Infected With Vundo Trojan

forums

BleepingComputer.com

Welcome Guest ( Log In | Click here to Register a free account now! )

Register a free account to unlock additional features at BleepingComputer.com

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

4 Pages

1 2 3 > »

Closed Topic

Start new topic

Infected With Vundo Trojan, Tried to remove multiple times, but keeps reappearing

funnytim View Member Profile	Apr 25 2008, 01:55 AM Post #1
Forum Regular Group: Members Posts: 286 Joined: 27-April 06 From: Richmond, BC, Canada Member No.: 65,800	Hi, I've been referred here by this topic: http://www.bleepingcomputer.com/forums/topic143254.html. The problem is that apparantely I'm infected by the "Vundo Trojan", picked up by Malwarebytes Anti-Malware. MAM reports it removed, but upon restart, it still shows the Trojan when i scan it again. The past few times I've run MAM, it now reports "clean", but the computer is still slow. Also, I cannot install Super Anti-Spyware (as directed previously): QUOTE I still cannot install SAS...i get the error msg saying Admin has set policies that doesn't allow me to install, even though I'm in an admin account (as i mentioned earlier) (screenshot: http://img131.imageshack.us/my.php?image=a...serrorym9.png)) And the computer is "half" in safe mode, even though I've selected "boot normally". QUOTE And it's changed to "Windows classic theme"...I can't get back the "Win XP" style theme. And on the welcome screen, the limited accounts have disappeared. Only the admin accounts exist (like in safe mode, but i'm Not in SM). however some programs like network magic report the program "cannot be started in safe mode". This "non-xp normal style" happened after I first did a MAM scan in safe mode. It found the infection, rebooted, then this "non xp normal style" started happening Here is my HiJack this log: ----------------------START------------------------- Deckard's System Scanner v20071014.68 Run by Timothy Leung on 2008-04-24 23:29:56 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 9: 2008-04-25 06:30:01 UTC - RP77 - Deckard's System Scanner Restore Point 8: 2008-04-24 06:35:37 UTC - RP76 - Last known good configuration 7: 2008-04-24 06:35:36 UTC - RP75 - Last known good configuration 6: 2008-04-24 06:35:36 UTC - RP74 - Last known good configuration 5: 2008-04-24 06:35:36 UTC - RP73 - Last known good configuration -- First Restore Point -- 1: 2008-04-24 06:35:34 UTC - RP69 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Timothy Leung.exe) --------------------------------------- Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-04-24 23:31:56 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\WINDOWS\RTHDCPL.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Norton Ghost\Agent\VProTray.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Monitor Control\MonitorControl.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\vbuzzer\VBuzzer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Microsoft ActiveSync\rapimgr.exe C:\Program Files\WinTV\Ir.exe C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HDDlife\HDDlifePro.exe C:\Documents and Settings\Timothy Leung\Start Menu\Programs\Startup\hicdeject.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\bin\hpqste08.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\Timothy Leung\.nx\plugin\Windows\bin\NXWin.exe C:\Documents and Settings\Timothy Leung\.nx\plugin\Windows\bin\nxssh.exe C:\Documents and Settings\Timothy Leung\Desktop\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 125.245.81.226:8080 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {3762B068-17B9-45A0-8A6D-BB7CA99A2032} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {8037E5A4-DB3A-4A88-AC6B-F90C1D03AE2D} - C:\WINDOWS\system32\rqRLfgHY.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe" O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Softany Monitor Control] C:\Program Files\Monitor Control\MonitorControl.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Vbuzzer Messenger] C:\Program Files\vbuzzer\VBuzzer.exe O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SSS2006] "C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot (User 'Default user') O4 - Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe O4 - Startup: HDDlife.lnk = C:\Program Files\HDDlife\HDDlifePro.exe O4 - Startup: hicdeject.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm O8 - Extra context menu item: Blocking access to the document address by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisBlockDocument.html O8 - Extra context menu item: Blocking access to the image address by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisBlockImage.html O8 - Extra context menu item: Blocking access to the link address by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisBlockLink.html O8 - Extra context menu item: Cut proxy addresses from selected text by AliveProxy - C:\Program Files\AiS AliveProxy Server\aisCutProxyFromSelectedTåxt.html O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB O16 - DPF: {3DA2AAF4-4289-4D6E-B9C0-D8360229607B} (IPAQSelfHelp Class) - https://h50203.www5.hp.com/HPISWeb/Customer...SPEIPAQTool.CAB O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://67.228.105.102/msrdp.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Traffic Shaper XP Server (bcserver) - Unknown owner - C:\Program Files\Traffic Shaper XP\Server\bcserver.service O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo5\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steganos AntiTheft - Unknown owner - C:\WINDOWS\system32\\SatSrv.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe -- End of file - 16105 bytes -- File Associations ----------------------------------------------------------- .js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2 .js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" .reg - regfile - shell\open\command - regedit.exe "%1" %* .scr - scrfile - shell\open\command - "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; Bo Brantén; filedisk> R1 NetPeeker - c:\windows\system32\drivers\netpeeker.sys R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> R1 SLEE_13_DRIVER (Steganos Live Encryption Engine 13 [Driver]) - c:\windows\system32\drivers\slee13.sys R1 YapperNutVirtualAudioCable (YapperNut Virtual Audio Cable) - c:\windows\system32\drivers\ynvackmd.sys R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD> R3 Bcim (Bandwidth Controller kernel component) - c:\windows\system32\drivers\bcim.sys R3 HCWBT8xx (Hauppauge WinTV 848/9 WDM Video Driver) - c:\windows\system32\drivers\hcwbt8xx.sys <Not Verified; Hauppauge Computer Works; WinTV WDM Driver> R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell> R3 UltraMonMirror - c:\windows\system32\drivers\ultramonmirror.sys <Not Verified; Realtime Soft; UltraMon> S2 TICalc - c:\windows\system32\drivers\ticalc.sys S2 UltraMonUtility (UltraMon Utility Driver) - c:\program files\common files\realtime soft\ultramonmirrordrv\x32\ultramonutility.sys <Not Verified; Realtime Soft; UltraMon> S3 BTCOMM - c:\windows\system32\drivers\btcomm.sys (file missing) S3 BTKRNBDG (Bluetooth COM Bridge) - c:\windows\system32\drivers\btkrnbdg.sys (file missing) S3 CSRBC01 (%CSRBC01.SvcDesc%) - c:\windows\system32\drivers\csrbc01.sys (file missing) S3 FT8591 (FT8591 Filter) - c:\windows\system32\drivers\ft8591.sys <Not Verified; Compuware Corporation; DriverStudio> S3 KS-959 (Kingsun KS-959 USB Infrared Adapter) - c:\windows\system32\drivers\ks-959.sys <Not Verified; Kingsun Corporation; KSC Infrared Driver.> S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device> S3 vad_multi (Windigo Virtual Audio Device (WDM)) - c:\windows\system32\drivers\vadmulti.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S2 AcrSch2Svc (Acronis Scheduler2 Service) - "c:\program files\common files\acronis\schedule2\schedul2.exe" (file missing) S2 bcserver (Traffic Shaper XP Server) - c:\program files\traffic shaper xp\server\bcserver.service S2 Bonjour Service - c:\program files\gizmo5\mdnsresponder.exe <Not Verified; Apple Computer, Inc.; Bonjour> S2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module> S2 Steganos AntiTheft - c:\windows\system32\\satsrv.exe S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server> S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home> S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-04-22 18:54:04 280 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job 2008-04-22 18:53:32 354 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job 2008-04-18 17:30:13 392 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job -- Files created between 2008-03-24 and 2008-04-24 ----------------------------- 2008-04-24 21:11:17 0 d-------- C:\VundoFix Backups 2008-04-23 21:29:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\HP 2008-04-23 21:28:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\ATI 2008-04-23 21:28:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Realtime Soft 2008-04-23 21:28:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities 2008-04-23 21:28:26 0 dr------- C:\Documents and Settings\Administrator\Favorites 2008-04-23 21:28:26 0 d-------- C:\Documents and Settings\Administrator\Desktop 2008-04-23 21:28:26 0 d--hs---- C:\Documents and Settings\Administrator\Cookies 2008-04-23 21:28:26 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2008-04-23 21:28:26 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2008-04-23 21:28:25 0 d--h----- C:\Documents and Settings\Administrator\Templates 2008-04-23 21:28:25 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2008-04-23 21:28:25 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2008-04-23 21:28:25 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2008-04-23 21:28:25 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2008-04-23 21:28:25 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2008-04-23 21:28:25 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2008-04-23 21:28:25 0 dr------- C:\Documents and Settings\Administrator\My Documents 2008-04-23 21:28:25 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2008-04-23 18:51:39 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Malwarebytes 2008-04-23 18:51:31 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-23 18:51:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-23 18:49:06 0 d--hs---- C:\WINDOWS\CSC 2008-04-23 00:08:22 0 d-------- C:\HJT 2008-04-22 21:00:37 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Symantec 2008-04-22 18:42:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2008-04-22 18:42:14 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Uniblue 2008-04-22 18:41:48 0 d-------- C:\Program Files\Uniblue 2008-04-22 17:41:12 7964 --a------ C:\WINDOWS\system32\djrpojmu.dll 2008-04-22 17:40:14 10752 --a------ C:\WINDOWS\DCEBoot.exe 2008-04-21 23:59:46 200307 --ahs---- C:\WINDOWS\system32\KUENonmp.ini2 2008-04-21 23:59:16 0 d-------- C:\Program Files\Norton Ghost 2008-04-18 01:18:59 0 d-------- C:\Documents and Settings\All Users\Application Data\IM 2008-04-17 22:14:29 0 d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail 2008-04-15 23:29:59 0 d-------- C:\Program Files\Common Files\Pure Networks Shared 2008-04-15 23:29:56 0 d-------- C:\Program Files\Pure Networks 2008-04-05 23:37:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks 2008-04-05 22:20:49 0 d-------- C:\Program Files\SJphone 2008-04-05 19:57:26 57344 --a------ C:\WINDOWS\system32\FaxMonitor.dll <Not Verified; Softroute; Vbuzzer Fax Printer> 2008-04-05 19:57:26 245760 --a------ C:\WINDOWS\system32\FaxHelper.exe <Not Verified; ; FaxHelper ????> 2008-04-05 19:57:24 0 d-------- C:\Program Files\vbuzzer 2008-04-04 22:48:54 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Gizmo5 2008-04-04 22:48:46 0 d-------- C:\Program Files\Gizmo5 2008-04-02 23:18:35 0 d-------- C:\Program Files\Cirond 2008-04-02 22:38:33 0 d-------- C:\Program Files\Spectec 2008-04-02 22:15:28 0 d-------- C:\iPAQ 2008-04-02 17:48:34 0 d-------- C:\Program Files\GOPC 2008-04-01 18:50:08 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Rokario 2008-04-01 18:50:02 0 d-------- C:\Program Files\Bandwidth Monitor 2008-04-01 18:10:51 0 d-------- C:\Program Files\OpenVideoConverter 2008-03-31 19:29:01 0 d-------- C:\Program Files\Aspecto Software 2008-03-31 19:16:00 0 d-------- C:\Program Files\PocketPC 2008-03-30 21:46:26 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE> 2008-03-30 21:44:02 0 d-------- C:\Program Files\Handmark 2008-03-30 21:33:39 0 d-------- C:\Program Files\Astraware 2008-03-30 00:03:18 0 d-------- C:\WINDOWS\IIS Temporary Compressed Files 2008-03-30 00:02:51 0 d-------- C:\WINDOWS\system32\Cache 2008-03-30 00:00:41 0 d-------- C:\Inetpub 2008-03-29 17:10:12 0 d-------- C:\Program Files\Home Ftp Server 2008-03-29 16:41:56 0 d-------- C:\ftproot 2008-03-29 14:32:29 0 d-------- C:\Program Files\File Splitter Deluxe 2008-03-28 23:49:30 0 d-------- C:\Program Files\Steganos Security Suite 2006 2008-03-27 21:40:01 0 d-------- C:\Program Files\Card and Invitation maker -- Find3M Report --------------------------------------------------------------- 2008-04-24 21:19:02 0 d-------- C:\Program Files\PowerISO 2008-04-22 22:36:26 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Skype 2008-04-22 22:19:26 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\skypePM 2008-04-22 00:20:08 0 d-------- C:\Program Files\PeerGuardian2 2008-04-22 00:20:08 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\uTorrent 2008-04-21 23:59:31 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-04-21 23:52:42 0 d-------- C:\Program Files\MagicISO 2008-04-20 18:58:52 56664 --a------ C:\Documents and Settings\Timothy Leung\Application Data\GDIPFONTCACHEV1.DAT 2008-04-19 23:17:28 0 d-------- C:\Program Files\IncrediMail 2008-04-19 17:49:47 0 d-------- C:\Program Files\Image for Windows 2008-04-15 23:30:19 0 d-------- C:\Program Files\DIFX 2008-04-15 23:29:59 0 d-------- C:\Program Files\Common Files 2008-04-13 20:31:03 0 d-------- C:\Program Files\eMule 2008-04-07 23:01:27 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Vso 2008-04-06 16:05:16 0 d-------- C:\Program Files\Skype 2008-04-05 22:42:42 0 d-------- C:\Program Files\Microsoft ActiveSync 2008-03-31 21:53:35 0 d-------- C:\Program Files\MSN Messenger 2008-03-31 21:53:35 0 d-------- C:\Program Files\Messenger Plus! Live 2008-03-23 16:30:13 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-03-19 18:30:57 0 d-------- C:\Program Files\CloneCD 2008-03-19 12:26:47 0 d-------- C:\Program Files\Microsoft Games 2008-03-13 16:50:13 0 d-------- C:\Program Files\Traffic Shaper XP 2008-03-12 21:14:17 0 d-------- C:\Program Files\NetPeeker 2008-03-12 21:07:59 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Locktime 2008-03-09 15:59:06 0 d-------- C:\Program Files\DVD Decrypter 2008-03-09 14:45:37 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Real 2008-03-06 00:51:26 0 d-------- C:\Program Files\Password Revealer 2008-03-06 00:18:21 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\VoipBuster 2008-02-27 23:02:56 0 d-------- C:\Documents and Settings\Timothy Leung\Application Data\Sports Interactive -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3762B068-17B9-45A0-8A6D-BB7CA99A2032}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8037E5A4-DB3A-4A88-AC6B-F90C1D03AE2D}] C:\WINDOWS\system32\rqRLfgHY.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM] "UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [05/14/2005 06:23 PM] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [06/03/2004 01:51 AM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM] "RTHDCPL"="RTHDCPL.EXE" [03/20/2007 11:49 PM C:\WINDOWS\RTHDCPL.exe] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [01/23/2007 02:26 PM] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [06/03/2004 01:50 AM] "BluetoothAuthenticationAgent"="bthprops.cpl" [08/03/2004 09:56 PM C:\WINDOWS\system32\bthprops.cpl] "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [11/17/2006 04:49 PM] "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/16/2002 01:21 PM] "Alcmtr"="ALCMTR.EXE" [05/03/2005 03:43 AM C:\WINDOWS\Alcmtr.exe] "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [03/14/2007 03:42 PM] "Microsoft Updates"="svehost.exe" [] "Norton Ghost 14.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [01/19/2008 08:01 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 02:39 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 09:56 PM] "Softany Monitor Control"="C:\Program Files\Monitor Control\MonitorControl.exe" [08/09/2005 08:13 AM] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [08/21/2007 11:39 PM] "Vbuzzer Messenger"="C:\Program Files\vbuzzer\VBuzzer.exe" [03/13/2008 08:36 AM] "IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [06/19/2006 05:26 PM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "Microsoft Updates"=svehost.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "SSS2006"="C:\Program Files\Steganos Security Suite 2006\SSS2006.exe" -firstboot C:\Documents and Settings\Timothy Leung\Start Menu\Programs\Startup\ APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [7/31/2007 11:37:39 PM] HDDlife.lnk - C:\Program Files\HDDlife\HDDlifePro.exe [11/11/2006 7:07:10 PM] hicdeject.exe [8/2/2004 10:31:00 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM] AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe [7/28/2007 10:33:58 PM] HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"=1 (0x1) "AllowUnhashedWebView"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Beyond TV.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Beyond TV.lnk backup=C:\WINDOWS\pss\Beyond TV.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Timothy Leung^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\Timothy Leung\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] "C:\Program Files\CloneCD\CloneCDTray.exe" /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\Hewlett-Packard\Deskjet F335\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCall Internet Phone] "C:\Program Files\iCall\iCall.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite] C:\Program Files\Skype\TalkAndWrite\talkandwrite.exe /run [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster] "C:\Program Files\VoipBuster\VoipBuster.exe" -nosplash -minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Norton Ghost"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8300 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-04-24 23:32:29 ------------ The Extra.txt info: ---------------------------------START---------------------- Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 3800+ CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 3800+ Percentage of Memory in Use: 34% Physical Memory (total/avail): 1918.41 MiB / 1250.08 MiB Pagefile Memory (total/avail): 3811.65 MiB / 3255.7 MiB Virtual Memory (total/avail): 2047.88 MiB / 1916.04 MiB C: is Fixed (NTFS) - 80 GiB total, 13.76 GiB free. D: is Fixed (NTFS) - 90 GiB total, 50.1 GiB free. E: is Fixed (NTFS) - 35 GiB total, 2.49 GiB free. F: is Fixed (NTFS) - 27.88 GiB total, 0.34 GiB free. G: is CDROM (No Media) H: is CDROM (No Media) \\.\PHYSICALDRIVE0 - WDC WD2500JS-55NCB1 - 232.88 GiB - 4 partitions \PARTITION0 (bootable) - Installable File System - 80 GiB - C: \PARTITION1 - Installable File System - 90 GiB - D: \PARTITION2 - Installable File System - 35 GiB - E: \PARTITION3 - Installable File System - 27.88 GiB - F: -- Security Center ------------------------------------------------------------- AUOptions is set to notify before install. Windows Internal Firewall is disabled. FirstRunDisabled is set. AntiVirusDisableNotify is set. FirewallDisableNotify is set. FW: Norton Internet Worm Protection v2006 (Symantec) Disabled FW: Trend Micro PC-cillin Internet Security (Firewall) v15 (Trend Micro, Inc.) AV: Trend Micro PC-cillin Internet Security 2007 v15.30.1151 (Trend Micro, Inc.) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\iCall\\iCall.exe"="C:\\Program Files\\iCall\\iCall.exe::Enabled:iCall" "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe::Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe::Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe::Enabled:IncrediMail" "C:\\Program Files\\Beyond TV\\BTVRegistrationService.exe"="C:\\Program Files\\Beyond TV\\BTVRegistrationService.exe::Enabled:Beyond TV Registration Service" "C:\\Program Files\\Beyond TV\\BTVWebServiceProxy.exe"="C:\\Program Files\\Beyond TV\\BTVWebServiceProxy.exe::Enabled:Beyond TV Web Service Proxy" "C:\\Program Files\\Beyond TV\\BTVLibraryService.exe"="C:\\Program Files\\Beyond TV\\BTVLibraryService.exe::Enabled:Beyond TV Library Service" "C:\\Program Files\\Beyond TV\\BTVNetworkService.exe"="C:\\Program Files\\Beyond TV\\BTVNetworkService.exe::Enabled:Beyond TV Network Service" "C:\\Program Files\\Beyond TV\\BTVRecordingEngine.exe"="C:\\Program Files\\Beyond TV\\BTVRecordingEngine.exe::Enabled:Beyond TV Recording Engine" "C:\\Program Files\\Beyond TV\\BTVGuideDataLoader.exe"="C:\\Program Files\\Beyond TV\\BTVGuideDataLoader.exe::Enabled:Beyond TV Guide Data Loader" "C:\\Program Files\\Beyond TV\\BTVSettingsService.exe"="C:\\Program Files\\Beyond TV\\BTVSettingsService.exe::Enabled:Beyond TV Settings Service" "C:\\Program Files\\Beyond TV\\BTVTaskManagerService.exe"="C:\\Program Files\\Beyond TV\\BTVTaskManagerService.exe::Enabled:Beyond TV Task Manager Service" "C:\\Program Files\\Beyond TV\\BTVD3DShell.exe"="C:\\Program Files\\Beyond TV\\BTVD3DShell.exe::Enabled:Beyond TV ViewScape" "C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqtra08.exe::Enabled:hpqtra08.exe" "C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqste08.exe::Enabled:hpqste08.exe" "C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpofxm08.exe::Enabled:hpofxm08.exe" "C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hposfx08.exe::Enabled:hposfx08.exe" "C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hposid01.exe::Enabled:hposid01.exe" "C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqscnvw.exe::Enabled:hpqscnvw.exe" "C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqkygrp.exe::Enabled:hpqkygrp.exe" "C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqCopy.exe::Enabled:hpqcopy.exe" "C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpfccopy.exe::Enabled:hpfccopy.exe" "C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpzwiz01.exe::Enabled:hpzwiz01.exe" "C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpoews01.exe::Enabled:hpoews01.exe" "C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\Hewlett-Packard\\Deskjet F335\\Digital Imaging\\bin\\hpqnrs08.exe::Enabled:hpqnrs08.exe" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe::Enabled:Windows Messenger" "C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRegistrationService.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRegistrationService.exe::Enabled:Beyond TV Registration Service" "C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVWebServiceProxy.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVWebServiceProxy.exe::Enabled:Beyond TV Web Service Proxy" "C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVLibraryService.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVLibraryService.exe::Enabled:Beyond TV Library Service" "C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVNetworkService.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVNetworkService.exe::Enabled:Beyond TV Network Service" "C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRecordingEngine.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRecordingEngine.exe::Enabled:Beyond TV Recording Engine" "C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVGuideDataLoader.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVGuideDataLoader.exe::Enabled:Beyond TV Guide Data Loader" "C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVSettingsService.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVSettingsService.exe::Enabled:Beyond TV Settings Service" "C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVTaskManagerService.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVTaskManagerService.exe::Enabled:Beyond TV Task Manager Service" "C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVD3DShell.exe"="C:\\Program Files\\SnapStream Media\\Beyond TV\\BTVD3DShell.exe::Enabled:Beyond TV ViewScape" "C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe::Enabled:Ares" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe::Enabled:µTorrent" "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe::Enabled:Remote Assistance - Windows Messenger and Voice" "C:\\Program Files\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster\\VoipBuster.exe::Enabled:VoipBuster" "C:\\Program Files\\Cerberus FTP server\\Cerberus.exe"="C:\\Program Files\\Cerberus FTP server\\Cerberus.exe::Enabled:Cerberus FTP Server" "C:\\Program Files\\Gizmo5\\mDNSResponder.exe"="C:\\Program Files\\Gizmo5\\mDNSResponder.exe::Enabled:Bonjour" "C:\\Program Files\\Gizmo5\\Gizmo5.exe"="C:\\Program Files\\Gizmo5\\Gizmo5.exe::Enabled:Gizmo5" "C:\\Program Files\\vbuzzer\\VBuzzer.exe"="C:\\Program Files\\vbuzzer\\VBuzzer.exe::Enabled:VBuzzer Messenger" "C:\\Documents and Settings\\Timothy Leung\\Local Settings\\Temp\\Temporary Directory 2 for Incredimail + Patches.zip\\magentic_installBuild 296.exe"="C:\\Documents and Settings\\Timothy Leung\\Local Settings\\Temp\\Temporary Directory 2 for Incredimail + Patches.zip\\magentic_installBuild 296.exe::Enabled:IncrediMail Installer" "C:\\Documents and Settings\\Timothy Leung\\Local Settings\\Temp\\ImInstaller\\Magentic\\magentic_installBuild 296.exe"="C:\\Documents and Settings\\Timothy Leung\\Local Settings\\Temp\\ImInstaller\\Magentic\\magentic_installBuild 296.exe::Enabled:IncrediMail Installer" "C:\\Program Files\\IncrediMail\\bin\\IncMail_old.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail_old.exe::Enabled:IncrediMail" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe::Enabled:Skype" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Timothy Leung\Application Data CLASSPATH=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=LEUNG-38FC9C6D6 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO GTK_BASEPATH=C:\Program Files\Common Files\GTK\2.0 HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Timothy Leung LOGONSERVER=\\LEUNG-38FC9C6D6 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ulead Systems\MPEG;%SystemRoot%;%SystemRoot%\system32;%SystemRoot%\system32\Wbem;C:\Windows\system32\Wbem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=4b02 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip SAFEBOOT_OPTION=NETWORK SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\TIMOTH~1\LOCALS~1\Temp TMP=C:\DOCUME~1\TIMOTH~1\LOCALS~1\Temp ULTRAMON_LANGDIR=C:\Program Files\UltraMon\Resources\en USERDOMAIN=LEUNG-38FC9C6D6 USERNAME=Timothy Leung USERPROFILE=C:\Documents and Settings\Timothy Leung windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- Timothy Leung (admin)* Other Users Administrator (new local, admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER --> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\NuNInst.exe /UNINSTALL --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL 3D Driving-School --> "C:\Games\3D Driving-School\uninstall.exe" 7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe" Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe InDesign CS2 --> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC} Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} Amy --> MsiExec.exe /I{AE2C5C63-8B2A-4889-8443-4E224D685648} AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD" APC PowerChute Personal Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9 Aplus Video To Pocket PC Converter 8.28 --> "C:\Program Files\Aplus Video To Pocket PC Converter\unins000.exe" Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe" Astraware Sudoku for Pocket PC --> C:\Program Files\Astraware\Astraware Sudoku for Pocket PC\uninst.exe ASUSUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9 ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0 ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7} AVI Splitter --> "C:\Program Files\avisplit\unins000.exe" AviSplit Classic Version 1.43 --> "C:\Program Files\AviSplit classic\unins000.exe" Bandwidth Monitor --> "C:\Program Files\Bandwidth Monitor\unins000.exe" Burn To The Brim 2.9.0 --> "C:\Program Files\Burn To The Brim\uninstall.exe" Canon Camera Window for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{093625E3-7B87-49D3-AA53-AD0FCFABAF49} Canon PhotoRecord --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll" Canon Utilities File Viewer Utility 1.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{EF0DD8B7-471C-463B-A298-6066C2FABAF5} Canon Utilities PhotoStitch 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{03CDDD00-BD57-4326-9480-4C74449AF597} Canon Utilities RemoteCapture 2.7 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0} Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2} CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" CD MP3 Burner 2.15 --> "C:\Program Files\CD MP3 Burner\unins000.exe" CDBurnerXP Pro 3 --> MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C} Cheat Engine 5.2 --> "C:\Program Files\Cheat Engine\unins000.exe" CloneCD --> "C:\Program Files\CloneCD\ccd-uninst.exe" /D="C:\Program Files\CloneCD" CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2" ConvertXtoDVD 2.1.5.173 --> "C:\Program Files\ConvertXtoDVD\unins000.exe" Cool & Quiet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\setup.exe" -l0x9 Disk Doctors Instant File Recovery 1.0.1 --> "C:\Program Files\Disk Doctors Instant File Recovery\unins000.exe" DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER Dual-Core Optimizer --> MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF} DVD-lab PRO 1.53 --> "C:\Program Files\DVDlabPro\unins000.exe" DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe" DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe" DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall DVDStyler v1.5.1 --> "C:\Program Files\DVDStyler\unins000.exe" eMule --> "C:\Program Files\eMule\Uninstall.exe" ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe" File Splitter Deluxe (Trial) --> "C:\Program Files\File Splitter Deluxe\unins000.exe" FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe" FLV Player --> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml" FreeUndelete --> C:\Program Files\FreeUndelete\GLF261.exe /handle:fru fring --> C:\Program Files\Microsoft ActiveSync\fring\Uninstall.exe fring Gizmo5 --> C:\Program Files\Gizmo5\uninst.exe GM Hockey 2.1 --> "C:\Games\GM Hockey\unins000.exe" GOPC 3.1 --> N:\GOPC\uninst.exe Grand Theft Auto Vice City --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\Setup.exe" -l0x9 GTK+ 2.8.8 RC2 English --> "C:\Program Files\Common Files\GTK\unins000.exe" Hauppauge English Help Files and Resources --> C:\PROGRA~1\WinTV\UNHLPeng.EXE C:\PROGRA~1\WinTV\WTV2Keng.LOG Hauppauge WinTV Infrared Remote --> C:\PROGRA~1\WinTV\UNir32.EXE C:\PROGRA~1\WinTV\ir32.LOG Hauppauge WinTV Scheduler --> C:\PROGRA~1\WinTV\SCHEDU~1\UNWISE.EXE C:\PROGRA~1\WinTV\SCHEDU~1\INSTALL.LOG Hauppauge WinTV Soft PVR --> C:\PROGRA~1\WinTV\UNSftPVR.EXE C:\PROGRA~1\WinTV\softpvr.LOG Hauppauge WinTV Source Selector --> C:\PROGRA~1\WinTV\UNtvsel.EXE C:\PROGRA~1\WinTV\WINTVsel.LOG Hauppauge WinTV2000 --> C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG HDDlife --> MsiExec.exe /I{E094AAD6-A0A8-4AE3-B4FE-2321D693C73F} High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 1.99.1 --> C:\HJT\HijackThis.exe /uninstall Home Ftp Server 1.4.5.89 --> "C:\Program Files\Home Ftp Server\unins000.exe" HP Imaging Device Functions 7.0 --> C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP OrderReminder --> "C:\Program Files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1018 HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F} HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat HP Solution Center 7.0 --> C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat iCall --> "C:\Program Files\iCall\unins000.exe" Image for Windows 1.70a --> "C:\Program Files\Image for Windows\unins000.exe" IncrediMail Xe --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log Internet Download Manager --> C:\Program Files\Internet Download Manager\Uninstall.exe Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe LaserJet 1018 --> C:\Program Files\Zenographics\{96B4BCBB-EA38-462E-813A-C6C3F44E420D}\setup.exe -u "HPLJInstaller.dll=Hplj1018.inf" Let's Make --> C:\Program Files\Card and Invitation maker\unstall.exe Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8} Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MediaFACE 4.01 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{41979C2F-34B8-4F92-8111-B13C5864682D} /l1033 Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE} Microsoft Flight Simulator 2004 A Century of Flight --> "C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9} Microsoft Picture It! Express 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE130} Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88} Microsoft Virtual PC 2004 --> MsiExec.exe /X{CCCAFDDE-ECEC-4AE4-BD97-047076BBD4A9} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MPEG Splitter version 2.2 --> "C:\Program Files\Mpeg splitter\unins000.exe" MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Need For Speed Hot Pursuit 2 --> C:\Games\EA SPORTS\NFS Hot Pursuit 2\EAUninstall.exe Nero 7 Essentials --> MsiExec.exe /X{AAB93551-3FFE-42B2-8315-96252BBC1033} NeroVision Express 3 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL NetPeeker 2.83 --> C:\Program Files\NetPeeker\uninstall.exe cfg="C:\Program Files\NetPeeker\UNINSTALL.CFG" /all Network Magic --> MsiExec.exe /X{D5773BFA-5967-4A1C-AD0F-FFFD0D13FC36} NHL® 08 --> MsiExec.exe /X{A7AA93B6-6909-4073-B4EC-45CCDEFD4665} NHL07 --> C:\Games\EA SPORTS\NHL07\EAUninstall.exe NJStar Communicator --> "C:\Program Files\NJStar Communicator\Remove.exe" /U:"C:\Program Files\NJStar Communicator\Remove.log" Norton Ghost --> MsiExec.exe /I{B0255743-165B-4BD5-8DA8-37DFB9930014} OCR Software by I.R.I.S 7.0 --> C:\Program Files\Hewlett-Packard\Deskjet F335\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat Open Video Converter version 3.0.1 --> "C:\Program Files\OpenVideoConverter\unins000.exe" Opera 9.22 --> MsiExec.exe /X{7AF56274-3D8C-4CCE-AD7A-25FD4D27B9F3} OptiNet (remove only) --> "C:\Program Files\OptiNet\uninst.exe" OSMEIP Version 0.1 Gamma Edition --> "C:\Program Files\MacEmu\unins000.exe" OutPosted --> "C:\Program Files\OutPosted\unins000.exe" Pamela Basic 4.0 --> C:\Program Files\Pamela\Uninst.exe PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9 PearPC Control Panel --> MsiExec.exe /I{0BFAC643-2440-43E3-8E5A-CA24EC350E0D} PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe" Photo to VCD SVCD DVD Converter 2.1 --> "C:\Program Files\Photo to VCD SVCD DVD Converter\unins000.exe" Photo2VCD Professional --> "C:\Program Files\Photo2VCD Professional\unins000.exe" pocketWiNc --> MsiExec.exe /I{3AC7C227-1346-488C-9D7E-D803CED1EA8A} pocketWinc --> MsiExec.exe /I{DD4BD7B7-C36C-41E2-B2CE-4EA999946496} PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerISO --> "C:\Program Files\PowerISO\uninstall.exe" PPC 2003 - MSN ® Messenger Update --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{CF56B6FC-F26B-4493-802B-2E5EA74DC775} PS to USB convert cable --> C:\PROGRA~1\PSTOUS~1\UNWISE.EXE C:\PROGRA~1\PSTOUS~1\INSTALL.LOG Quick AVI MPEG Joiner v2.0 --> "C:\Program Files\Quick AVI MPEG Joiner\unins000.exe" Quick MPEG Splitter v2.0 --> "C:\Program Files\Quick MPEG Splitter\unins000.exe" QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033 RamBooster --> C:\Program Files\RamBooster 2.0\Uninst.exe /pid:{ADE3CACC-EC31-480C-83A0-587EE60CE8DF} /asd RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 REALTEK GbE & FE Ethernet PCI-E NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe" -l0x9 -removeonly Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly SDP Downloader --> MsiExec.exe /I{B547CB8D-549A-436E-97B5-E79F911B11E2} Shutter --> "C:\Program Files\Shutter\unins000.exe" Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Skype™ for Pocket PC 2.2 --> "C:\Program Files\Skype\Pocket PC\unins000.exe" SnapStream Beyond TV 4.1.0 --> "C:\Program Files\SnapStream Media\Beyond TV\uninstall-btv.exe" Softany Monitor Control 2.04 --> "C:\Program Files\Monitor Control\unins000.exe" Sony Vegas Pro 8.0 --> MsiExec.exe /X{7C9AD221-994C-45B2-B46D-26F5735158CF} Spb Full Screen Keyboard --> C:\Program Files\Microsoft ActiveSync\Spb Full Screen Keyboard\Uninstall.exe Spb Full Screen Keyboard Spb Mobile DVD --> MsiExec.exe /X{A958E835-BDF0-473F-9DC1-0D952C941625} Spectec SDIO WLAN-11b Card for PPC2003 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{81E035F2-E035-411E-9A3B-58D76BB94CC4} /l1033 Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Steganos Security Suite 2006 (8.0.6) --> C:\Program Files\Steganos Security Suite 2006\uninstall.exe SWFText --> C:\PROGRA~1\SWFText\UNWISE.EXE C:\PROGRA~1\SWFText\INSTALL.LOG Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68} Symantec Technical Support Web Controls --> MsiExec.exe /X{DDC63227-BA06-4855-B002-BDB49E9F677E} TalkAndWrite --> "C:\Program Files\Skype\TalkAndWrite\unins000.exe" Text Twist for Pocket PC --> C:\Program Files\Astraware\Text Twist for Pocket PC\uninst.exe TI-Black Link --> C:\PROGRA~1\TIEDUC~1\BLACKL~1\Unwise.exe /U /Z C:\PROGRA~1\TIEDUC~1\BLACKL~1\Install.log TI-Graph Link 83 Plus --> C:\PROGRA~1\TIEDUC~1\TI-GRA~1\UNWISE.EXE /U /Z C:\PROGRA~1\TIEDUC~1\TI-GRA~1\Install.log TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6} TMPGEnc DVD Author 1.5 --> MsiExec.exe /I{F836B31F-4E5C-4DCB-88D7-6F9714B21D83} TMPGEnc MPEG Editor 2.0 --> MsiExec.exe /I{06607A48-98DC-48F9-922F-40FD2D7FF6D1} Traffic Shaper XP Client --> C:\Program Files\Traffic Shaper XP\Client\Uninstall.exe Traffic Shaper XP Server --> C:\Program Files\Traffic Shaper XP\Server\Uninstall.exe TranCreative Remote Keyboard (Desktop and Pocket PC) --> "C:\Program Files\Remote Keyboard\unins000.exe" Trend Micro PC-cillin Internet Security 2007 --> C:\PROGRA~1\TRENDM~1\INTERN~1\remove.exe Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832} Trivial Pursuit® Handheld Edition for Windows Mobile Pocket PC --> C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\Trivial Pursuit for Pocket PC\uninstal.log TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA} Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta" Ultra Video Splitter 3.4.4 --> "C:\Program Files\Ultra Video Splitter\unins000.exe" UltraMon --> MsiExec.exe /I{9CDA9CA7-C5F0-4308-B160-6A477D900D6D} Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe Vbuzzer Messenger --> C:\Program Files\vbuzzer\uninstall.exe WiFiFoFum --> MsiExec.exe /I{F5A7052F-2AF4-4CBA-8951-26B91476BDAB} Win AVI HelixSDK --> "C:\Program Files\WinAVIVideoConverter\HelixSDK\unins000.exe" WinAVIVideoConverter --> "C:\Program Files\WinAVIVideoConverter\unins000.exe" Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_6FE44FCD212D4A086C7BC0C98B9A619782073FB7\amdk8.inf Windows Driver Package - Pure Networks, Inc. Network Magic Device Discovery Driver (03/23/2007 4.1.7082.0) --> rundll32.exe C:\PROGRA~1\DIFX\B7A8D76A63BBE060C656AA54D656BF7D1C31D4C3\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\pnarp_5F686DCD97D2EA9F74BD89FAA7E73B89CD47B120\pnarp.inf Windows Driver Package - Pure Networks, Inc. Network Magic Wireless Driver (03/23/2007 4.1.7082.0) --> rundll32.exe C:\PROGRA~1\DIFX\B7A8D76A63BBE060C656AA54D656BF7D1C31D4C3\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\purendis_9DF8D460DEEF667AF7B1AA85404140673EC025C2\purendis.inf Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Vista Upgrade Advisor --> MsiExec.exe /I{F80BA35D-D1CD-4B8B-8129-9FC918F9D42D} Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe XML Paper Specification Shared Components Pack 1.0 --> XviD MPEG-4 Codec --> "C:\Program Files\XviD\UninstXviD.exe" -- Application Event Log ------------------------------------------------------- Event Record #/Type26514 / Error Event Submitted/Written: 04/24/2008 10:15:45 PM Event ID/Source: 1008 / MsiInstaller Event Description: The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_0_0_1154.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted. Event Record #/Type26513 / Error Event Submitted/Written: 04/24/2008 10:15:40 PM Event ID/Source: 1008 / MsiInstaller Event Description: The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_0_0_1154.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted. Event Record #/Type26510 / Error Event Submitted/Written: 04/24/2008 09:50:09 PM Event ID/Source: 4609 / EventSystem Event Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error. Event Record #/Type26506 / Error Event Submitted/Written: 04/24/2008 09:32:19 PM Event ID/Source: 4609 / EventSystem Event Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error. Event Record #/Type26502 / Error Event Submitted/Written: 04/24/2008 09:23:05 PM Event ID/Source: 1008 / MsiInstaller Event Description: The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_0_0_1154.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type24369 / Error Event Submitted/Written: 04/24/2008 09:50:48 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service PcCtlCom with arguments "-Service" in order to run the server: {5F9DCAF1-2A98-4135-AEFF-8C76B1D7C52C} Event Record #/Type24368 / Error Event Submitted/Written: 04/24/2008 09:50:47 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service PcCtlCom with arguments "-Service" in order to run the server: {5F9DCAF1-2A98-4135-AEFF-8C76B1D7C52C} Event Record #/Type24367 / Error Event Submitted/Written: 04/24/2008 09:50:46 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service PcCtlCom with arguments "-Service" in order to run the server: {5F9DCAF1-2A98-4135-AEFF-8C76B1D7C52C} Event Record #/Type24366 / Error Event Submitted/Written: 04/24/2008 09:50:45 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service PcCtlCom with arguments "-Service" in order to run the server: {5F9DCAF1-2A98-4135-AEFF-8C76B1D7C52C} Event Record #/Type24365 / Error Event Submitted/Written: 04/24/2008 09:50:44 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1084" attempting to start the service PcCtlCom with arguments "-Service" in order to run the server: {5F9DCAF1-2A98-4135-AEFF-8C76B1D7C52C} -- End of Deckard's System Scanner: finished at 2008-04-24 23:32:29 ------------ Thanks very much in advance for your help

Rahina View Member Profile	Apr 25 2008, 03:26 PM Post #2
Security Helper Group: HJT Team Posts: 621 Joined: 6-September 06 From: Finland Member No.: 83,926