-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 06, 2008 11:16:02 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/04/2008
Kaspersky Anti-Virus database records: 686440
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
G:\
Scan Statistics:
Total number of scanned objects: 62115
Number of viruses found: 5
Number of infected objects: 19
Number of suspicious objects: 0
Duration of the scan process: 01:15:03
Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\WINDOWS\system32\admdll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\WINDOWS\system32\raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\WINDOWS\system32\f3PSSavr.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\WINDOWS\Temp\mcmsc_KiAQV1Wm01J245c Object is locked skipped
C:\WINDOWS\Temp\mcafee_hVDN8JbQ6t7j4JM Object is locked skipped
C:\WINDOWS\Temp\mcafee_bAruMZMKWGp1ijk Object is locked skipped
C:\WINDOWS\Temp\mcmsc_yOnHlYbUElOu6ov Object is locked skipped
C:\WINDOWS\Temp\mcmsc_e53QxDnO2QqgJF8 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{B0BB4778-0BCE-41A9-AB06-18D710C1CEAD}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\logout.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\RICHARD\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\RICHARD\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\RICHARD\Local Settings\Temp\~DF86BA.tmp Object is locked skipped
C:\Documents and Settings\RICHARD\Local Settings\Temp\~DFFE68.tmp Object is locked skipped
C:\Documents and Settings\RICHARD\Local Settings\Temp\~WRF0000.tmp Object is locked skipped
C:\Documents and Settings\RICHARD\Local Settings\Temp\~WRD0001.doc Object is locked skipped
C:\Documents and Settings\RICHARD\Local Settings\Temp\~WRS0002.tmp Object is locked skipped
C:\Documents and Settings\RICHARD\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\RICHARD\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\RICHARD\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\RICHARD\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\RICHARD\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\RICHARD\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Program Files\MSN Messenger\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Program Files\Radmin\AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\Program Files\Radmin\raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\Program Files\Radmin\radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Program Files\Radmin\r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\System Volume Information\_restore{3D0A66E7-D46E-49DC-8867-BC958F6C7EC8}\RP20\A0005188.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{3D0A66E7-D46E-49DC-8867-BC958F6C7EC8}\RP24\A0006286.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{3D0A66E7-D46E-49DC-8867-BC958F6C7EC8}\RP27\A0008332.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{3D0A66E7-D46E-49DC-8867-BC958F6C7EC8}\RP45\A0010305.exe Infected: not-a-virus:AdWare.Win32.Vapsup.brq skipped
C:\System Volume Information\_restore{3D0A66E7-D46E-49DC-8867-BC958F6C7EC8}\RP47\change.log Object is locked skipped
C:\Software\radmin21.zip/RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\Software\radmin21.zip/RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\Software\radmin21.zip/RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Software\radmin21.zip/RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Software\radmin21.zip/RADMIN21.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Software\radmin21.zip ZIP: infected - 5 skipped
C:\MalWare Removal.doc Object is locked skipped
Scan process completed.
====
Deckard's System Scanner v20071014.68
Run by RICHARD on 2008-04-06 11:20:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
38: 2008-04-06 15:20:53 UTC - RP48 - Deckard's System Scanner Restore Point
37: 2008-04-06 01:50:44 UTC - RP47 - System Checkpoint
36: 2008-04-05 01:02:26 UTC - RP46 - System Checkpoint
35: 2008-04-04 00:56:14 UTC - RP45 - System Checkpoint
34: 2008-04-02 22:06:04 UTC - RP44 - System Checkpoint
-- First Restore Point --
1: 2008-02-17 09:48:29 UTC - RP11 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 480 MiB (512 MiB recommended).-- HijackThis (run as RICHARD.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:39 AM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\r_server.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Software\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\RICHARD.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.yahoo.com/search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.comO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) -
https://nvg.ubs.com/dana-cached/setup/NeoterisSetup.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 2436326282O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
http://pspencer69.spaces.live.com/Photo ... nPUpld.cabO16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} -
http://www.nassaucountyny.gov/mynassaup ... rSetup.exeO16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} -
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
--
End of file - 6646 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080404-203323-239 O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
backup-20080406-092349-807 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080406-092350-732 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080406-092350-511 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080406-092350-438 O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
backup-20080406-092350-924 O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
backup-20080406-092350-668 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
backup-20080406-092350-466 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
backup-20080406-092350-767 O15 - Trusted Zone:
http://*.mcafee.combackup-20080406-092350-682 O20 - AppInit_DLLs:
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S1 SAVRTPEL - c:\program files\norton internet security\norton antivirus\savrtpel.sys (file missing)
S2 NetProbe (NetProbe Packet Driver) - c:\windows\system32\drivers\netprobe.sys
S3 SAVRT - c:\program files\norton internet security\norton antivirus\savrt.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S4 Cdr4_2K - c:\windows\system32\drivers\cdr4_2k.sys <Not Verified; Adaptec; Adaptec's CD-R Helper Drivers>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 r_server (Remote Administrator Service) - "c:\windows\system32\r_server.exe" /service
S3 comHost (COM Host) - "c:\program files\norton internet security\comhost.exe" (file missing)
S4 ccISPwdSvc (Symantec Internet Security Password Validation) - "c:\program files\norton internet security\ccpwdsvc.exe" (file missing)
S4 navapsvc (Norton AntiVirus Auto-Protect Service) - "c:\program files\norton internet security\norton antivirus\navapsvc.exe" (file missing)
S4 SAVScan (Symantec AVScan) - "c:\program files\norton internet security\norton antivirus\savscan.exe" (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_1039&DEV_7013&SUBSYS_70131039&REV_A0\3&61AAA01&0&16
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_1039&DEV_7013&SUBSYS_70131039&REV_A0\3&61AAA01&0&16
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB Device
Device ID: USB\VID_04F9&PID_0162&MI_01\6&8A07935&0&0001
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_04F9&PID_0162&MI_01\6&8A07935&0&0001
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB Device
Device ID: USB\VID_04F9&PID_0162&MI_02\6&8A07935&0&0002
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_04F9&PID_0162&MI_02\6&8A07935&0&0002
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-04-06 09:26:10 442 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-04-04 20:00:02 552 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - RICHARD.job
2008-04-03 03:00:02 376 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-04-01 01:58:02 336 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-03-15 01:00:02 344 --a------ C:\WINDOWS\Tasks\McDefragTask.job
-- Files created between 2008-03-06 and 2008-04-06 -----------------------------
2008-04-06 09:46:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-06 09:46:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 09:46:35 0 d-------- C:\WINDOWS\LastGood
2008-04-05 21:13:04 0 d-------- C:\Auto_est
2008-04-05 21:12:54 0 d-------- C:\TRANSFER
2008-04-05 21:09:52 415744 --a------ C:\WINDOWS\system32\wcap.dll <Not Verified; WORLDPAC, Inc.; wcap.dll>
2008-04-05 21:09:42 90112 --a------ C:\WINDOWS\WHVehicle.dll <Not Verified; Wrenchead, Inc.; Wrenchead Vehicle DLL>
2008-04-05 21:09:42 229376 --a------ C:\WINDOWS\WHLib.dll <Not Verified; Profit Pro, Inc.; WHLib>
2008-04-05 21:09:42 393216 --a------ C:\WINDOWS\WHCatalog.dll <Not Verified; Wrenchead, Inc.; WHCatalog>
2008-04-05 21:09:41 86016 --a------ C:\WINDOWS\WHLabor.dll <Not Verified; Profit Pro, Inc.; WHLabor>
2008-04-05 21:08:50 132096 --a------ C:\WINDOWS\system32\ZipDll.dll <Not Verified; ; BCB/Delphi Zip>
2008-04-05 21:08:49 117760 --a------ C:\WINDOWS\system32\UnzDLL.dll <Not Verified; ; BCB/Delphi UnZip>
2008-04-05 21:08:49 114688 --a------ C:\WINDOWS\system32\emsmtp.dll <Not Verified; Quiksoft Corporation; EasyMail(TM)>
2008-04-05 21:08:49 45056 --a------ C:\WINDOWS\system32\emprint.dll <Not Verified; Quiksoft Corporation; EasyMail MessagePrinter Object>
2008-04-05 21:08:49 151552 --a------ C:\WINDOWS\system32\empop3.dll <Not Verified; Quiksoft Corporation; EasyMail POP3 Object>
2008-04-05 21:08:49 225280 --a------ C:\WINDOWS\system32\emimap4.dll <Not Verified; Quiksoft Corporation; EasyMail IMAP4>
2008-04-05 21:08:49 125440 --a------ C:\WINDOWS\system32\dzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32>
2008-04-05 21:08:49 98304 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32>
2008-04-05 21:08:20 126 --a------ C:\INVOUTIL.BAT
2008-04-05 21:08:19 67776 --a------ C:\INVOBACK.EXE
2008-04-05 21:08:14 0 d-------- C:\Amssys
2008-04-05 21:08:12 0 d-------- C:\Program Files\Profit Pro, Inc
2008-04-05 21:08:11 0 d-------- C:\Bats
2008-04-05 21:05:05 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-04-04 19:48:07 0 d-------- C:\Program Files\Trend Micro
2008-03-09 16:39:34 0 d-------- C:\Resume
-- Find3M Report ---------------------------------------------------------------
2008-04-06 09:23:20 33488 --a------ C:\Documents and Settings\RICHARD\Application Data\GDIPFONTCACHEV1.DAT
2008-03-03 10:54:00 28672 --a------ C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2008-02-24 23:03:56 0 d-------- C:\Program Files\FunWebProducts
2008-02-24 23:03:52 0 d-------- C:\Program Files\MyWebSearch
2008-02-24 17:15:56 0 d-------- C:\Program Files\Kiwee Toolbar2
2008-02-21 18:42:12 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-07 21:59:38 0 d-------- C:\Program Files\McAfee.com
2008-02-07 21:59:32 0 d-------- C:\Program Files\Common Files\McAfee
2008-02-07 21:59:28 0 d-------- C:\Program Files\McAfee
2008-02-07 21:37:20 22744 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-02-07 21:36:40 0 d-------- C:\Program Files\Messenger
2008-02-07 20:30:00 0 d-------- C:\Documents and Settings\RICHARD\Application Data\McAfee
2008-02-07 10:21:18 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 05:38 PM]
"Cmaudio"="cmicnfg.cpl" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/03/2007 10:27 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 10:33 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebCamRT.exe"="" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [11/3/2006 10:51:28 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\4.bin\MWSBAR.DLL,S
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
"C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d79a8b20-897d-11db-98f3-000ae6fba98d}]
AutoRun\command- F:\LaunchU3.exe
-- End of Deckard's System Scanner: finished at 2008-04-06 11:23:45 ------------
======
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) 4 CPU 2.66GHz
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 479.48 MiB / 250.62 MiB
Pagefile Memory (total/avail): 1404.9 MiB / 1148.12 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.02 MiB
C: is Fixed (FAT32) - 18.63 GiB total, 4.29 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
G: is Removable (No Media)
\\.\PHYSICALDRIVE0 - WDC WD200EB-00CPF0 - 18.65 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 18.64 GiB - C:
\\.\PHYSICALDRIVE1 - Brother MFC-420CN USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\RICHARD\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RICHARD-6IAC1HQ
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\RICHARD
LOGONSERVER=\\RICHARD-6IAC1HQ
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\RICHARD\LOCALS~1\Temp
TMP=C:\DOCUME~1\RICHARD\LOCALS~1\Temp
USERDOMAIN=RICHARD-6IAC1HQ
USERNAME=RICHARD
USERPROFILE=C:\Documents and Settings\RICHARD
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
RICHARD
(admin)Administrator
(admin)Guest
(guest)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AVS Video Converter 5.5 --> "C:\Program Files\AVS4YOU\AVSVideoConverter\unins000.exe"
Brother BRAdmin Professional 2.42 --> C:\Program Files\Brother\BRAdmin Professional\UnInst.exe
Brother MFC-420CN --> "C:\Program Files\Brother\MFC420CN\IsUninst.exe" -f"C:\Program Files\Brother\MFC420CN\DeIsL1.isu" -cbruninst.dll
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CC_ccProxyExt --> MsiExec.exe /I{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}
ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
ccPxyCore --> MsiExec.exe /I{30738666-9805-4926-A78F-91DA33B6C437}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Citrix Advanced Gateway Client --> MsiExec.exe /X{B8646D80-DC53-4BF7-8429-634691FFA920}
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Flash Video MX version 3.5.2.21 --> "C:\Program Files\Moyea\Flash Video MX\unins000.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPSFO --> MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
Host Checker --> "C:\Program Files\Neoteris\Host Checker\uninstall.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InvoMax Shop Management --> C:\WINDOWS\uninst.exe -fC:\Hunni\DeIsL6.isu -cC:\Hunni\_ISREG32.DLL
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140011_15eaff\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech IM Video Companion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{984F10FD-11FD-4BED-8163-92DB81E6A825}\Setup.exe" -l0x9 UNINSTALL
Logitech ImageStudio --> MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
Logitech Print Service --> C:\PROGRA~1\LOGITECH\PRINTS~1\UNWISE.EXE C:\PROGRA~1\LOGITECH\PRINTS~1\INSTALL.LOG
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
MetaFrame Presentation Server Web Client for Win32 --> C:\WINDOWS\System32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft Office XP Professional --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft XML Parser and SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MySpaceIM --> MsiExec.exe /I{FE242C4A-4AF0-4E9F-ABFF-92CA3CEE8761}
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setup.exe /uninstall ExtraUninstallID=""
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4E9E-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
Remote Administrator v2.1 --> C:\Program Files\Radmin\uninstal.exe
Secure Application Manager --> C:\Program Files\Neoteris\Secure Application Manager\UninstallSAM.exe /reboot
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SWiSHmax --> C:\WINDOWS\unvise32.exe C:\Program Files\SWiSHmax\uninstal.log
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type7960 / Error
Event Submitted/Written: 04/05/2008 10:25:02 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application doctor.exe, version 2004.6.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type7956 / Error
Event Submitted/Written: 04/03/2008 07:54:44 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type7942 / Warning
Event Submitted/Written: 03/21/2008 03:06:00 PM
Event ID/Source: 1011 / Windows Product Activation
Event Description:
Your Windows product has not been activated with Microsoft yet. To activate Windows, use the Product Activation Wizard.
Event Record #/Type7932 / Error
Event Submitted/Written: 03/09/2008 11:10:20 PM
Event ID/Source: 1002 / Windows Product Activation
Event Description:
You have not successfully activated this product, or the current license is incompatible with the existing operating system.
Event Record #/Type7931 / Warning
Event Submitted/Written: 03/09/2008 11:07:01 PM
Event ID/Source: 1011 / Windows Product Activation
Event Description:
Your Windows product has not been activated with Microsoft yet. To activate Windows, use the Product Activation Wizard.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type18247 / Error
Event Submitted/Written: 04/06/2008 11:22:58 AM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.
Event Record #/Type18228 / Error
Event Submitted/Written: 04/06/2008 09:26:36 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
SAVRTPEL
Event Record #/Type18227 / Error
Event Submitted/Written: 04/06/2008 09:26:27 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The NetProbe Packet Driver service failed to start due to the following error:
%%31
Event Record #/Type18220 / Error
Event Submitted/Written: 04/05/2008 09:15:54 PM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on \Device\Harddisk2\D.
Event Record #/Type18216 / Warning
Event Submitted/Written: 04/05/2008 09:25:15 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
-- End of Deckard's System Scanner: finished at 2008-04-06 11:23:45 ------------