Deckard's System Scanner v20071014.68
Run by Meta Fable on 2008-05-13 11:50:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
42: 2008-05-13 15:50:29 UTC - RP251 - Deckard's System Scanner Restore Point
41: 2008-05-13 00:50:07 UTC - RP250 - ComboFix created restore point
40: 2008-05-12 23:46:36 UTC - RP249 - Last known good configuration
39: 2008-05-12 23:46:34 UTC - RP248 - ComboFix created restore point
38: 2008-05-12 23:46:34 UTC - RP247 - Last known good configuration
-- First Restore Point --
1: 2008-05-12 23:46:32 UTC - RP210 - Restore Operation
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Meta Fable.exe) ------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51, on 2008-05-13
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Documents and Settings\Meta Fable\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Meta Fable.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.c...//www.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {101673D4-E3DD-4E1E-A7E4-E869F5C1AEC8} - C:\WINDOWS\System32\mlJaBrsS.dll (file missing)
O2 - BHO: (no name) - {352CEB91-259C-48A9-A104-CDE097248E8C} - C:\WINDOWS\System32\byXQKaBU.dll (file missing)
O2 - BHO: (no name) - {4DD3850B-6025-47E3-9A11-C2E4465663F5} - C:\WINDOWS\System32\awtuRjKd.dll (file missing)
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {ED9B9958-CAFE-4209-8265-E551DEAC3E85} - C:\WINDOWS\System32\mlJbATLB.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [f8b3e333] rundll32.exe "C:\WINDOWS\System32\tytitbxg.dll",b
O4 - HKLM\..\Run: [BMfb80d0af] Rundll32.exe "C:\WINDOWS\System32\ehippkks.dll",s
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop...p/PCPitStop.CABO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1205980464140O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1205980458328O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -
http://www.gamespot.com/KDX/kdx.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: yayXPFwx - yayXPFwx.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\Smc.exe (file missing)
--
End of file - 5774 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 wg3n (SyGate for NT, wg3n) - c:\windows\system32\drivers\wg3n.sys <Not Verified; Sygate Technologies, Inc.; SyberGen WGXN>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes; CDRTools>
R3 LVPrcMon (Logitech LVPrcMon Driver) - c:\windows\system32\drivers\lvprcmon.sys
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 vsdatant - c:\windows\system32\vsdatant.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 SmcService (Sygate Personal Firewall) - c:\program files\sygate\spf\smc.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-04-13 and 2008-05-13 -----------------------------
2008-05-12 19:46:22 1000 --ahs---- C:\WINDOWS\System32\UBaKQXyb.ini2
2008-05-12 18:10:22 0 d-------- C:\cmdcons
2008-05-12 11:18:30 68096 --a------ C:\WINDOWS\zip.exe
2008-05-12 11:18:30 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-12 11:18:30 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-12 11:18:30 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-12 11:18:30 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-12 11:18:30 98816 --a------ C:\WINDOWS\sed.exe
2008-05-12 11:18:30 80412 --a------ C:\WINDOWS\grep.exe
2008-05-12 11:18:30 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-12 11:02:02 0 d-------- C:\WINDOWS\ERUNT
2008-05-11 21:10:23 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-11 21:10:23 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-11 21:10:23 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-11 21:10:23 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-11 21:10:23 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-11 21:10:23 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-11 21:10:23 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-11 21:10:23 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-11 21:10:23 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-11 21:10:23 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-11 21:10:23 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-05-11 21:10:23 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-11 21:10:23 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-11 21:10:22 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-11 17:44:52 0 d-------- C:\VundoFix Backups
2008-05-10 13:49:57 4980736 --a------ C:\Documents and Settings\Meta Fable\ntuser.dat
2008-05-10 13:43:16 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-10 13:43:16 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
-- Find3M Report ---------------------------------------------------------------
2008-05-12 11:20:13 0 d-------- C:\Program Files\Common Files
2008-05-10 19:52:35 0 d-------- C:\Program Files\Java
2008-05-06 19:53:46 0 d-------- C:\Program Files\Trillian
2008-04-24 18:41:40 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-03 03:54:40 0 d-------- C:\Program Files\EmpirePokerMaster
2008-04-03 03:42:09 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-03 03:41:50 0 d-------- C:\Program Files\QuickTime
2008-04-02 18:53:12 0 d-------- C:\Documents and Settings\Meta Fable\Application Data\Macromedia
2008-04-02 17:34:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-01 13:09:36 0 d-------- C:\Documents and Settings\Meta Fable\Application Data\Adobe
2008-03-19 23:05:01 0 d-------- C:\Program Files\Messenger
2008-03-19 22:52:35 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-19 22:50:25 0 d--h----- C:\Program Files\WindowsUpdate
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{101673D4-E3DD-4E1E-A7E4-E869F5C1AEC8}]
C:\WINDOWS\System32\mlJaBrsS.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{352CEB91-259C-48A9-A104-CDE097248E8C}]
C:\WINDOWS\System32\byXQKaBU.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DD3850B-6025-47E3-9A11-C2E4465663F5}]
C:\WINDOWS\System32\awtuRjKd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED9B9958-CAFE-4209-8265-E551DEAC3E85}]
C:\WINDOWS\System32\mlJbATLB.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 15:19]
"nwiz"="nwiz.exe" [2003-07-28 15:19 C:\WINDOWS\system32\nwiz.exe]
"nForce Tray Options"="sstray.exe" [2002-11-13 18:34 C:\WINDOWS\system32\sstray.exe]
"kdx"="C:\WINDOWS\kdx\KHost.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]
"f8b3e333"="C:\WINDOWS\System32\tytitbxg.dll" []
"BMfb80d0af"="C:\WINDOWS\System32\ehippkks.dll" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54]
Verizon Online Support Center.lnk - C:\Program Files\Verizon Online\bin\matcli.exe [2006-01-24 18:48:06]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayXPFwx]
yayXPFwx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BitDefender for ICQ.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BitDefender for ICQ.lnk
backup=C:\WINDOWS\pss\BitDefender for ICQ.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BitDefender for MSN Messenger.lnk]
backup=C:\WINDOWS\pss\BitDefender for MSN Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BitDefender for Net Meeting.lnk]
backup=C:\WINDOWS\pss\BitDefender for Net Meeting.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BitDefender for Yahoo! Messenger.lnk]
backup=C:\WINDOWS\pss\BitDefender for Yahoo! Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Murphy Shield.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Murphy Shield.lnk
backup=C:\WINDOWS\pss\Murphy Shield.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XCOMM"=2 (0x2)
-- End of Deckard's System Scanner: finished at 2008-05-13 11:51:36 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English
CPU 0: AMD Athlon
Percentage of Memory in Use: 22%
Physical Memory (total/avail): 991.49 MiB / 767.89 MiB
Pagefile Memory (total/avail): 2440.63 MiB / 2333.09 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1945 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 9.77 GiB total, 4.74 GiB free.
D: is Fixed (NTFS) - 39.06 GiB total, 37.27 GiB free.
E: is Fixed (FAT32) - 27.84 GiB total, 14.41 GiB free.
F: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - IC35L090AVV207-0 - 76.69 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 9.77 GiB - C:
\PARTITION1 - Installable File System - 39.06 GiB - D:
\PARTITION2 - Unknown - 27.85 GiB - E:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Meta Fable\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MINI-LORE
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Meta Fable
LOGONSERVER=\\MINI-LORE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\METAFA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\METAFA~1\LOCALS~1\Temp
USERDOMAIN=MINI-LORE
USERNAME=Meta Fable
USERPROFILE=C:\Documents and Settings\Meta Fable
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Meta Fable
(admin)Administrator
(new local, admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\PROGRA~1\VERIZO~1\Uninstall.exe Verizon
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00BF-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00C6-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00D1-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF03DA-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advanced Networking Pack for Windows XP --> C:\WINDOWS\$NtUninstallKB817778$\spuninst\spuninst.exe
Ahead Nero - Burning Rom --> C:\WINDOWS\UNNERO.exe /UNINSTALL
Battlefield 1942 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
BitDefender Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2E05AB6-9ED1-40D8-AC7C-0E94EA2808CA}\setup.exe"
CCleaner (remove only) --> "D:\CCleaner\uninst.exe"
DesertCombat 0.7 --> C:\WINDOWS\iun6002.exe "C:\Program Files\EA GAMES\Battlefield 1942\DesertCombat.ini"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
EmpirePoker --> "C:\Program Files\EmpirePokerMaster\EmpirePoker\Uninstall.exe" "C:\Program Files\EmpirePokerMaster\EmpirePoker\install.log"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C191BE7C-8542-4A61-973A-714EF76C5995}\setup.exe" -l0x9
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
NVIDIA nForce Drivers --> C:\WINDOWS\System32\nvuninst.exe Uninstall C:\WINDOWS\System32\NVU001.nvu,NVIDIA nForce Drivers
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
PCFriendly --> C:\Program Files\PCFriendly\inuninst.exe
Secure Delivery --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\kdx\kdx.inf,DefaultUninstall,5
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Sygate Personal Firewall 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D422994-9E10-11D4-AEB1-00D0B7237D97}\setup.exe" -Uninstall
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
Verizon Online --> C:\WINDOWS\System32\VerizonUninstaller.exe
Verizon Online Support Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00A1-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VuePrint --> C:\WINDOWS\vuepro32.exe /Remove
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! extras --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type2813 / Error
Event Submitted/Written: 05/13/2008 01:56:48 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2800.1106, faulting module ntdll.dll, version 5.1.2600.1217, fault address 0x00007ec4.
Event Record #/Type2806 / Error
Event Submitted/Written: 05/12/2008 10:59:12 AM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.
Event Record #/Type2805 / Error
Event Submitted/Written: 05/12/2008 10:59:12 AM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Event Record #/Type2785 / Error
Event Submitted/Written: 05/11/2008 10:29:10 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2800.1106, faulting module kernel32.dll, version 5.1.2600.1869, fault address 0x000088ba.
Event Record #/Type2783 / Error
Event Submitted/Written: 05/11/2008 09:10:12 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type15444 / Error
Event Submitted/Written: 05/13/2008 01:59:54 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The IPSEC Services service terminated with the following error:
%%1747
Event Record #/Type15441 / Error
Event Submitted/Written: 05/13/2008 01:59:54 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Sygate Personal Firewall service failed to start due to the following error:
%%2
Event Record #/Type15432 / Error
Event Submitted/Written: 05/12/2008 10:12:42 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The IPSEC Services service terminated with the following error:
%%1747
Event Record #/Type15429 / Error
Event Submitted/Written: 05/12/2008 10:12:42 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Sygate Personal Firewall service failed to start due to the following error:
%%2
Event Record #/Type15411 / Error
Event Submitted/Written: 05/12/2008 07:42:44 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The IPSEC Services service terminated with the following error:
%%1747
-- End of Deckard's System Scanner: finished at 2008-05-13 11:51:36 ------------