Hello - thanks for your help. Yes, I do realize that remote is not the best, but there is not much I can do. He is there helping with reboots and i do have admin access. I will be visiting my father-in-law tomorrow in person and will look for the entries in hijack this and run the malware scan. I know that there is no spyware secure or alot toolbar in the software list. I previously ran DSS and will post the logs below. However, I will run them again tomorrow after running the malware scan. thanks!
aDeckard's System Scanner v20071014.68
Run by Kurt on 2008-05-28 07:21:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
74: 2008-05-28 11:21:08 UTC - RP110 - Deckard's System Scanner Restore Point
73: 2008-05-27 13:13:23 UTC - RP109 - System Checkpoint
72: 2008-05-25 18:48:42 UTC - RP108 - System Checkpoint
71: 2008-05-23 21:49:56 UTC - RP107 - Installed PC Registry Cleaner
70: 2008-05-23 01:50:53 UTC - RP106 - Installed Ad-Aware
-- First Restore Point --
1: 2008-02-28 18:31:34 UTC - RP37 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Kurt.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:31 AM, on 5/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Rogers\SelfHealing\shs.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\KutinSoft\CoordinationService\KutinSoftCoordinationService.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\Documents and Settings\Kurt\Desktop\dss.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\HIJACK~1\Kurt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://express.rogers.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://search.alot.com/sidebar?pr=asst& ... 0&q=monika martin&url=http://my.alot.com?client_id=614D8C4001C8894500EF9986&install_time=18-03-2008:18:14&src_id=11078&tb_version=1.2.1.200 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.comR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Rogers SHS] C:\Program Files\Rogers\SelfHealing\shs.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab -
res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?fbcd8b31d87c4409b8e8ed8e5314d723
O8 - Extra context menu item: Open in new foreground tab -
res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?fbcd8b31d87c4409b8e8ed8e5314d723
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) -
http://www.creative.com/softwareupdate/ ... TSUEng.cabO16 - DPF: {203C12EA-EF5A-4989-BD68-5844A877A9AF} (prjOCFTools.OCFTools) -
http://ocf.rogershelp.com/prjOCFTools.CABO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/house ... hcImpl.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 3651736125O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://www.creative.com/softwareupdate/ ... /CTPID.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: KutinSoft Common Users Folder (CommonUsersFolderService) - KutinSoft - C:\Program Files\Common Files\KutinSoft\CoordinationService\KutinSoftCoordinationService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 13551 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 SPLITCAM (Splitcam, WDM Camera Stream Splitter) - c:\windows\system32\drivers\splitcam.sys <Not Verified; LoteSoft Co.; Video Capture Splitter driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 CommonUsersFolderService (KutinSoft Common Users Folder) - c:\program files\common files\kutinsoft\coordinationservice\kutinsoftcoordinationservice.exe <Not Verified; KutinSoft; Coordination Service>
R2 Creative Labs Licensing Service - "c:\program files\common files\creative labs shared\service\creativelicensing.exe" <Not Verified; Creative Labs; Creative Labs Licensing Service>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 RogersUpdateManager (Rogers Update Manager) - c:\program files\rogers\update manager\rogersupdatemanager.exe <Not Verified; Rogers Cable Communications; RogersUpdateManager>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-05-28 07:24:02 354 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-05-24 09:08:51 574 --a------ C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Kurt.job
-- Files created between 2008-04-28 and 2008-05-28 -----------------------------
2008-05-25 19:13:13 0 d-------- C:\Program Files\Hijack This
2008-05-23 17:49:57 0 d-------- C:\Program Files\PC Registry Cleaner
2008-05-22 21:50:54 0 d-------- C:\Program Files\Lavasoft
2008-05-22 21:50:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-22 21:50:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-22 21:08:34 0 d--h----- C:\$AVG8.VAULT$
2008-05-22 20:51:04 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-22 20:50:43 0 d-------- C:\Program Files\AVG
2008-05-22 20:50:42 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-21 21:45:27 0 d-------- C:\Documents and Settings\Kurt\.housecall6.6
2008-05-21 19:52:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-21 19:40:17 0 d-------- C:\WINDOWS\system32\scripting
2008-05-21 19:40:16 0 d-------- C:\WINDOWS\system32\en
2008-05-21 19:40:16 0 d-------- C:\WINDOWS\system32\bits
2008-05-21 19:40:16 0 d-------- C:\WINDOWS\l2schemas
2008-05-21 19:37:47 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-21 19:35:10 0 d-------- C:\WINDOWS\network diagnostic
2008-05-19 13:08:33 0 d-------- C:\Program Files\CyberDefender
2008-05-08 21:02:52 0 d-------- C:\Program Files\Nuclear Coffee
2008-05-08 20:57:35 0 d-------- C:\Documents and Settings\Kurt\Application Data\KutinSoft
2008-05-08 20:57:33 0 d-------- C:\Program Files\KutinSoft
2008-05-08 20:57:33 0 d-------- C:\Documents and Settings\All Users\Application Data\KutinSoft
2008-05-08 20:57:32 0 d-------- C:\Program Files\Common Files\KutinSoft
2008-05-08 18:28:45 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-08 18:28:39 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-08 18:28:39 761856 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-08 18:28:37 0 d-------- C:\Program Files\YouTubeRobot
2008-04-28 18:05:40 0 d-------- C:\Program Files\Freecorder
2008-04-28 18:05:40 0 d-------- C:\Program Files\Conduit
2008-04-28 18:05:36 0 d-------- C:\WINDOWS\Freecorder Toolbar
2008-04-28 18:05:10 0 d-------- C:\WINDOWS\Replay Media Catcher
2008-04-28 18:04:58 0 d-------- C:\Program Files\Replay Media Catcher
2008-04-28 18:04:46 0 d-------- C:\Program Files\Replay Converter
2008-04-28 18:04:03 0 d-------- C:\Documents and Settings\Kurt\Application Data\GetRightToGo
2008-04-28 18:03:50 0 d-------- C:\WINDOWS\Applian FLV Player
2008-04-28 18:03:50 0 d-------- C:\Program Files\FLV Player
-- Find3M Report ---------------------------------------------------------------
2008-05-27 13:09:25 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-22 21:50:27 0 d-------- C:\Program Files\Common Files
2008-05-21 21:22:01 0 d-------- C:\Program Files\Microsoft Works
2008-05-21 19:44:38 0 d-------- C:\Program Files\Messenger
2008-05-21 19:44:31 0 d-------- C:\Program Files\AskPBar
2008-05-21 19:40:15 0 d-------- C:\Program Files\Movie Maker
2008-05-21 19:37:25 0 d-------- C:\Program Files\Windows NT
2008-05-21 18:54:53 0 d-------- C:\Program Files\PopUp Killer
2008-05-21 13:03:06 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-20 06:41:54 0 d-------- C:\Program Files\eMule
2008-05-19 09:01:06 0 d-------- C:\Program Files\Rogers
2008-05-17 08:13:12 0 d-------- C:\Documents and Settings\Kurt\Application Data\Yahoo!
2008-05-12 07:56:43 0 d-------- C:\Program Files\Paltalk Messenger
2008-04-28 18:04:45 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-04-28 11:02:58 0 d-------- C:\Documents and Settings\Kurt\Application Data\.gaim
2008-04-28 08:19:41 0 d-------- C:\Documents and Settings\Kurt\Application Data\inSpeak
2008-04-28 08:19:35 0 d-------- C:\Program Files\inSpeak
2008-04-26 21:42:27 0 d-------- C:\Program Files\Winamp
2008-04-26 21:32:04 0 d-------- C:\Documents and Settings\Kurt\Application Data\Winamp
2008-04-26 07:17:48 0 d-------- C:\Program Files\s300
2008-04-26 06:41:31 0 d-------- C:\Documents and Settings\Kurt\Application Data\SUPERAntiSpyware.com
2008-04-21 13:40:38 0 d-------- C:\Program Files\Symantec
2008-04-18 20:26:20 0 d-------- C:\Program Files\Paltalk Messenger Interop
2008-04-13 21:23:33 0 d-------- C:\Program Files\SplitCam
2008-04-13 21:23:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-13 20:11:56 56880 --a------ C:\WINDOWS\system32\scvideo.dll
2008-04-13 05:17:34 0 d-------- C:\Program Files\BitTorrent Fastest Tool
2008-03-03 12:24:41 144 --a------ C:\domains.dat
2008-03-02 12:36:29 126464 --a------ C:\WINDOWS\system32\nero8x.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [10/26/2007 04:42 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59 AM]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 03:11 AM]
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [02/23/2005 04:57 PM]
"RTHDCPL"="RTHDCPL.EXE" [04/26/2007 03:27 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 07:43 PM C:\WINDOWS\Alcmtr.exe]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 12:35 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 12:37 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [04/01/2008 02:49 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 10:51 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 04:57 PM]
"Rogers SHS"="C:\Program Files\Rogers\SelfHealing\shs.exe" [05/16/2008 02:21 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/22/2008 08:50 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [09/20/2007 04:35 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 06:43 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2/22/2008 12:34:49 AM]
HPAiODevice(hp psc 700 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe [4/30/2002 6:26:44 PM]
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [5/8/2008 6:17:29 PM]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2/5/2008 3:29:20 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
*Newly Created Service* - COMHOST
-- End of Deckard's System Scanner: finished at 2008-05-28 07:26:28 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of Memory in Use: 24%
Physical Memory (total/avail): 3070.1 MiB / 2328.44 MiB
Pagefile Memory (total/avail): 4956 MiB / 4254.94 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.85 MiB
C: is Fixed (NTFS) - 455.71 GiB total, 426.24 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 5.78 GiB free.
E: is CDROM (CDFS)
\\.\PHYSICALDRIVE0 - WDC WD5000AAKS-75YGA0 - 465.76 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 455.71 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kurt\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PREFERRE-7625A6
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kurt
LOGONSERVER=\\PREFERRE-7625A6
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kurt\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kurt\LOCALS~1\Temp
USERDOMAIN=PREFERRE-7625A6
USERNAME=Kurt
USERPROFILE=C:\Documents and Settings\Kurt
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
Kurt
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
--> C:\PROGRA~1\Yahoo!\Common\unyt.exe
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\oggcodecs\uninst.exe
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /X{DEBEA68F-45AA-4707-A9A7-DBD6DB4FBE89}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA2CA846-C6DB-4468-B291-18D4BA359656}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA2CA846-C6DB-4468-B291-18D4BA359656}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoUpdate -->
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell Resource CD --> MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
Durable Copy 3.5.3 --> C:\Program Files\KutinSoft\Durable Copy\uninst.exe
eMule --> "C:\Program Files\eMule\Uninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Kurt\Local Settings\Temporary Internet Files\Content.IE5\GTWZCJ8V\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp psc 700 series --> C:\WINDOWS\system32\hpocon09.exe /u 1204136206 /d "hp psc 700 series"
inSpeak build 499 --> "C:\Program Files\inSpeak\unins000.exe"
Intel(R) PRO Network Connections 12.1.12.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 8 --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NoAdware v5.0 --> "C:\Program Files\NoAdware5.0\unins000.exe"
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Nuclear Coffee - VideoGet --> "C:\Program Files\Nuclear Coffee\VideoGet\uninstall.exe"
Paltalk Messenger Interop --> "C:\Program Files\Paltalk Messenger Interop\uninstall.exe"
PaltalkScene --> "C:\WINDOWS\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
PC Registry Cleaner --> MsiExec.exe /X{610E6187-2D1F-4B80-BC9F-B13D8585415A}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Rogers Self Help Software 4053 --> C:\Program Files\Rogers\SelfHealing\uninst.exe
Rogers Update Manager --> C:\Program Files\Rogers\Update Manager\uninst.exe
Rogers Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Skat-Online V6 --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://82.149.227.20/v4/skat.jnlp"
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SplitCam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{00718491-55BF-46C6-83EF-4B3B95AC807A}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{7DED5635-B47C-4B0F-9AD0-8765D15FD94F}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Toolbar for Firefox --> "\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> C:\Program Files\Windows Live Toolbar\UnInstall.exe {73B1C023-4490-4A57-A7E1-F20268ECBE52}
Windows Live Toolbar --> MsiExec.exe /X{73B1C023-4490-4A57-A7E1-F20268ECBE52}
Windows Live Toolbar MSN Extension (Windows Live Toolbar) --> MsiExec.exe /X{9E7E97D2-3F83-460D-9348-CE40A21E2CA6}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Music Jukebox --> MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}
-- Application Event Log -------------------------------------------------------
Event Record #/Type9309 / Success
Event Submitted/Written: 05/28/2008 07:17:48 AM
Event ID/Source: 5103 / Remote Assistance
Event Description:
RA: Expert user (remote user: Carol) has started controlling novice (local user: kirk)
Event Record #/Type9300 / Success
Event Submitted/Written: 05/28/2008 07:12:25 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type9261 / Success
Event Submitted/Written: 05/27/2008 06:09:10 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type9236 / Success
Event Submitted/Written: 05/27/2008 07:35:15 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type9194 / Success
Event Submitted/Written: 05/26/2008 08:41:11 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type15977 / Error
Event Submitted/Written: 05/28/2008 07:17:36 AM
Event ID/Source: 1112 / TermServDevices
Event Description:
Failed to register for user printing preferences change notification. Open the Services snap-in and confirm that the Printer Spooler service is running
Event Record #/Type15929 / Error
Event Submitted/Written: 05/28/2008 02:14:53 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Rogers Update Manager service hung on starting.
Event Record #/Type15684 / Error
Event Submitted/Written: 05/26/2008 06:39:25 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Rogers Update Manager service hung on starting.
Event Record #/Type15679 / Warning
Event Submitted/Written: 05/25/2008 10:29:23 PM
Event ID/Source: 1073 / USER32
Event Description:
The attempt to power off PREFERRE-7625A6 failed
Event Record #/Type15678 / Warning
Event Submitted/Written: 05/25/2008 10:29:18 PM
Event ID/Source: 1073 / USER32
Event Description:
The attempt to power off PREFERRE-7625A6 failed
-- End of Deckard's System Scanner: finished at 2008-05-28 07:26:28 ------------