Hi Siver,
I hope I have done this correctly.I have sent off those two files you requested to the bleepingcomputer site and put TREND INTERNET SECURITY 2008 - TSPY ONLINE.FXG under Link to topic where this file was requested:
Below I have also pasted the two log files requested, main.txt as well as extra.txt:
MAIN.TXTDeckard's System Scanner v20071014.68
Run by Jase on 2008-07-24 10:36:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
7: 2008-07-24 02:36:53 UTC - RP88 - Deckard's System Scanner Restore Point
6: 2008-07-22 03:19:59 UTC - RP87 - System Checkpoint
5: 2008-07-20 11:46:40 UTC - RP86 - System Checkpoint
4: 2008-07-18 14:56:21 UTC - RP85 - System Checkpoint
3: 2008-07-14 13:31:31 UTC - RP84 - System Checkpoint
-- First Restore Point --
1: 2008-07-12 15:16:12 UTC - RP82 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Jase.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:25 AM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
F:\DVD Software\AnyDvD\AnyDVD.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jase\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jase.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "F:\DVD Software\CloneDvD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AnyDVD] F:\DVD Software\AnyDvD\AnyDVD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Adobe Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
--
End of file - 6545 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080724-103245-140 O2 - BHO: - {0B428C12-8F5E-4D26-9ABF-7876339DBCA1} - C:\WINDOWS\system32\Qq8q8lPS.dll
backup-20080724-103245-181 O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\Tt2t2oSV.dll
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes; CDRTools>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 nSvcLog (ForceWare user log service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog>
S3 aspnet_state (ASP.NET State Service) - c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-07-24 10:00:00 350 --a------ C:\WINDOWS\Tasks\At35.job
2008-07-24 10:00:00 350 --a------ C:\WINDOWS\Tasks\At11.job
2008-07-23 22:00:00 350 --a------ C:\WINDOWS\Tasks\At47.job
2008-07-23 22:00:00 350 --a------ C:\WINDOWS\Tasks\At23.job
2008-07-22 23:00:00 350 --a------ C:\WINDOWS\Tasks\At48.job
2008-07-22 23:00:00 350 --a------ C:\WINDOWS\Tasks\At24.job
2008-07-22 21:00:00 350 --a------ C:\WINDOWS\Tasks\At46.job
2008-07-22 21:00:00 350 --a------ C:\WINDOWS\Tasks\At22.job
2008-07-22 20:00:00 350 --a------ C:\WINDOWS\Tasks\At45.job
2008-07-22 20:00:00 350 --a------ C:\WINDOWS\Tasks\At21.job
2008-07-22 19:00:00 350 --a------ C:\WINDOWS\Tasks\At44.job
2008-07-22 19:00:00 350 --a------ C:\WINDOWS\Tasks\At20.job
2008-07-22 18:00:00 350 --a------ C:\WINDOWS\Tasks\At43.job
2008-07-22 18:00:00 350 --a------ C:\WINDOWS\Tasks\At19.job
2008-07-22 17:00:00 350 --a------ C:\WINDOWS\Tasks\At42.job
2008-07-22 17:00:00 350 --a------ C:\WINDOWS\Tasks\At18.job
2008-07-22 16:00:00 350 --a------ C:\WINDOWS\Tasks\At41.job
2008-07-22 16:00:00 350 --a------ C:\WINDOWS\Tasks\At17.job
2008-07-22 15:00:00 350 --a------ C:\WINDOWS\Tasks\At40.job
2008-07-22 15:00:00 350 --a------ C:\WINDOWS\Tasks\At16.job
2008-07-22 14:00:00 350 --a------ C:\WINDOWS\Tasks\At39.job
2008-07-22 14:00:00 350 --a------ C:\WINDOWS\Tasks\At15.job
2008-07-22 13:00:00 350 --a------ C:\WINDOWS\Tasks\At38.job
2008-07-22 13:00:00 350 --a------ C:\WINDOWS\Tasks\At14.job
2008-07-22 12:00:00 350 --a------ C:\WINDOWS\Tasks\At37.job
2008-07-22 12:00:00 350 --a------ C:\WINDOWS\Tasks\At13.job
2008-07-22 11:00:00 350 --a------ C:\WINDOWS\Tasks\At36.job
2008-07-22 11:00:00 350 --a------ C:\WINDOWS\Tasks\At12.job
2008-07-19 09:00:00 350 --a------ C:\WINDOWS\Tasks\At34.job
2008-07-19 09:00:00 350 --a------ C:\WINDOWS\Tasks\At10.job
2008-07-19 08:00:00 350 --a------ C:\WINDOWS\Tasks\At9.job
2008-07-19 08:00:00 350 --a------ C:\WINDOWS\Tasks\At33.job
2008-07-19 07:00:00 350 --a------ C:\WINDOWS\Tasks\At8.job
2008-07-19 07:00:00 350 --a------ C:\WINDOWS\Tasks\At32.job
2008-07-19 06:00:00 350 --a------ C:\WINDOWS\Tasks\At7.job
2008-07-19 06:00:00 350 --a------ C:\WINDOWS\Tasks\At31.job
2008-07-19 05:00:00 350 --a------ C:\WINDOWS\Tasks\At6.job
2008-07-19 05:00:00 350 --a------ C:\WINDOWS\Tasks\At30.job
2008-07-19 04:00:00 350 --a------ C:\WINDOWS\Tasks\At5.job
2008-07-19 04:00:00 350 --a------ C:\WINDOWS\Tasks\At29.job
2008-07-19 03:00:00 350 --a------ C:\WINDOWS\Tasks\At4.job
2008-07-19 03:00:00 350 --a------ C:\WINDOWS\Tasks\At28.job
2008-07-19 02:00:00 350 --a------ C:\WINDOWS\Tasks\At3.job
2008-07-19 02:00:00 350 --a------ C:\WINDOWS\Tasks\At27.job
2008-07-19 01:00:00 350 --a------ C:\WINDOWS\Tasks\At26.job
2008-07-19 01:00:00 350 --a------ C:\WINDOWS\Tasks\At2.job
2008-07-19 00:44:00 350 --a------ C:\WINDOWS\Tasks\At1.job
2008-07-19 00:27:00 350 --a------ C:\WINDOWS\Tasks\At25.job
-- Files created between 2008-06-24 and 2008-07-24 -----------------------------
2008-07-22 10:10:31 10752 --a------ C:\WINDOWS\DCEBoot.exe
2008-07-05 18:10:00 29760 --a------ C:\WINDOWS\system32\M6lImI0M.exe
2008-07-04 19:16:35 0 d-------- C:\WINDOWS\CSC
2008-06-29 22:28:15 0 d-------- C:\Documents and Settings\Jase\Application Data\Acronis
2008-06-29 22:04:48 0 d-------- C:\Documents and Settings\LocalService\Application Data\Acronis
2008-06-29 21:55:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Acronis
2008-06-29 21:53:46 0 d-------- C:\Program Files\Common Files\Acronis
2008-06-29 21:53:46 0 d-------- C:\Program Files\Acronis
2008-06-29 18:19:55 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-29 17:30:03 0 d-------- C:\Documents and Settings\Jase\Application Data\Symantec
2008-06-29 17:28:00 29760 --a------ C:\WINDOWS\system32\qXB4xo2g.exe
2008-06-28 10:59:08 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-28 10:57:24 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-28 10:57:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-25 18:22:16 0 d-------- C:\Program Files\Trend Micro
-- Find3M Report ---------------------------------------------------------------
2008-07-10 22:37:03 0 d-------- C:\Documents and Settings\Jase\Application Data\uTorrent
2008-07-07 11:13:48 0 d-------- C:\Documents and Settings\Jase\Application Data\Ahead
2008-06-29 21:53:46 0 d-------- C:\Program Files\Common Files
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [02/17/2006 10:40 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/24/2006 06:15 PM]
"nwiz"="nwiz.exe" [01/24/2006 06:15 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [01/24/2006 06:15 PM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [10/27/2004 03:21 PM C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/20/2005 09:11 AM]
"CloneDVDElbyDelay"="F:\DVD Software\CloneDvD\ElbyCheck.exe" [11/02/2002 02:33 PM]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/12/2006 04:40 PM]
"AnyDVD"="F:\DVD Software\AnyDvD\AnyDVD.exe" [04/19/2008 10:49 AM]
"Adobe Reader Speed Launcher"="F:\Adobe Reader\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [02/16/2008 12:56 AM]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [10/31/2007 12:53 PM]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [10/30/2007 08:11 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [10/30/2007 08:07 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [08/07/2006 10:06 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/31/2008 09:29 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [02/01/2006 05:45 PM]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap
-- Hosts -----------------------------------------------------------------------
127.0.0.1
http://www.007guard.com127.0.0.1 007guard.com
127.0.0.1 010402.com
127.0.0.1
http://www.032439.com127.0.0.1 032439.com
127.0.0.1
http://www.1001-search.info127.0.0.1 1001-search.info
127.0.0.1
http://www.100888290cs.com127.0.0.1 100888290cs.com
127.0.0.1
http://www.100sexlinks.com7934 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-07-24 10:37:55 ------------
EXTRA.TXTDeckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 990.48 MiB / 538.06 MiB
Pagefile Memory (total/avail): 2386.76 MiB / 2031.83 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.69 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 29.29 GiB total, 22.56 GiB free.
D: is Fixed (NTFS) - 232.88 GiB total, 132.8 GiB free.
E: is Fixed (NTFS) - 29.29 GiB total, 29.23 GiB free.
F: is Fixed (NTFS) - 90.46 GiB total, 66.23 GiB free.
G: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD1600JS-00NCB1 - 149.05 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 29.29 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 29.29 GiB - E:
\PARTITION2 - Installable File System - 90.46 GiB - F:
\\.\PHYSICALDRIVE1 - WDC WD2500KS-00MJB0 - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
FW: ActiveArmor Firewall v1.0 (NVIDIA Corporation)
FW: Trend Micro Personal Firewall v5.2 (Trend Micro Inc.)
AV: Trend Micro Internet Security v16.10.1079 ()
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"F:\\Ws-Ftp Pro\\Ws-Ftp Pro\\wsftpgui.exe"="F:\\Ws-Ftp Pro\\Ws-Ftp Pro\\wsftpgui.exe:*:Enabled:WS_FTP Pro Application"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jase\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JASE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jase
LOGONSERVER=\\JASE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jase\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jase\LOCALS~1\Temp
USERDOMAIN=JASE
USERNAME=Jase
USERPROFILE=C:\Documents and Settings\Jase
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Jase
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> F:\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Acronis True Image Home --> MsiExec.exe /X{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AnyDVD --> "F:\DVD Software\AnyDvD\AnyDVD-uninst.exe" /D="F:\DVD Software\AnyDvD"
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
CloneDVD --> "F:\DVD Software\CloneDvD\CloneDVD-uninst.exe" /D="F:\DVD Software\CloneDvD"
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN V Series (R2) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x9 /remove
Enhancement Browser Tools Adsonmedia --> C:\WINDOWS\system32\{eb0c33ef-14e7-99c1-4bc5-c8af5970e9d8}.dll-uninst.exe
Free CD Ripper 3.1 --> "F:\CD Ripper\FreeCDRipper\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Ipswitch WS_FTP Professional 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9 -removeonly
K-Lite Codec Pack 3.4.0 Full --> "F:\Video Codec\K-Lite Codec Pack\unins000.exe"
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{2F750C77-1FEC-44F9-88CC-2CE322EBD61E}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.12) --> F:\Firefox\uninstall\helper.exe
Nero 7 Essentials --> MsiExec.exe /I{855C1A51-9A98-9D81-F50D-9B033B921033}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9 -removeonly
Trend Micro Internet Security --> C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security --> MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
VideoLAN VLC media player 0.8.6f --> F:\VLC Player\VLC\uninstall.exe
ZENcast Organizer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove
-- Application Event Log -------------------------------------------------------
Event Record #/Type937 / Error
Event Submitted/Written: 07/24/2008 10:21:09 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.2180, faulting module mfc71u.dll, version 7.10.3077.0, fault address 0x000bc442.
Processing media-specific event for [explorer.exe!ws!]
Event Record #/Type929 / Error
Event Submitted/Written: 07/23/2008 10:16:38 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.2180, faulting module mfc71u.dll, version 7.10.3077.0, fault address 0x000bc442.
Processing media-specific event for [explorer.exe!ws!]
Event Record #/Type886 / Error
Event Submitted/Written: 07/19/2008 11:15:07 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x01fbc85d.
Processing media-specific event for [iexplore.exe!ws!]
Event Record #/Type830 / Error
Event Submitted/Written: 07/12/2008 10:27:02 AM
Event ID/Source: 1512 / Userenv
Event Description:
Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator.
DETAIL - Insufficient system resources exist to complete the requested service.
Event Record #/Type825 / Error
Event Submitted/Written: 07/12/2008 09:22:15 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x03dbc85d.
Processing media-specific event for [iexplore.exe!ws!]
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type4652 / Error
Event Submitted/Written: 07/24/2008 10:00:00 AM
Event ID/Source: 7901 / Schedule
Event Description:
The At35.job command failed to start due to the following error:
%%2147942405
Event Record #/Type4651 / Error
Event Submitted/Written: 07/24/2008 10:00:00 AM
Event ID/Source: 7901 / Schedule
Event Description:
The At11.job command failed to start due to the following error:
%%2147942405
Event Record #/Type4650 / Error
Event Submitted/Written: 07/24/2008 09:58:38 AM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer DT-150
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DB0958A5-C3CA-4BD8-AE.
The master browser is stopping or an election is being forced.
Event Record #/Type4649 / Error
Event Submitted/Written: 07/24/2008 09:57:11 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error:
%%8
Event Record #/Type4648 / Error
Event Submitted/Written: 07/24/2008 09:57:11 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The HTTP service failed to start due to the following error:
%%8
-- End of Deckard's System Scanner: finished at 2008-07-24 10:37:55 ------------