Thanks for the fast reply.
Main:
Deckard's System Scanner v20071014.68
Run by Jason on 2008-03-27 17:18:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 1 Restore Point(s) --
1: 2008-03-27 16:03:10 UTC - RP175 - malware
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Jason.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:38, on 27/03/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\adwtkvwd\ctwjcxwr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
C:\Windows\PixArt\Pac7311\Monitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\ProgramData\hdmictpz\fmtqtchc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\rundll32.exe
C:\Users\Jason\Desktop\dss.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\ProgramData\hdmictpz\fmtqtchc.exe
C:\Users\Jason\DOWNLO~1\Jason.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://support.thetechguys.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BTHelena_McciTrayApp] C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.27\ilikesidebar.exe /checkforupdate
O4 - HKCU\..\Run: [BTAgile] C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Jason\AppData\Local\Temp\pmkjg.dll,#1
O4 - HKCU\..\Run: [ualyrvci] C:\Windows\system32\wbepirif.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [xciczcbw] C:\Windows\system32\butcbovu.exe
O4 - HKCU\..\Run: [hdmictpz] C:\ProgramData\hdmictpz\fmtqtchc.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Jason\AppData\Local\Temp\xxwxx.dll,c
O4 - HKCU\..\Run: [BMa9fbb516] Rundll32.exe "C:\Users\Jason\AppData\Local\Temp\bdjnhkow.dll",s
O4 - HKLM\..\Policies\Explorer\Run: [Cg2GRfoAYn] C:\ProgramData\adwtkvwd\ctwjcxwr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.liv...m/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) -
http://drmlicense.on...e/en/crlocx.ocxO20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10216 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S3 BDA_Capture_220A (Digital-TV receiver Driver 3.0.1.18) - c:\windows\system32\drivers\bda_capture_220a.sys <Not Verified; WideViewer Electronics CO., LTD; BDA Driver For Digital TV>
S3 BDA_Loader_220A (Digital-TV Receiver Firmware Loader 6.7.10.0) - c:\windows\system32\drivers\bda_loader_220a.sys <Not Verified; WideView Technology Inc.; Digital TV Receiver>
S3 NuVision (Hauppauge WinTV USB Pro (PAL I,D/K)) - c:\windows\system32\drivers\nuvision.sys <Not Verified; Hauppauge Computer Works; WinTV USB>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\program files\magix\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition>
S3 UPnPService - c:\program files\common files\magix shared\upnpservice\upnpservice.exe <Not Verified; Magix AG; UPnPService Module>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia Windows Portable Device Driver
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 6270
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0002
Manufacturer: Nokia
Name: Nokia 6280
PNP Device ID: ROOT\WPD\0002
Service: WUDFRd
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Nokia N73
Device ID: ROOT\WPD\0003
Manufacturer: Nokia
Name: Nokia N73
PNP Device ID: ROOT\WPD\0003
Service: WUDFRd
-- Scheduled Tasks -------------------------------------------------------------
2008-03-26 23:29:10 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{0D9D18D2-1289-4143-BC59-7FDC01795ADB}.job
-- Files created between 2008-02-27 and 2008-03-27 -----------------------------
2008-03-27 16:16:24 0 d-------- C:\VundoFix Backups
2008-03-27 14:24:29 318 --a------ C:\delete.bat
2008-03-27 11:09:41 110592 --a------ C:\Windows\system32\butcbovu.exe
2008-03-27 11:02:53 0 d-------- C:\Program Files\Lavasoft
2008-03-27 11:00:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 00:09:56 4096 --a------ C:\Windows\userconfig9x.dll
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32winlogonpc.exe
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32temp#01.exe
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32taack.exe
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32taack.dat
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32ssvchost.exe
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32ssvchost.com
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32ssurf022.dll
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32sncntr.exe
2008-03-27 00:09:56 0 d-------- C:\Windows\system32smp
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32regm64.dll
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32regc64.dll
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32psoft1.exe
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32psof1.exe
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32ps1.exe
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32netode.exe
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32mwin32.exe
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32mtr2.exe
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32msvchost.exe
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32msnbho.dll
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32msgp.exe
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32medup020.dll
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32medup012.dll
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32hxiwlgpm.exe
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32hxiwlgpm.dat
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32hoproxy.dll
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32h@tkeysh@@k.dll
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32dpcproxy.exe
2008-03-27 00:09:56 4096 --a------ C:\Windows\system32bsva-egihsg52.exe
2008-03-27 00:09:56 4096 --a------ C:\Windows\iTunesMusic.exe
2008-03-27 00:09:56 4096 --a------ C:\Windows\FVProtect.exe
2008-03-27 00:09:56 4096 --a------ C:\Windows\a.bat
2008-03-27 00:09:55 4096 --a------ C:\Windows\winsystem.exe
2008-03-27 00:09:55 4096 --a------ C:\Windows\system32WINWGPX.EXE
2008-03-27 00:09:55 4096 --a------ C:\Windows\system32winsystem.exe
2008-03-27 00:09:55 4096 --a------ C:\Windows\system32vcatchpi.dll
2008-03-27 00:09:55 4096 --a------ C:\Windows\system32vbsys2.dll
2008-03-27 00:09:55 4096 --a------ C:\Windows\system32thun32.dll
2008-03-27 00:09:55 4096 --a------ C:\Windows\system32thun.dll
2008-03-27 00:09:55 4096 --a------ C:\Windows\system32sysreq.exe
2008-03-27 00:09:55 4096 --a------ C:\Windows\system32Rundl1.exe
2008-03-27 00:09:55 4096 --a------ C:\Windows\system32newsd32.exe
2008-03-27 00:09:55 4096 --a------ C:\Windows\system32mssecu.exe
2008-03-27 00:09:55 4096 --a------ C:\Windows\system32emesx.dll
2008-03-27 00:09:55 4096 --a------ C:\Windows\system32bdn.com
2008-03-27 00:09:55 4096 --a------ C:\Windows\system32awtoolb.dll
2008-03-27 00:09:55 4096 --a------ C:\Windows\system32anticipator.dll
2008-03-27 00:09:55 4096 --a------ C:\Windows\system32akttzn.exe
2008-03-27 00:09:55 4096 --a------ C:\Windows\mssecu.exe
2008-03-27 00:09:55 4096 --a------ C:\Windows\bdn.com
2008-03-27 00:09:46 94208 --a------ C:\Windows\system32\wbepirif.exe
2008-03-27 00:09:15 323584 --a------ C:\Windows\dwnrpofk.dll
2008-03-26 22:29:50 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-26 17:51:16 0 d-------- C:\Program Files\OpenOffice.org 2.0
2008-03-26 12:45:13 0 d-------- C:\Program Files\Common Files\BTHelena
2008-03-26 12:45:09 0 d-------- C:\Program Files\BBDesktopHelpUpgradeAdvisor
2008-03-26 12:42:51 0 d-------- C:\Program Files\BT Broadband Talk Softphone
2008-03-26 01:58:17 0 d-------- C:\Program Files\Safari
2008-03-26 01:56:53 0 d-------- C:\Program Files\iPod
2008-03-26 01:55:04 0 d-------- C:\Program Files\QuickTime
2008-03-26 01:28:05 0 d-------- C:\PerfLogs
2008-03-26 01:10:48 152576 --a------ C:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-26 00:49:55 0 d-------- C:\96c96424a564ed5d90617475d7f4b5
2008-03-25 11:18:58 0 d-------- C:\Program Files\SecondLife
2008-03-20 18:50:59 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-20 18:50:52 0 d-------- C:\Program Files\Windows Live Favorites
2008-03-20 18:50:03 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-18 21:31:16 0 d-------- C:\Program Files\FlightGear
2008-03-18 20:22:11 0 d--h----- C:\Windows\msdownld.tmp
2008-03-18 20:22:00 0 d-------- C:\Windows\system32\directx
2008-03-18 19:27:50 0 d-------- C:\Program Files\uTorrent
2008-03-03 23:54:01 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-03 19:15:40 921 --a------ C:\Windows\QSFVExit.bat
2008-02-28 21:55:34 0 d-------- C:\Program Files\Flickr Uploadr
-- Find3M Report ---------------------------------------------------------------
2008-03-27 16:01:27 0 d-------- C:\Users\Jason\AppData\Roaming\OpenOffice.org2
2008-03-27 15:53:16 0 d-------- C:\Users\Jason\AppData\Roaming\uTorrent
2008-03-27 15:53:15 0 d-------- C:\Users\Jason\AppData\Roaming\AVG7
2008-03-27 11:00:32 0 d-------- C:\Program Files\Common Files
2008-03-27 00:46:57 0 d-------- C:\Users\Jason\AppData\Roaming\Skinux
2008-03-26 17:57:29 0 d-------- C:\Users\Jason\AppData\Roaming\PeerNetworking
2008-03-26 17:56:46 598829 --a------ C:\Users\Jason\AppData\Roaming\UserTile.png
2008-03-26 17:38:11 0 d-------- C:\Program Files\Microsoft Works
2008-03-26 13:04:26 0 d-------- C:\Users\Jason\AppData\Roaming\Apple Computer
2008-03-26 12:43:00 0 d-------- C:\Users\Jason\AppData\Roaming\BT
2008-03-26 12:35:37 0 d-------- C:\Program Files\Yahoo!
2008-03-26 01:57:01 0 d-------- C:\Program Files\iTunes
2008-03-26 01:40:17 174 --ahs---- C:\Program Files\desktop.ini
2008-03-26 01:32:12 0 d-------- C:\Program Files\Windows Sidebar
2008-03-26 01:32:12 0 d-------- C:\Program Files\Windows Calendar
2008-03-26 01:32:11 0 d-------- C:\Program Files\Movie Maker
2008-03-26 01:32:09 0 d-------- C:\Program Files\Windows Mail
2008-03-26 01:32:07 0 d-------- C:\Program Files\Windows Collaboration
2008-03-26 01:32:06 0 d-------- C:\Program Files\Windows Journal
2008-03-26 01:32:05 0 d-------- C:\Program Files\Windows Photo Gallery
2008-03-26 01:31:54 0 d-------- C:\Program Files\Windows Defender
2008-03-25 11:21:15 0 d-------- C:\Users\Jason\AppData\Roaming\SecondLife
2008-03-25 11:21:04 0 d-------- C:\Users\Jason\AppData\Roaming\Mozilla
2008-03-25 11:09:39 0 d-------- C:\Users\Jason\AppData\Roaming\Nokia Multimedia Player
2008-03-19 19:01:56 0 d-------- C:\Users\Jason\AppData\Roaming\flightgear.org
2008-03-05 18:36:39 0 d-------- C:\Program Files\BT Auto Backup
2008-03-04 21:08:30 3008 --a------ C:\Users\Jason\AppData\Roaming\wklnhst.dat
2008-03-04 13:34:17 5152 --a------ C:\Windows\ouwininit.exe
2008-03-03 19:46:31 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-03 19:39:38 0 d-------- C:\Program Files\Microsoft Games
2008-03-03 19:21:49 0 d-------- C:\Program Files\Common Files\Nero
2008-03-03 19:17:03 32 --a------ C:\Windows\0
2008-02-28 21:58:58 0 d-------- C:\Users\Jason\AppData\Roaming\Flickr
2008-02-26 00:31:23 0 d-------- C:\Program Files\Nokia
2008-02-06 17:27:20 0 d-------- C:\Users\Jason\AppData\Roaming\Atari
2008-02-03 11:02:28 0 d-------- C:\Program Files\iLike
2008-02-03 11:00:19 0 d-------- C:\Users\Jason\AppData\Roaming\WinRAR
2008-02-03 10:54:59 0 d-------- C:\Program Files\QuickSFV
2008-01-29 14:59:10 0 d-------- C:\Program Files\WinTV
2008-01-27 11:59:50 0 d-------- C:\Program Files\DivX
2008-01-15 18:55:45 230432 --a------ C:\PA7311.DAT
2008-01-08 17:50:42 0 --a------ C:\Windows\system32\0
2008-01-04 21:58:50 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-01-04 21:57:22 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 21:57:22 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 21:57:12 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 21:57:10 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 21:57:10 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 21:57:10 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 21:56:24 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [18/01/2008 23:38]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [27/10/2006 12:50]
"Keyboard Manager Utility"="C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" [11/01/2007 18:54]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [21/12/2007 10:45]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [07/05/2007 18:07]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [05/03/2007 12:40]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [07/05/2007 18:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"BTHelena_McciTrayApp"="C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe" [17/07/2007 10:26]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
"Monitor"="C:\Windows\PixArt\PAC7311\Monitor.exe" [03/11/2006 11:01]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [02/01/2008 17:07]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [02/01/2008 17:06]
"Persistence"="C:\Windows\system32\igfxpers.exe" [02/01/2008 17:07]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31/01/2008 23:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 13:10]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [18/01/2008 23:33]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [18/01/2008 23:33]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 11:23]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" []
"iLike"="C:\Program Files\iLike\1.1.27\ilikesidebar.exe" [13/09/2007 11:34]
"BTAgile"="C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe" [18/06/2007 09:39]
"MSServer"="C:\Users\Jason\AppData\Local\Temp\pmkjg.dll,#1" []
"ualyrvci"="C:\Windows\system32\wbepirif.exe" [27/03/2008 00:09]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
"xciczcbw"="C:\Windows\system32\butcbovu.exe" [27/03/2008 11:09]
"hdmictpz"="C:\ProgramData\hdmictpz\fmtqtchc.exe" [27/03/2008 14:48]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [10/12/2007 10:12]
"cmds"="C:\Users\Jason\AppData\Local\Temp\xxwxx.dll,c" []
"BMa9fbb516"="C:\Users\Jason\AppData\Local\Temp\bdjnhkow.dll,s" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2/26/2006 5:19:16 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"Cg2GRfoAYn"=C:\ProgramData\adwtkvwd\ctwjcxwr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 13/11/2007 16:54 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{597b7401-e5f0-11dc-813a-101111111111}]
AutoRun\command- copetttt.com
explore\Command- copetttt.com
open\Command- copetttt.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2e316af-da6b-11dc-9a6b-101111111111}]
AutoRun\command- copetttt.com
explore\Command- copetttt.com
open\Command- copetttt.com
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8073 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-03-27 17:24:43 ------------
Extra:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: English
CPU 0: Intel® Core2 CPU T5300 @ 1.73GHz
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 2037.45 MiB / 1092.18 MiB
Pagefile Memory (total/avail): 4314.18 MiB / 3070.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1849.62 MiB
C: is Fixed (NTFS) - 104.95 GiB total, 64.65 GiB free.
E: is CDROM (No Media)
S: is Fixed (NTFS) - 1.46 GiB total, 1.42 GiB free.
\\.\PHYSICALDRIVE0 - Hitachi HTS541612J9SA00 ATA Device - 111.79 GiB - 3 partitions
\PARTITION0 - Unknown - 5.37 GiB
\PARTITION1 (bootable) - Installable File System - 1500 MiB - S:
\PARTITION2 - Installable File System - 104.95 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AV: AVG 7.5.519 v7.5.519 (Grisoft)
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
Disabled[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Jason\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JASON-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Jason
LOCALAPPDATA=C:\Users\Jason\AppData\Local
LOGONSERVER=\\JASON-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Jason\AppData\Local\Temp
TMP=C:\Users\Jason\AppData\Local\Temp
USERDOMAIN=Jason-PC
USERNAME=Jason
USERPROFILE=C:\Users\Jason
windir=C:\Windows
-- User Profiles ---------------------------------------------------------------
Jason
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
4oD --> MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BT Broadband Desktop Help Upgrade Advisor --> "C:\Program Files\Common Files\BTHelena\uninstall.exe"
BT Broadband Talk Softphone 3.1 --> "C:\Program Files\BT Broadband Talk Softphone\unins000.exe"
BT Yahoo! Applications --> C:\Program Files\Yahoo!\Common\uninstall.exe
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -ITW3Venza.inf
Digital Effects for MSN Messenger --> MsiExec.exe /I{F6466F13-8705-4408-A9B3-D915DF21FDD8}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Firebird SQL Server - MAGIX Edition --> C:\Program Files\MAGIX\Common\Database\instslct.exe /p
Flickr Uploadr 3.0.5 --> "C:\Program Files\Flickr Uploadr\uninstall.exe"
FlightGear v1.0.0 --> "C:\Program Files\FlightGear\unins000.exe"
Hauppauge WinTV2000 --> C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045\HUFSetup.EXE -U -IDWSWTWz.inf
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Users\Jason\Downloads\HijackThis.exe" /uninstall
iLike Sidebar --> MsiExec.exe /X{72D037A4-D311-4250-B987-7D854760452C}
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Keyboard Manager Utility --> C:\Program Files\InstallShield Installation Information\{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}\setup.exe -runfromtemp -l0x0409
Lexmark 3500-4500 Series --> C:\Program Files\Lexmark 3500-4500 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Photo Standard 9 --> C:\Windows\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.13) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}
Nokia Lifeblog 2.5 --> MsiExec.exe /I{E94603CA-2996-4154-8EE2-A5FCD4BFB500}
Nokia Map Loader --> MsiExec.exe /I{03528A01-7E5E-4C5F-94DF-1D8012E969EF}
Nokia Multimedia Factory --> "C:\ProgramData\Installations\{4CFB3821-1582-4f3b-BF8D-30986923B36B}\Nokia_Multimedia_Factory_2_0.exe" /MAINTENANCE /SILENT="SWLPCER" /LANG="2057" /MSI_COMMON_OPTIONS="PCSLANG= MMFLANG=eng"
Nokia Multimedia Factory --> MsiExec.exe /I{4CFB3821-1582-4F3B-BF8D-30986923B36B}
Nokia PC Suite --> C:\ProgramData\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Nokia_PC_Suite_rel_6_85_14_1_eng.exe
Nokia PC Suite --> MsiExec.exe /I{29466F9C-7C6A-419C-B301-F440FAF78760}
Nokia Software Updater --> MsiExec.exe /X{FE5D756F-71E1-47C4-972A-D6775344B40B}
OpenOffice.org 2.0 --> MsiExec.exe /I{BF4C2438-CAFF-4DB0-BB77-48BB1781F313}
PC Connectivity Solution --> MsiExec.exe /I{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}
PC VGA Camera --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{9F6C477B-12D6-43DB-BAD3-098E1D039FC1} /l1033
Power2Go 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Ralink Wireless LAN Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe" -l0x9 -removeonly
Safari --> MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
SecondLife (remove only) --> "C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}\setup.exe -runfromtemp -l0x0409
Text Messenger Gadget --> MsiExec.exe /I{DB6B4E03-63D2-41B7-9774-B87B923030A6}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Driver Package - Nokia Modem (08/03/2007 3.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_5f8b7288\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7837a5db\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ee12375f\nokia_bluetooth.inf
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type6034 / Success
Event Submitted/Written: 03/27/2008 03:57:39 PM
Event ID/Source: 5617 / WinMgmt
Event Description:
Event Record #/Type6032 / Success
Event Submitted/Written: 03/27/2008 03:57:34 PM
Event ID/Source: 5615 / WinMgmt
Event Description:
Event Record #/Type6030 / Success
Event Submitted/Written: 03/27/2008 03:57:18 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.
Event Record #/Type6021 / Warning
Event Submitted/Written: 03/27/2008 03:50:50 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3206065437-719097110-3608468286-1000_Classes:
Process 920 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3206065437-719097110-3608468286-1000_CLASSES
Event Record #/Type6020 / Warning
Event Submitted/Written: 03/27/2008 03:50:48 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3206065437-719097110-3608468286-1000:
Process 920 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3206065437-719097110-3608468286-1000
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type28398 / Warning
Event Submitted/Written: 03/27/2008 05:20:55 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Jason-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Jason-PC27 can't undo changes that you allow.
For more information please see the following:
%Jason-PC275
Scan ID: {E301C752-5492-4347-8D2A-6147F148A64B}
User: Jason-PC\Jason
Name: %Jason-PC271
ID: %Jason-PC272
Severity ID: %Jason-PC273
Category ID: %Jason-PC274
Path Found: %Jason-PC276
Alert Type: %Jason-PC278
Detection Type: 1.1.1600.02
Event Record #/Type28397 / Warning
Event Submitted/Written: 03/27/2008 05:20:55 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Jason-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Jason-PC27 can't undo changes that you allow.
For more information please see the following:
%Jason-PC275
Scan ID: {19EA04DE-5695-497C-BEA3-391C1566E1A4}
User: Jason-PC\Jason
Name: %Jason-PC271
ID: %Jason-PC272
Severity ID: %Jason-PC273
Category ID: %Jason-PC274
Path Found: %Jason-PC276
Alert Type: %Jason-PC278
Detection Type: 1.1.1600.02
Event Record #/Type28396 / Warning
Event Submitted/Written: 03/27/2008 05:20:55 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Jason-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Jason-PC27 can't undo changes that you allow.
For more information please see the following:
%Jason-PC275
Scan ID: {396B03F8-2FEE-4B0E-88B3-D17327377A83}
User: Jason-PC\Jason
Name: %Jason-PC271
ID: %Jason-PC272
Severity ID: %Jason-PC273
Category ID: %Jason-PC274
Path Found: %Jason-PC276
Alert Type: %Jason-PC278
Detection Type: 1.1.1600.02
Event Record #/Type28395 / Warning
Event Submitted/Written: 03/27/2008 05:20:54 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Jason-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Jason-PC27 can't undo changes that you allow.
For more information please see the following:
%Jason-PC275
Scan ID: {E91FA142-3830-49D5-9739-4A85AB85C245}
User: Jason-PC\Jason
Name: %Jason-PC271
ID: %Jason-PC272
Severity ID: %Jason-PC273
Category ID: %Jason-PC274
Path Found: %Jason-PC276
Alert Type: %Jason-PC278
Detection Type: 1.1.1600.02
Event Record #/Type28394 / Warning
Event Submitted/Written: 03/27/2008 05:20:54 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Jason-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Jason-PC27 can't undo changes that you allow.
For more information please see the following:
%Jason-PC275
Scan ID: {D07A9F31-611C-454B-AF24-EF07CED9C5AB}
User: Jason-PC\Jason
Name: %Jason-PC271
ID: %Jason-PC272
Severity ID: %Jason-PC273
Category ID: %Jason-PC274
Path Found: %Jason-PC276
Alert Type: %Jason-PC278
Detection Type: 1.1.1600.02
-- End of Deckard's System Scanner: finished at 2008-03-27 17:24:43 ------------