01 0 d-------- C:\Users\Kristie\AppData\Roaming\Identities
2008-03-03 16:41:51 0 d-------- C:\Users\Kristie\AppData\Roaming\Macromedia
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/03/2008 07:36 PM]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [09/28/2006 06:42 AM]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [02/15/2007 03:59 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [02/10/2007 05:18 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [02/10/2007 05:18 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [02/10/2007 05:18 PM]
"RtHDVCpl"="RtHDVCpl.exe" [01/15/2008 11:26 AM C:\Windows\RtHDVCpl.exe]
"SnapfishMediaDetector"="C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe" [03/02/2007 02:55 PM]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 02:48 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 11:37 AM]
"EKIJ5000StatusMonitor"="C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [11/13/2007 11:00 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"DPService"="C:\Program Files\HP\DVDPlay\DPService.exe" [12/18/2007 01:18 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [03/03/2008 07:08 PM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter " []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"vqcluejs"="C:\ProgramData\vqcluejs\harajmvg.exe" [04/28/2008 07:33 AM]
"pywnqewy"="C:\Windows\system32\axyzmfup.exe" [04/25/2008 02:30 PM]
"vbeieiiz"="C:\ProgramData\vbeieiiz\afebujcr.exe" []
"ywrxcmqs"="C:\ProgramData\ywrxcmqs\tkzclmfu.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/11/2008 9:45:11 AM]
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe [3/2/2007 2:55:02 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2008-04-28 15:27:04 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista™ Home Basic (build 6000)
Architecture: X86; Language: English
CPU 0: AMD Athlon 64 X2 Dual Core Processor 3600+
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1405.94 MiB / 759.68 MiB
Pagefile Memory (total/avail): 3047.88 MiB / 2229.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.92 MiB
C: is Fixed (NTFS) - 140.67 GiB total, 92.44 GiB free.
D: is Fixed (NTFS) - 8.38 GiB total, 1.01 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (FAT)
\\.\PHYSICALDRIVE0 - WDC WD16 00JS-60NCB1 SCSI Disk Device - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 140.67 GiB - C:
\PARTITION1 - Installable File System - 8.38 GiB - D:
\\.\PHYSICALDRIVE2 - Generic- Compact Flash USB Device
\\.\PHYSICALDRIVE5 - Generic- MS/MS-Pro USB Device
\\.\PHYSICALDRIVE4 - Generic- SD/MMC USB Device
\\.\PHYSICALDRIVE3 - Generic- SM/xD-Picture USB Device
\\.\PHYSICALDRIVE1 - SD/MMC Card Reader USB Device - 1937.53 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 1937.13 MiB - J:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AV: avast! antivirus 4.8.1169 [VPS 080428-0] v4.8.1169 (ALWIL Software)
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.)
DisabledAS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: avast! antivirus 4.8.1169 [VPS 080428-0] v4.8.1169 (ALWIL Software)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Kristie\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KRISTIE-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Kristie
KDS_LANGUAGE=13
LOCALAPPDATA=C:\Users\Kristie\AppData\Local
LOGONSERVER=\\KRISTIE-PC
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared;c:\Program Files\Common Files\Roxio Shared\DLLShared;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Common Files\Ulead Systems\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Presario
PLATFORM=HPD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b01
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
RoxioCentral=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Kristie\AppData\Local\Temp
TMP=C:\Users\Kristie\AppData\Local\Temp
USERDOMAIN=Kristie-PC
USERNAME=Kristie
USERPROFILE=C:\Users\Kristie
windir=C:\Windows
-- User Profiles ---------------------------------------------------------------
Kristie
-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
--> "C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
--> "C:\Program Files\HP Games\Cue Master\Uninstall.exe"
--> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
--> "C:\Program Files\HP Games\FATE\Uninstall.exe"
--> "C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
--> "C:\Program Files\HP Games\Flip Words\Uninstall.exe"
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
--> "C:\Program Files\HP Games\Otto\Uninstall.exe"
--> "C:\Program Files\HP Games\Overball\Uninstall.exe"
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Tubing\Uninstall.exe"
--> "C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
--> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
aiofw --> MsiExec.exe /I{791E3D44-33D3-4446-82AD-5CD4B0169083}
aioocr --> MsiExec.exe /I{3BED0238-3A25-41AE-BC23-316914B5B048}
aioprnt --> MsiExec.exe /I{2A97D5B3-A989-47E1-B207-1CA9E3635655}
aioscnnr --> MsiExec.exe /I{C0251585-1BE8-4278-B3CB-964B6E01C59D}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
center --> MsiExec.exe /I{79E41D91-BA1C-44B9-9358-48E598263ECF}
Corel Paint Shop Pro Photo XI --> MsiExec.exe /I{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}
Digital Video --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4A71E27C-07D2-4CB8-ACA9-165242416758}\Setup.exe" -l0x9
DVD Play --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Google Photos Screensaver --> MsiExec.exe /X{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hardware Diagnostic Tools --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Help_CTR --> MsiExec.exe /I{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}
helptut --> MsiExec.exe /I{843081BD-351F-46FC-8A17-517A0D9117A3}
helpug --> MsiExec.exe /I{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback --> MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator --> C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.0 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Total Care Advisor --> MsiExec.exe /X{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Java 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KODAK All-in-One Printer Software --> C:\ProgramData\Kodak\EasyShareSetup\$SETUP_140002_1a16408\Setup.exe /APR-REMOVE
ksdip --> MsiExec.exe /I{73F1681F-ADE1-461F-9F18-B7640507D395}
LimeWire PRO 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Magic DVD Copier Version 4.7.1 build 8 --> "C:\Program Files\MagicDVDCopier\unins000.exe"
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
muvee autoProducer 6.0 --> C:\Program Files\InstallShield Installation Information\{6AF49698-949A-4C89-9B31-041D2CCB5FBD}\setup.exe -runfromtemp -l0x0009 -removeonly
My HP Games --> "C:\Program Files\HP Games\Uninstall.exe"
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Python 2.4.3 --> MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio --> MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
Snapfish Media Detector --> MsiExec.exe /X{4EF6FDB0-3B11-4820-9860-8E08E9965195}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Ulead VideoStudio 8.0 SE DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F1DA6BF-3614-48A1-9970-9E90F646789E}\Setup.exe" -l0x9
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
XVID Codec Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534C6D59-D6E3-48A6-AD0B-747799019960}\Setup.exe" -l0x9
-- Application Event Log -------------------------------------------------------
Event Record #/Type5181 / Success
Event Submitted/Written: 04/28/2008 03:14:00 PM
Event ID/Source: 5617 / WinMgmt
Event Description:
Event Record #/Type5179 / Success
Event Submitted/Written: 04/28/2008 03:13:59 PM
Event ID/Source: 5615 / WinMgmt
Event Description:
Event Record #/Type5177 / Success
Event Submitted/Written: 04/28/2008 03:13:48 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.
Event Record #/Type5166 / Warning
Event Submitted/Written: 04/28/2008 03:12:32 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2483958015-494926966-1414417166-1000_Classes:
Process 916 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2483958015-494926966-1414417166-1000_CLASSES
Event Record #/Type5165 / Warning
Event Submitted/Written: 04/28/2008 03:12:32 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2483958015-494926966-1414417166-1000:
Process 916 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2483958015-494926966-1414417166-1000
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type29906 / Warning
Event Submitted/Written: 04/28/2008 03:25:51 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Kristie-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Kristie-PC27 can't undo changes that you allow.
For more information please see the following:
%Kristie-PC275
Scan ID: {477134C1-6211-405A-8424-2B7EBD4763AE}
User: Kristie-PC\Kristie
Name: %Kristie-PC271
ID: %Kristie-PC272
Severity ID: %Kristie-PC273
Category ID: %Kristie-PC274
Path Found: %Kristie-PC276
Alert Type: %Kristie-PC278
Detection Type: 1.1.1505.02
Event Record #/Type29905 / Warning
Event Submitted/Written: 04/28/2008 03:25:51 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Kristie-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Kristie-PC27 can't undo changes that you allow.
For more information please see the following:
%Kristie-PC275
Scan ID: {988D681F-0CE8-482B-A0A8-9DD3BEC328F4}
User: Kristie-PC\Kristie
Name: %Kristie-PC271
ID: %Kristie-PC272
Severity ID: %Kristie-PC273
Category ID: %Kristie-PC274
Path Found: %Kristie-PC276
Alert Type: %Kristie-PC278
Detection Type: 1.1.1505.02
Event Record #/Type29904 / Warning
Event Submitted/Written: 04/28/2008 03:25:51 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Kristie-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Kristie-PC27 can't undo changes that you allow.
For more information please see the following:
%Kristie-PC275
Scan ID: {A5E34E91-66F0-4FCF-B142-2BEB8E9EB1D2}
User: Kristie-PC\Kristie
Name: %Kristie-PC271
ID: %Kristie-PC272
Severity ID: %Kristie-PC273
Category ID: %Kristie-PC274
Path Found: %Kristie-PC276
Alert Type: %Kristie-PC278
Detection Type: 1.1.1505.02
Event Record #/Type29903 / Warning
Event Submitted/Written: 04/28/2008 03:25:48 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Kristie-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Kristie-PC27 can't undo changes that you allow.
For more information please see the following:
%Kristie-PC275
Scan ID: {19013246-557B-4C7C-AD44-24DFE8784044}
User: Kristie-PC\Kristie
Name: %Kristie-PC271
ID: %Kristie-PC272
Severity ID: %Kristie-PC273
Category ID: %Kristie-PC274
Path Found: %Kristie-PC276
Alert Type: %Kristie-PC278
Detection Type: 1.1.1505.02
Event Record #/Type29902 / Warning
Event Submitted/Written: 04/28/2008 03:25:48 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Kristie-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Kristie-PC27 can't undo changes that you allow.
For more information please see the following:
%Kristie-PC275
Scan ID: {30944A78-D2FA-4DA0-8E1E-15095A16005D}
User: Kristie-PC\Kristie
Name: %Kristie-PC271
ID: %Kristie-PC272
Severity ID: %Kristie-PC273
Category ID: %Kristie-PC274
Path Found: %Kristie-PC276
Alert Type: %Kristie-PC278
Detection Type: 1.1.1505.02
-- End of Deckard's System Scanner: finished at 2008-04-28 15:27:04 ------------