Hello,
scans completed, instructions completed, logs below.
regards,
microwaver
*************
Malwarebytes' Anti-Malware 1.12
Database version: 738
Scan type: Quick Scan
Objects scanned: 48528
Time elapsed: 7 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 46
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\rqRLBuRi.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\jkkJyyaY.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f8ec176-48d6-4bfd-92de-7a85ef9f845b} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1f8ec176-48d6-4bfd-92de-7a85ef9f845b} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{22a6ff82-b3e0-94bb-5fcd-ea067b86810f} (Worm.Sdbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e243a8e7-6244-49e0-a361-22dbf30fd46c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e243a8e7-6244-49e0-a361-22dbf30fd46c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkjyyay (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{80ca71b9-35bd-4826-a0e2-63a6c5c20af1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e243a8e7-6244-49e0-a361-22dbf30fd46c} (Trojan.Vundo) -> Delete on reboot.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrlburi -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrlburi -> Delete on reboot.
Folders Infected:
C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\rqRLBuRi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iRuBLRqr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iRuBLRqr.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2k3.ex~ (Backdoor.Rbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtuuSMc.dl~ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcyYPGa.dl~ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcAqpqQ.dl~ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBtTNHW.dl~ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGvTjgF.dl~ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkLBtUk.dl~ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnkkKaX.dl~ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnkLeBT.dl~ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMffEXn.dl~ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRHbASK.dl~ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqNGWnN.dl~ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqRKcAP.dl~ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvSlihG.dl~ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUnLfGa.dl~ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyvtstT.dl~ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayvWoNE.dl~ (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqQIBUK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMefEtT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXOGAtQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBuVlig.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkHWMDW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkJyyaY.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\opnlLBQK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcCRJYR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcCUolL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRKCRHw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRLebCR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqNEXnn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqQkijk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXPJDtr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcAPGxW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJCULec.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyxxxXP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJAQGaw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJCrOFy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJYpmji.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUmjGXP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUmjIyW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccyxUmj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfDwuvs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfEVLFV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfGvvut.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
*************
***main.txt from Deckard*******
Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-10 16:48:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
64: 2008-05-10 23:48:16 UTC - RP411 - Deckard's System Scanner Restore Point
63: 2008-05-10 23:40:35 UTC - RP410 - Last known good configuration
62: 2008-05-10 23:40:30 UTC - RP409 - Last known good configuration
61: 2008-05-10 23:40:30 UTC - RP408 - Last known good configuration
60: 2008-05-10 23:40:30 UTC - RP407 - ComboFix created restore point
-- First Restore Point --
1: 2008-05-10 23:40:26 UTC - RP348 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 448 MiB (512 MiB recommended).
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:48:50 PM, on 5/10/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Express Technologies\World Watch\W32ALARM.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\DOCUME~1\Owner\Desktop\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com
O2 - BHO: (no name) - {1F8EC176-48D6-4BFD-92DE-7A85EF9F845B} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {79A85DA4-3440-4847-9BDC-C336969371F9} - (no file)
O2 - BHO: (no name) - {81DB8A88-C074-4F93-B819-80B74BF1498C} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {E243A8E7-6244-49E0-A361-22DBF30FD46C} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CU1] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CU2] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CU1] (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: World Watch.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} -
http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
O20 - Winlogon Notify: jkkJyyaY - C:\WINDOWS\
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) -
http://www.medhelp.org/images/index/header2.jpg
--
End of file - 5623 bytes
-- HijackThis Fixed Entries (C:\DOCUME~1\Owner\Desktop\backups\) ---------------
backup-20080510-161849-491 O4 - HKUS\S-1-5-18\..\Run: [Microsoft] wmism23.exe (User 'SYSTEM')
backup-20080510-161849-960 O15 - Trusted Zone: *.gomyhit.com
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - AutoCADScriptFile - shell\open\command - C:\WINDOWS\NOTEPAD.EXE "%1"
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys <Not Verified; VERITAS Software, Inc.; >
R1 ewido security suite driver - c:\program files\ewido anti-malware\guard.sys
R1 hwinterface - c:\windows\system32\drivers\hwinterface.sys <Not Verified; Logix4u; hwinterface Driver Version 1.1>
R1 oreans32 - c:\windows\system32\drivers\oreans32.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S1 Freedom (Freedom Miniport) - c:\windows\system32\drivers\freedom.sys (file missing)
S3 SymEvent - c:\program files\symantec\symevent.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S4 ewido security suite guard - c:\program files\ewido anti-malware\ewidoguard.exe <Not Verified; ewido networks; guard>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2004-04-06 23:27:18 354 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1071991571.job
-- Files created between 2008-04-10 and 2008-05-10 -----------------------------
2008-05-10 16:40:44 1065055 --ahs---- C:\WINDOWS\System32\iRuBLRqr.ini2
2008-05-10 16:27:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-10 16:27:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-08 20:52:51 373248 -----n--- C:\WINDOWS\System32\rqRLBuRi.dll
2008-05-08 20:12:55 57856 --a------ C:\WINDOWS\System32\vtUlJbxY.dll
2008-05-08 16:35:36 57856 -----n--- C:\WINDOWS\System32\jkkJyyaY.dll
2008-05-06 21:49:58 0 d-------- C:\WINDOWS\ERUNT
2008-05-05 21:57:42 68096 --a------ C:\WINDOWS\zip.exe
2008-05-05 21:57:42 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-05 21:57:42 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-05 21:57:42 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-05 21:57:42 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-05 21:57:42 98816 --a------ C:\WINDOWS\sed.exe
2008-05-05 21:57:42 80412 --a------ C:\WINDOWS\grep.exe
2008-05-05 21:57:42 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-02 00:42:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-02 00:42:13 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-04-29 23:14:21 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\ESBCalc
2008-04-29 23:14:21 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\Corel
2008-04-29 23:14:21 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\ArcSoft
2008-04-29 23:14:21 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\Apple Computer
2008-04-29 23:14:21 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\AOL
2008-04-29 23:14:21 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\Adobe
2008-04-29 23:14:21 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\Active Disk
2008-04-29 23:14:21 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\accounts payable
2008-04-29 23:14:21 177328 --a------ C:\Documents and Settings\Administrator.PAVILION735N.002\~
2008-04-29 23:14:20 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\InterVideo
2008-04-29 23:14:20 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\InterTrust
2008-04-29 23:14:20 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\Identities
2008-04-29 23:14:20 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\Hewlett-Packard
2008-04-29 23:14:20 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\Help
2008-04-29 23:14:20 0 d--h----- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\GTek
2008-04-29 23:14:20 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\Freedom
2008-04-29 23:14:19 0 d---s---- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\Microsoft
2008-04-29 23:14:19 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\Macromedia
2008-04-29 23:14:18 0 dra------ C:\Documents and Settings\Administrator.PAVILION735N.002\Favorites
2008-04-29 23:14:18 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Desktop
2008-04-29 23:14:18 0 d---s---- C:\Documents and Settings\Administrator.PAVILION735N.002\Cookies
2008-04-29 23:14:18 0 drah----- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data
2008-04-29 23:14:18 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\VERITAS
2008-04-29 23:14:18 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\Symantec
2008-04-29 23:14:18 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\Share-to-Web Upload Folder
2008-04-29 23:14:18 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\SampleView
2008-04-29 23:14:18 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\Qfin3
2008-04-29 23:14:18 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\MSNInstaller
2008-04-29 23:14:18 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\MSN6
2008-04-29 23:14:18 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\Application Data\Motive
2008-04-29 23:14:16 0 d--h----- C:\Documents and Settings\Administrator.PAVILION735N.002\Templates
2008-04-29 23:14:16 0 dra------ C:\Documents and Settings\Administrator.PAVILION735N.002\Start Menu
2008-04-29 23:14:16 0 drah----- C:\Documents and Settings\Administrator.PAVILION735N.002\SendTo
2008-04-29 23:14:16 0 drah----- C:\Documents and Settings\Administrator.PAVILION735N.002\Recent
2008-04-29 23:14:16 0 d--h----- C:\Documents and Settings\Administrator.PAVILION735N.002\PrintHood
2008-04-29 23:14:16 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\pcbenv
2008-04-29 23:14:16 0 d--h----- C:\Documents and Settings\Administrator.PAVILION735N.002\NetHood
2008-04-29 23:14:16 0 dra------ C:\Documents and Settings\Administrator.PAVILION735N.002\My Documents
2008-04-29 23:14:16 0 d--h----- C:\Documents and Settings\Administrator.PAVILION735N.002\Local Settings
2008-04-29 23:14:15 0 d-------- C:\Documents and Settings\Administrator.PAVILION735N.002\WINDOWS
2008-04-29 23:14:15 0 d---s---- C:\Documents and Settings\Administrator.PAVILION735N.002\UserData
2008-04-29 23:14:15 2097152 --ah----- C:\Documents and Settings\Administrator.PAVILION735N.002\NTUSER.DAT
2008-04-21 17:17:54 6815744 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-04-14 17:48:06 0 d-------- C:\Program Files\PentaLogix
-- Find3M Report ---------------------------------------------------------------
2008-04-14 17:48:06 0 d--h----- C:\Program Files\InstallShield Installation Information
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F8EC176-48D6-4BFD-92DE-7A85EF9F845B}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79A85DA4-3440-4847-9BDC-C336969371F9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81DB8A88-C074-4F93-B819-80B74BF1498C}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E243A8E7-6244-49E0-A361-22DBF30FD46C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/17/2002 06:42 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/13/2002 10:42 PM]
"nwiz"="nwiz.exe" [09/09/2002 11:35 PM C:\WINDOWS\system32\nwiz.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [07/06/2001 09:56 PM]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 05:04 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/16/2002 07:05 AM]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [06/18/2002 12:11 AM]
"AutoTBar"="C:\hp\bin\autotbar.exe" []
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/20/2006 01:30 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [02/03/2008 02:14 PM]
"ConMgr.exe"="C:\Program Files\EarthLink 5.0\ConMgr.exe" []
"RegistryMechanic"="" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/20/2002 11:08 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/27/2007 10:03 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CU1"=
"CU2"=
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/9/2003 7:11:12 PM]
World Watch.lnk - C:\Program Files\Express Technologies\World Watch\W32ALARM.exe [1/29/2008 12:17:20 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoSharedDocuments"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkJyyaY]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
-- End of Deckard's System Scanner: finished at 2008-05-10 16:49:28 ------------
*****extra.txt from Deckard*******
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) XP 2600+
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 447.36 MiB / 186.08 MiB
Pagefile Memory (total/avail): 1058.82 MiB / 881.27 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1942.06 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 48.82 GiB total, 25.1 GiB free.
D: is Fixed (FAT32) - 21.63 GiB total, 20.92 GiB free.
E: is Fixed (FAT32) - 4.08 GiB total, 0.74 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
\\.\PHYSICALDRIVE0 - SAMSUNG SV0813H - 74.56 GiB - 3 partitions
\PARTITION0 - Unknown - 4.09 GiB - E:
\PARTITION1 (bootable) - Installable File System - 48.82 GiB - C:
\PARTITION2 - Unknown - 21.64 GiB - D:
\\.\PHYSICALDRIVE1 - eUSB Compact Flash USB Device
\\.\PHYSICALDRIVE2 - eUSB SD-MS-SM USB Device
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PAVILION735N
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
KMP_DUPLICATE_LIB_OK=TRUE
LOGONSERVER=\\PAVILION735N
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor\services;C:\Program Files\Sonic\MyDVD;C:\Program Files\Common Files\Autodesk Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=PAVILION735N
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Owner
(admin)
patches
Administrator.PAVILION735N.002
(admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {60E971B7-51A0-48CA-8687-C6B8F094A409}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}\setup.exe" -l0x9 -L0x9anything
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{95E1CCAE-8286-4035-B5F7-1B147254A2CB}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4nec2 extension version 5.6.7 --> C:\4nec2\unins001.exe
4nec2 version 5.6.7 --> C:\4nec2\unins000.exe
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Amateur Contact Log 3.0 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\ACLog 3.0\ST6UNST.LOG"
Ansoft Designer 2.2 SV --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9F87795-BD95-4C25-97A7-027B2117EF41}\Setup.exe" -l0x9
AnswerWorks Runtime --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
AppCAD --> MsiExec.exe /X{19E95B87-3DCE-11D7-9B2F-0060B0F769F5}
ArcSoft Picture Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Software Suite\Uninst.isu"
AutoCAD 2002 --> MsiExec.exe /I{5783F2D7-0101-0409-0000-0060B0CE6BBA}
AZMap --> C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\AZMap\UnInst01.log" "/APPNAME=AZMap"
Costco Photo Organizer --> MsiExec.exe /X{BA156277-D012-4509-9F9D-5587357B7207}
CQPWIN105 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\CQPWIN105\ST6UNST.LOG"
CtWin --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6A0B6FA8-E6BE-4FA6-87F6-40ADC737D9EF}\setup.exe" -l0x9
Download Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D59B81CF-8558-41E2-AB04-4BA770158AAA}\Setup.exe" -l0x9
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
ewido anti-malware --> C:\Program Files\ewido anti-malware\Uninstall.exe
ExpressPCB --> MsiExec.exe /X{C304ED8D-3752-4F60-84CE-CF9C12D4FBDB}
FastStone Image Viewer 3.4 --> C:\Program Files\FastStone Image Viewer\uninst.exe
Field Day 2.8 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Field Day 2.8\ST6UNST.LOG"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Ham CAP 1.5 --> "C:\Program Files\Afreet\Ham CAP\unins000.exe"
Ham Radio Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DF979D5-464C-4926-AF73-54C1C219F06A}\setup.exe" -l0x9 Remove
Helical --> C:\WINDOWS\Helical Uninstaller.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
hp center --> C:\WINDOWS\BWUnin-6.1.0.153.exe -AppId 137903
HP Digital Imaging Album Printing 1.0 --> MsiExec.exe /X{47D4AF7B-EDE6-4ADB-8D2F-0BDA25C7321F}
hp instant support --> C:\PROGRA~1\HEWLET~1\HPINST~1\Uninstall.exe CeS
HP Memories Disc --> MsiExec.exe /X{6CAEFA23-0C08-4899-A661-29D69228AF6D}
HP Photo and Imaging 1.1 - Photosmart Cameras --> MsiExec.exe /X{1EEE2A9F-6471-42fa-8923-E8879168CE26}
Inactive HP Printer Drivers (Remove only) --> RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
Intel(R) Extreme Graphics Driver Software --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
ITS HF Propagation 2006.11.18 --> c:\itshfbc\Setup.exe /remove
Kaspersky Online Scanner --> C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KBD --> C:\HP\KBD\KBD.EXE uninstalled
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Documents and Settings\Owner\Desktop\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MyDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\Setup.exe" -l0x9 -L0x9 /SMAINT
NVIDIA Drivers --> C:\WINDOWS\System32\nvuaudio.exe UninstallGUI
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PCB123 V2 --> "C:\Program Files\PCB123 V2\Uninstall.exe" "C:\Program Files\PCB123 V2\install.log"
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Rugrats Totally Angelica Boredom Buster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D9EA453-3D9F-4EBE-B2D0-4195255FB907}\setup.exe"
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
SD V13.29 --> "C:\SD\unins000.exe"
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Simple Backup for My Pictures --> MsiExec.exe /I{60E971B7-51A0-48CA-8687-C6B8F094A409}
Simple Installer - Multilanguage Version --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}\setup.exe"
SmartDraw 2007 --> C:\PROGRA~1\SMARTD~1\UNWISE.EXE C:\PROGRA~1\SMARTD~1\install.log
Social Security Benefit Calculator --> MsiExec.exe /I{5E7FC920-890C-4806-A71F-EB768D453DF2}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TinyCAD 2.60.01 --> C:\Program Files\TinyCAD\uninst.exe
toolkit --> c:\Windows\HPTK\unhptkit.exe
Verizon Online --> C:\WINDOWS\System32\VerizonUninstaller.exe
Verizon SmartCall --> C:\PROGRA~1\VERIZO~1\SMARTC~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\SMARTC~1\INSTALL.LOG
ViewMate 10.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD5D60CB-EF42-4919-8FFC-B4594C042611}\setup.exe" -l0x9 -removeonly
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Volo View Express --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Volo View Express\DeIsL1.isu"
W6ELProp --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\W6ELPROP.INF, DefaultUninstall.ntx86
WildTangent Channel Manager --> C:\Program Files\WildTangent\DDC\DDCManager\Uninstall.exe
Windows Media Hotfix - KB895181 --> "C:\WINDOWS\$NtUninstallKB895181$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
World Watch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96AC14CE-2C73-4978-8D20-3ACCC293D746}\Setup.exe" -l0x9
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\common\unypsr.exe
Yahoo! Toolbar for Internet Explorer --> C:\PROGRA~1\Yahoo!\common\unyt.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type7972 / Error
Event Submitted/Written: 05/08/2008 09:07:13 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.
Event Record #/Type7971 / Error
Event Submitted/Written: 05/08/2008 09:07:13 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Event Record #/Type7935 / Error
Event Submitted/Written: 05/08/2008 06:26:28 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2800.1106, faulting module unknown, version 0.0.0.0, fault address 0x6304222e.
Event Record #/Type7934 / Error
Event Submitted/Written: 05/08/2008 06:25:29 PM
Event ID/Source: 1 / Google_Toolbar
Event Description:
Google Toolbar error dump created. ID: 0. Local file: C:\DOCUME~1\Owner\LOCALS~1\Temp\Google_Toolbar4.0.1601.4978_big080508-182526.dmp.
Event Record #/Type7925 / Error
Event Submitted/Written: 05/06/2008 09:47:50 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type16978 / Error
Event Submitted/Written: 05/10/2008 04:46:34 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The wscsvc service failed to start due to the following error:
%%1083
Event Record #/Type16977 / Error
Event Submitted/Written: 05/10/2008 04:46:34 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The mrtRate service failed to start due to the following error:
%%2
Event Record #/Type16968 / Error
Event Submitted/Written: 05/10/2008 04:43:58 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The wscsvc service failed to start due to the following error:
%%1083
Event Record #/Type16967 / Error
Event Submitted/Written: 05/10/2008 04:43:58 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The mrtRate service failed to start due to the following error:
%%2
Event Record #/Type16821 / Error
Event Submitted/Written: 05/10/2008 04:22:42 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The wscsvc service failed to start due to the following error:
%%1083
-- End of Deckard's System Scanner: finished at 2008-05-10 16:49:28 ------------
*************end of reply***********
Com-F 