Deckard's System Scanner v20071014.68
Run by bubba on 2007-11-19 14:24:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 2 Restore Point(s) --
2: 2007-11-19 20:24:06 UTC - RP239 - Deckard's System Scanner Restore Point
1: 2007-11-19 05:12:35 UTC - RP238 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 1.05 GiB (less than 15%) free.-- HijackThis (run as bubba.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:02 PM, on 11/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Techie.KENT\ContentWatch\Internet Protection\cwsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Documents and Settings\Techie.KENT\ContentWatch\Internet Protection\cwtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TaskZip\TaskZip.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Secunia\PSI (BETA)\PSI.exe
E:\Microsoft Office\Office10\OUTLOOK.EXE
C:\Documents and Settings\bubba\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\bubba.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.101:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [cwcptray] C:\Documents and Settings\Techie.KENT\ContentWatch\Internet Protection\cwtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: TaskZip.lnk = C:\Program Files\TaskZip\TaskZip.exe
O8 - Extra context menu item: Customize Menu -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://E:\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: KeePasser - {C8C06F74-3F06-44a3-BD56-75C39C44973F} - C:\Program Files\KeePass Password Safe\IE\keepasser.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O15 - Trusted Zone:
http://www.adobe.comO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/ka ... nicode.cabO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/house ... hcImpl.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 9175628781O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://games.pogo.com/online2/pogo/beje ... der_v6.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ContentWatch (CwAltaService20) - ContentWatch, Inc. - C:\Documents and Settings\Techie.KENT\ContentWatch\Internet Protection\cwsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9410 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20071119-142253-418 F2 - REG:system.ini: Shell=
backup-20071119-142253-646 O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 BIOS - c:\windows\system32\drivers\bios.sys <Not Verified; BIOSTAR Group; BIOSTAR I/O driver fle>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 TRIXX - c:\program files\trixx\trixxdriver.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
R2 SetupNT - c:\windows\system32\setupnt.sys
R3 PSI - c:\windows\system32\drivers\psi_mf.sys <Not Verified; Secunia; Secunia Personal Software Inspector>
S3 IMNPF (IMFirewall Packet Filter) - c:\windows\system32\drivers\imnpf.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SCREAMINGBDRIVER (Screaming Bee Audio) - c:\windows\system32\drivers\screamingbaudio.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CwAltaService20 (ContentWatch) - c:\documents and settings\techie.kent\contentwatch\internet protection\cwsvc.exe <Not Verified; ContentWatch, Inc.; Alta>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
S2 Parental Filter -
S2 repeater_service -
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_32061565&REV_86\3&267A616A&0&84
Manufacturer: VIA
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_32061565&REV_86\3&267A616A&0&84
Service:
-- Scheduled Tasks -------------------------------------------------------------
2007-11-19 00:00:00 344 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2007-11-12 14:36:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-10-19 and 2007-11-19 -----------------------------
2007-11-18 17:09:07 0 d-------- C:\Documents and Settings\bubba\Application Data\Move Networks
2007-11-18 13:53:03 0 d-------- C:\Program Files\Trend Micro
2007-11-17 21:24:47 0 d-------- C:\Documents and Settings\bubba\DoctorWeb
2007-11-17 18:15:01 0 dr-h----- C:\Documents and Settings\bubba\Recent
2007-11-17 14:19:36 295424 --a------ C:\WINDOWS\system32\wxIE.dll <Not Verified; ContentWatch, Inc.; Alta>
2007-11-17 14:19:36 908288 --a------ C:\WINDOWS\system32\libxml2_CW.dll
2007-11-17 14:19:35 346624 --a------ C:\WINDOWS\system32\cwalsp.dll <Not Verified; ContentWatch, Inc.; Alta>
2007-11-17 14:19:35 1843200 --a------ C:\WINDOWS\system32\AltaRecovery.exe <Not Verified; ContentWatch, Inc.; Alta>
2007-11-17 14:19:34 516096 --a------ C:\WINDOWS\system32\wxmsw28u_xrc_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2007-11-17 14:19:34 110592 --a------ C:\WINDOWS\system32\wxmsw28u_media_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2007-11-17 14:19:34 495616 --a------ C:\WINDOWS\system32\wxmsw28u_html_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2007-11-17 14:19:34 2899968 --a------ C:\WINDOWS\system32\wxmsw28u_core_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2007-11-17 14:19:34 712704 --a------ C:\WINDOWS\system32\wxmsw28u_adv_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2007-11-17 14:19:34 135168 --a------ C:\WINDOWS\system32\wxbase28u_xml_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2007-11-17 14:19:34 1220608 --a------ C:\WINDOWS\system32\wxbase28u_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2007-11-17 14:19:34 135168 --a------ C:\WINDOWS\system32\wxbase28u_net_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2007-11-17 10:46:22 0 d-------- C:\Program Files\Microsoft Works
2007-11-17 10:45:35 0 d-------- C:\Program Files\Microsoft.NET
2007-11-17 10:43:35 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2007-11-16 21:35:22 0 d-------- C:\Documents and Settings\bubba\Application Data\TrojanHunter
2007-11-16 21:06:42 0 d-------- C:\Documents and Settings\bubba\Application Data\HouseCall 6.6
2007-11-16 21:06:40 0 d-------- C:\WINDOWS\system32\HouseCall 6.6
2007-11-16 20:07:26 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sunbelt Software
2007-11-16 18:38:07 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-16 16:58:39 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2007-11-16 16:58:37 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-16 15:51:37 0 d-------- C:\Program Files\Ashkon Software
2007-11-16 10:19:43 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
2007-11-16 10:09:10 38160 --a------ C:\WINDOWS\system32\LMRTREND.dll <Not Verified; Microsoft Corporation; Microsoft® Windows(TM) Operating System>
2007-11-16 10:09:08 182032 --a------ C:\WINDOWS\system32\dxtmsft3.dll <Not Verified; Microsoft Corporation; Microsoft® Windows(TM) Operating System>
2007-11-16 10:09:04 63488 --a------ C:\WINDOWS\system32\unam4ie.exe <Not Verified; Microsoft Corporation; DirectShow>
2007-11-16 10:09:00 10240 --a------ C:\WINDOWS\system32\vidx16.dll
2007-11-16 10:09:00 194320 --a------ C:\WINDOWS\system32\qcut.dll <Not Verified; Microsoft Corporation; DirectShow>
2007-11-16 10:08:57 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2007-11-16 10:08:57 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2007-11-15 16:52:21 0 dr------- C:\Documents and Settings\LocalService\My Documents
2007-11-15 16:51:45 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2007-11-14 22:41:24 0 d-------- C:\Program Files\Java
2007-11-14 22:38:55 0 d-------- C:\Program Files\QuickTime
2007-11-14 22:32:14 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks
2007-11-14 22:32:10 0 d-------- C:\Program Files\Winamp Remote
2007-11-14 22:31:17 0 d-------- C:\Program Files\Winamp
2007-11-14 22:31:17 0 d-------- C:\Documents and Settings\bubba\Application Data\Winamp
2007-11-14 22:08:48 0 d-------- C:\Program Files\Sun
2007-11-14 15:15:09 0 d-------- C:\Documents and Settings\bubba\Application Data\Help
2007-11-14 15:08:51 0 d-------- C:\Program Files\KeyNote
2007-11-13 13:31:40 0 d-------- C:\Hijack This
2007-11-12 21:19:40 0 d-------- C:\Documents and Settings\Techie.KENT\Application Data\Grisoft
2007-11-12 21:03:14 0 d-------- C:\Documents and Settings\LocalService\ContentWatch
2007-11-12 21:02:33 0 d-------- C:\Documents and Settings\NetworkService\ContentWatch
2007-11-12 20:24:36 0 d-------- C:\Documents and Settings\bubba\Application Data\Grisoft
2007-11-12 18:36:25 0 d--h----- C:\Documents and Settings\bubba\NetHood
2007-11-12 17:41:54 0 d-------- C:\Program Files\Pidgin
2007-11-12 17:41:44 0 d-------- C:\Program Files\Common Files\GTK
2007-11-12 15:09:08 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2007-11-12 15:09:07 0 d-------- C:\Program Files\Viewpoint
2007-11-12 15:08:25 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2007-11-12 15:08:25 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL OCP
2007-11-12 15:08:08 0 d-------- C:\Program Files\Common Files\AOL
2007-11-12 14:54:28 0 d-------- C:\Program Files\iPod
2007-11-12 14:54:24 0 d-------- C:\Program Files\iTunes
2007-11-11 13:58:21 0 d-------- C:\Documents and Settings\bubba\Application Data\ImgBurn
2007-11-11 13:43:36 0 d-------- C:\Program Files\ImgBurn
2007-11-11 13:27:45 133120 --a------ C:\WINDOWS\system32\zip32.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-10 15:05:45 0 d-------- C:\Documents and Settings\bubba\Application Data\JDiskReport
2007-11-10 15:05:34 0 d-------- C:\Program Files\JGoodies
2007-11-09 14:01:42 0 d-------- C:\Program Files\GIMP-2.0
2007-11-09 13:44:27 0 d-------- C:\Documents and Settings\bubba\.thumbnails
2007-11-09 13:43:04 0 d-------- C:\Documents and Settings\bubba\.gimp-2.4
2007-11-08 20:35:02 5767168 --a------ C:\Documents and Settings\bubba\ntuser.dat
2007-11-07 14:54:37 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PopCap
2007-11-07 09:10:57 0 d-------- C:\Documents and Settings\bubba\Application Data\Turbine
2007-11-03 10:17:13 0 d-------- C:\Documents and Settings\bubba\Application Data\WinRAR
2007-11-01 11:48:18 0 d-------- C:\Program Files\TaskZip
2007-10-25 10:29:48 0 dr-h----- C:\Documents and Settings\Techie.KENT\Recent
2007-10-22 18:15:33 0 --a------ C:\WINDOWS\system32\mssurun.dat
2007-10-22 18:14:59 2281472 --a------ C:\WINDOWS\system32\vbsbak.dat <Not Verified; SuperLogix; Super Utilities>
2007-10-22 18:14:59 42 --a------ C:\WINDOWS\system32\vb6sock.dll
2007-10-22 18:14:59 6144 --a------ C:\WINDOWS\system32\SuperRes.dll
2007-10-22 18:14:59 269824 --a------ C:\WINDOWS\system32\SuperMenuHook.dll
2007-10-22 18:14:59 73728 --a------ C:\WINDOWS\system32\smh.dat <Not Verified; SuperLogix; SuperMenuHook>
2007-10-22 18:14:59 89088 --a------ C:\WINDOWS\system32\Shreder.dll <Not Verified; ; Shreder Dynamic Link Library>
2007-10-22 18:14:59 0 d-------- C:\WINDOWS\system32\IOSUBSYS
2007-10-22 18:14:59 43936 --a------ C:\WINDOWS\system32\drivers\HWFProt.sys <Not Verified; Alfa Corporation; AlfaFP (TM) 2003 Ansi Build for Windows NT/2K>
2007-10-22 18:14:59 1636352 --a------ C:\WINDOWS\system32\context.dll <Not Verified; SuperLogix; Enhancement to context menu>
2007-10-22 18:14:59 269824 --a------ C:\WINDOWS\system32\baksm.dat
2007-10-22 15:51:01 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-10-22 09:34:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Thunderbird
-- Find3M Report ---------------------------------------------------------------
2007-11-19 14:23:38 0 d-------- C:\Documents and Settings\bubba\Application Data\SiteAdvisor
2007-11-19 14:13:59 0 d-------- C:\Program Files\Trillian
2007-11-18 13:48:35 0 d-------- C:\Documents and Settings\bubba\Application Data\AVG7
2007-11-17 17:33:51 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-17 12:10:14 0 d-------- C:\Program Files\Common Files
2007-11-17 10:46:00 0 d-------- C:\Program Files\Screenshot Pilot
2007-11-17 08:57:36 0 d-------- C:\Documents and Settings\bubba\Application Data\Macromedia
2007-11-16 20:07:09 0 d-------- C:\Program Files\Sunbelt Software
2007-11-16 17:14:06 0 d-------- C:\Program Files\SpywareBlaster
2007-11-14 22:39:47 0 d-------- C:\Documents and Settings\bubba\Application Data\Apple Computer
2007-11-10 19:40:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-09 17:12:39 0 d-------- C:\Program Files\Google
2007-11-09 10:28:49 0 d-------- C:\Program Files\RFA
2007-11-09 10:28:46 0 d-------- C:\Program Files\Common Files\Screaming Bee
2007-11-09 10:17:34 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-04 22:31:10 0 d-------- C:\Documents and Settings\bubba\Application Data\Adobe
2007-11-02 17:34:50 0 d-------- C:\Documents and Settings\bubba\Application Data\Ventrilo
2007-10-22 09:34:19 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-10-20 20:58:58 0 d-------- C:\Program Files\TRIXX
2007-10-17 02:31:08 151552 --a------ C:\WINDOWS\system32\libexpat.dll
2007-10-16 10:51:55 0 d-------- C:\Documents and Settings\bubba\Application Data\ATI
2007-10-16 09:14:27 0 d-------- C:\Program Files\Remove Empty Directories
2007-10-12 09:10:49 0 d-------- C:\Program Files\MSECache
2007-10-12 09:08:37 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-11 20:03:38 0 d-------- C:\Program Files\SpeedFan
2007-10-11 08:13:45 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-10 21:03:25 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-10-10 15:32:13 0 d-------- C:\Program Files\Common Files\CyberSieve
2007-10-10 08:31:36 0 d-------- C:\Program Files\Curse
2007-10-08 06:02:56 0 d-------- C:\Program Files\Common Files\Borland Shared
2007-10-07 17:48:44 0 d-------- C:\Program Files\Apple Software Update
2007-10-07 05:19:10 323584 --a------ C:\WINDOWS\system32\CSNotify.exe <Not Verified; SoftForYou Company; CSNotify>
2007-10-07 05:19:06 483328 --a------ C:\WINDOWS\system32\CSSvr.exe <Not Verified; SoftForYou Company; CSSvr>
2007-10-07 05:19:00 266240 --a------ C:\WINDOWS\system32\cssp.dll
2007-10-07 05:18:58 106496 --a------ C:\WINDOWS\system32\CSSPInst.exe <Not Verified; SoftForYou Company; CyberSieve>
2007-09-26 09:05:16 0 d-------- C:\Documents and Settings\bubba\Application Data\Google
2007-09-21 12:04:30 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-19 16:51:56 0 d-------- C:\Documents and Settings\bubba\Application Data\OpenOffice.org2
2007-09-15 21:40:56 3199109 --a------ C:\WINDOWS\system32\YUOI
2007-09-15 21:24:38 28 --a------ C:\WINDOWS\system32\'
2007-09-15 20:10:09 1467 --a------ C:\WINDOWS\mozver.dat
2007-09-10 19:52:20 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-08-30 14:21:14 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-28 16:25:06 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-08-28 16:25:06 0 --a------ C:\WINDOWS\system32\SBFC.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 10:35 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [10/22/2007 08:54 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/06/2007 03:14 PM]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 03:48 PM]
"cwcptray"="C:\Documents and Settings\Techie.KENT\ContentWatch\Internet Protection\cwtray.exe" [10/17/2007 09:42 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/03/2004 10:56 PM]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
TaskZip.lnk - C:\Program Files\TaskZip\TaskZip.exe [11/1/2007 11:48:18 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 11:55 AM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 11:41 AM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk]
backup=C:\WINDOWS\pss\NETGEAR WG111v2 Smart Wizard.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^bubba^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass Password Safe]
"C:\Program Files\KeePass Password Safe\KeePass.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\parentalcontrol]
"C:\Program Files\parentalcontrol\parentalcontrol.exe" "C:\Program Files\parentalcontrol\parentalcontrol.dll" "parentalcontrol"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
"C:\Program Files\RFA\rfagent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TRIXX]
"C:\Program Files\TRIXX\TRIXX.exe" -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zzz_ImInstaller_IncrediMail]
C:\Documents and Settings\bubba\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail
-- End of Deckard's System Scanner: finished at 2007-11-19 14:25:40 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) 64 Processor 3800+
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 1022.42 MiB / 408.02 MiB
Pagefile Memory (total/avail): 2459.52 MiB / 1891.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1899.69 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 10.74 GiB total, 1.05 GiB free.
D: is CDROM (UDF)
E: is Fixed (NTFS) - 232.89 GiB total, 212.88 GiB free.
\\.\PHYSICALDRIVE0 - WDC WD2500KS-00MJB0 - 232.89 GiB - 1 partition
\PARTITION0 - Installable File System - 232.89 GiB - E:
\\.\PHYSICALDRIVE1 - WDC WD400BB-00DEA0 - 37.27 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 10.74 GiB - C:
\PARTITION1 - Extended Partition - 24.21 GiB
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before download.
Windows Internal Firewall is disabled.
FW: Outpost Firewall Pro v4.0 (Agnitum)
FW: ZoneAlarm Firewall v7.0.408.000 (Check Point, LTD.)
FW: COMODO Firewall Pro v2.3.035 (COMODO)
DisabledAV: AVG 7.5.503 v7.5.503 (Grisoft)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\World of Warcraft\\World of Warcraft\\BackgroundDownloader.exe"="E:\\World of Warcraft\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"E:\\Steam\\Steam.exe"="E:\\Steam\\Steam.exe:*:Enabled:Steam Client"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"E:\\Steam\\steamapps\\msgt_gunner\\counter-strike source\\hl2.exe"="E:\\Steam\\steamapps\\msgt_gunner\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Documents and Settings\\bubba\\Desktop\\incredimail_install.exe"="C:\\Documents and Settings\\bubba\\Desktop\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Documents and Settings\\bubba\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe"="C:\\Documents and Settings\\bubba\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"E:\\Microsoft Office\\Office12\\ONENOTE.EXE"="E:\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\bubba\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KENT
ComSpec=C:\WINDOWS\system32\cmd.exe
CWALTAHOME=C:\Documents and Settings\Techie.KENT\ContentWatch
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\bubba
LOGONSERVER=\\KENT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=5f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\bubba\LOCALS~1\Temp
TMP=C:\DOCUME~1\bubba\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=KENT
USERNAME=bubba
USERPROFILE=C:\Documents and Settings\bubba
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
bubba
(admin)Techie.KENT
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
CCleaner (remove only) --> "E:\New Folder\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Counter-Strike: Source --> "E:\Steam\steam.exe"
steam://uninstall/240Data Lifeguard Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
File Shredder 2.0 --> "C:\Program Files\File Shredder\unins000.exe"
Flock 0.7 --> C:\Program Files\Flock\uninst.exe
Fraps --> "C:\Fraps\uninstall.exe"
GIMP 2.4.1 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
GTK+ Runtime 2.12.1 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JGoodies JDiskReport 1.3.0 --> "C:\Program Files\JGoodies\JDiskReport 1.3.0\uninstall.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KeePass Password Safe 1.07 --> "C:\Program Files\KeePass Password Safe\unins000.exe"
KeyNote 1.6.5 --> "C:\Program Files\KeyNote\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 Trial --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Outlook Personal Folders Backup --> MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Thunderbird (2.0.0.6) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Net Nanny Parental Controls 5.6 --> "C:\Documents and Settings\Techie.KENT\ContentWatch\Internet Protection\ContentProtect\Home\unins000.exe"
NETGEAR WG111v2 wireless USB 2.0 adapter --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{E0F252A6-DE85-4E93-A93B-DFC3537B3965}
NVIDIA Drivers --> C:\WINDOWS\System32\NVUNINST.EXE UninstallGUI
Opera 9.21 --> MsiExec.exe /X{AF599832-2305-4922-9342-6FF48894E384}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Pidgin --> C:\Program Files\Pidgin\pidgin-uninst.exe
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
QUIZ --> MsiExec.exe /I{214BAA22-55F8-4584-B4D2-704531DEDE49}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Registry First Aid --> "C:\Program Files\RFA\unins000.exe"
Remove Empty Directories 2.1 --> C:\Program Files\Remove Empty Directories\uninst.exe
Sapphire TRIXX --> "C:\Program Files\TRIXX\Uninstall.exe"
Screenshot Pilot version 1.46.01 --> "C:\Program Files\Screenshot Pilot\unins000.exe"
Screenshot Utility version 1.0 --> "C:\Program Files\Screenshot Utility\unins000.exe"
Secunia PSI (BETA) --> MsiExec.exe /X{4A78C65F-0CF5-4666-AF26-5601013D7C86}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB936509) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
SimulationExams --> C:\WINDOWS\st6unst.exe -n "E:\ST6UNST.LOG"
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Super Utilities Pro 7.71 --> "C:\Program Files\SuperLogix\Super Utilities\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TaskZip --> C:\PROGRA~1\TaskZip\UNWISE.EXE C:\PROGRA~1\TaskZip\INSTALL.LOG
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
Trixie --> MsiExec.exe /I{8EEA1427-5C0D-469F-9FC6-A622A99D98EB}
Update for Office 2007 (KB932080) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB933688) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F6E692F1-63C2-4760-94C6-C689DCD053F1}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Word 2007 (KB934173) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Remote --> "C:\Program Files\Winamp Remote\uninstall.exe"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type4154 / Warning
Event Submitted/Written: 11/17/2007 00:10:32 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Event Record #/Type4153 / Warning
Event Submitted/Written: 11/17/2007 00:10:32 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Event Record #/Type4110 / Warning
Event Submitted/Written: 11/17/2007 10:46:25 AM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Event Record #/Type4093 / Warning
Event Submitted/Written: 11/17/2007 10:21:32 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}', feature 'iTunes' failed during request for component '{E8A1D3E2-F5D3-4B24-AB93-52F7E602A235}'
Event Record #/Type4092 / Warning
Event Submitted/Written: 11/17/2007 10:21:32 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}', feature 'iTunes', component '{75A3FFF5-2BFA-4987-9687-C24E3318C811}' failed. The resource 'C:\Program Files\iTunes\CD Configuration\' does not exist.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type9450 / Warning
Event Submitted/Written: 11/19/2007 02:14:38 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00E04D375A96. The IP address being used is 169.254.230.123.
Event Record #/Type9449 / Warning
Event Submitted/Written: 11/19/2007 02:14:36 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00E04D375A96. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type9448 / Warning
Event Submitted/Written: 11/19/2007 02:14:04 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00E04D375A96. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type9445 / Warning
Event Submitted/Written: 11/19/2007 03:27:38 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Event Record #/Type9442 / Warning
Event Submitted/Written: 11/18/2007 02:47:13 PM
Event ID/Source: 52 / Disk
Event Description:
The driver has detected that device \Device\Harddisk0\DR0 has predicted that it will fail.
Immediately back up your data and replace your hard disk drive. A failure
may be imminent.
-- End of Deckard's System Scanner: finished at 2007-11-19 14:25:40 ------------