Jotti results:
File: ahinstmt.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: d955275039e29af385527f2c74d100f4
Packers detected:
-
Bit9 reports:
A-Squared
Found nothing
AntiVir
Found TR/Crypt.XPACK.Gen
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found Downloader.Obfuskated
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found Trojan.Win32.Obfuscated.gx
NOD32
Found a variant of Win32/TrojanDownloader.FakeAlert.BP
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
I removed and reinstalled Java but i couldn't actually find norton on my computer on the control panel or using run. I think my computer came with it, but I don't recall installing it. How should I go about getting rid of it more vigorously?
main txt
Deckard's System Scanner v20071014.68
Run by Chelsea McGovern on 2008-04-29 15:26:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
14: 2008-04-29 19:02:12 UTC - RP191 - Installed Java 6 Update 5
13: 2008-04-29 18:58:48 UTC - RP190 - Installed Java 6 Update 5
12: 2008-04-29 18:56:37 UTC - RP189 - Installed Java 6 Update 5
11: 2008-04-29 18:52:03 UTC - RP188 - Removed Java 6 Update 5
10: 2008-04-29 18:49:54 UTC - RP187 - Removed Java 6 Update 2
-- First Restore Point --
1: 2008-04-24 04:00:01 UTC - RP177 - Scheduled Checkpoint
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 9.71 GiB (less than 15%) free.-- HijackThis (run as Chelsea McGovern.exe) ------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:03 PM, on 4/29/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Windows\System32\ahinstmt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\BitDefender\BitDefender 2008\uiscan.exe
C:\Users\Chelsea McGovern\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chelsea McGovern.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [abxuvsot] C:\Windows\system32\ahinstmt.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 9581 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 BDSelfPr - \??\c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ALaunchService (ALaunch Service) - c:\acer\alaunch\alaunchsvc.exe <Not Verified; ; ALaunchSvc Service Image>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 eLockService (eLock Service) - c:\acer\empowering technology\elock\service\elockserv.exe <Not Verified; Acer Inc.; Acer eLock Management>
R2 eNet Service - c:\acer\empowering technology\enet\enet service.exe <Not Verified; Acer Inc.; Acer eNet Management>
R2 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe <Not Verified; Acer Inc.; eRecoveryService>
R2 eSettingsService (eSettings Service) - c:\acer\empowering technology\esettings\service\capuserv.exe <Not Verified; ; Service>
R2 MobilityService - c:\acer\mobility center\mobilityservice.exe -p
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R2 WMIService (ePower Service) - c:\acer\empowering technology\epower\epowersvc.exe <Not Verified; acer; Acer ePower Management>
S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4d36e977-e325-11ce-bfc1-08002be10318}
Description: ENE CB-712/714/810 Cardbus Controller
Device ID: PCI\VEN_1524&DEV_1412&SUBSYS_00901025&REV_10\4&10D9C0DD&0&20F0
Manufacturer: ENE TECHNOLOGY INC.
Name: ENE CB-712/714/810 Cardbus Controller
PNP Device ID: PCI\VEN_1524&DEV_1412&SUBSYS_00901025&REV_10\4&10D9C0DD&0&20F0
Service: pci
-- Scheduled Tasks -------------------------------------------------------------
2008-04-18 11:44:14 422 --a------ C:\Windows\Tasks\EasyShare Registration Task.job
-- Files created between 2008-03-29 and 2008-04-29 -----------------------------
2008-04-29 15:02:33 0 d-------- C:\Program Files\Common Files\Java
2008-04-28 17:52:14 0 d-------- C:\Program Files\Trend Micro
2008-04-28 17:35:49 68096 --a------ C:\Windows\zip.exe
2008-04-28 17:35:49 49152 --a------ C:\Windows\VFind.exe
2008-04-28 17:35:49 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-28 17:35:49 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-28 17:35:49 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-28 17:35:49 98816 --a------ C:\Windows\sed.exe
2008-04-28 17:35:49 80412 --a------ C:\Windows\grep.exe
2008-04-28 17:35:49 73728 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-28 17:35:30 0 d-------- C:\327882R2FWJFW
2008-04-28 02:13:41 0 d-------- C:\Users\Chelsea McGovern\.housecall6.6
2008-04-28 01:18:08 0 d-a------ C:\Users\All Users\TEMP
2008-04-28 00:41:51 77824 --a------ C:\Windows\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator>
2008-04-28 00:41:14 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-28 00:07:02 4416 --a------ C:\Windows\system32\tmp.reg
2008-04-27 15:40:11 110592 --a------ C:\Windows\system32\ahinstmt.exe
2008-04-27 00:47:11 0 d-------- C:\Users\All Users\FirstClass
2008-04-22 12:08:26 0 d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-04-22 12:08:15 0 d-------- C:\Program Files\VideoLAN
2008-04-22 12:08:14 0 d-------- C:\Program Files\Graboid
2008-04-21 20:32:59 0 d-------- C:\Windows\Sun
2008-04-19 23:47:48 0 d-------- C:\Program Files\Netflix
2008-04-18 22:11:13 0 d-------- C:\Program Files\Incomplete
2008-04-18 22:09:17 0 d-------- C:\Program Files\LimeWire
2008-04-18 01:24:44 0 d-------- C:\Users\All Users\Adobe
2008-04-18 01:24:16 0 d-------- C:\Windows\system32\Adobe
2008-04-17 20:45:47 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-17 20:45:31 0 d-------- C:\Program Files\Real
2008-04-17 20:45:24 0 d-------- C:\Program Files\Common Files\Real
2008-04-17 20:17:46 0 d-------- C:\Program Files\iPod
2008-04-17 20:17:42 0 d-------- C:\Program Files\iTunes
2008-04-17 20:16:24 0 d-------- C:\Program Files\QuickTime
2008-04-17 20:01:55 0 d-------- C:\Program Files\Apple Software Update
2008-04-05 03:19:39 0 --a------ C:\Windows\nsreg.dat
2008-04-05 03:01:07 0 d-------- C:\Program Files\Veoh Networks
2008-04-05 03:00:14 0 d-------- C:\Windows\Downloaded Installations
-- Find3M Report ---------------------------------------------------------------
2008-04-29 15:14:41 0 d-------- C:\Users\Chelsea McGovern\AppData\Roaming\Skype
2008-04-29 15:04:11 0 d-------- C:\Program Files\Java
2008-04-29 15:02:33 0 d-------- C:\Program Files\Common Files
2008-04-29 08:03:04 0 d-------- C:\Users\Chelsea McGovern\AppData\Roaming\skypePM
2008-04-29 00:53:07 0 d-------- C:\Users\Chelsea McGovern\AppData\Roaming\LimeWire
2008-04-28 00:07:02 35 --a------ C:\Users\Chelsea McGovern\AppData\Roaming\SetValue.bat
2008-04-28 00:07:02 691 --a------ C:\Users\Chelsea McGovern\AppData\Roaming\GetValue.vbs
2008-04-27 18:27:01 81984 --a------ C:\Windows\system32\bdod.bin
2008-04-27 16:55:09 0 d-------- C:\Program Files\Common Files\BitDefender
2008-04-27 00:47:11 0 d-------- C:\Program Files\FirstClass
2008-04-27 00:47:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-27 00:46:59 0 d-------- C:\Users\Chelsea McGovern\AppData\Roaming\InstallShield
2008-04-25 00:02:34 14573 --a------ C:\logfile
2008-04-22 17:21:37 0 d-------- C:\Users\Chelsea McGovern\AppData\Roaming\vlc
2008-04-22 12:09:15 0 d-------- C:\Users\Chelsea McGovern\AppData\Roaming\MozillaControl
2008-04-21 20:25:20 0 d-------- C:\Users\Chelsea McGovern\AppData\Roaming\Real
2008-04-18 23:06:22 0 d-------- C:\Users\Chelsea McGovern\AppData\Roaming\Adobe
2008-04-18 01:24:52 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-17 20:05:16 0 d-------- C:\Program Files\Safari
2008-04-12 03:11:06 0 d-------- C:\Program Files\Windows Mail
2008-04-05 03:19:30 0 d-------- C:\Users\Chelsea McGovern\AppData\Roaming\Mozilla
2008-03-31 09:27:31 0 d-------- C:\Users\Chelsea McGovern\AppData\Roaming\AdobeUM
2008-03-21 09:31:00 0 d-------- C:\Program Files\Common Files\GTK
2008-03-21 09:24:32 0 d-------- C:\Users\Chelsea McGovern\AppData\Roaming\.purple
2008-03-21 09:07:53 0 d-------- C:\Users\Chelsea McGovern\AppData\Roaming\Bitdefender
2008-03-21 09:07:29 0 d-------- C:\Program Files\BitDefender
2008-03-21 06:56:44 0 d-------- C:\Program Files\Kodak
2008-03-21 06:56:05 0 d-------- C:\Program Files\Common Files\Kodak
2008-03-21 06:55:36 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-03-21 06:54:14 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-09 09:10:55 0 d-------- C:\Program Files\NJStar Chinese WP
2008-03-09 09:10:52 0 d-------- C:\Users\Chelsea McGovern\AppData\Roaming\NJStar
2008-03-09 06:28:49 0 d-------- C:\Program Files\Skype
2008-03-09 06:28:45 0 d-------- C:\Program Files\Common Files\Skype
2008-03-08 05:34:34 138056 --ah----- C:\Windows\system32\mlfcache.dat
2008-03-08 01:29:35 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-08 01:23:18 0 d-------- C:\Program Files\Microsoft.NET
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [12/28/2007 04:17 AM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [11/05/2006 09:02 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [11/05/2006 09:05 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [11/05/2006 09:02 PM]
"RtHDVCpl"="RtHDVCpl.exe" [03/01/2007 03:38 AM C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/22/2006 11:00 PM]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [02/07/2007 03:04 AM]
"Acer Tour"="" []
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [12/08/2006 08:35 AM]
"eRecoveryService"="" []
"eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [02/08/2007 01:40 PM]
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" [02/02/2007 03:24 PM]
"Acer Assist Launcher"="C:\Program Files\Acer Assist\launcher.exe" [02/02/2007 02:05 PM]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [01/17/2007 12:01 PM]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [04/27/2008 05:03 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/17/2008 08:45 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/18/2008 01:42 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
"Acer Tour Reminder"="" []
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [04/01/2008 06:35 PM]
"abxuvsot"="C:\Windows\system32\ahinstmt.exe" [04/27/2008 03:40 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bdx scan
*Newly Created Service* - 494386A4
*Newly Created Service* - CATCHME
*Newly Created Service* - CB9F39A7
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2008-04-29 15:29:56 ------------
extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English
CPU 0: Genuine Intel® CPU T2080 @ 1.73GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 2037.5 MiB / 1129.51 MiB
Pagefile Memory (total/avail): 4294.3 MiB / 3022.49 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.42 MiB
C: is Fixed (NTFS) - 69.78 GiB total, 9.71 GiB free.
D: is Fixed (NTFS) - 69.51 GiB total, 8.32 GiB free.
E: is CDROM (UDF)
\\.\PHYSICALDRIVE0 - Hitachi HTS541616J9SA00 ATA Device - 149.05 GiB - 3 partitions
\PARTITION0 - Unknown - 9.76 GiB
\PARTITION1 (bootable) - MS-DOS V4 Huge - 69.78 GiB - C:
\PARTITION2 - Installable File System - 69.51 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FW: Bitdefender Firewall v8.0 (BitDefender)
AV: Bitdefender Antivirus v8.0 (BitDefender)
AS: BitDefender Antispyware v8.0 (BitDefender)
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
Disabled[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Chelsea McGovern\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CMCGOVERN-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Chelsea McGovern
LOCALAPPDATA=C:\Users\Chelsea McGovern\AppData\Local
LOGONSERVER=\\CMCGOVERN-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e0c
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\CHELSE~1\AppData\Local\Temp
TMP=C:\Users\CHELSE~1\AppData\Local\Temp
USERDOMAIN=cmcgovern-pc
USERNAME=Chelsea McGovern
USERPROFILE=C:\Users\Chelsea McGovern
windir=C:\Windows
-- User Profiles ---------------------------------------------------------------
Chelsea McGovern
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\Setup.exe" -uninst
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
Acer Arcade Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer Assist --> C:\Program Files\Acer Assist\uninstall.exe
Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer eNet Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x9 -removeonly
Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly
Acer ePresentation Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x9 -removeonly
Acer GridVista --> C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer OrbiCam --> C:\Program Files\InstallShield Installation Information\{DD1DED37-2486-4F56-8F89-56AA814003F5}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer OrbiCam --> Rundll32.exe BisonR07.dll,WinMainRmv
Acer Registration --> C:\Program Files\Acer Registration\uninstall.exe
Acer ScreenSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
BitDefender Total Security 2008 --> MsiExec.exe /I{0F25993F-A294-4F9B-B794-E30EBBF7F86A}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
fflink --> MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
FirstClass® Client --> C:\Program Files\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\HXFSETUP.EXE -U -IAcrZUn32z.inf
HijackThis 2.0.2 --> "C:\Users\Chelsea McGovern\Desktop\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\ProgramData\Kodak\EasyShareSetup\$SETUP_140002_5ae4c49\Setup.exe /APR-REMOVE
Launch Manager --> C:\Windows\UnInst32.exe LManager.UNI
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla ActiveX Control v1.7.12 --> C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NJStar Chinese WP --> C:\Program Files\NJStar Chinese WP\uninst.exe
NTI Backup NOW! 4.7 --> "C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.EXE" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SMSC Fast Infrared Driver --> C:\Program Files\InstallShield Installation Information\{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}\setup.exe -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\common\unyt.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type7450 / Error
Event Submitted/Written: 04/29/2008 02:59:15 PM
Event ID/Source: 11101 / MsiInstaller
Event Description:
Product: Java 6 Update 5 -- Error 1101.Error reading from file:
http://javadl-esd.su...-b19/sp1033.MST. System error 123. Verify that the file exists and that you can access it.
Event Record #/Type7444 / Error
Event Submitted/Written: 04/29/2008 02:57:32 PM
Event ID/Source: 11101 / MsiInstaller
Event Description:
Product: Java 6 Update 5 -- Error 1101.Error reading from file:
http://javadl-esd.su...-b19/sp1033.MST. System error 123. Verify that the file exists and that you can access it.
Event Record #/Type7432 / Warning
Event Submitted/Written: 04/29/2008 02:52:41 PM
Event ID/Source: 10010 / Microsoft-Windows-RestartManager
Event Description:
1828C:\Program Files\LimeWire\LimeWire.exeLimeWire001671088651
Event Record #/Type7386 / Success
Event Submitted/Written: 04/28/2008 05:13:33 PM
Event ID/Source: 5617 / WinMgmt
Event Description:
Event Record #/Type7383 / Success
Event Submitted/Written: 04/28/2008 05:13:32 PM
Event ID/Source: 5615 / WinMgmt
Event Description:
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type31585 / Error
Event Submitted/Written: 04/29/2008 00:54:06 AM
Event ID/Source: 15005 / HTTP
Event Description:
\Device\Http\ReqQueue[::]:2869
Event Record #/Type31582 / Warning
Event Submitted/Written: 04/29/2008 00:53:21 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type31574 / Warning
Event Submitted/Written: 04/28/2008 05:43:27 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type31572 / Warning
Event Submitted/Written: 04/28/2008 05:41:47 PM
Event ID/Source: 4 / Microsoft-Windows-FilterManager
Event Description:
0xc0000013608bdfsfltr2007-12-31T04:12:12.000Z14\Device\CdRom0
Event Record #/Type31563 / Warning
Event Submitted/Written: 04/28/2008 05:37:46 PM
Event ID/Source: 4 / Microsoft-Windows-FilterManager
Event Description:
0xc0000013608bdfsfltr2007-12-31T04:12:12.000Z14\Device\CdRom0
-- End of Deckard's System Scanner: finished at 2008-04-29 15:29:56 ------------
Edited by cmcgovern, 29 April 2008 - 02:04 PM.