MAIN.TXT:
Deckard's System Scanner v20070826.66
Run by Administrator on 2007-08-29 01:42:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 2 Restore Point(s) --
2: 2007-08-28 23:43:05 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2007-08-28 19:22:23 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Administrator.exe) ---------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-29 01:46:22
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\ServiceWrapper-7681197.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\backWeb-7681197.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\F-Secure\Common\FSM32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
D:\Programmer\Itunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\F-Secure\Common\FSMA32.exe
C:\Program Files\F-Secure\Common\FSMB32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\F-Secure\Common\fch32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\F-Secure\Common\FNRB32.exe
C:\Program Files\F-Secure\Common\FAMEH32.exe
C:\Program Files\F-Secure\Common\FIH32.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QNGFZ8TK\dss[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ieR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://home.microsof...search.asp?p=%sR1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [CARPService] carpserv.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [Cpqset] "C:\Program Files\HPQ\Default Settings\cpqset.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [TV Now] "C:\Program Files\HPQ\Notebook Utilities\TvNow.exe" /RK
O4 - HKEY_LOCAL_MACHINE\..\Run: [Display Settings] "C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" /s
O4 - HKEY_LOCAL_MACHINE\..\Run: [QT4HPOT] "C:\Program Files\HPQ\One-Touch\OneTouch.EXE"
O4 - HKEY_LOCAL_MACHINE\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "D:\Programmer\Itunes\iTunesHelper.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Client.lnk = C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://www.apple.com...ex/qtplugin.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.t...ivex/hcImpl.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macr...ash/swflash.cabO18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0812.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O21 - SSODL: RSeQBs - {2CCFACCC-8665-0666-CD3D-57585FFDD938} - C:\WINDOWS\System32\aae.dll (file missing)
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\ServiceWrapper-7681197.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - "C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe"
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - "C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe"
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - "C:\Program Files\F-Secure\Common\FNRB32.EXE"
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - "C:\Program Files\F-Secure\Common\FSAA.EXE"
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - "C:\Program Files\F-Secure\Common\FSMA32.EXE"
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 LUMDriver - c:\windows\system32\drivers\lumdriver.sys <Not Verified; IBM; LUM application>
R2 F-Secure Filter (F-Secure File System Filter) - c:\program files\f-secure\anti-virus\win2k\fsfilter.sys
R2 F-Secure Gatekeeper - c:\program files\f-secure\anti-virus\win2k\fsgk.sys
R2 F-Secure Recognizer (F-Secure File System Recognizer) - c:\program files\f-secure\anti-virus\win2k\fsrec.sys
R2 FSpm (F-Secure Policy Manager) - c:\program files\f-secure\common\fspm.sys <Not Verified; F-Secure Corporation; F-Secure Management Agent>
S2 windev-5127-2f8a - c:\windows\system32\windev-5127-2f8a.sys (file missing)
S3 catchme - c:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 BackWeb Client - 7681197 (F-Secure BackWeb) - c:\progra~1\f-secure\backweb\7681197\program\servic~1.exe
R2 F-Secure Gatekeeper Handler Starter - "c:\program files\f-secure\anti-virus\fsgk32st.exe" <Not Verified; F-Secure Corp.; F-Secure Corp. Startup service>
R2 FSMA (F-Secure Management Agent) - "c:\program files\f-secure\common\fsma32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>
R2 HPConfig (HP Configuration Interface Service) - c:\windows\system32\hpconfig.exe <Not Verified; Hewlett-Packard; HPConfig Module>
R2 HPWirelessMgr - c:\program files\hpq\notebook utilities\hpwirelessmgr.exe <Not Verified; Hewlett-Packard Co.; HPWirelessMgr Module>
R3 F-Secure Network Request Broker - "c:\program files\f-secure\common\fnrb32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>
S2 FSAA (F-Secure Authentication Agent) - "c:\program files\f-secure\common\fsaa.exe" <Not Verified; F-Secure Corporation. All Rights Reserved.; F-Secure Authentication Agent>
S3 F-Secure BackWeb LAN Access - "c:\program files\f-secure\backweb\7681197\program\fsbwlan.exe"
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET 00
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET 00
Service: CVirtA
-- Files created between 2007-07-29 and 2007-08-29 -----------------------------
2007-08-29 01:46:08 218112 --a------ C:\Program Files\Administrator.exe <Not Verified; Soeperman Enterprises Ltd.; HijackThis>
2007-08-29 01:35:47 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-08-29 01:34:13 0 d-------- C:\WINDOWS\LastGood
2007-08-28 21:15:51 0 d-------- C:\WINDOWS\Prefetch
2007-08-14 19:39:33 32768 --a------ C:\WINDOWS\system32\aae_dll.vir
2007-08-14 17:32:55 17408 --a------ C:\WINDOWS\system32\svchost_exe.vir <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-14 16:18:26 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-13 01:35:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2007-08-13 01:22:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-08-13 01:22:27 0 d-------- C:\Program Files\Google
2007-08-13 01:19:23 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-08-13 01:05:04 0 d-------- C:\Program Files\SpywareGuard
2007-08-13 00:52:59 0 d-------- C:\Program Files\SpywareBlaster
2007-08-11 02:21:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-11 02:21:17 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-10 22:49:34 0 d-------- C:\HostsXpert
2007-08-08 19:00:53 3686 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-01 12:23:32 218112 --a------ C:\Program Files\HijackThis.exe <Not Verified; Soeperman Enterprises Ltd.; HijackThis>
-- Find3M Report ---------------------------------------------------------------
2007-08-28 20:58:30 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-08-28 20:57:51 0 d-------- C:\Program Files\Messenger
2007-08-14 19:24:55 0 d-------- C:\Program Files\QuickTime
2007-08-14 19:23:24 0 d-------- C:\Program Files\MSN Messenger
2007-08-13 01:21:11 0 d-------- C:\Program Files\Java
2007-07-07 15:43:57 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-07 15:43:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-07-05 18:03:26 0 d-------- C:\Program Files\Webroot
2007-07-05 18:03:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-07-05 17:57:18 164 --a------ C:\install.dat
2007-07-05 01:25:51 10 --a------ C:\WINDOWS\system32\kr_done1
2007-07-04 01:09:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2007-06-04 19:44:53 177152 --a------ C:\Program Files\utorrent.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [15.04.2003 04:00 C:\WINDOWS\system32\carpserv.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [23.05.2003 00:10]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [23.05.2003 01:06]
"ATIModeChange"="Ati2mdxx.exe" [16.08.2002 02:18 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [14.08.2002 18:29]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [17.07.2003 14:50]
"TV Now"="C:\Program Files\HPQ\Notebook Utilities\TvNow.exe" [30.01.2003 11:34]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [15.08.2002 07:26]
"QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [03.10.2003 21:07]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [19.09.2005 10:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12.07.2007 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [16.02.2007 10:54]
"iTunesHelper"="D:\Programmer\Itunes\iTunesHelper.exe" [14.03.2007 19:05]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [21.06.2007 18:57]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 00:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [29.07.2006 20:33]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04.08.2004 02:06]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30.03.2006 16:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [13.08.2007 10:03]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [29.08.2003 19:05:35]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.09.2005 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13.02.2001 11:01:04]
VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [24.11.2006 16:40:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"RSeQBs"= {2CCFACCC-8665-0666-CD3D-57585FFDD938} - C:\WINDOWS\System32\aae.dll [ ]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
*Newly Created Service* - BITS
*Newly Created Service* - HTTPFILTER
-- End of Deckard's System Scanner: finished at 2007-08-29 01:58:15 ------------
EXTRA.TXT:
Deckard's System Scanner v20070826.66
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Celeron® CPU 2.80GHz
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 702.98 MiB / 374.62 MiB
Pagefile Memory (total/avail): 1721 MiB / 1384.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1962.82 MiB
C: is Fixed (NTFS) - 7.96 GiB total, 2.86 GiB free.
D: is Fixed (NTFS) - 29.29 GiB total, 14.3 GiB free.
E: is CDROM (Unformatted)
\\.\PHYSICALDRIVE0 - ST94011A - 37.26 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 7.96 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 29.29 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: Spy Sweeper with AntiVirus v5.5.1.3356 (Webroot Software Inc)
AV: F-Secure Anti-Virus 5.44 v5.44 (F-Secure Corporation)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PCEN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\PCEN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=PCEN
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\BWUnin-6.1.4.58-7681197L.exe -AppId 7681197
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Download Manager 2.0 (kun avinstallering) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Cisco Systems VPN Client 4.8.01.0300 --> MsiExec.exe /X{D25122BC-A60E-4663-B602-B01718F12044}
Clue 7.0 --> MsiExec.exe /I{EE16232D-EC26-43D0-B6AF-DFCDEDDE72CF}
Conexant 56K ACLink Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C\HXFSETUP.EXE -U -Ihpm08505.inf
Conexant AC-Link Audio --> CIAunwdm.exe
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Desktop Zoom --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0604F35-314C-4341-A05E-3FEABCFDD470}\SETUP.EXE" -l0x9
EPSON TWAIN 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\Setup.exe" UNINSTALL
Ett-trykks-knapper --> C:\WINDOWS\UnInst32.exe QT4HPOT.UNI
Express Dictate --> C:\Program Files\NCH Swift Sound\Express\uninst.exe
Express Scribe --> C:\Program Files\NCH Swift Sound\Scribe\uninst.exe
F-Secure Anti-Virus --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
F-Secure BackWeb --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure BackWeb"
F-Secure Management Agent --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 1.99.1 --> C:\Program Files\HijackThis.exe /uninstall
HP Wireless LAN Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{572F7D67-11E0-4978-9227-9C1C47581601}\SETUP.EXE" -l0x14 UNINSTALL
HP WLAN 54g W450 Network Adapter --> C:\WINDOWS\system32\BCMWLU00.exe verbose
HyperRESEARCH --> D:\PROGRA~1\HYPERR~1\UNWISE.EXE D:\PROGRA~1\HYPERR~1\INSTALL.LOG
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Office XP Professional med FrontPage --> MsiExec.exe /I{90280414-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Notebook Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}\SETUP.EXE" -l0x14 UNINSTALL
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Sony Digital Voice Editor --> D:\PROGRA~1\DIGITA~1\UNWISE.EXE D:\PROGRA~1\DIGITA~1\INSTALL.LOG
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
VideoLAN VLC media player 0.8.1 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger --> MsiExec.exe /I{8CEA4A05-F512-45F5-8F80-5F2FA9E7F187}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type5892 / Error
Event Submitted/Written: 08/28/2007 09:18:33 PM
Event ID/Source: 103 / F-Secure Management Agent
Event Description:
707 2007-08-13 18:47:10+02:00 pcen PCEN\Administrator F-Secure Management Agent
F-Secure Management Agent failed to get a value (1.3.6.1.4.1.2213.11.1.14.13 error=-2080374772) from the policy. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Event Record #/Type5891 / Error
Event Submitted/Written: 08/28/2007 09:18:33 PM
Event ID/Source: 103 / F-Secure Management Agent
Event Description:
706 2007-08-13 18:46:58+02:00 pcen PCEN\Administrator F-Secure Management Agent
F-Secure Management Agent failed to get a value (1.3.6.1.4.1.2213.11.1.14.13 error=-2080374772) from the policy. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Event Record #/Type5890 / Error
Event Submitted/Written: 08/28/2007 09:18:33 PM
Event ID/Source: 103 / F-Secure Management Agent
Event Description:
705 2007-08-13 18:46:46+02:00 pcen PCEN\Administrator F-Secure Management Agent
F-Secure Management Agent failed to get a value (1.3.6.1.4.1.2213.11.1.14.13 error=-2080374772) from the policy. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Event Record #/Type5889 / Error
Event Submitted/Written: 08/28/2007 09:18:33 PM
Event ID/Source: 103 / F-Secure Management Agent
Event Description:
704 2007-08-13 18:46:34+02:00 pcen PCEN\Administrator F-Secure Management Agent
F-Secure Management Agent failed to get a value (1.3.6.1.4.1.2213.11.1.14.13 error=-2080374772) from the policy. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Event Record #/Type5888 / Error
Event Submitted/Written: 08/28/2007 09:18:33 PM
Event ID/Source: 103 / F-Secure Management Agent
Event Description:
703 2007-08-13 18:46:22+02:00 pcen PCEN\Administrator F-Secure Management Agent
F-Secure Management Agent failed to get a value (1.3.6.1.4.1.2213.11.1.14.13 error=-2080374772) from the policy. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type15499 / Error
Event Submitted/Written: 08/29/2007 01:26:59 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.2.3 for the Network Card with network address 000F20C91770 has been
denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
Event Record #/Type15477 / Error
Event Submitted/Written: 08/29/2007 00:47:47 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
sptd
Event Record #/Type15476 / Error
Event Submitted/Written: 08/29/2007 00:47:47 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The windev-5127-2f8a service failed to start due to the following error:
%%2
Event Record #/Type15474 / Error
Event Submitted/Written: 08/29/2007 00:45:30 AM / 08/29/2007 00:46:00 AM
Event ID/Source: 4 / sptd
Event Description:
Driver detected an internal error in its data structures for .
Event Record #/Type15450 / Error
Event Submitted/Written: 08/28/2007 09:31:13 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
sptd
-- End of Deckard's System Scanner: finished at 2007-08-29 01:58:15 ------------