Vundofix.txt
VundoFix V6.5.10
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 8:26:40 AM 10/18/2007
Listing files found while scanning....
C:\WINDOWS\system32\dvxkipll.ini
C:\WINDOWS\system32\gztqrjof.dll
C:\WINDOWS\system32\llpikxvd.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\dvxkipll.ini
C:\WINDOWS\system32\dvxkipll.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\gztqrjof.dll
C:\WINDOWS\system32\gztqrjof.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\llpikxvd.dll
C:\WINDOWS\system32\llpikxvd.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gztqrjof.dll
C:\WINDOWS\system32\gztqrjof.dll Has been deleted!
Performing Repairs to the registry.
Done!
main.txt
Deckard's System Scanner v20071014.68
Run by Owner on 2007-10-18 08:54:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
67: 2007-10-18 16:54:25 UTC - RP1067 - Deckard's System Scanner Restore Point
66: 2007-10-18 09:27:21 UTC - RP1066 - System Checkpoint
65: 2007-10-17 06:09:51 UTC - RP1065 - System Checkpoint
64: 2007-10-16 05:50:35 UTC - RP1064 - System Checkpoint
63: 2007-10-14 23:22:24 UTC - RP1063 - Last known good configuration
-- First Restore Point --
1: 2007-07-21 13:29:29 UTC - RP1001 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 448 MiB (512 MiB recommended).
System Drive C: has 2.37 GiB (less than 15%) free.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-10-18 08:57:41
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\McAfee.com\Agent\McTskshd.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\j2re1.4.2_12\bin\jusched.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) =
http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
O2 - BHO: (no name) - {015CDAF3-CC87-4F25-B935-3C98A32141E8} - C:\Program Files\WindowsUpdate\meso43855.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {CDC59F8E-F118-41B9-BC83-990D2FF00694} - C:\WINDOWS\system32\awvtt.dll
O2 - BHO: (no name) - {EA5159DF-E413-4878-8AE2-D921D41BB942} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_12\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [jlxmvhd] c:\windows\system32\absysao.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.5\webbuying.exe
O4 - HKCU\..\Run: [Notn] "C:\PROGRA~1\MBOLS~1\wuaclt.exe" -vt ndrv
O4 - HKCU\..\Run: [Kwwszg] "C:\Documents and Settings\Owner\Application Data\??sembly\u?erinit.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [lvvna.exe] C:\WINDOWS\system\lvvna.exe
O4 - HKCU\..\Policies\Explorer\Run: [jsuvojncu.exe] C:\WINDOWS\system\jsuvojncu.exe
O4 - HKCU\..\Policies\Explorer\Run: [llvlrun.exe] C:\WINDOWS\system\llvlrun.exe
O4 - HKCU\..\Policies\Explorer\Run: [mnmignvusr.exe] C:\WINDOWS\system\mnmignvusr.exe
O4 - HKCU\..\Policies\Explorer\Run: [jirq.exe] C:\WINDOWS\system\jirq.exe
O4 - HKCU\..\Policies\Explorer\Run: [iadtu.exe] C:\WINDOWS\system\iadtu.exe
O4 - HKCU\..\Policies\Explorer\Run: [pnjlgiq.exe] C:\WINDOWS\system\pnjlgiq.exe
O4 - HKCU\..\Policies\Explorer\Run: [ffri.exe] C:\WINDOWS\system\ffri.exe
O4 - HKCU\..\Policies\Explorer\Run: [ihokslrcu.exe] C:\WINDOWS\system\ihokslrcu.exe
O4 - HKCU\..\Policies\Explorer\Run: [rshmigl.exe] C:\WINDOWS\system\rshmigl.exe
O4 - HKCU\..\Policies\Explorer\Run: [jgbcsh.exe] C:\WINDOWS\system\jgbcsh.exe
O4 - HKCU\..\Policies\Explorer\Run: [nktvivm.exe] C:\WINDOWS\system\nktvivm.exe
O4 - HKCU\..\Policies\Explorer\Run: [douscc.exe] C:\WINDOWS\system\douscc.exe
O4 - HKCU\..\Policies\Explorer\Run: [birrnct.exe] C:\WINDOWS\system\birrnct.exe
O4 - HKCU\..\Policies\Explorer\Run: [ictrloku.exe] C:\WINDOWS\system\ictrloku.exe
O4 - HKCU\..\Policies\Explorer\Run: [dvfvvitlv.exe] C:\WINDOWS\system\dvfvvitlv.exe
O4 - HKCU\..\Policies\Explorer\Run: [hjjvrsb.exe] C:\WINDOWS\system\hjjvrsb.exe
O4 - HKCU\..\Policies\Explorer\Run: [vnkcu.exe] C:\WINDOWS\system\vnkcu.exe
O4 - HKCU\..\Policies\Explorer\Run: [mhsplfbvbt.exe] C:\WINDOWS\system\mhsplfbvbt.exe
O4 - HKCU\..\Policies\Explorer\Run: [orgq.exe] C:\WINDOWS\system\orgq.exe
O4 - HKCU\..\Policies\Explorer\Run: [sqqxtxlet.exe] C:\WINDOWS\system\sqqxtxlet.exe
O4 - HKCU\..\Policies\Explorer\Run: [rkpep.exe] C:\WINDOWS\system\rkpep.exe
O4 - HKCU\..\Policies\Explorer\Run: [mpxejw.exe] C:\WINDOWS\system\mpxejw.exe
O4 - HKCU\..\Policies\Explorer\Run: [pvvs.exe] C:\WINDOWS\system\pvvs.exe
O4 - HKCU\..\Policies\Explorer\Run: [wqdumu.exe] C:\WINDOWS\system\wqdumu.exe
O4 - HKCU\..\Policies\Explorer\Run: [ckdcge.exe] C:\WINDOWS\system\ckdcge.exe
O4 - HKCU\..\Policies\Explorer\Run: [wjravp.exe] C:\WINDOWS\system\wjravp.exe
O4 - HKCU\..\Policies\Explorer\Run: [nefjmdvp.exe] C:\WINDOWS\system\nefjmdvp.exe
O4 - HKCU\..\Policies\Explorer\Run: [sefxfj.exe] C:\WINDOWS\system\sefxfj.exe
O4 - HKCU\..\Policies\Explorer\Run: [qhtpd.exe] C:\WINDOWS\system\qhtpd.exe
O4 - HKCU\..\Policies\Explorer\Run: [ovnnk.exe] C:\WINDOWS\system\ovnnk.exe
O4 - HKCU\..\Policies\Explorer\Run: [ewnka.exe] C:\WINDOWS\system\ewnka.exe
O4 - HKCU\..\Policies\Explorer\Run: [akkf.exe] C:\WINDOWS\system\akkf.exe
O4 - HKCU\..\Policies\Explorer\Run: [qkjvcpbdn.exe] C:\WINDOWS\system\qkjvcpbdn.exe
O4 - HKCU\..\Policies\Explorer\Run: [lwdgxhlv.exe] C:\WINDOWS\system\lwdgxhlv.exe
O4 - HKCU\..\Policies\Explorer\Run: [caeqfdouig.exe] C:\WINDOWS\system\caeqfdouig.exe
O4 - HKCU\..\Policies\Explorer\Run: [jmxfxlnxf.exe] C:\WINDOWS\system\jmxfxlnxf.exe
O4 - HKCU\..\Policies\Explorer\Run: [hojnbkaow.exe] C:\WINDOWS\system\hojnbkaow.exe
O4 - HKCU\..\Policies\Explorer\Run: [exjmbpk.exe] C:\WINDOWS\system\exjmbpk.exe
O4 - HKCU\..\Policies\Explorer\Run: [qkeav.exe] C:\WINDOWS\system\qkeav.exe
O4 - HKCU\..\Policies\Explorer\Run: [rnkhllffih.exe] C:\WINDOWS\system\rnkhllffih.exe
O4 - HKCU\..\Policies\Explorer\Run: [qhkp.exe] C:\WINDOWS\system\qhkp.exe
O4 - HKCU\..\Policies\Explorer\Run: [snsqe.exe] C:\WINDOWS\system\snsqe.exe
O4 - HKCU\..\Policies\Explorer\Run: [mmkun.exe] C:\WINDOWS\system\mmkun.exe
O4 - HKCU\..\Policies\Explorer\Run: [griiwflbi.exe] C:\WINDOWS\system\griiwflbi.exe
O4 - HKCU\..\Policies\Explorer\Run: [bqblfmxum.exe] C:\WINDOWS\system\bqblfmxum.exe
O4 - HKCU\..\Policies\Explorer\Run: [vsop.exe] C:\WINDOWS\system\vsop.exe
O4 - HKCU\..\Policies\Explorer\Run: [bbrhp.exe] C:\WINDOWS\system\bbrhp.exe
O4 - HKCU\..\Policies\Explorer\Run: [ajtxsu.exe] C:\WINDOWS\system\ajtxsu.exe
O4 - HKCU\..\Policies\Explorer\Run: [eduu.exe] C:\WINDOWS\system\eduu.exe
O4 - HKCU\..\Policies\Explorer\Run: [cksc.exe] C:\WINDOWS\system\cksc.exe
O4 - HKCU\..\Policies\Explorer\Run: [ddwn.exe] C:\WINDOWS\system\ddwn.exe
O4 - HKCU\..\Policies\Explorer\Run: [lhxtkfbv.exe] C:\WINDOWS\system\lhxtkfbv.exe
O4 - HKCU\..\Policies\Explorer\Run: [nplsfcvf.exe] C:\WINDOWS\system\nplsfcvf.exe
O4 - HKCU\..\Policies\Explorer\Run: [uburqbo.exe] C:\WINDOWS\system\uburqbo.exe
O4 - HKCU\..\Policies\Explorer\Run: [simx.exe] C:\WINDOWS\system\simx.exe
O4 - HKCU\..\Policies\Explorer\Run: [xeairvsh.exe] C:\WINDOWS\system\xeairvsh.exe
O4 - HKCU\..\Policies\Explorer\Run: [jvmqbhjbm.exe] C:\WINDOWS\system\jvmqbhjbm.exe
O4 - HKCU\..\Policies\Explorer\Run: [oddnnehtav.exe] C:\WINDOWS\system\oddnnehtav.exe
O4 - HKCU\..\Policies\Explorer\Run: [acvxjp.exe] C:\WINDOWS\system\acvxjp.exe
O4 - HKCU\..\Policies\Explorer\Run: [jwwtwqgpxq.exe] C:\WINDOWS\system\jwwtwqgpxq.exe
O4 - HKCU\..\Policies\Explorer\Run: [reascdpjnk.exe] C:\WINDOWS\system\reascdpjnk.exe
O4 - HKCU\..\Policies\Explorer\Run: [bifmi.exe] C:\WINDOWS\system\bifmi.exe
O4 - HKCU\..\Policies\Explorer\Run: [aulmxobgd.exe] C:\WINDOWS\system\aulmxobgd.exe
O4 - HKCU\..\Policies\Explorer\Run: [htkhtk.exe] C:\WINDOWS\system\htkhtk.exe
O4 - HKCU\..\Policies\Explorer\Run: [pwincg.exe] C:\WINDOWS\system\pwincg.exe
O4 - HKCU\..\Policies\Explorer\Run: [tommdha.exe] C:\WINDOWS\system\tommdha.exe
O4 - HKCU\..\Policies\Explorer\Run: [nhjck.exe] C:\WINDOWS\system\nhjck.exe
O4 - HKCU\..\Policies\Explorer\Run: [nghe.exe] C:\WINDOWS\system\nghe.exe
O4 - HKCU\..\Policies\Explorer\Run: [nnkga.exe] C:\WINDOWS\system\nnkga.exe
O4 - HKCU\..\Policies\Explorer\Run: [takwmiig.exe] C:\WINDOWS\system\takwmiig.exe
O4 - HKCU\..\Policies\Explorer\Run: [aashtx.exe] C:\WINDOWS\system\aashtx.exe
O4 - HKCU\..\Policies\Explorer\Run: [uncisd.exe] C:\WINDOWS\system\uncisd.exe
O4 - HKCU\..\Policies\Explorer\Run: [sadhegxr.exe] C:\WINDOWS\system\sadhegxr.exe
O4 - HKCU\..\Policies\Explorer\Run: [ocibj.exe] C:\WINDOWS\system\ocibj.exe
O4 - HKCU\..\Policies\Explorer\Run: [djnl.exe] C:\WINDOWS\system\djnl.exe
O4 - HKCU\..\Policies\Explorer\Run: [dddgv.exe] C:\WINDOWS\system\dddgv.exe
O4 - HKCU\..\Policies\Explorer\Run: [vwkbjrj.exe] C:\WINDOWS\system\vwkbjrj.exe
O4 - HKCU\..\Policies\Explorer\Run: [epsxhqpnk.exe] C:\WINDOWS\system\epsxhqpnk.exe
O4 - HKCU\..\Policies\Explorer\Run: [qpsfuphqi.exe] C:\WINDOWS\system\qpsfuphqi.exe
O4 - HKCU\..\Policies\Explorer\Run: [mkhs.exe] C:\WINDOWS\system\mkhs.exe
O4 - HKCU\..\Policies\Explorer\Run: [tgxmoi.exe] C:\WINDOWS\system\tgxmoi.exe
O4 - HKCU\..\Policies\Explorer\Run: [lqfuawnec.exe] C:\WINDOWS\system\lqfuawnec.exe
O4 - HKCU\..\Policies\Explorer\Run: [fdhpitthw.exe] C:\WINDOWS\system\fdhpitthw.exe
O4 - Startup: IMStart.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Post-it® Digital Notes.lnk = C:\Program Files\3M\PDNotes\PDNotes.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} () -
http://codecs.microsoft.com/codecs/i386/voxacm.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} () -
http://download.microsoft.com/download/ ... mvadvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/microsoftup ... 8861804828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 8861710421
O16 - DPF: {CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} (Java Plug-in 1.4.1_05) -
http://kronos.pomona.edu/WFC/plugins/j2 ... s-i586.exe
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) -
http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: nnnnllk - C:\WINDOWS\system32\nnnnllk.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tpctdoln.exe /service
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: jgrqhpfraearl - Unknown owner - C:\WINDOWS\system32\aearl\jgrqhpfr.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 16924 bytes
-- HijackThis Fixed Entries (C:\Documents and Settings\Owner\Desktop\Crap I don't use\backups\) --------------------------------------------------------------------------------
backup-20071014-152819-537 O4 - HKLM\..\Run: [NI.UWAS7_0001_N99M3108] "C:\DOCUME~1\Owner\LOCALS~1\Temp\WinAntiSpyware 2007 FreeInstall.exe" -nag
backup-20071014-152902-164 O15 - Trusted Zone:
http://awbeta.net-nucleus.com (HKLM)
backup-20071014-152902-260 O15 - Trusted Zone:
http://click.mirarsearch.com (HKLM)
backup-20071014-152902-865 O15 - Trusted Zone:
http://click.getmirar.com (HKLM)
backup-20071014-152902-897 O15 - Trusted Zone:
http://redirect.mirarsearch.com (HKLM)
backup-20071014-232756-590 O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
backup-20071014-232905-674 O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
backup-20071014-232905-883 O4 - HKCU\..\Run: [ArtChk] C:\WINDOWS\system32\artchker.exe
backup-20071014-232905-894 O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
backup-20071015-124957-110 O2 - BHO: (no name) - {05241C24-1C2C-45AA-B5C6-160D0E39F8B6} - C:\WINDOWS\system32\awvtt.dll
backup-20071015-124957-213 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kpdhxxqh.dll
backup-20071015-124957-342 O2 - BHO: (no name) - {16D27D6F-94A3-9321-A63C-EE2B5D90DF92} - C:\WINDOWS\system32\ejya.dll
backup-20071015-124957-827 O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\kpdhxxqh.dll
backup-20071015-124957-872 O2 - BHO: (no name) - {9c2f5834-34b2-49ed-bff2-19282e3f3933} - C:\WINDOWS\system32\iwrkvqe.dll
backup-20071015-125113-241 O4 - HKLM\..\Run: [cphkgm] C:\WINDOWS\system32\cyqikml.exe r
backup-20071015-125113-295 O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
backup-20071015-125113-300 O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
backup-20071015-125113-307 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kpdhxxqh.dll
backup-20071015-125113-700 O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\kpdhxxqh.dll
backup-20071015-125113-875 O2 - BHO: (no name) - {05241C24-1C2C-45AA-B5C6-160D0E39F8B6} - C:\WINDOWS\system32\awvtt.dll
backup-20071015-125113-978 O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
backup-20071015-125113-997 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20071015-130044-534 O2 - BHO: (no name) - {05241C24-1C2C-45AA-B5C6-160D0E39F8B6} - C:\WINDOWS\system32\awvtt.dll
backup-20071015-193018-807 O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R1 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R2 STEC3 - c:\windows\system32\stec3.sys <Not Verified; AntiCracking; SVKP driver for NT>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 WinDriver6 - c:\windows\system32\drivers\windrvr6.sys <Not Verified; Jungo; WinDriver Device Driver>
S2 MKEMUSB (Panasonic Digital Palmcorder) - c:\windows\system32\drivers\mkemusb.sys <Not Verified; Matsushita Kotobuki Electronics Industries, Ltd.; Panasonic Digital Palmcorder>
S3 DCamUSBMke (USB Video Camera for Panasonic Digital Palmcorder) - c:\windows\system32\drivers\mkeusbi.sys <Not Verified; Matsushita Kotobuki Electronics Industries,Ltd.; Panasonic Digital Palmcorder>
S3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT(R)>
S3 iveawaw - c:\windows\system32\aearl\iveawaw (file missing)
S3 npkcrypt - c:\program files\softnyx\gunbound\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
S3 npriyjf - c:\windows\system32\xqmbon\npriyjf (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>
S2 DomainService - c:\windows\system32\tpctdoln.exe /service (file missing)
S4 jgrqhpfraearl - c:\windows\system32\aearl\jgrqhpfr.exe (file missing)
S4 npkcsvc - c:\windows\system32\npkcsvc.exe <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Service>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2007-10-18 07:36:04 364 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-10-13 13:32:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-09-18 and 2007-10-18 -----------------------------
2007-10-18 08:26:40 0 d-------- C:\VundoFix Backups
2007-10-18 03:32:25 78400 --a------ C:\WINDOWS\system32\guepmwgf.dll
2007-10-18 03:26:25 0 --a------ C:\WINDOWS\system32\raustklm.exe
2007-10-18 00:24:44 3730 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-18 00:23:52 0 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-18 00:23:52 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-10-18 00:23:52 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-10-18 00:23:52 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2007-10-18 00:23:52 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-17 03:26:56 78400 --a------ C:\WINDOWS\system32\kimjwssi.dll
2007-10-17 03:26:32 0 --a------ C:\WINDOWS\system32\bbichodc.exe
2007-10-17 03:26:22 389184 --a------ C:\WINDOWS\system32\npaxnpkt.exe
2007-10-16 03:29:26 77888 --a------ C:\WINDOWS\system32\xfxyodlv.dll
2007-10-16 03:27:08 339968 --a------ C:\WINDOWS\system32\mjvxrhiv.dll
2007-10-16 03:26:35 389184 --a------ C:\WINDOWS\system32\pkfcrcto.exe
2007-10-16 03:24:35 436408 ---hs---- C:\WINDOWS\system32\ttvwa.bak2
2007-10-15 19:42:52 444272 ---hs---- C:\WINDOWS\system32\ttvwa.ini2
2007-10-15 03:36:05 79424 --a------ C:\WINDOWS\system32\fgmwjtvk.dll
2007-10-15 03:24:47 339968 --a------ C:\WINDOWS\system32\kpdhxxqh.dll
2007-10-15 03:24:47 339968 --a------ C:\Program Files\Hammer.dll
2007-10-15 03:24:18 389184 --a------ C:\WINDOWS\system32\fjamrotw.exe
2007-10-14 15:24:23 2 --a------ C:\WINDOWS\system32\wapiit.exe
2007-10-14 15:24:07 0 d-------- C:\Documents and Settings\Owner\Application Data\??sembly
2007-10-14 15:24:04 60928 --a------ C:\WINDOWS\system32\ejya.dll
2007-10-14 15:23:58 439735 ---hs---- C:\WINDOWS\system32\ttvwa.bak1
2007-10-14 15:23:45 0 d-------- C:\Program Files\??mbols
2007-10-14 15:23:19 0 d-------- C:\WINDOWS\system32\oTt08e
2007-10-14 15:23:01 0 --a------ C:\WINDOWS\winshow.exe
2007-10-14 15:20:59 308832 --a------ C:\WINDOWS\system32\awvtt.dll
2007-10-14 15:16:54 44922 --a------ C:\WINDOWS\system32\IKatzuUninstall.exe
2007-10-14 15:16:51 118784 --a------ C:\WINDOWS\system32\artchker.exe
2007-10-14 15:16:49 45056 --a------ C:\WINDOWS\system32\katzppd.exe <Not Verified; Upads.Biz; IKatzu App>
2007-10-14 15:16:49 0 d--hs---- C:\WINDOWS\IA
2007-10-14 15:16:47 45056 --a------ C:\WINDOWS\system32\katzpczci.exe <Not Verified; Upads.Biz; IKatzu App>
2007-10-14 15:16:26 171520 --a------ C:\WINDOWS\system32\iwrkvqe.dll
2007-10-14 15:16:25 421888 --a------ C:\WINDOWS\system32\bkinsmqc.dll <Not Verified; ; IKatzu Search Ads>
2007-10-14 15:16:02 0 d-------- C:\WINDOWS\system32\que1
2007-10-14 15:16:02 0 d-------- C:\WINDOWS\system32\kat1
2007-10-14 15:16:02 0 d-------- C:\WINDOWS\system32\ipd2
2007-10-14 15:16:02 0 d-------- C:\WINDOWS\system32\comms2
2007-10-14 15:16:02 0 d-------- C:\WINDOWS\system32\a8
2007-10-14 15:15:48 0 d-------- C:\WINDOWS\system32\vMW02a
-- Find3M Report ---------------------------------------------------------------
2007-10-15 19:25:12 0 d--h----- C:\Program Files\WindowsUpdate
2007-10-15 17:20:21 0 d-------- C:\Program Files\??mbols
2007-10-15 12:44:13 0 d-------- C:\Program Files\Common Files
2007-10-15 12:44:03 0 d-------- C:\Program Files\Common Files\WinAntiSpyware 2007
2007-10-14 15:24:07 0 d-------- C:\Documents and Settings\Owner\Application Data\??sembly
2007-10-11 02:44:50 0 d-------- C:\Documents and Settings\Owner\Application Data\dvdcss
2007-09-30 21:47:02 0 d-------- C:\Program Files\Java
2007-09-19 23:04:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-13 14:37:41 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2007-09-13 14:37:40 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2007-09-03 16:02:07 0 d-------- C:\Program Files\Lavasoft
2007-09-03 16:02:02 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-09-03 16:00:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-14 12:09:32 112 --a------ C:\WINDOWS\HOSTK100.DAT
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{015CDAF3-CC87-4F25-B935-3C98A32141E8}]
C:\Program Files\WindowsUpdate\meso43855.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDC59F8E-F118-41B9-BC83-990D2FF00694}]
10/14/2007 03:21 PM 308832 --a------ C:\WINDOWS\system32\awvtt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA5159DF-E413-4878-8AE2-D921D41BB942}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FD44536-9DF0-4034-939F-5BD4D98E3187}"= C:\Program Files\TBONAS\TBONlchr.dll [ ]
[-HKEY_CLASSES_ROOT\CLSID\{7FD44536-9DF0-4034-939F-5BD4D98E3187}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
[HKEY_CLASSES_ROOT\TypeLib\{4EF67630-DD6C-4e66-B175-60BCCD1CA89B}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_12\bin\jusched.exe" [05/09/2006 02:01 PM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 04:04 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 03:38 PM]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [08/21/2003 03:23 AM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 07:02 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/13/2004 08:43 PM]
"VTTimer"="VTTimer.exe" [10/22/2004 11:53 AM C:\WINDOWS\system32\VTTimer.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 01:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 05:18 PM]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 11:49 AM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 06:29 PM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 12:05 PM]
"jlxmvhd"="c:\windows\system32\absysao.exe" []
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [08/22/2004 04:05 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/30/2005 03:30 AM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/11/2005 09:02 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 02:50 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 10:54 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/02/2007 03:24 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [01/09/2004 01:34 AM]
"RecordNow!"="" []
"Aim6"="" []
"WebBuying"="C:\Program Files\Web Buying\v1.8.5\webbuying.exe" []
"Notn"="C:\PROGRA~1\MBOLS~1\wuaclt.exe" []
"Kwwszg"="C:\Documents and Settings\Owner\Application Data\??sembly\u?erinit.exe" [10/03/2007 07:07 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"lvvna.exe"=C:\WINDOWS\system\lvvna.exe
"jsuvojncu.exe"=C:\WINDOWS\system\jsuvojncu.exe
"llvlrun.exe"=C:\WINDOWS\system\llvlrun.exe
"mnmignvusr.exe"=C:\WINDOWS\system\mnmignvusr.exe
"jirq.exe"=C:\WINDOWS\system\jirq.exe
"iadtu.exe"=C:\WINDOWS\system\iadtu.exe
"pnjlgiq.exe"=C:\WINDOWS\system\pnjlgiq.exe
"ffri.exe"=C:\WINDOWS\system\ffri.exe
"ihokslrcu.exe"=C:\WINDOWS\system\ihokslrcu.exe
"rshmigl.exe"=C:\WINDOWS\system\rshmigl.exe
"jgbcsh.exe"=C:\WINDOWS\system\jgbcsh.exe
"nktvivm.exe"=C:\WINDOWS\system\nktvivm.exe
"douscc.exe"=C:\WINDOWS\system\douscc.exe
"birrnct.exe"=C:\WINDOWS\system\birrnct.exe
"ictrloku.exe"=C:\WINDOWS\system\ictrloku.exe
"dvfvvitlv.exe"=C:\WINDOWS\system\dvfvvitlv.exe
"hjjvrsb.exe"=C:\WINDOWS\system\hjjvrsb.exe
"vnkcu.exe"=C:\WINDOWS\system\vnkcu.exe
"mhsplfbvbt.exe"=C:\WINDOWS\system\mhsplfbvbt.exe
"orgq.exe"=C:\WINDOWS\system\orgq.exe
"sqqxtxlet.exe"=C:\WINDOWS\system\sqqxtxlet.exe
"rkpep.exe"=C:\WINDOWS\system\rkpep.exe
"mpxejw.exe"=C:\WINDOWS\system\mpxejw.exe
"pvvs.exe"=C:\WINDOWS\system\pvvs.exe
"wqdumu.exe"=C:\WINDOWS\system\wqdumu.exe
"ckdcge.exe"=C:\WINDOWS\system\ckdcge.exe
"wjravp.exe"=C:\WINDOWS\system\wjravp.exe
"nefjmdvp.exe"=C:\WINDOWS\system\nefjmdvp.exe
"sefxfj.exe"=C:\WINDOWS\system\sefxfj.exe
"qhtpd.exe"=C:\WINDOWS\system\qhtpd.exe
"ovnnk.exe"=C:\WINDOWS\system\ovnnk.exe
"ewnka.exe"=C:\WINDOWS\system\ewnka.exe
"akkf.exe"=C:\WINDOWS\system\akkf.exe
"qkjvcpbdn.exe"=C:\WINDOWS\system\qkjvcpbdn.exe
"lwdgxhlv.exe"=C:\WINDOWS\system\lwdgxhlv.exe
"caeqfdouig.exe"=C:\WINDOWS\system\caeqfdouig.exe
"jmxfxlnxf.exe"=C:\WINDOWS\system\jmxfxlnxf.exe
"hojnbkaow.exe"=C:\WINDOWS\system\hojnbkaow.exe
"exjmbpk.exe"=C:\WINDOWS\system\exjmbpk.exe
"qkeav.exe"=C:\WINDOWS\system\qkeav.exe
"rnkhllffih.exe"=C:\WINDOWS\system\rnkhllffih.exe
"qhkp.exe"=C:\WINDOWS\system\qhkp.exe
"snsqe.exe"=C:\WINDOWS\system\snsqe.exe
"mmkun.exe"=C:\WINDOWS\system\mmkun.exe
"griiwflbi.exe"=C:\WINDOWS\system\griiwflbi.exe
"bqblfmxum.exe"=C:\WINDOWS\system\bqblfmxum.exe
"vsop.exe"=C:\WINDOWS\system\vsop.exe
"bbrhp.exe"=C:\WINDOWS\system\bbrhp.exe
"ajtxsu.exe"=C:\WINDOWS\system\ajtxsu.exe
"eduu.exe"=C:\WINDOWS\system\eduu.exe
"cksc.exe"=C:\WINDOWS\system\cksc.exe
"ddwn.exe"=C:\WINDOWS\system\ddwn.exe
"lhxtkfbv.exe"=C:\WINDOWS\system\lhxtkfbv.exe
"nplsfcvf.exe"=C:\WINDOWS\system\nplsfcvf.exe
"uburqbo.exe"=C:\WINDOWS\system\uburqbo.exe
"simx.exe"=C:\WINDOWS\system\simx.exe
"xeairvsh.exe"=C:\WINDOWS\system\xeairvsh.exe
"jvmqbhjbm.exe"=C:\WINDOWS\system\jvmqbhjbm.exe
"oddnnehtav.exe"=C:\WINDOWS\system\oddnnehtav.exe
"acvxjp.exe"=C:\WINDOWS\system\acvxjp.exe
"jwwtwqgpxq.exe"=C:\WINDOWS\system\jwwtwqgpxq.exe
"reascdpjnk.exe"=C:\WINDOWS\system\reascdpjnk.exe
"bifmi.exe"=C:\WINDOWS\system\bifmi.exe
"aulmxobgd.exe"=C:\WINDOWS\system\aulmxobgd.exe
"htkhtk.exe"=C:\WINDOWS\system\htkhtk.exe
"pwincg.exe"=C:\WINDOWS\system\pwincg.exe
"tommdha.exe"=C:\WINDOWS\system\tommdha.exe
"nhjck.exe"=C:\WINDOWS\system\nhjck.exe
"nghe.exe"=C:\WINDOWS\system\nghe.exe
"nnkga.exe"=C:\WINDOWS\system\nnkga.exe
"takwmiig.exe"=C:\WINDOWS\system\takwmiig.exe
"aashtx.exe"=C:\WINDOWS\system\aashtx.exe
"uncisd.exe"=C:\WINDOWS\system\uncisd.exe
"sadhegxr.exe"=C:\WINDOWS\system\sadhegxr.exe
"ocibj.exe"=C:\WINDOWS\system\ocibj.exe
"djnl.exe"=C:\WINDOWS\system\djnl.exe
"dddgv.exe"=C:\WINDOWS\system\dddgv.exe
"vwkbjrj.exe"=C:\WINDOWS\system\vwkbjrj.exe
"epsxhqpnk.exe"=C:\WINDOWS\system\epsxhqpnk.exe
"qpsfuphqi.exe"=C:\WINDOWS\system\qpsfuphqi.exe
"mkhs.exe"=C:\WINDOWS\system\mkhs.exe
"tgxmoi.exe"=C:\WINDOWS\system\tgxmoi.exe
"lqfuawnec.exe"=C:\WINDOWS\system\lqfuawnec.exe
"fdhpitthw.exe"=C:\WINDOWS\system\fdhpitthw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnllk]
nnnnllk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll 12/20/2001 10:34 PM 24576 C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvtt.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a1e9630-f0ca-11d8-8319-806d6172696f}]
AutoRun\command- D:\Info.exe folder.htt 480 480
*Newly Created Service* - ENTDRV51
-- End of Deckard's System Scanner: finished at 2007-10-18 09:03:33 ------------
extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) XP 3200+
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 447.48 MiB / 162.94 MiB
Pagefile Memory (total/avail): 1055.38 MiB / 690.15 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.27 MiB
C: is Fixed (NTFS) - 144.25 GiB total, 2.36 GiB free.
D: is Fixed (FAT32) - 4.79 GiB total, 0.72 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is CDROM (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)
\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 4.79 GiB - D:
\PARTITION1 (bootable) - Installable File System - 144.25 GiB - C:
\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device
\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device
\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device
\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
AV: McAfee VirusScan v (McAfee)
Disabled
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Ares Lite Edition\\AresLite.exe"="C:\\Program Files\\Ares Lite Edition\\AresLite.exe:*:Enabled:Ares Lite Edition"
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"="C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe:*:Enabled:BackWeb-137903"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\i2hubV2\\i2hub.exe"="C:\\Program Files\\i2hubV2\\i2hub.exe:*:Enabled:i2hub Client App"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\WINDOWS\\system32\\xlhvxngb.exe"="C:\\WINDOWS\\system32\\xlh"
"C:\\WINDOWS\\system32\\tpctdoln.exe"="C:\\WINDOWS\\system32\\tpc"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DANSHIN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\DANSHIN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=DANSHIN
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
Owner
(admin)
family
(admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\System32\ossproxy.exe -bootremove -uninst:RelevantKnowledge
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
--> VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Agere Systems PCI Soft Modem --> agrsmdel
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
BitTornado 0.3.15 --> C:\Program Files\BitTornado\uninst.exe
Blackhawk Striker from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E28167F1-3F42-40C7-9119-1D5A97444F10\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8C4E79CC-03E1-43AA-9910-9A5113F24603\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe"
Crystal Maze from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292\Uninstall.exe"
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DefilerPak 1.19 (Remove Only) --> "C:\Program Files\DefilerPak\UnDefile.exe"
DirectShow subtitle filter colleciton (remove only) --> "C:\WINDOWS\System32\SubtitDSuninst.exe"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Codec --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Bundle.log
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Five Card Frenzy from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DA44615A-C243-46A4-8E47-184CFF33CD38\Uninstall.exe"
Grand Theft Auto Vice City --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\Setup.exe" -l0x9
HijackThis 1.99.0 --> C:\Documents and Settings\Owner\Desktop\HijackThis.exe /uninstall
HOTLLAMA Media Player --> C:\Program Files\HOTLLAMA MEDIA\Player\UNWISE.EXE
HOTLLAMA Media Player - Update --> C:\PROGRA~1\HOTLLA~1\Player\UNWISE.EXE C:\PROGRA~1\HOTLLA~1\Player\INSTALL.LOG
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 3.5 --> C:\Program Files\HP\Digital Imaging\{C6C44651-7C66-4b11-92E8-17565D3D22DD}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photo & Imaging 3.5 - HP Devices --> C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
HPIZ350 --> MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}
IKatzu --> C:\WINDOWS\system32\IKatzuUninstall.exe
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InternetOffers --> C:\WINDOWS\io2uns.exe
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod Video Converter 3 --> C:\Program Files\Xilisoft\iPod Video Converter 3\Uninstall.exe
iTunes --> MsiExec.exe /I{01B51908-02EF-453B-87A9-815182E8C2F2}
Java 2 Runtime Environment Standard Edition v1.3.1_02 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_02\Uninst.isu"
Java 2 Runtime Environment, SE v1.4.1_05 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78D082B3-ACEE-11D7-9D64-00010240CE95}\setup.exe" Anytext
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java 2 Runtime Environment, SE v1.4.2_12 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142120}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
LimeWire 4.9.37 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logger Pro 3.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1BDDC0-D9B4-4409-9C81-FFADABFB0E1E}\setup.exe" -l0x9
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee VirusScan --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office XP Professional --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
nProtect KeyCrypt --> C:\WINDOWS\System32\npkuninst.exe
ObjectDock --> C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
Orbital from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\62067F4C-84A9-45B9-8573-B90468B0A3EF\Uninstall.exe"
Otto from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BFBCBAE3-8293-4215-9C4F-C2402C118EDB\Uninstall.exe"
Overball from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6723E59E-322A-417A-8E03-27A61E18253C\Uninstall.exe"
Palmcorder USB Device Driver 2.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F68794FD-9BBA-44FB-976C-4FCE2B447476}\setup.exe"
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Pocket RAR documentation --> C:\Program Files\PocketRAR\uninstall.exe
Polar Bowler from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exe"
Post-it® Digital Notes --> MsiExec.exe /I{AA2DC6BC-F088-46DD-994B-07F6C5A32EC1}
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
RelevantKnowledge --> C:\WINDOWS\System32\ossproxy.exe -bootremove -uninst:RelevantKnowledge
S3 S3Display --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Slyder from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A\Uninstall.exe"
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Media Manager 2.0 --> MsiExec.exe /X{C589B6DE-F7BF-4E22-8524-53E115EF6AB4}
Sony Vegas 6.0 --> MsiExec.exe /X{5FCE0BF9-A1AA-4FA3-A28C-F62431CD52C4}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
TContext --> "C:\Program Files\Internet Optimizer\optimize.exe" /u 8
Tokimeki Check in! --> C:\WINDOWS\unvise32.exe C:\Program Files\Tokimeki Check in!\uninstal.log
Toolkit View(HP) --> c:\Windows\HPTK\unhptkit.exe
Tradewinds from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F5215F01-DFC0-475D-A910-6F1AF94E807E\Uninstall.exe"
Updates from HP --> C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
VBPlayerMoz --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{33BC5F69-0E51-4121-A04A-0868D65CF050} u
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver --> VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\hg201hp.inf
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Vodei Multimedia Processor 2.00 --> C:\Program Files\Vodei\uninst.exe
WindowBlinds --> C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\INSTALL.LOG
Windows AFA Internet Enhancement --> "C:\WINDOWS\system\QBUninstaller.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Word Symphony from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B8610D19-E576-4F91-8A2F-07898D9CA301\Uninstall.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type3123 / Warning
Event Submitted/Written: 10/18/2007 08:58:48 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from DANSHIN IP 134.173.93.1 user SYSTEM running VirusScan Enter 8.0 OAS)
Event Record #/Type3122 / Warning
Event Submitted/Written: 10/18/2007 08:58:47 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from DANSHIN IP 134.173.93.1 user SYSTEM running VirusScan Enter 8.0 OAS)
Event Record #/Type3121 / Warning
Event Submitted/Written: 10/18/2007 08:58:44 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from DANSHIN IP 134.173.93.1 user SYSTEM running VirusScan Enter 8.0 OAS)
Event Record #/Type3120 / Error
Event Submitted/Written: 10/18/2007 08:58:22 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: The file C:\WINDOWS\winshow.exe is infected with the New Malware.j Trojan. No cleaner available, quarantined successfully . Detected using Scan engine version 5200 DAT version 5143.(from DANSHIN IP 134.173.93.1 user DANSHIN\Owner running VirusScan Enter 8.0 OAS)
Event Record #/Type3119 / Error
Event Submitted/Written: 10/18/2007 08:58:21 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: The file C:\WINDOWS\system32\WS2Fix.exe is infected with the New Malware.j Trojan. No cleaner available, quarantined successfully . Detected using Scan engine version 5200 DAT version 5143.(from DANSHIN IP 134.173.93.1 user DANSHIN\Owner running VirusScan Enter 8.0 OAS)
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type13176 / Error
Event Submitted/Written: 10/18/2007 08:49:56 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Network Associates McShield service terminated unexpectedly. It has done this 1 time(s).
Event Record #/Type13155 / Error
Event Submitted/Written: 10/18/2007 08:43:16 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The mrtRate service failed to start due to the following error:
%%2
Event Record #/Type13154 / Error
Event Submitted/Written: 10/18/2007 08:43:16 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Panasonic Digital Palmcorder service failed to start due to the following error:
%%1058
Event Record #/Type13152 / Warning
Event Submitted/Written: 10/18/2007 08:42:46 AM / 10/18/2007 08:43:05 AM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom2 during a paging operation.
Event Record #/Type13148 / Error
Event Submitted/Written: 10/18/2007 08:41:56 AM
Event ID/Source: 15 / Cdrom
Event Description:
The device, \Device\CdRom2, is not ready for access yet.
-- End of Deckard's System Scanner: finished at 2007-10-18 09:03:33 ------------