Deckard's System Scanner v20071014.68
Run by Dad on 2008-05-08 20:36:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
118: 2008-05-09 00:36:52 UTC - RP298 - Deckard's System Scanner Restore Point
117: 2008-05-08 21:42:08 UTC - RP297 - ComboFix created restore point
116: 2008-05-08 02:33:54 UTC - RP296 - ComboFix created restore point
115: 2008-05-07 23:57:48 UTC - RP295 - ComboFix created restore point
114: 2008-05-07 01:28:44 UTC - RP294 - System Checkpoint
-- First Restore Point --
1: 2008-05-02 18:06:34 UTC - RP181 - System Checkpoint
Performed disk cleanup.
-- HijackThis (run as Dad.exe) -------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:01 PM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dad\desktop\dss.exe
C:\HIJACK~1\Dad.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/RACtrl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
--
End of file - 4563 bytes
-- HijackThis Fixed Entries (C:\HIJACK~1\backups\) -----------------------------
backup-20060820-022332-844 O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
backup-20060820-094918-561 R3 - Default URLSearchHook is missing
backup-20060820-094918-632 O20 - Winlogon Notify: SMDEn - C:\WINDOWS\
backup-20060820-094918-790 O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll
backup-20060820-095056-456 O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll
backup-20060820-100103-399 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20060820-100103-490 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20060820-100103-544 O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll
backup-20060820-141128-196 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20060820-141128-801 O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
backup-20060820-141128-973 O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll
backup-20060820-141159-241 O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll
backup-20061015-182815-996 O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
backup-20061230-163949-110 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061230-163949-137 O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels1118.exe
backup-20061230-163949-199 O2 - BHO: (no name) - {371EE1EF-F177-1390-7807-08525DC0E55C} - C:\WINDOWS\system32\nweipeg.dll (file missing)
backup-20061230-163949-398 O4 - HKLM\..\Run: [once balm 64 title] C:\Documents and Settings\All Users\Application Data\Vga audio once balm\axisblah.exe
backup-20061230-163949-523 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061230-163949-567 O4 - HKCU\..\Run: [help each] C:\DOCUME~1\Dad\APPLIC~1\4BLAHA~1\Does Way.exe
backup-20061230-163949-614 O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
backup-20061230-163949-743 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061230-163949-815 O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels1118.exe
backup-20061230-163949-826 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061230-163949-932 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061230-163949-981 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061230-164023-727 O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
backup-20061230-170622-180 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061230-170622-381 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061230-170622-559 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061230-170622-710 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061230-170622-785 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061230-170622-901 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061230-170622-909 O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
backup-20061230-170711-149 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061230-170711-332 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061230-170711-339 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061230-170711-409 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061230-170711-839 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061230-170711-886 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061230-222635-232 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061230-222635-315 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061230-222635-407 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061230-222635-450 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061230-222635-628 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061230-222635-717 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061230-222635-916 O4 - HKCU\..\Run: [help each] C:\DOCUME~1\Dad\APPLIC~1\4BLAHA~1\Does Way.exe
backup-20061231-023455-254 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061231-023455-286 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061231-023455-463 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061231-023455-474 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061231-023455-557 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061231-023455-649 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061231-032204-256 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061231-032204-345 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061231-032204-441 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061231-032204-522 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061231-032204-544 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061231-032204-604 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061231-150340-156 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061231-150340-334 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061231-150340-424 O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
backup-20061231-150340-520 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061231-150340-561 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061231-150340-622 O4 - HKCU\..\Run: [help each] C:\DOCUME~1\Dad\APPLIC~1\4BLAHA~1\Does Way.exe
backup-20061231-150340-781 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061231-150340-864 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061231-152645-420 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061231-152645-575 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061231-152645-687 O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
backup-20061231-152645-784 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061231-152645-795 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061231-152645-878 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061231-152645-886 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
backup-20061231-152645-970 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061231-161948-147 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061231-161948-250 O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
backup-20061231-161948-627 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061231-161948-741 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20061231-161948-784 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20061231-161948-848 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20061231-161948-962 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20070119-102704-965 O4 - HKCU\..\Run: [help each] C:\DOCUME~1\Dad\APPLIC~1\4BLAHA~1\Does Way.exe
backup-20070129-181308-492 O4 - HKLM\..\Run: [hrcopul.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Dad\Local Settings\Application Data\hrcopul.dll",vuljcec
backup-20071026-002019-312 O4 - HKLM\..\Run: [close surf mail dupe] C:\Documents and Settings\All Users\Application Data\Tick Find Close Surf\DVD CAKE.exe
backup-20071026-002019-394 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
backup-20071026-002019-486 O4 - HKCU\..\Run: [help each] C:\DOCUME~1\Dad\APPLIC~1\4BLAHA~1\Does Way.exe
backup-20071209-173124-352 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20071209-173124-384 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20071209-173124-572 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
backup-20071209-173124-651 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
backup-20071209-173124-655 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
backup-20071209-173124-747 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
backup-20071215-120627-151 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20071215-120627-976 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20080219-233558-628 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20080219-233558-711 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
backup-20080504-094051-779 O4 - HKLM\..\Run: [BMfff58a50] Rundll32.exe "C:\WINDOWS\system32\huqenhiu.dll",s
backup-20080504-094051-999 O4 - HKLM\..\Run: [fcc6b9cc] rundll32.exe "C:\WINDOWS\system32\koqslacq.dll",b
backup-20080504-095910-133 O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
backup-20080504-095910-308 O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
backup-20080504-095910-779 O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
backup-20080504-095910-912 O23 - Service: MSN Auto-Update Util (MSNAuto-IT) - Unknown owner - C:\WINDOWS\system32\msnins.exe (file missing)
backup-20080504-095925-543 O4 - HKLM\..\Run: [BMfff58a50] Rundll32.exe "C:\WINDOWS\system32\huqenhiu.dll",s
backup-20080504-110434-856 O4 - HKLM\..\Run: [BMfff58a50] Rundll32.exe "C:\WINDOWS\system32\huqenhiu.dll",s
backup-20080504-160629-491 O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
backup-20080504-160629-512 O4 - HKLM\..\Run: [BMfff58a50] Rundll32.exe "C:\WINDOWS\system32\huqenhiu.dll",s
backup-20080506-191616-129 O4 - HKLM\..\Run: [fcc6b9cc] rundll32.exe "C:\WINDOWS\system32\sqkxoica.dll",b
backup-20080506-191616-140 O2 - BHO: (no name) - {0A141622-E951-46AB-B35B-1B184C044689} - C:\WINDOWS\system32\mlJCSkhE.dll (file missing)
backup-20080506-191616-219 O20 - Winlogon Notify: iiffFyVL - iiffFyVL.dll (file missing)
backup-20080506-191616-223 O2 - BHO: {9374b6de-2c57-839b-ec44-81039f605410} - {014506f9-3018-44ce-b938-75c2ed6b4739} - C:\WINDOWS\system32\jljdopnn.dll (file missing)
backup-20080506-191616-315 O2 - BHO: (no name) - {BC7D8DE8-EF3D-4F44-8B54-03759FAC1367} - C:\WINDOWS\system32\iiffFyVL.dll (file missing)
backup-20080506-191616-920 O2 - BHO: (no name) - {654EDA56-A28C-4882-AAE8-6510FE4D7F82} - C:\WINDOWS\system32\ljJDUklL.dll (file missing)
backup-20080506-191616-952 O4 - HKLM\..\Run: [BMfff58a50] Rundll32.exe "C:\WINDOWS\system32\fkujnmri.dll",s
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - c:\windows\system32\drivers\sfsync03.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 ATI Remote Wonder II - c:\windows\system32\drivers\atirwvd.sys (file missing)
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 ezplay (VSO Software ezplay) - c:\windows\system32\drivers\ezplay.sys <Not Verified; VSO Software; ezplay driver>
S3 RT2500 (RT2500 Wireless Driver) - c:\windows\system32\drivers\rt2500.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless PCI Adapters>
S3 Usblink (Usblink Driver) - c:\windows\system32\drivers\ulink.sys <Not Verified; ; USB SUPERLINK ADAPTER>
S3 VMnetAdapter (VMware Virtual Ethernet Adapter Driver) - c:\windows\system32\drivers\vmnetadapter.sys <Not Verified; VMware, Inc.; VMware virtual network adapter driver (32-bit)>
S3 Wdm1 (USB Bridge Cable Driver) - c:\windows\system32\drivers\usbbc.sys <Not Verified; ; PC-Linq Bridge Cable>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe" (file missing)
S2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Wireless LAN Card
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_923016EF&REV_01\4&13699180&0&3848
Manufacturer: Ralink Technology, Inc.
Name: Wireless LAN Card
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_923016EF&REV_01\4&13699180&0&3848
Service: RT2500
-- Process Modules -------------------------------------------------------------
All modules okay.
-- Scheduled Tasks -------------------------------------------------------------
2008-05-07 02:12:00 336 --a------ C:\WINDOWS\Tasks\Ad-Aware SE Professional.job
2008-05-06 06:35:00 324 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
-- Files created between 2008-04-08 and 2008-05-08 -----------------------------
2008-05-07 19:58:11 0 d-------- C:\cmdcons
2008-05-07 19:57:25 68096 --a------ C:\WINDOWS\zip.exe
2008-05-07 19:57:25 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-07 19:57:25 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-07 19:57:25 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-07 19:57:25 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-07 19:57:25 98816 --a------ C:\WINDOWS\sed.exe
2008-05-07 19:57:25 80412 --a------ C:\WINDOWS\grep.exe
2008-05-07 19:57:25 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-06 21:12:26 0 d-------- C:\Documents and Settings\Dad\Application Data\Malwarebytes
2008-05-06 21:12:14 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-06 21:12:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-06 19:07:58 0 d-------- C:\bfu
2008-05-05 20:36:09 0 d--h----- C:\$AVG8.VAULT$
2008-05-05 20:27:07 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-05 20:26:57 0 d-------- C:\Program Files\AVG
2008-05-05 20:26:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-04 16:20:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-04 16:20:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-03 09:38:15 0 d-------- C:\Program Files\Lavasoft
2008-05-03 09:38:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-01 18:20:55 0 dr-h----- C:\Documents and Settings\Dad\Recent
2008-04-12 11:30:15 0 d-------- C:\Program Files\SystemRequirementsLab
2008-04-10 18:46:43 0 d-------- C:\Documents and Settings\Lauren\Application Data\Adobe
-- Find3M Report ---------------------------------------------------------------
2008-05-08 17:37:06 0 d-------- C:\Program Files\LogMeIn
2008-05-07 22:49:56 0 d-------- C:\Documents and Settings\Dad\Application Data\ATI MMC
2008-05-04 09:13:12 0 d-------- C:\Documents and Settings\Dad\Application Data\Vso
2008-05-03 09:37:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-01 17:52:07 0 d-------- C:\Documents and Settings\Dad\Application Data\Lavasoft
2008-04-27 22:03:11 0 d-------- C:\Documents and Settings\Dad\Application Data\LimeWire
2008-04-27 21:25:59 0 d-------- C:\Program Files\LimeWire
2008-04-18 09:01:17 0 d-------- C:\Documents and Settings\Dad\Application Data\dvdcss
2008-04-12 11:55:26 0 d-------- C:\Program Files\Java
2008-04-12 11:43:29 0 d-a------ C:\Program Files\Common Files
2008-04-11 20:29:44 0 d-------- C:\Documents and Settings\Dad\Application Data\VMware
2008-03-06 18:08:24 34 --a------ C:\Documents and Settings\Dad\Application Data\pcouffin.log
2008-03-06 18:08:19 47360 --a------ C:\Documents and Settings\Dad\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-06 18:08:19 1144 --a------ C:\Documents and Settings\Dad\Application Data\pcouffin.inf
2008-03-06 18:08:19 7887 --a------ C:\Documents and Settings\Dad\Application Data\pcouffin.cat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/21/2005 05:42 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [04/17/2007 02:03 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/05/2008 08:26 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Scheduler"="C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE" [06/14/2005 09:50 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/15/2007 07:46 PM 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdRoarUpdate]
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C.tmp]
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HXIPCMAE]
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
-- End of Deckard's System Scanner: finished at 2008-05-08 20:37:36 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon 64 Processor 3500+
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 1023.48 MiB / 643.63 MiB
Pagefile Memory (total/avail): 2459.92 MiB / 2176.8 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1939.36 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 233.75 GiB total, 41.28 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)
K: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - Maxtor 6L250S0 - 233.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 233.75 GiB - C:
\\.\PHYSICALDRIVE1 - IC USB Storage-CFC USB Device
\\.\PHYSICALDRIVE3 - IC USB Storage-MMC USB Device
\\.\PHYSICALDRIVE4 - IC USB Storage-MSC USB Device
\\.\PHYSICALDRIVE2 - IC USB Storage-SMC USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\1150319508\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1150319508\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\1156536906\\ee\\aolservicehost.exe"="C:\\Program Files\\Common Files\\AOL\\1156536906\\ee\\aolservicehost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"="C:\\Program Files\\Sierra\\FEAR\\FEAR.exe:*:Enabled:FEAR"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe"="C:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe:*:Enabled:mvp2005"
"C:\\Program Files\\EA SPORTS\\Total Classics 1978\\mvp2005.exe"="C:\\Program Files\\EA SPORTS\\Total Classics 1978\\mvp2005.exe:*:Enabled:mvp2005"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dad\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FRANK-AMD
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dad
LOGONSERVER=\\FRANK-AMD
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\IsoBuster;C:\Program Files\Common Files\Autodesk Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Dad\LOCALS~1\Temp
TMP=C:\DOCUME~1\Dad\LOCALS~1\Temp
USERDOMAIN=FRANK-AMD
USERNAME=Dad
USERPROFILE=C:\Documents and Settings\Dad
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Dad (admin)
Mom (new local, admin)
Lauren
Nicole
Danielle
LogMeInRemoteUser (admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1Click DVD Copy Pro 3.1.3.3 --> "C:\Program Files\1Click DVD Copy Pro\unins000.exe"
3dsmax ancillary install --> MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ATCsimulator2 by AEROSOFT Corporation --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\ATCsimulator2\ST6UNST.LOG"
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Multimedia Center 9.08 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6892122-8504-4530-8033-C9EF45A4D014} /l1033
AuthorScript Engine 1.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{752CA503-E29F-4610-A1A4-B21CDC58EF8D} /l1033
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BadCopy Pro --> C:\PROGRA~1\Jufsoft\BadCopy\UNWISE.EXE C:\PROGRA~1\Jufsoft\BadCopy\INSTALL.LOG
BitTornado 0.3.7 --> C:\Program Files\BitTornado\uninst.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ConvertXtoDVD 2.2.3.258g --> "C:\Program Files\ConvertXtoDVD\unins000.exe"
Curious George v1.0 --> "C:\Program Files\Namco\Curious George\uninstall.exe"
DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
Doom 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{8C48E464-EB9F-43B8-82C5-245EE6B196DF} /l1033 /x
EA SPORTS online 2005 --> C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
FEAR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 -removeonly
ffdshow [rev 610] [2006-12-01] --> "C:\Program Files\ffdshow\unins000.exe"
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1120 --> "C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter\unins000.exe"
Fraps --> "C:\Fraps\uninstall.exe"
GUIDE PLUS+ for Windows® System - ATI --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}\setup.exe"
Hamachi 1.0.2.2 --> C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LimeWire PRO 4.16.0 --> "C:\Program Files\LimeWire\uninstall.exe"
LogMeIn --> MsiExec.exe /I{06BBC7C8-42BD-4571-92AD-E50EE9963C41}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator 2004 A Century of Flight --> "C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
Microsoft Speech Recognition Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mscsrgpc.inf, Uninstall.NT
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MVP Baseball 2005 --> C:\Program Files\EA SPORTS\MVP Baseball 2005\EAUninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PE Builder 3.1.10a --> "c:\pebuilder3110a\unins000.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims2 University --> C:\WINDOWS\iun6002.exe "C:\Program Files\The Sims2 University\irunin.ini"
The Sims™ 2 Bon Voyage --> C:\Program Files\EA GAMES\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 H&M® Fashion Stuff --> C:\Program Files\EA GAMES\The Sims 2 H&M® Fashion Stuff\EAUninstall.exe
The Sims™ Life Stories --> C:\Program Files\Electronic Arts\The Sims Life Stories\EAUninstall.exe
TitanTV Client components for ATI --> MsiExec.exe /I{0A04149A-F6CC-4E4E-BDC6-44D0E64916FC}
Total MLB 1.25 --> "C:\Program Files\EA Sports\MVP Baseball 2005\unins000.exe"
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless LAN Card --> C:\Program Files\InstallShield Installation Information\{643B36F3-BED0-4FBB-8184-57D1C060DBDA}\setup.exe deinst
-- Application Event Log -------------------------------------------------------
Event Record #/Type20705 / Error
Event Submitted/Written: 05/07/2008 10:55:46 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type20692 / Error
Event Submitted/Written: 05/05/2008 08:32:34 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type20685 / Error
Event Submitted/Written: 05/05/2008 08:06:38 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-05-06 00:06:38,156 FRANK-AMD [003044:000732] ERROR 000 AVG7.WTS.CAvgAmWts ProcessIdToSessionId(2660) call failed with WIN32 error 87, returning session id is 0
Event Record #/Type20684 / Error
Event Submitted/Written: 05/05/2008 08:06:38 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
Event Record #/Type20683 / Error
Event Submitted/Written: 05/05/2008 08:06:38 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-05-06 00:06:38,062 FRANK-AMD [003044:000732] ERROR 000 AVG7.WTS.CAvgAmWts ProcessIdToSessionId(728) call failed with WIN32 error 87, returning session id is 0
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type41406 / Warning
Event Submitted/Written: 05/08/2008 06:24:20 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type41394 / Error
Event Submitted/Written: 05/08/2008 06:08:45 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error:
%%2
Event Record #/Type41385 / Warning
Event Submitted/Written: 05/08/2008 06:03:50 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type41373 / Warning
Event Submitted/Written: 05/08/2008 05:39:33 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type41360 / Error
Event Submitted/Written: 05/08/2008 05:37:14 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error:
%%2
-- End of Deckard's System Scanner: finished at 2008-05-08 20:37:36 ------------