Done.
MAIN.TXT
Deckard's System Scanner v20071014.68
Run by Chris Payne on 2007-11-20 07:30:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
73: 2007-11-19 20:31:00 UTC - RP221 - Deckard's System Scanner Restore Point
72: 2007-11-19 09:07:36 UTC - RP220 - System Checkpoint
71: 2007-11-18 02:32:05 UTC - RP219 - System Checkpoint
70: 2007-11-17 00:48:38 UTC - RP218 - System Checkpoint
69: 2007-11-15 12:28:33 UTC - RP217 - System Checkpoint
-- First Restore Point --
1: 2007-11-14 07:57:21 UTC - RP149 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 320 MiB (512 MiB recommended).-- HijackThis (run as Chris Payne.exe) -----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:35:10 AM, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Unwired\UwSCT.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Chris Payne\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Chris Payne.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {DC817F66-1ACA-4C1D-A9F7-FD8ACA7BE938} - C:\WINDOWS\system32\ssqrs.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Unwired Launchpad.lnk = C:\Program Files\Unwired\UwSCT.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/So ... b56986.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/EN-AU/a-U ... E_UNO1.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebook.com/controls/Fac ... loader.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
--
End of file - 6171 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------
backup-20071120-072426-512 O2 - BHO: (no name) - {E0B54BEC-9209-4B5D-94E5-A8906DE18FFB} - C:\WINDOWS\system32\ljjjihf.dll (file missing)
backup-20071120-072426-740 O2 - BHO: (no name) - {DC817F66-1ACA-4C1D-A9F7-FD8ACA7BE938} - C:\WINDOWS\system32\ssqrs.dll
backup-20071120-072426-952 O20 - Winlogon Notify: ljjjihf - ljjjihf.dll (file missing)
backup-20071120-072426-960 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20071120-073010-153 O2 - BHO: (no name) - {DC817F66-1ACA-4C1D-A9F7-FD8ACA7BE938} - C:\WINDOWS\system32\ssqrs.dll
-- File Associations -----------------------------------------------------------
.js - JSFile - DefaultIcon - D:\Dreamweaver UltraDev 4\UltraDev.exe,2.js - JSFile - shell\open\command - "D:\Dreamweaver UltraDev 4\UltraDev.exe" "%1"-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S3 catchme - c:\docume~1\chrisp~1\locals~1\temp\catchme.sys (file missing)
S3 jswmidin - c:\docume~1\chrisp~1\locals~1\temp\jswmidin.sys (file missing)
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Video Controller
Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_6606107D&REV_11\3&61AAA01&0&60
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_6606107D&REV_11\3&61AAA01&0&60
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_6606107D&REV_11\3&61AAA01&0&61
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_6606107D&REV_11\3&61AAA01&0&61
Service:
-- Files created between 2007-10-20 and 2007-11-20 -----------------------------
2007-11-17 09:50:08 0 d-------- C:\Program Files\Lavasoft
2007-11-16 19:50:45 0 d-------- C:\WINDOWS\ERUNT
2007-11-16 19:49:16 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-16 19:49:16 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-16 19:49:16 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-16 19:49:16 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-11-16 19:49:16 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-16 19:49:16 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-16 19:49:16 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-11-16 19:49:16 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-16 19:49:16 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-11-16 19:49:16 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-16 19:49:16 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-11-16 19:49:16 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-16 19:49:16 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-16 19:49:15 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-14 18:57:08 141034 --ahs---- C:\WINDOWS\system32\srqss.ini2
2007-11-14 18:55:35 317536 --a------ C:\WINDOWS\system32\ssqrs.dll
2007-11-10 11:37:24 0 d-------- C:\Program Files\MSXML 6.0
2007-11-02 22:21:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-10-28 19:55:12 0 d-------- C:\etax2007
-- Find3M Report ---------------------------------------------------------------
2007-11-16 21:19:01 0 d-------- C:\Documents and Settings\Chris Payne\Application Data\AVG7
2007-11-14 22:48:15 25 --a------ C:\WINDOWS\popcinfo.dat
2007-11-02 22:23:00 0 d-------- C:\Documents and Settings\Chris Payne\Application Data\AdobeUM
2007-10-28 09:40:47 0 d-------- C:\Program Files\Unwired
2007-10-27 18:50:01 0 d-------- C:\Program Files\Windows Live Safety Center
2007-10-13 22:41:41 0 d-------- C:\Program Files\Java
2007-10-01 16:10:55 0 d-------- C:\Documents and Settings\Chris Payne\Application Data\dvdcss
2007-09-28 20:29:54 0 d-------- C:\Program Files\Windows Journal Viewer
2007-09-23 13:07:58 0 d-------- C:\Program Files\Last.fm
2007-09-15 22:04:00 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-21 11:26:52 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-08-21 11:26:52 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC817F66-1ACA-4C1D-A9F7-FD8ACA7BE938}]
14/11/2007 06:57 PM 317536 --a------ C:\WINDOWS\system32\ssqrs.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [24/10/2007 06:02 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 02:11 AM]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19/07/2005 05:32 PM]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [08/06/2005 04:24 PM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08/06/2005 04:14 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:56 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [30/11/2006 09:49 PM]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [08/06/2005 03:44 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 01:54 PM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [02/01/2007 08:22 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [13/01/2007 11:03:35 AM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 4:44:06 AM]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [23/07/2007 6:29:05 PM]
Microsoft Office.lnk - D:\Microsoft Office\Office\OSA9.EXE [22/03/1999 1:00:00 AM]
Unwired Launchpad.lnk - C:\Program Files\Unwired\UwSCT.exe [12/01/2007 11:23:04 PM]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqrs.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72f70c48-a1ba-11db-a430-806d6172696f}]
AutoRun\command- Z:\Autorun.exe
-- End of Deckard's System Scanner: finished at 2007-11-20 07:36:47 ------------
EXTRA.TXT
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Celeron(TM) CPU 1000MHz
Percentage of Memory in Use: 57%
Physical Memory (total/avail): 319.48 MiB / 136.88 MiB
Pagefile Memory (total/avail): 774.32 MiB / 497.76 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.13 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 29.53 GiB total, 20.15 GiB free.
D: is Fixed (NTFS) - 29.29 GiB total, 11.34 GiB free.
E: is Fixed (NTFS) - 15.7 GiB total, 6.97 GiB free.
W: is Fixed (NTFS) - 7.33 GiB total, 3.66 GiB free.
X: is Fixed (FAT32) - 29.92 GiB total, 5.33 GiB free.
Y: is CDROM (CDFS)
Z: is CDROM (CDFS)
\\.\PHYSICALDRIVE1 - ST340810A - 37.27 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 7.33 GiB - W:
\PARTITION1 - Extended w/Extended Int 13 - 29.94 GiB - X:
\\.\PHYSICALDRIVE0 - WDC WD800BB-55JKA0 - 74.53 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 29.53 GiB - C:
\PARTITION1 - Installable File System - 29.29 GiB - D:
\PARTITION2 - Installable File System - 15.7 GiB - E:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AV: AVG 7.5.503 v7.5.503 (Grisoft)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:LastFM"
"C:\\Program Files\\Unwired\\UwWiz.exe"="C:\\Program Files\\Unwired\\UwWiz.exe:*:Enabled:Connection Assistant"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"X:\\NWN\\nwmain.exe"="X:\\NWN\\nwmain.exe:*:Enabled:Neverwinter Nights"
"D:\\Age of Mythology\\aomx.exe"="D:\\Age of Mythology\\aomx.exe:*:Disabled:Age of Mythology - The Titans Expansion"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Chris Payne\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CHRIS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Chris Payne
LOGONSERVER=\\CHRIS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 11 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CHRISP~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\CHRISP~1\LOCALS~1\Temp
USERDOMAIN=CHRIS
USERNAME=Chris Payne
USERPROFILE=C:\Documents and Settings\Chris Payne
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Chris Payne
(admin)Administrator
(new local, admin)Guest
(guest)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"D:\Photoshop 7.0\Uninst.isu" -c"D:\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Age of Mythology Gold --> "D:\Age of Mythology\UNINSTAL.EXE" /runtemp /uninstall
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
Civilization III --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}\setup.exe"
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
e-tax 2007 --> C:\etax2007\e-tax 2007_uninstall.exe
Earth 2150 --> D:\EARTH2~1\UNWISE.EXE D:\EARTH2~1\INSTALL.LOG
Evil Genius --> "D:\Evil Genius\unins000.exe"
FLV Player --> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Last.fm 1.3.2.13 --> "C:\Program Files\Last.fm\unins000.exe"
Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
LucasArts' Star Wars Rebellion --> C:\WINDOWS\uninst.exe -f"D:\Star Wars Rebellion\DeIsL1.isu"
Macromedia Dreamweaver UltraDev 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABDA9912-5D00-11D4-BAE7-9367CA097955}\Setup.exe" mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" mmUninstall
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero 7 Demo --> MsiExec.exe /I{84B2CF01-194D-2284-B313-F2E0D78D1033}
Planescape - Torment --> C:\WINDOWS\IsUninst.exe -fd:\torment\Uninst.isu
Pop-Up Stopper Free Edition --> D:\POP-UP~1\UNWISE.EXE D:\POP-UP~1\INSTALL.LOG
PowerDVD --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CyberLink\PowerDVD\Uninst.isu"
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
Sid Meier's Alpha Centauri --> C:\WINDOWS\IsUninst.exe -f"D:\Sid Meier's Alpha Centauri\Uninst.isu"
SimCity 4 --> D:\SimCity 4\EAUninstall.exe
Spybot - Search & Destroy 1.4 --> "D:\Spybot - Search & Destroy\unins000.exe"
The Sims 2 --> D:\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 Family Fun Stuff --> D:\EA GAMES\The Sims 2 Family Fun Stuff\EAUninstall.exe
The Sims 2 Glamour Life Stuff --> D:\EA GAMES\The Sims 2 Glamour Life Stuff\EAUninstall.exe
The Sims 2 Nightlife --> D:\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business --> D:\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets --> D:\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University --> D:\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims™ 2 Bon Voyage --> D:\Program Files\EA GAMES\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 Celebration! Stuff --> D:\EA GAMES\The Sims 2 Celebration! Stuff\EAUninstall.exe
The Sims™ 2 H&M® Fashion Stuff --> D:\Program Files\EA GAMES\The Sims 2 H&M® Fashion Stuff\EAUninstall.exe
The Sims™ 2 Seasons --> D:\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
Unwired --> MsiExec.exe /X{87965E10-76F1-40BB-87CB-BF69B422746A}
VideoLAN VLC media player 0.8.4 --> D:\VLC\uninstall.exe
Virtual Villagers --> "d:\Virtual Villagers\ReflexiveArcade\unins000.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> C:\Program Files\WinZip\WINZIP32.EXE /uninstall
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type4797 / Success
Event Submitted/Written: 11/20/2007 07:13:24 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type4781 / Success
Event Submitted/Written: 11/19/2007 07:27:41 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type4763 / Success
Event Submitted/Written: 11/19/2007 07:23:13 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type4751 / Success
Event Submitted/Written: 11/18/2007 06:24:22 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type4742 / Error
Event Submitted/Written: 11/18/2007 02:05:11 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20071.2514, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type15271 / Warning
Event Submitted/Written: 11/20/2007 07:04:56 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 525405E30117. The IP address being used is 169.254.57.216.
Event Record #/Type15227 / Warning
Event Submitted/Written: 11/18/2007 10:16:29 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type15207 / Warning
Event Submitted/Written: 11/18/2007 04:21:06 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 525405E30117. The IP address being used is 169.254.57.216.
Event Record #/Type15206 / Error
Event Submitted/Written: 11/18/2007 04:19:46 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 125.63.137.146 on the
Network Card with network address 525405E30117.
Event Record #/Type15205 / Warning
Event Submitted/Written: 11/18/2007 04:19:46 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 525405E30117. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
-- End of Deckard's System Scanner: finished at 2007-11-20 07:36:47 ------------