I was having the error message before we started, so it's not new... but it is recent. I think it started happening when I upgraded Firefox to V. 3
Here is the Malware ScanMalwarebytes' Anti-Malware 1.14
Database version: 800
1:02:43 AM 30/05/2008
mbam-log-5-30-2008 (01-02-43).txt
Scan type: Quick Scan
Objects scanned: 41172
Time elapsed: 11 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\colorutility.colorutility (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\colorutility.colorutility.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\VSAdd-in (AdWare.Agent) -> Quarantined and deleted successfully.
Files Infected:
(No malicious items detected)
Here is the Kaspersky Log-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 30, 2008 7:42:32 AM
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/05/2008
Kaspersky Anti-Virus database records: 814380
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 80828
Number of viruses found: 3
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 01:57:28
Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080526230743\backup\DOCUME~1\JEREMY~1\LOCALS~1\Temp\917rdp7k.exe Infected: not-a-virus:AdTool.Win32.Zango.am skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\09b6_File_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\09b8_ParCtl_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\09bb_AdBlocker_eventcritlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\09bb_AdBlocker_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\09c0_pdm_eventcritlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\09c0_pdm_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\09c0_pdm_eventlog_reg.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\09c1_Web_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\report.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Jeremy Butler\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jeremy Butler\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jeremy Butler\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jeremy Butler\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jeremy Butler\Local Settings\Temp\Perflib_Perfdata_708.dat Object is locked skipped
C:\Documents and Settings\Jeremy Butler\Local Settings\Temp\~DF21E1.tmp Object is locked skipped
C:\Documents and Settings\Jeremy Butler\Local Settings\Temp\~DFB61E.tmp Object is locked skipped
C:\Documents and Settings\Jeremy Butler\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jeremy Butler\Local Settings\Temporary Internet Files\Content.IE5\HKL8QZEJ\Install_241_1_[1].exe Infected: not-a-virus:FraudTool.Win32.WinSpywareProtect.e skipped
C:\Documents and Settings\Jeremy Butler\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jeremy Butler\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jeremy Butler\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Nodesys\Maj\UltraVNC\Service\SOURCE\UltraVNC-101-Setup.exe/file130 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
C:\Nodesys\Maj\UltraVNC\Service\SOURCE\UltraVNC-101-Setup.exe/file131 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
C:\Nodesys\Maj\UltraVNC\Service\SOURCE\UltraVNC-101-Setup.exe Inno: infected - 2 skipped
C:\Program Files\Afaria\Data\DiffCache\XDiffCache.FAT Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\05282008_142434\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe Infected: not-a-virus:FraudTool.Win32.WinSpywareProtect.e skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
.. and here is the new DSS LogMAINDeckard's System Scanner v20071014.68
Run by Jeremy Butler on 2008-05-30 07:43:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 2 Restore Point(s) --
2: 2008-05-30 13:43:28 UTC - RP160 - Deckard's System Scanner Restore Point
1: 2008-03-17 17:02:04 UTC - RP116 - Installed Kaspersky Internet Security 7.0.
Performed disk cleanup.
-- HijackThis (run as Jeremy Butler.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:27 AM, on 30/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Afaria\Bin\XCDiffCache.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jeremy Butler\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JEREMY~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/igR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Shaw Internet
F3 - REG:win.ini: run=C:\NODESYS\MAJ\EXEMAJ.EXE
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [Afaria Client File Differencing] C:\Program Files\Afaria\Bin\XCDiffCache.exe
O4 - HKLM\..\Run: [\\MDG-A704C63BEB6\EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P48 "\\MDG-A704C63BEB6\EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Social.IM] C:\Program Files\social.im\SocialChat.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [\\MDG-A704C63BEB6\EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P48 "\\MDG-A704C63BEB6\EPSON Stylus Photo R320 Series" /M "Stylus Photo R320" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [DiamondView] "C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [DiamondView] "C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DiamondView] "C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DiamondView] "C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" /background (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Afaria Client Generic Scheduler.lnk = C:\Program Files\Afaria\Bin\XCGSTask.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} -
https://www.avdlext.com/iNotes6W.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1210607238515O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://dsf.webex.co...bex/ieatgpc.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
https://secure.logme...trl.cab?lmi=100O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 11094 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080526-221554-118 O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00310} - (no file)
backup-20080526-221554-483 O2 - BHO: (no name) - {57D7B1C0-FBF3-4460-B3C1-D42E0F98EA5b} - (no file)
backup-20080526-221554-513 O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} -
http://yax-download.....cab?refid=1123backup-20080526-221554-807 O2 - BHO: (no name) - {956896BF-C8E6-4FEB-BE82-190C3761E69C} - (no file)
backup-20080528-225242-639 O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows ® 2000 DDK provider; OSA int15 Driver>
R3 int15.sys - c:\program files\acer\erecovery\int15.sys
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
S3 avfwim (AvFw Packet Filter Miniport) - c:\windows\system32\drivers\avfwim.sys (file missing)
S3 LMImirr - c:\windows\system32\drivers\lmimirr.sys (file missing)
S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Process Modules -------------------------------------------------------------
C:\WINDOWS\system32\svchost.exe (pid 1472)
2007-07-24 15:17:08 147456 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Inc.; Bonjour>
C:\WINDOWS\explorer.exe (pid 2292)
2007-07-24 15:17:08 147456 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Inc.; Bonjour>
2007-11-08 03:06:08 166912 --a------ C:\Program Files\WinAce\arcext.dll <Not Verified; e-merge GmbH; WinAce-Archiver>
2007-11-08 03:06:08 235008 --a------ C:\Program Files\WinAce\acev2.dll <Not Verified; ACE Compression Software; WinAce>
C:\WINDOWS\system32\rundll32.exe (pid 3736)
2005-02-25 19:35:12 49152 --a------ C:\WINDOWS\system32\SiSPower.dll <Not Verified; Silicon Integrated Systems Corporation; SiS Power Scheme Library>
-- Scheduled Tasks -------------------------------------------------------------
2008-05-26 12:42:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-02 00:00:00 344 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
-- Files created between 2008-04-30 and 2008-05-30 -----------------------------
2008-05-30 01:08:58 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-30 01:08:56 0 d-------- C:\WINDOWS\LastGood
2008-05-30 00:48:49 0 d-------- C:\Documents and Settings\Jeremy Butler\Application Data\Malwarebytes
2008-05-30 00:48:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-30 00:48:24 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 22:32:18 126996888 --a------ C:\registrybackup.reg
2008-05-24 02:53:19 0 d-------- C:\Program Files\SpywareGuard
2008-05-24 02:44:13 0 d-------- C:\Program Files\SpywareBlaster
2008-05-24 02:40:42 21312 --a------ C:\WINDOWS\choice.exe
2008-05-24 02:38:37 0 d-------- C:\ie-spyad
2008-05-24 00:09:59 0 d-------- C:\Program Files\Enigma Software Group
2008-05-23 16:52:20 57344 --a------ C:\WINDOWS\system32\COMMTB32.DLL <Not Verified; Microsoft Corporation; Microsoft Button Editor>
2008-05-23 16:52:19 169984 --a------ C:\WINDOWS\system32\P2D.DLL <Not Verified; Microsoft Corporation; Microsoft® HTML Layout Support Module>
2008-05-23 16:52:19 28672 --a------ C:\WINDOWS\system32\HLP95EN.DLL <Not Verified; Microsoft Corporation; Microsoft Office>
2008-05-23 16:52:19 161552 --a------ C:\WINDOWS\system32\ASYCPICT.DLL <Not Verified; Microsoft Corporation; Microsoft® Forms>
2008-05-23 16:52:10 0 d-------- C:\Program Files\ActiveX Control Pad
2008-05-12 17:09:48 0 d-------- C:\WINDOWS\Prefetch
2008-05-12 17:00:34 0 d-------- C:\WINDOWS\system32\scripting
2008-05-12 17:00:33 0 d-------- C:\WINDOWS\l2schemas
2008-05-12 17:00:32 0 d-------- C:\WINDOWS\system32\en
2008-05-12 17:00:31 0 d-------- C:\WINDOWS\system32\bits
2008-05-12 16:56:26 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-06 16:52:28 0 d-------- C:\Program Files\Winamp
2008-05-06 16:52:28 0 d-------- C:\Documents and Settings\Jeremy Butler\Application Data\Winamp
-- Find3M Report ---------------------------------------------------------------
2008-05-28 16:14:21 0 d-------- C:\Program Files\Mozilla Sunbird
2008-05-28 15:22:11 0 d-------- C:\Program Files\Motorola Phone Tools
2008-05-28 15:17:58 0 d-------- C:\Program Files\Avanquest update
2008-05-28 15:12:06 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-05-28 14:21:17 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-26 12:06:41 0 d-------- C:\Program Files\Trend Micro
2008-05-24 01:36:04 0 d-------- C:\Program Files\Sling Media
2008-05-22 15:59:53 0 d-------- C:\Documents and Settings\Jeremy Butler\Application Data\Mozilla
2008-05-12 17:01:14 0 d-------- C:\Program Files\Messenger
2008-05-12 17:00:30 0 d-------- C:\Program Files\Movie Maker
2008-05-12 16:55:55 0 d-------- C:\Program Files\Windows NT
2008-05-06 13:54:07 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-24 12:05:20 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-22 11:43:35 0 d-------- C:\Documents and Settings\Jeremy Butler\Application Data\LimeWire
2008-04-18 13:19:19 0 d-------- C:\Program Files\social.im
2008-04-10 15:32:06 0 d-------- C:\Program Files\BitComet
2008-04-10 14:58:53 0 d-------- C:\Program Files\iTunes
2008-04-10 14:58:39 0 d-------- C:\Program Files\iPod
2008-04-10 14:56:07 0 d-------- C:\Program Files\Bonjour
2008-04-10 14:55:13 0 d-------- C:\Program Files\QuickTime
2008-04-10 14:47:53 0 d-------- C:\Program Files\Opera
2008-04-10 14:41:31 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [19/05/2006 02:52 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [19/05/2006 02:51 PM]
"AGRSMMSG"="AGRSMMSG.exe" [07/10/2004 07:50 PM C:\WINDOWS\AGRSMMSG.exe]
"SiSPower"="SiSPower.dll" [25/02/2005 07:35 PM C:\WINDOWS\system32\SiSPower.dll]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [04/03/2005 01:13 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 05:00 AM]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [28/03/2005 12:30 PM]
"eRecoveryService"="C:\Windows\System32\Check.exe" [23/03/2005 10:01 AM]
"Afaria Client File Differencing"="C:\Program Files\Afaria\Bin\XCDiffCache.exe" [30/11/2006 10:03 PM]
"\\MDG-A704C63BEB6\EPSON Stylus Photo R320 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.exe" [26/04/2004 03:00 AM]
"EPSON Stylus Photo R320 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.exe" [26/04/2004 03:00 AM]
"SoundMan"="SOUNDMAN.EXE" [23/02/2005 06:13 PM C:\WINDOWS\SOUNDMAN.EXE]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 12:47 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25 AM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [28/06/2007 12:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36 AM]
"Social.IM"="C:\Program Files\social.im\SocialChat.exe" [17/04/2008 04:03 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/04/2008 12:49 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [13/04/2008 06:12 PM C:\WINDOWS\system32\bthprops.cpl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 02:22 PM]
"\\MDG-A704C63BEB6\EPSON Stylus Photo R320 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.exe" [26/04/2004 03:00 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [13/04/2008 06:12 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DiamondView"="C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" /background
C:\Documents and Settings\Jeremy Butler\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [4/13/2004 5:03:10 PM]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Afaria Client Generic Scheduler.lnk - C:\Program Files\Afaria\Bin\XCGSTask.exe [4/3/2006 11:18:27 AM]
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [4/13/2004 5:03:10 PM]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [3/7/2005 10:05:51 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk.disabled]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnk.disabledCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysProtect]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"PCMService"="C:\Program Files\Arcade\PCMService.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
-- End of Deckard's System Scanner: finished at 2008-05-30 07:48:10 ------------
EXTRADeckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: AMD Turion 64 Mobile Technology ML-30
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 958.48 MiB / 420.39 MiB
Pagefile Memory (total/avail): 1546.44 MiB / 1038.17 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1870.79 MiB
C: is Fixed (NTFS) - 35.71 GiB total, 8.98 GiB free.
D: is Fixed (NTFS) - 35.88 GiB total, 5.78 GiB free.
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - HTS541080G9AT00 - 74.53 GiB - 3 partitions
\PARTITION0 - Unknown - 2.93 GiB
\PARTITION1 (bootable) - Installable File System - 35.71 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 35.88 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jeremy Butler\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ACER-586E497F47
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jeremy Butler
LOGONSERVER=\\ACER-586E497F47
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\MLI\Bin;C:\MLI\Product;C:\MLI\Rptengin;C:\Program Files\Common Files\Manulife Financial;C:\MANUFACT;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2402
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp
USERDOMAIN=ACER-586E497F47
USERNAME=Jeremy Butler
USERPROFILE=C:\Documents and Settings\Jeremy Butler
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Jeremy Butler
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABF / FNA --> "C:\Program Files\InstallShield Installation Information\{0867AFE1-3469-11D7-8193-0010B5BCE08C}\setup.exe" -runfromtemp -l0x0009 -uninst -removeonly
Acer eManager for Notebook --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Acer GridVista --> C:\WINDOWS\UnInst32.exe GridV.UNI
Ad-Aware SE Personal --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
ADDCALC/2000 32-bit (Canada) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Vortex\ADDCALCForWin32\v2000\Canada\Uninst.isu"
ADDCALC/2000 32-bit (Empire) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Vortex\ADDCALCForWin32\v2000\Empire\Uninst.isu"
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Afaria Client --> "C:\Program Files\Afaria\Bin\XeUpdate.exe" /Uninstall
Agere Systems AC'97 Modem --> agrsmdel
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Arcade 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
Avantage d'Or / Golden Edge / Protecteurs --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0AE17B00-31FA-11D6-BED9-000629F77048}\Setup.exe" -l0x9 -uninst
BitComet 1.00 --> C:\Program Files\BitComet\uninst.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Calculatrice Financière / Invest --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B705ED7-A86B-4895-9955-BA80E0B3F40B}\Setup.exe" -l0x9 -uninst
Canada Life Reference Material 9.0 --> MsiExec.exe /I{4D1316DA-C483-483F-8DD7-94A132ADAC89}
Canada Life Reference Material 9.3 --> MsiExec.exe /I{DE40F20F-A41E-4E44-96C5-4C075DB917F1}
CL Sales Strategies --> MsiExec.exe /I{62C1765F-F2D5-4F21-8423-EDD0161C3421}
CL Sales Strategies 5.0 --> MsiExec.exe /I{51CEF2D6-3606-41F0-B9E1-04491AA74B73}
CL Zoom Installation Package/Trousse d’installation de Zoom pour la C.-V. --> MsiExec.exe /I{ECB5EEF9-32AF-4D79-AFD3-076136F725D5}
Concepts --> "C:\Program Files\InstallShield Installation Information\{B2E60EBE-35BC-41CA-BED6-EDBB9329C037}\setup.exe" -runfromtemp -l0x0009 -uninst -removeonly
Contact Partner Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5884879-05DA-11D7-BBD6-005004CD1EA0}\Setup.exe" -l0x9 -uninst
CrystalReportsSetup --> MsiExec.exe /I{97D1874B-0A18-45BC-BBB3-E73D9C150DE9}
Diamond View Framework --> MsiExec.exe /X{332810A4-E6F6-11D8-9BD7-000103E0519E}
Diamond View InfoCentral --> MsiExec.exe /I{75E2A604-6850-44FC-A5E8-6497B9544F7E}
Diamond View Launcher --> MsiExec.exe /X{C45C544E-5047-11D9-8216-00B0D075DF5C}
Diamond View Update --> MsiExec.exe /X{32D3C724-3E32-11D9-8211-00B0D075DF5C}
Elecard MPEG-2 Decoder&Streaming Plug-in for WMP --> "C:\Program Files\Elecard\Elecard MPEG-2 Decoder&Streaming Plug-in for WMP\Uninstall.exe" "C:\Program Files\Elecard\Elecard MPEG-2 Decoder&Streaming Plug-in for WMP\install.log" -u
ENVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94F6D8B0-969C-43E6-AC36-3F976EAA9A0E}\envision.exe" -l0x9 -uninst -removeonly
ENVISION - Illustrations --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42843772-B9C1-43BD-9FDF-1E0CBFDF382C}\setup.exe" -l0x9 -uninst -removeonly
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.exe" -l0x9 -SYSTEM
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Foxit PDF Creator --> C:\Program Files\Foxit Software\PDF Creator\FPC_Uninstall.exe
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
in sync 2.6 --> C:\PROGRA~1\INSYNC26\UNWISE.EXE C:\PROGRA~1\INSYNC26\INSTALL.LOG
in sync 3.0 --> C:\PROGRA~1\INSYNC26\UNWISE.EXE C:\PROGRA~1\INSYNC26\INSTALL.LOG
Inforce - En vigueur --> MsiExec.exe /I{3100DCCF-F48A-49A3-8B81-F5C00E99959D}
Inforce Illustration 1.3 --> C:\WINDOWS\IsUninst.exe -fC:\Transwin\Inforc13\Uninst.isu
Ink Monitor --> C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe -U
Investment Illustrator (8.00) --> C:\PROGRA~1\EMPIRE\INVEST~1\UNWISE.EXE /A C:\PROGRA~1\EMPIRE\INVEST~1\INSTALL.LOG
IsoBuster 2.1 --> "C:\Program Files\IsoBuster\Uninst\unins000.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KeyScrambler --> C:\Program Files\KeyScrambler\uninstall.exe
Launch Manager --> C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
LifeView - VisionVie 5.4 --> C:\TRANSWIN\LV54\UNWISE.EXE C:\TRANSWIN\LV54\INSTALL.LOG
LimeWire PRO 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
Living Benefits 4.50 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{209255AF-E7F3-4FF3-86EE-575C35BA716D}\Setup.exe" -l0x9
Log Parser 2.2 --> MsiExec.exe /I{4AC23178-EEBC-4BAF-8CC0-AB15C8897AC9}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Manulife - Concept slideshows --> MsiExec.exe /I{5D8E43A9-E7D8-46FF-82AD-A9D3FBDF5B82}
Manulife - Concepts --> MsiExec.exe /I{A52FD2D4-9AB2-43B1-8DC7-49A26724F3AF}
Manulife - Launcher --> MsiExec.exe /I{CB80755B-F7C5-4308-9470-630F6A589396}
Manulife - LifeWise/Manuvie - Accent-Vie --> MsiExec.exe /I{E1E55795-4E19-47CB-9C6C-FCB6836126AB}
Manulife - Limited Pay UL / Manuvie - Vu à prime temporaire --> MsiExec.exe /I{C9BBB697-BFA8-4EA4-8FC5-A230D51E205D}
Manulife - Living Benefits --> MsiExec.exe /I{AD04522C-0691-4D0D-97D8-B66F70FD4EBB}
Manulife - Performax --> MsiExec.exe /X{9C007901-7F58-4A3B-8F0E-194E16612B3D}
Manulife - Term --> MsiExec.exe /I{E643148E-DB76-4C5B-87CE-AEA7E7A97A3A}
Manulife - Universal Life --> MsiExec.exe /I{5EA79CA8-CC46-49B2-AFE3-0CECEBBD4EB0}
Manulife Financial - Health and Dental --> MsiExec.exe /X{DE16385A-B8A0-4A13-90C0-82C1709AED59}
Matrix-ks --> "C:\Program Files\KellySoftware\Matrix-ks\Uninstall.exe" "C:\Program Files\KellySoftware\Matrix-ks\install.log"
Media Widget 2.1 --> "C:\Program Files\Media Widget\unins000.exe"
MenuFusion --> "C:\Program Files\InstallShield Installation Information\{08B31070-171E-11D6-BECF-000629F77048}\setup.exe" -runfromtemp -l0x0009 -uninst -removeonly
Microangelo Toolset 6 --> MsiExec.exe /I{71414EC2-0684-4A15-A85A-E0E259D117AF}
Microsoft ActiveX Control Pad --> C:\Program Files\ActiveX Control Pad\Setup\Remove.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Minimum components for