Deckard's System Scanner v20071014.68
Run by amourgirl on 2008-01-29 22:41:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 2 Restore Point(s) --
2: 2008-01-29 18:37:29 UTC - RP489 - Windows Update
1: 2008-01-29 09:58:19 UTC - RP488 - Windows Defender Checkpoint
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 77% (more than 75%).Total Physical Memory: 766 MiB (1024 MiB recommended).-- HijackThis (run as amourgirl.exe) -------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:39, on 29/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Windows\System32\mobsync.exe
C:\Users\amourgirl\Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\amourgirl.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebook.com/controls/Fac ... loader.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) -
http://javadl-esd.sun.com/update/1.5.0/ ... s-i586.cabO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 4413 bytes
-- File Associations -----------------------------------------------------------
.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
S3 stppp (Speedtouch PPP Adapter Adapter) - c:\windows\system32\drivers\stppp.sys <Not Verified; THOMSON Telecom Belgium; SpeedTouch PPP Adapter>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-01-29 21:14:25 426 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{69EB0151-2988-4993-87D0-2C7D87A257E8}.job
2008-01-29 06:30:45 526 --a------ C:\Windows\Tasks\Scheduled scanning task.job
-- Files created between 2007-12-29 and 2008-01-29 -----------------------------
2008-01-29 18:04:41 0 d-------- C:\Users\All Users\PopCap Games
2008-01-29 18:04:41 0 d-------- C:\Program Files\PopCap Games
2008-01-28 20:41:03 0 d-------- C:\Program Files\Trend Micro
2008-01-21 12:48:48 0 d-------- C:\Users\All Users\Office Genuine Advantage
2008-01-20 20:25:35 0 d-------- C:\Users\All Users\IM
2008-01-20 20:25:28 0 d-------- C:\Users\All Users\IncrediMail
2008-01-20 18:42:15 0 d-------- C:\Program Files\Lavasoft
2008-01-20 18:42:14 0 d-------- C:\Users\All Users\Lavasoft
2008-01-20 18:41:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-19 01:34:06 0 d-------- C:\Users\All Users\F-Secure
2008-01-19 01:33:11 0 d-------- C:\Program Files\F-Secure Internet Security
2008-01-19 01:32:30 0 d-------- C:\Users\All Users\fssg
2008-01-19 00:53:04 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-18 14:20:34 0 d-------- C:\Users\All Users\eBay
2008-01-18 14:20:34 0 d-------- C:\Program Files\eBay
2008-01-15 15:50:13 0 d-------- C:\ConvertTemp
2008-01-15 15:39:20 174592 --a------ C:\Windows\system32\framedyn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-15 15:33:39 0 d-------- C:\Windows\system32\Samsung_USB_Drivers
2008-01-15 15:33:01 5632 --a------ C:\Windows\system32\drivers\StarOpen.sys
2008-01-15 15:32:39 0 d-------- C:\Program Files\Samsung
2008-01-12 15:21:00 118784 -----n--- C:\Windows\system32\DartTelnet.dll <Not Verified; Dart Communications; PowerTCP© Tools>
2008-01-12 15:21:00 221184 -----n--- C:\Windows\system32\DartSock.dll <Not Verified; Dart Communications; PowerTCP© Tools>
2008-01-12 15:20:57 0 d-------- C:\Program Files\Zoom
2008-01-11 20:42:44 0 d-------- C:\Program Files\PixiePack Codec Pack
2008-01-11 20:39:56 0 d-------- C:\Users\All Users\RapidSolution
2008-01-11 20:39:56 0 d-------- C:\Program Files\RapidSolution
2008-01-09 19:15:41 0 d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
2008-01-09 19:04:30 0 d-------- C:\Program Files\SmartFTP FTP Library
-- Find3M Report ---------------------------------------------------------------
2008-01-21 20:21:00 0 d-------- C:\Users\amourgirl\AppData\Roaming\F-Secure
2008-01-20 20:25:29 0 d-------- C:\Program Files\IncrediMail
2008-01-20 20:01:21 0 d-------- C:\Users\amourgirl\AppData\Roaming\Talkback
2008-01-20 18:41:05 0 d-------- C:\Program Files\Common Files
2008-01-20 18:02:57 0 d-------- C:\Users\amourgirl\AppData\Roaming\Mozilla
2008-01-20 18:02:55 0 d-------- C:\Users\amourgirl\AppData\Roaming\Thunderbird
2008-01-19 00:35:57 0 d-------- C:\Program Files\Google
2008-01-19 00:31:31 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-15 15:41:49 0 d-------- C:\Users\amourgirl\AppData\Roaming\Samsung
2008-01-12 23:36:25 0 d-------- C:\Users\amourgirl\AppData\Roaming\Tunebite
2008-01-11 20:48:24 0 d-------- C:\Users\amourgirl\AppData\Roaming\RTPlayer
2008-01-11 20:26:14 0 d-------- C:\Users\amourgirl\AppData\Roaming\Download Manager
2008-01-09 19:15:52 0 d-------- C:\Program Files\SmartFTP Client
2008-01-09 03:09:52 0 d-------- C:\Program Files\Windows Mail
2008-01-09 03:01:53 0 d-------- C:\Program Files\Windows Sidebar
2007-12-22 13:28:50 0 --a------ C:\Windows\ativpsrm.bin
2007-12-19 19:59:04 1044480 -ra------ C:\Windows\system32\roboex32.dll <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9.2>
2007-12-19 19:59:04 49152 -ra------ C:\Windows\system32\inetwh32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2007-12-12 22:43:46 0 d-------- C:\Users\amourgirl\AppData\Roaming\Adobe
2007-12-12 22:43:22 1158 --a------ C:\Windows\mozver.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [14/04/2007 07:34]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [25/05/2007 13:12]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^amourgirl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk]
path=C:\Users\amourgirl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerMenu.lnk
backup=C:\Windows\pss\PowerMenu.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
"C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iqhpvr]
c:\users\amourgirl\appdata\local\iqhpvr.exe iqhpvr
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zzz_ImInstaller_IncrediMail]
C:\Users\AMOURG~1\AppData\Local\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe -startup -product IncrediMail
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76babd3c-8bb5-11dc-8c7d-0016e6958ef3}]
AutoRun\command- J:\InstallTomTomHOME.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2008-01-29 22:45:12 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) D CPU 2.66GHz
Percentage of Memory in Use: 75%
Physical Memory (total/avail): 765.94 MiB / 188.19 MiB
Pagefile Memory (total/avail): 1792.89 MiB / 976.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1908.63 MiB
C: is Fixed (NTFS) - 22.23 GiB total, 3.3 GiB free.
D: is Fixed (NTFS) - 44.49 GiB total, 38.05 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
\\.\PHYSICALDRIVE0 - ST3808110AS ATA Device - 74.53 GiB - 3 partitions
\PARTITION0 - Unknown - 7.81 GiB
\PARTITION1 (bootable) - Installable File System - 22.23 GiB - C:
\PARTITION2 - Installable File System - 44.49 GiB - D:
\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device
\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device
\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device
\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AV: F-Secure Anti-Virus 2008 8.00 v8.00 (F-Secure Corporation)
AV: AVG 7.5.503 v7.5.503 (Grisoft)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: F-Secure Anti-Virus 2008 8.00 v8.00 (F-Secure Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\amourgirl\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\amourgirl
LOCALAPPDATA=C:\Users\amourgirl\AppData\Local
LOGONSERVER=\\HOME
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\AMOURG~1\AppData\Local\Temp
TMP=C:\Users\AMOURG~1\AppData\Local\Temp
USERDOMAIN=Home
USERNAME=amourgirl
USERPROFILE=C:\Users\amourgirl
windir=C:\Windows
-- User Profiles ---------------------------------------------------------------
amourgirl
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Advanced Security for Outlook --> MsiExec.exe /I{7B4174E8-FE92-4269-808A-3B8D116D9538}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Bejeweled 2 Deluxe 1.1 --> C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
BUM --> MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
DHTML Editing Component --> MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
Easy Adder 1.4.7 --> "C:\Program Files\Easy Adder\unins000.exe"
F-Secure Anti-Virus 2008 --> "C:\Program Files\F-Secure Internet Security\FSGUI\PostInstall.exe" /tUnInstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IncrediMail Xe --> C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
KODAK EASYSHARE Gallery Easy Upload, v2.1 --> C:\Users\amourgirl\AppData\Local\KodakGallery\EasyShareSetup\$SETUP_140007_97ddf5d\Setup.exe /APR-REMOVE
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Mahjongg Master Deluxe --> C:\PROGRA~1\eGames\MAHJON~1\UNWISE.EXE C:\PROGRA~1\eGames\MAHJON~1\INSTALL.LOG
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# 2.0 Redistributable Package --> C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Paint Shop Pro 7 Anniversary Edition --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Peter's XML Editor --> MsiExec.exe /I{5E770B51-820C-402E-8569-E02D12C212D2}
PixiePack Codec Pack --> MsiExec.exe /I{621FCD24-4498-4324-A81E-07D331376EDF}
Puzzle Master 2 --> C:\PROGRA~1\eGames\PUZZLE~1\UNWISE.EXE C:\PROGRA~1\eGames\PUZZLE~1\INSTALL.LOG
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
SAMSUNG Mobile Modem Driver Set --> C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software --> C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 --> "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.5 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 2.5 Setup Files\uninst-sftp.exe
SmartFTP FTP Library (remove only) --> "C:\Program Files\SmartFTP FTP Library\uninst-sftplib.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TomTom HOME --> C:\Program Files\InstallShield Installation Information\{3C9EEFEF-1F71-4213-AC41-4BF5FE0FED95}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
Tunebite --> MsiExec.exe /I{612F3610-3BB7-4D9A-8C97-BFB93BF76383}
Web Page Maker V2.3 --> "C:\Program Files\Web Page Maker V2\unins000.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Zoom ADSL Modem --> C:\Program Files\Zoom\Adsl\uninstall.exe
Zoom ADSL Modem --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52C8CFE4-7C7C-11D7-A021-0060979CE4D3}\Setup.exe" -l0x9
-- Application Event Log -------------------------------------------------------
Event Record #/Type21090 / Error
Event Submitted/Written: 01/29/2008 10:40:49 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program dss.exe version 3.2.8.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: c10
Start Time: 01c862c7a42e6a9f
Termination Time: 0
Event Record #/Type21087 / Error
Event Submitted/Written: 01/29/2008 10:28:51 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application IMApp.exe, version 5.7.0.3345, time stamp 0x478f285b, faulting module MFC80U.DLL, version 8.0.50727.762, time stamp 0x45713438, exception code 0xc0000005, fault offset 0x0002e9ba,
process id 0xfb0, application start time 0xIMApp.exe0.
Event Record #/Type21056 / Error
Event Submitted/Written: 01/29/2008 09:58:08 AM
Event ID/Source: 8194 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {a9a82779-cbf6-4aec-aa66-aa6a46526adb}
Event Record #/Type21049 / Error
Event Submitted/Written: 01/29/2008 06:30:45 AM
Event ID/Source: 103 / Message from F-Secure Anti-Virus on
Event Description:
1 2008-01-29 06:30:44+01:00 home HOME\amourgirl Message from F-Secure Anti-Virus on
Manual scanning was finished - workstation was found infected!
Event Record #/Type21040 / Error
Event Submitted/Written: 01/28/2008 08:37:05 PM
Event ID/Source: 5007 / WerSvc
Event Description:
The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type43845 / Warning
Event Submitted/Written: 01/29/2008 10:43:49 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Home27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Home27 can't undo changes that you allow.
For more information please see the following:
%Home275
Scan ID: {FC71FF85-19E6-4ADF-843B-F7F528DBF971}
User: Home\amourgirl
Name: %Home271
ID: %Home272
Severity ID: %Home273
Category ID: %Home274
Path Found: %Home276
Alert Type: %Home278
Detection Type: 1.1.1505.02
Event Record #/Type43844 / Warning
Event Submitted/Written: 01/29/2008 10:43:49 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Home27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Home27 can't undo changes that you allow.
For more information please see the following:
%Home275
Scan ID: {42F6F201-F667-41AB-8DC9-9C3B52CDE643}
User: Home\amourgirl
Name: %Home271
ID: %Home272
Severity ID: %Home273
Category ID: %Home274
Path Found: %Home276
Alert Type: %Home278
Detection Type: 1.1.1505.02
Event Record #/Type43843 / Error
Event Submitted/Written: 01/29/2008 10:38:04 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Remote Access Connection ManagerTelephony%%1058
Event Record #/Type43842 / Error
Event Submitted/Written: 01/29/2008 10:37:20 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Remote Access Connection ManagerTelephony%%1058
Event Record #/Type43841 / Error
Event Submitted/Written: 01/29/2008 10:37:01 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Remote Access Connection ManagerTelephony%%1058
-- End of Deckard's System Scanner: finished at 2008-01-29 22:45:12 ------------