Hi fenzodahl512, thanks for your reply. here's the logs
main:
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-21 11:37:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Administrator.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39, on 2008-07-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\csrss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\explorer.exe
C:\WINDOWS.0\system32\oodag.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Real Alternative\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\alg.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\WINDOWS.0\system32\wcomipek.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\WINDOWS.0\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://yahoo.com.sg/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://yahoo.com.sg/R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS.0\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS.0\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real Alternative\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YeppStudioAgent] E:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk.disabled
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS.0\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zon...kr.cab31267.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zon...kr.cab56986.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zon...1/GAME_UNO1.cabO16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) -
http://housecall65.t...ivex/hcImpl.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
http://203.118.43.10...sCamControl.cabO16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
http://ax.emsisoft.com/asquared.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab56907.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{F2C37D16-3959-4EC6-98C8-11C0429EBE9C}: NameServer = 202.156.1.78,202.156.1.68
O20 - AppInit_DLLs: nmsdjh.dll,hrafh.dll,bsnfhs.dll,gaffg.dll,snszh.dll,zdhere.dll,klsf.dll,jsdfa.dl
l,hjsz.dll,cgfhr.dll,aghmxd.dll,sdfrbt.dll,jkzsgf.dll,dghagc.dll,dfgwag.dll,fgjd.
dll,xfnh.dll,bgyu.dll,xdrhcj.dll,zsrdygx.dll,dfhvk.dll,xdfthjh.dll,cvbtfs.dll,cgy
dj.dll,zsdgrgh.dll,fghdd.dll,bgcjty.dll,dbgj.dll,xcfgh.dll,cvnghk.dll,vgxdcg.dll,
chjg.dll,vnfxd.dll,nbmfu.dll,xdbjy.dll,vbjxbnm.dll,xgngj.dll,cxvbh.dll,fgjt.dll,c
nbv.dll,cvnhk.dll,vgjzrg.dll,cvjdfh.dll,sdfhk.dll,gmnait.dll,xdbnm.dll,xbnft.dll,
myuf.dll,hkxddrh.dll,aserg.dll,zdfgf.dll,bnmdgh.dll,bxdfh.dll,cncft.dll,cfjzsxn.d
ll,dfbghj.dll,dgbzd.dll,nhjsd.dll,hjmasd.dll,xbfhxd.dll,bngyjuf.dll,xdgxr.dll,bnm
ft.dll,xcvgu.dll,szggfj.dll,zsggixd.dll,bnhugk.dll,xdhuk.dll,dxgjgfy.dll,fgjderg.
dll,asfhjy.dll,swegfuj.dll,cxfhf.dll,hjukrt.dll,dhdhvv.dll,vdfthjk.dll,xdfrg.dll,
zsgjfh.dll,cvbyj.dll,nmxdt.dll,bhdryn.dll,nbkfy.dll,xsdjd.dll,xuxdg.dll,nmdgkn.dl
l,xdhts.dll,vcnyd.dll,zsdth.dll, wcomipe.dll longasus.dll cbplus.dll comremo.dll ceshleo.dll follwel.dll offeceo.d
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS.0\system32\oodag.exe
--
End of file - 8473 bytes
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
All drivers whitelisted.
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-07-21 03:30:00 418 --a------ C:\WINDOWS.0\Tasks\ErrorSmart Scheduled Scan.job
-- Files created between 2008-06-21 and 2008-07-21 -----------------------------
2008-07-21 02:45:51 225792 --ah----- C:\WINDOWS.0\system32\dndsaf.dll
2008-07-21 02:45:43 24576 --a------ C:\WINDOWS.0\system32\jsnoer.dll
2008-07-21 02:45:38 24576 --a------ C:\WINDOWS.0\system32\joliom.dll
2008-07-21 02:45:34 24576 --a------ C:\WINDOWS.0\system32\offeceo.dll
2008-07-21 02:45:29 218624 --ah----- C:\WINDOWS.0\system32\tdggrz.dll
2008-07-21 02:45:25 240128 --ah----- C:\WINDOWS.0\system32\fmcvxy.dll
2008-07-21 02:45:21 28672 --a------ C:\WINDOWS.0\system32\follwel.dll
2008-07-21 02:45:15 258048 --ah----- C:\WINDOWS.0\system32\rfdswc.dll
2008-07-21 02:45:11 232960 --ah----- C:\WINDOWS.0\system32\wrqszl.dll
2008-07-21 02:45:06 229376 --ah----- C:\WINDOWS.0\system32\jfrwdh.dll
2008-07-21 02:45:02 243712 --ah----- C:\WINDOWS.0\system32\tdfhex.dll
2008-07-21 02:44:57 232960 --ah----- C:\WINDOWS.0\system32\wyhesm.dll
2008-07-21 02:44:53 240128 --ah----- C:\WINDOWS.0\system32\hhrdxd.dll
2008-07-21 02:44:48 24576 --a------ C:\WINDOWS.0\system32\ceshleo.dll
2008-07-21 02:44:43 225792 --ah----- C:\WINDOWS.0\system32\sgdewg.dll
2008-07-21 02:44:39 225792 --ah----- C:\WINDOWS.0\system32\zycdex.dll
2008-07-21 02:44:34 232960 --ah----- C:\WINDOWS.0\system32\zgtwfx.dll
2008-07-21 02:44:30 24576 --a------ C:\WINDOWS.0\system32\comremo.dll
2008-07-21 02:44:26 28672 --a------ C:\WINDOWS.0\system32\cbplus.dll
2008-07-21 02:44:13 268800 --ah----- C:\WINDOWS.0\system32\ddserh.dll
2008-07-21 02:44:08 236544 --ah----- C:\WINDOWS.0\system32\wklsdd.dll
2008-07-21 02:44:04 243712 --ah----- C:\WINDOWS.0\system32\mghefy.dll
2008-07-21 02:43:59 279552 --ah----- C:\WINDOWS.0\system32\mttwfh.dll
2008-07-21 02:43:59 0 d--hs---- C:\hss
2008-07-21 02:40:47 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-21 01:52:48 28672 --a------ C:\WINDOWS.0\system32\Partizan.exe <Not Verified; Greatis Software; RegRun Security Suite, UnHackMe>
2008-07-21 01:50:31 2 -rahs-o-t C:\WINDOWS.0\winstart.bat
2008-07-21 01:44:25 24576 --a------ C:\WINDOWS.0\system32\longasus.dll
2008-07-21 01:44:21 11264 --a------ C:\WINDOWS.0\system32\wcomipek.exe
2008-07-21 01:44:21 24576 --a------ C:\WINDOWS.0\system32\wcomipe.dll
2008-07-21 01:44:01 0 d--hs---- C:\oft
2008-07-21 01:41:54 1033216 --a------ C:\WINDOWS.0\itqn.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-21 01:39:42 1033216 --a------ C:\WINDOWS.0\ntha.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-21 01:14:53 0 d--hs---- C:\dkn
2008-07-21 01:12:46 1033216 --a------ C:\WINDOWS.0\nchb.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-21 00:56:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\ErrorSmart
2008-07-21 00:29:17 0 d--hs---- C:\uox
2008-07-21 00:27:13 1033216 --a------ C:\WINDOWS.0\rctb.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-20 23:58:20 1033216 --a------ C:\WINDOWS.0\xefi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-20 23:24:04 0 d--hs---- C:\lsu
2008-07-20 23:05:50 1033216 --a------ C:\WINDOWS.0\ucyp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-20 22:47:56 0 d--hs---- C:\xnn
2008-07-18 19:39:04 1033216 --a------ C:\WINDOWS.0\ynxd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 19:10:04 1033216 --a------ C:\WINDOWS.0\mkfd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 19:04:22 1033216 --a------ C:\WINDOWS.0\pyhv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 17:33:22 1033216 --a------ C:\WINDOWS.0\flfx.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 17:32:11 1033216 --a------ C:\WINDOWS.0\iqnn.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 17:29:26 0 d--hs---- C:\wlv
2008-07-18 17:28:42 0 d--hs---- C:\obf
2008-07-18 17:27:25 1033216 --a------ C:\WINDOWS.0\grho.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 17:26:38 1033216 --a------ C:\WINDOWS.0\ycvi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 17:20:26 1033216 --a------ C:\WINDOWS.0\mlpv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 17:19:51 1033216 --a------ C:\WINDOWS.0\vkuf.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 17:06:16 0 d-------- C:\Program Files\EMCO MoveOnBoot
2008-07-18 16:42:56 1033216 --a------ C:\WINDOWS.0\eucn.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 16:38:58 1033216 --a------ C:\WINDOWS.0\fjgl.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 16:35:02 0 d--hs---- C:\bif
2008-07-18 16:32:56 1033216 --a------ C:\WINDOWS.0\tjwv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 15:39:03 0 d--hs---- C:\ifr
2008-07-18 00:04:36 1033216 --a------ C:\WINDOWS.0\loag.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 23:37:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-17 20:41:10 0 d--hs---- C:\uhb
2008-07-17 20:39:29 0 d--hs---- C:\qxk
2008-07-17 20:04:50 0 d--hs---- C:\sav
2008-07-17 19:48:54 0 d--hs---- C:\dpg
2008-07-17 19:45:44 0 d--hs---- C:\blv
2008-07-17 19:39:52 0 d--hs---- C:\aeh
2008-07-17 19:36:06 0 d--hs---- C:\toq
2008-07-17 19:33:59 1033216 --a------ C:\WINDOWS.0\tlch.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 19:32:25 389120 --a------ C:\WINDOWS.0\system32\CF30762.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 18:42:42 1033216 --a------ C:\WINDOWS.0\etqb.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 18:38:15 0 d--hs---- C:\jix
2008-07-17 18:18:40 0 d--hs---- C:\ufb
2008-07-17 18:18:25 0 d--hs---- C:\iww
2008-07-17 18:16:53 0 d--hs---- C:\btc
2008-07-17 18:16:21 1033216 --a------ C:\WINDOWS.0\sxbw.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 18:16:11 0 d--hs---- C:\ayz
2008-07-17 18:15:56 0 d--hs---- C:\dbi
2008-07-17 18:14:49 1033216 --a------ C:\WINDOWS.0\qvok.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 18:14:04 1033216 --a------ C:\WINDOWS.0\vyis.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 16:43:37 0 d--hs---- C:\ivq
2008-07-17 16:39:36 68096 --a------ C:\WINDOWS.0\zip.exe
2008-07-17 16:39:36 49152 --a------ C:\WINDOWS.0\VFind.exe
2008-07-17 16:39:36 212480 --a------ C:\WINDOWS.0\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-17 16:39:36 136704 --a------ C:\WINDOWS.0\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-17 16:39:36 161792 --a------ C:\WINDOWS.0\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-17 16:39:36 98816 --a------ C:\WINDOWS.0\sed.exe
2008-07-17 16:39:36 80412 --a------ C:\WINDOWS.0\grep.exe
2008-07-17 16:39:36 89504 --a------ C:\WINDOWS.0\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-17 16:39:21 389120 --a------ C:\WINDOWS.0\system32\CF29620.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 16:38:28 0 d--hs---- C:\dbg
2008-07-17 16:36:26 1033216 --a------ C:\WINDOWS.0\yril.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 16:35:42 0 d--hs---- C:\vff
2008-07-17 16:35:42 0 d--hs---- C:\tuu
2008-07-17 16:35:42 0 d--hs---- C:\sho
2008-07-17 16:35:42 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-07-17 16:35:42 0 d--hs---- C:\djm
2008-07-17 16:35:41 0 d--hs---- C:\vqi
2008-07-17 16:35:41 0 d--hs---- C:\nnj
2008-07-17 16:32:39 0 d--hs---- C:\gpg
2008-07-17 16:31:53 0 d--hs---- C:\iwl
2008-07-17 16:30:39 1033216 --a------ C:\WINDOWS.0\qrqo.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 15:56:04 1033216 --a------ C:\WINDOWS.0\expi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 15:55:37 1033216 --a------ C:\WINDOWS.0\abbd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 15:55:05 1033216 --a------ C:\WINDOWS.0\jxko.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 15:02:47 0 d--hs---- C:\ogn
2008-07-17 15:02:15 0 d--hs---- C:\see
2008-07-17 15:00:59 1033216 --a------ C:\WINDOWS.0\dust.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 15:00:46 1033216 --a------ C:\WINDOWS.0\oxhk.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 15:00:12 1033216 --a------ C:\WINDOWS.0\knqp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 14:57:53 1033216 --a------ C:\WINDOWS.0\tinw.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 14:55:27 1033216 --a------ C:\WINDOWS.0\tezg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 14:04:07 1033216 --a------ C:\WINDOWS.0\jsma.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 13:10:40 0 d--hs---- C:\drx
2008-07-17 13:09:42 0 d--hs---- C:\imf
2008-07-17 13:05:20 1033216 --a------ C:\WINDOWS.0\qbvd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 13:02:49 1033216 --a------ C:\WINDOWS.0\bibt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 12:54:53 39072 --a------ C:\WINDOWS.0\system32\drivers\HBKernel.sys
2008-07-17 12:54:50 0 d--hs---- C:\meo
2008-07-17 12:54:50 0 d--hs---- C:\jqa
2008-07-17 12:54:36 7768 --a------ C:\WINDOWS.0\plch.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-09 13:16:19 3002368 --a------ C:\Documents and Settings\Guest\ntuser.dat
2008-07-09 13:16:18 15204352 --a------ C:\Documents and Settings\Administrator\ntuser.dat
2008-07-08 12:28:05 371433 --ahs---- C:\WINDOWS.0\system32\ijiQAJjl.ini2
2008-07-05 20:44:55 0 d-------- C:\Documents and Settings\Guest\Application Data\Malwarebytes
2008-07-05 01:11:18 422631 --ahs---- C:\WINDOWS.0\system32\GMlonUtv.ini2
2008-07-05 00:52:49 422756 --ahs---- C:\WINDOWS.0\system32\Wxbddccf.ini2
2008-07-03 20:14:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-03 20:14:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-03 02:10:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-07-03 02:10:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-03 02:10:37 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-03 02:09:41 0 d-------- C:\VundoFix Backups
2008-07-03 01:39:31 0 dr------- C:\Documents and Settings\Guest\Application Data\Brother
2008-07-03 01:19:50 0 d-------- C:\Program Files\Enigma Software Group
2008-07-02 16:18:06 720896 --a------ C:\Documents and Settings\LocalService\ntuser.dat
-- Find3M Report ---------------------------------------------------------------
2008-07-21 11:35:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-07-21 02:58:49 0 d-------- C:\Program Files\Trend Micro
2008-07-20 20:56:43 0 d-------- C:\Program Files\uTorrent
2008-07-20 14:20:05 0 d-------- C:\Program Files\ReGetDx
2008-07-19 15:50:10 78478 --a----c- C:\WINDOWS.0\War3Unin.dat
2008-07-17 20:40:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
2008-07-16 21:54:54 0 d-------- C:\Program Files\NJStar Chinese WP
2008-07-10 11:59:37 0 d-------- C:\Program Files\Lavasoft
2008-07-08 20:43:44 0 d-------- C:\Program Files\Opera
2008-07-05 20:21:37 1024 --a----c- C:\Documents and Settings\Administrator\Application Data\WavCodec.wff
2008-07-03 20:14:12 0 d-------- C:\Program Files\Common Files
2008-07-03 19:52:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-06-26 21:57:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-26 23:31:01 4096 --a------ C:\WINDOWS.0\system32\crash
2008-04-21 20:34:34 98304 --a------ C:\WINDOWS.0\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS.0\system32\NeroCheck.exe" [2001-07-09 11:50]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 01:07]
"IMJPMIG8.1"="C:\WINDOWS.0\IME\imjp8_1\IMJPMIG.exe" [2002-08-29 12:38]
"MSPY2002"="C:\WINDOWS.0\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 12:39]
"PHIME2002ASync"="C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 12:39]
"PHIME2002A"="C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 12:39]
"TkBellExe"="C:\Program Files\Real Alternative\Update_OB\realsched.exe" [2006-06-28 22:56]
"YeppStudioAgent"="E:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe" []
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 15:48]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 14:58]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-12-31 20:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-24 21:57:18]
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 01:07:30]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Post-itr Software Notes Lite.lnk.disabled [2007-02-27 21:45:18]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=01000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{000F087F-4378-545F-74FA-37D345AD7A8C}"= C:\WINDOWS.0\system32\mttwfh.dll [2008-07-21 02:43 279552]
"{000030AE-0380-4351-8244-EE98A3240370}"= C:\WINDOWS.0\system32\mghefy.dll [2008-07-21 02:44 243712]
"{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}"= C:\WINDOWS.0\system32\wklsdd.dll [2008-07-21 02:44 236544]
"{A9895933-6636-4281-BC58-EE6DE2AF96E3}"= C:\WINDOWS.0\system32\ddserh.dll [2008-07-21 02:44 268800]
"{006CA8A1-61BC-4774-A54C-F49034270BAD}"= C:\WINDOWS.0\system32\zgtwfx.dll [2008-07-21 02:44 232960]
"{45AADFAA-DD36-42AB-83AD-0521BBF58C24}"= C:\WINDOWS.0\system32\zycdex.dll [2008-07-21 02:44 225792]
"{8C41B7F7-3168-400D-A702-0E7EFE0BA304}"= C:\WINDOWS.0\system32\sgdewg.dll [2008-07-21 02:44 225792]
"{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}"= C:\WINDOWS.0\system32\hhrdxd.dll [2008-07-21 02:44 240128]
"{EB71E0B3-E97D-4D30-8733-E28266467617}"= C:\WINDOWS.0\system32\wyhesm.dll [2008-07-21 02:44 232960]
"{0B846B26-BFE6-4E8E-A948-1DB17B77B483}"= C:\WINDOWS.0\system32\tdfhex.dll [2008-07-21 02:45 243712]
"{841529CB-7F77-4B99-A895-B5441E0D302F}"= C:\WINDOWS.0\system32\jfrwdh.dll [2008-07-21 02:45 229376]
"{F99DEFDD-200B-4410-B572-E90883D527D2}"= C:\WINDOWS.0\system32\wrqszl.dll [2008-07-21 02:45 232960]
"{461D2AB4-29A5-45C2-9134-D52272D3DE38}"= C:\WINDOWS.0\system32\rfdswc.dll [2008-07-21 02:45 258048]
"{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}"= C:\WINDOWS.0\system32\fmcvxy.dll [2008-07-21 02:45 240128]
"{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}"= C:\WINDOWS.0\system32\tdggrz.dll [2008-07-21 02:45 218624]
"{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}"= C:\WINDOWS.0\system32\dndsaf.dll [2008-07-21 02:45 225792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=nmsdjh.dll,hrafh.dll,bsnfhs.dll,gaffg.dll,snszh.dll,zdhere.dll,klsf.dll,js
dfa.dll,hjsz.dll,cgfhr.dll,aghmxd.dll,sdfrbt.dll,jkzsgf.dll,dghagc.dll,dfgwag.dll
,fgjd.dll,xfnh.dll,bgyu.dll,xdrhcj.dll,zsrdygx.dll,dfhvk.dll,xdfthjh.dll,cvbtfs.d
ll,cgydj.dll,zsdgrgh.dll,fghdd.dll,bgcjty.dll,dbgj.dll,xcfgh.dll,cvnghk.dll,vgxdc
g.dll,chjg.dll,vnfxd.dll,nbmfu.dll,xdbjy.dll,vbjxbnm.dll,xgngj.dll,cxvbh.dll,fgjt
.dll,cnbv.dll,cvnhk.dll,vgjzrg.dll,cvjdfh.dll,sdfhk.dll,gmnait.dll,xdbnm.dll,xbnf
t.dll,myuf.dll,hkxddrh.dll,aserg.dll,zdfgf.dll,bnmdgh.dll,bxdfh.dll,cncft.dll,cfj
zsxn.dll,dfbghj.dll,dgbzd.dll,nhjsd.dll,hjmasd.dll,xbfhxd.dll,bngyjuf.dll,xdgxr.d
ll,bnmft.dll,xcvgu.dll,szggfj.dll,zsggixd.dll,bnhugk.dll,xdhuk.dll,dxgjgfy.dll,fg
jderg.dll,asfhjy.dll,swegfuj.dll,cxfhf.dll,hjukrt.dll,dhdhvv.dll,vdfthjk.dll,xdfr
g.dll,zsgjfh.dll,cvbyj.dll,nmxdt.dll,bhdryn.dll,nbkfy.dll,xsdjd.dll,xuxdg.dll,nmd
gkn.dll,xdhts.dll,vcnyd.dll,zsdth.dll, wcomipe.dll longasus.dll cbplus.dll comremo.dll ceshleo.dll follwel.dll offeceo.dll joliom.dll jsnoer.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlowDownCPU]
C:\WINDOWS.0\INF\MSI\SlowDownCPU\SlowDownCPU.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe
-- End of Deckard's System Scanner: finished at 2008-07-21 11:40:18 ------------
extra:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Sempron Processor 3000+
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 511.48 MiB / 161.6 MiB
Pagefile Memory (total/avail): 1246.02 MiB / 891.4 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.89 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 12 GiB total, 4.29 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 177.91 GiB total, 54.53 GiB free.
F: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - Maxtor 6B200P0 - 189.92 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 12 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 177.91 GiB - E:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: avast! antivirus 4.8.1201 [VPS 080611-1] v4.8.1201 (ALWIL Software)
Outdated[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary"
"C:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme"="C:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme:*:Enabled:GunBound"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Disabled:Windows Media Player"
"C:\\Program Files\\ReGetDx\\regetdx.exe"="C:\\Program Files\\ReGetDx\\regetdx.exe:*:Enabled:ReGet 3.3"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Disabled:KazaaLite"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Documents and Settings\\Guest\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Documents and Settings\\Guest\\Program Files\\uTorrent\\uTorrent.exe:*:Disabled:uTorrent"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALEX-F3CE98B0F1
ComSpec=C:\WINDOWS.0\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\ALEX-F3CE98B0F1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS.0\system32;C:\WINDOWS.0;C:\WINDOWS.0\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS.0
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=ALEX-F3CE98B0F1
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS.0
-- User Profiles ---------------------------------------------------------------
alexing
(new local, admin)alexing.ALEX-F3CE98B0F1.002
(new local, admin)Administrator
(admin)Guest
(guest)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Real Alternative\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS.0\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS.0\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS.0\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS.0\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{01D21D16-B246-4E9A-B4B1-0E37F2AD3446}
ATI Display Driver --> rundll32 C:\WINDOWS.0\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -l0x9 Brunin03.dll -removeonly
BSPlayer --> "C:\Program Files\Webteh\BSplayer\uninstall.exe"
Championship Manager 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADA3C3A9-B788-4233-845A-D8AFF7D0115A}\setup.exe" -l0x9 -removeonly
ContentSAFER for Wizmax -->
DivX Codec --> C:\WINDOWS.0\unvise32.exe C:\Program Files\DivX\DivX Codec\uninstal.log
DivX Player --> C:\WINDOWS.0\unvise32.exe C:\Program Files\DivX\DivX Player\uninstal.log
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
EMCO MoveOnBoot --> "C:\Program Files\EMCO MoveOnBoot\unins000.exe"
Flash Movie Player 1.3 --> C:\Program Files\Flash Movie Player\uninst.exe
FLVPlayer --> MsiExec.exe /I{7A347D7B-3811-4313-93B5-807740629D2A}
Granado Espada --> "E:\Granado Espada\unins000.exe"
GunboundWC --> "C:\Program Files\softnyx\unins000.exe"
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hitman Blood Money --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}\setup.exe" -l0x9 -removeonly
InternetVerifier --> "C:\Program Files\Internet Explorer\iexplore.exe" "
http://notetol.com/uninstall.php"J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
K-Lite Codec Pack 2.53 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lame ACM MP3 Codec --> "C:\WINDOWS.0\IFinst26.exe" -UC:\Program Files\Lame MP3 Codec\IFUE502.inf
Macromedia Shockwave Player --> C:\WINDOWS.0\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS.0\system32\Macromed\SHOCKW~1\Install.log
Magic ISO Maker v4.9 (build 0144) --> E:\PROGRA~1\MagicISO\UNWISE.EXE E:\PROGRA~1\MagicISO\INSTALL.LOG
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2) --> "C:\WINDOWS.0\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MySlideshow v1.5 beta --> C:\WINDOWS.0\st6unst.exe -n "C:\Program Files\MySlideshow\ST6UNST.LOG"
Need for Speed™ Most Wanted --> E:\Program Files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
Nero 6 Enterprise Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NJStar Chinese Word Processor --> "C:\Program Files\NJStar Chinese WP\Remove.exe" /U:"C:\Program Files\NJStar Chinese WP\Remove.log"
NJStar Communicator --> "C:\Program Files\NJStar Communicator\Remove.exe" /U:"C:\Program Files\NJStar Communicator\Remove.log"
O&O Defrag Professional Edition --> MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}
Opera 9.01 --> MsiExec.exe /X{256808AA-7E9E-4DB5-8A27-A26268864747}
PaperPort --> MsiExec.exe /I{71C97545-E547-4A8B-B0C8-61FF853270AC}
Post-it® Software Notes Lite Version 2 --> "C:\Program Files\3M\PSN2Lite\Uninstall.exe" -Prog"C:\Program Files\3M\PSN2Lite\Psn2Lite.exe" -INI"C:\Program Files\3M\PSN2Lite\uninst.ini"
QuickTime --> C:\WINDOWS.0\unvise32qt.exe C:\WINDOWS.0\system32\QuickTime\Uninstall.log
QuickTime Alternative 1.90 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
Real Alternative 1.41 --> "C:\Program Files\Real Alternative\unins000.exe"
RealOne Player --> C:\Program Files\Real Alternative\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
RecordPad Sound Recorder Uninstall --> C:\Program Files\NCH Swift Sound\RecordPad\uninst.exe
ReGet Deluxe 3.3 --> C:\Program Files\ReGetDx\regetdx.exe -uninstall
SamsungMediaStudio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{289CA3B4-9525-4B31-B58F-D76B2B52EA5A}\Setup.exe" -l0x9
Sony Ericsson PC Suite --> MsiExec.exe /I{C037D08B-4883-491D-9329-DC5ACA90F797}
Sony Ericsson PC Suite 3.010.00 --> C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS.0\unins000.exe"
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
SUPER © Version 2006.19 (FIX) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Tweak UI --> "C:\WINDOWS.0\system32\mshta.exe" "res://C:\WINDOWS.0\system32\TweakUI.exe/uninstall.hta"
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}
VIA Audio Driver Setup Program --> RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS.0\IsUninst.exe -y-f"C:\PROGRA~1\VIAudioi\SBASetup\Uninst.isu"
VideoLAN VLC media player 0.8.2 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III: All Products --> C:\WINDOWS.0\War3Unin.exe C:\WINDOWS.0\War3Unin.dat
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component --> "C:\WINDOWS.0\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{257E440F-781F-459B-9A68-A0872B80C1D6}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS.0\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Winning Eleven 7 INTERNATIONAL --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{71493403-7C93-48CC-BF19-C73DB1DB7B17} /l1033
Winning Eleven Pro Evolution Soccer 2007 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{002E6FB5-8671-4694-BFF6-81019AFEDD52} /l1033
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 9.0 --> C:\PROGRA~1\Winzip\PROGRA~1\Winzip\UNWISE.EXE C:\PROGRA~1\Winzip\PROGRA~1\Winzip\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type307 / Error
Event Submitted/Written: 07/21/2008 01:39:32 AM
Event ID/Source: 1010 / Windows Product Activation
Event Description:
The Windows license was restored due to a system error. You might need to reactivate your Windows product.
Event Record #/Type304 / Error
Event Submitted/Written: 07/21/2008 01:12:44 AM
Event ID/Source: 1010 / Windows Product Activation
Event Description:
The Windows license was restored due to a system error. You might need to reactivate your Windows product.
Event Record #/Type301 / Error
Event Submitted/Written: 07/21/2008 00:49:45 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rundll32.exe, version 5.1.2600.2180, faulting module advapi32.dll, version 5.1.2600.2649, fault address 0x00067fd7.
Processing media-specific event for [rundll32.exe!ws!]
Event Record #/Type300 / Error
Event Submitted/Written: 07/21/2008 00:48:51 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]
Event Record #/Type299 / Error
Event Submitted/Written: 07/21/2008 00:48:40 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rundll32.exe, version 5.1.2600.2180, faulting module advapi32.dll, version 5.1.2600.2649, fault address 0x00067fd7.
Processing media-specific event for [rundll32.exe!ws!]
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type241812 / Warning
Event Submitted/Written: 07/21/2008 10:08:33 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type241811 / Warning
Event Submitted/Written: 07/21/2008 06:30:05 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type241810 / Warning
Event Submitted/Written: 07/21/2008 04:40:51 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type241809 / Warning
Event Submitted/Written: 07/21/2008 03:46:13 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type241808 / Warning
Event Submitted/Written: 07/21/2008 03:18:52 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
-- End of Deckard's System Scanner: finished at 2008-07-21 11:40:18 ------------