Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop Disappears


  • This topic is locked This topic is locked
3 replies to this topic

#1 tyoung76

tyoung76

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 14 April 2008 - 06:44 AM

Hi my name is Tom. I have had this problem for a week now and can't fix it. I have a PC running XP SP2. My desktop will start to disappear & reappear every 10 seconds or so. It only seems to do this in the regular start up mode and not safe mode. When it goes, so does my taskbar and start menu button. I tried running several different spyware/antivirus scans and come up with nothing but some adware and such. Please HELP!!!






-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, April 14, 2008 7:31:48 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/04/2008
Kaspersky Anti-Virus database records: 703073
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 112919
Number of viruses found: 7
Number of infected objects: 37
Number of suspicious objects: 0
Duration of the scan process: 02:05:52

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\My Documents\Downloads\Spyware.Doctor.with.AntiVirus.v5.5.0.212.rar/Spyware.Doctor.with.AntiVirus.v5.5.0.212/Spyware Doctor 5.5.0.21.EXE/data0000.cab/is152079.exe Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Administrator\My Documents\Downloads\Spyware.Doctor.with.AntiVirus.v5.5.0.212.rar/Spyware.Doctor.with.AntiVirus.v5.5.0.212/Spyware Doctor 5.5.0.21.EXE/data0000.cab Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Administrator\My Documents\Downloads\Spyware.Doctor.with.AntiVirus.v5.5.0.212.rar/Spyware.Doctor.with.AntiVirus.v5.5.0.212/Spyware Doctor 5.5.0.21.EXE Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Administrator\My Documents\Downloads\Spyware.Doctor.with.AntiVirus.v5.5.0.212.rar RAR: infected - 3 skipped
C:\Documents and Settings\All Users\Documents\Applications\Super Ad Blocker\SuperAdBlocker_v4.6.0.1000_Incl_Keygen-DIGERATI\SuperAdBlocker.exe/C:\Dokumente und Einstellungen\DG-Base\Desktop\Toolz.exe Infected: Backdoor.Win32.Bifrose.bew skipped
C:\Documents and Settings\All Users\Documents\Applications\Super Ad Blocker\SuperAdBlocker_v4.6.0.1000_Incl_Keygen-DIGERATI\SuperAdBlocker.exe Embedded: infected - 1 skipped
C:\Documents and Settings\All Users\Documents\Applications\Super Ad Blocker\SuperAdBlocker_v4.6.0.1000_Incl_Keygen-DIGERATI\SuperAdBlocker.exe UPX: infected - 1 skipped
C:\Documents and Settings\All Users\Documents\Applications\Super Ad Blocker\SuperAdBlocker_v4.6.0.1000_Incl_Keygen-DIGERATI\SuperAdBlocker.exe PE_Patch.UPX: infected - 1 skipped
C:\Documents and Settings\All Users\Documents\Applications\SuperAdBlocker_v4.6.0.1000_Incl_Keygen.rar/SuperAdBlocker_v4.6.0.1000_Incl_Keygen-DIGERATI/SuperAdBlocker.exe/C:\Dokumente und Einstellungen\DG-Base\Desktop\Toolz.exe Infected: Backdoor.Win32.Bifrose.bew skipped
C:\Documents and Settings\All Users\Documents\Applications\SuperAdBlocker_v4.6.0.1000_Incl_Keygen.rar/SuperAdBlocker_v4.6.0.1000_Incl_Keygen-DIGERATI/SuperAdBlocker.exe Infected: Backdoor.Win32.Bifrose.bew skipped
C:\Documents and Settings\All Users\Documents\Applications\SuperAdBlocker_v4.6.0.1000_Incl_Keygen.rar RAR: infected - 2 skipped
C:\Documents and Settings\All Users\Documents\Applications\Xilisoft\Xilisoft2\x-3gp-video-converter.exe Infected: not-a-virus:FraudTool.Win32.SpywareDetector.d skipped
C:\Documents and Settings\All Users\Documents\Applications\Xilisoft\Xilisoft2\x-audio-converter.exe Infected: not-a-virus:FraudTool.Win32.SpywareDetector.d skipped
C:\Documents and Settings\All Users\Documents\Applications\Xilisoft\Xilisoft2\x-avi-mpeg-converter.exe Infected: not-a-virus:FraudTool.Win32.SpywareDetector.d skipped
C:\Documents and Settings\All Users\Documents\Applications\Xilisoft\Xilisoft2\x-cd-ripper.exe Infected: not-a-virus:FraudTool.Win32.SpywareDetector.d skipped
C:\Documents and Settings\All Users\Documents\Applications\Xilisoft\Xilisoft2\x-dvd-audio-ripper.exe Infected: not-a-virus:FraudTool.Win32.SpywareDetector.d skipped
C:\Documents and Settings\All Users\Documents\Applications\Xilisoft\Xilisoft2\x-dvd-ripper.exe Infected: not-a-virus:FraudTool.Win32.SpywareDetector.d skipped
C:\Documents and Settings\All Users\Documents\Applications\Xilisoft\Xilisoft2\x-ipod-video-converter.exe Infected: not-a-virus:FraudTool.Win32.SpywareDetector.d skipped
C:\Documents and Settings\All Users\Documents\Applications\Xilisoft\Xilisoft2\x-mov-converter.exe Infected: not-a-virus:FraudTool.Win32.SpywareDetector.d skipped
C:\Documents and Settings\All Users\Documents\Applications\Xilisoft\Xilisoft2\x-mp3-wav-converter.exe Infected: not-a-virus:FraudTool.Win32.SpywareDetector.d skipped
C:\Documents and Settings\All Users\Documents\Applications\Xilisoft\Xilisoft2\x-psp-video-converter.exe Infected: not-a-virus:FraudTool.Win32.SpywareDetector.d skipped
C:\Documents and Settings\All Users\Documents\Applications\Xilisoft\Xilisoft2\x-rm-converter.exe Infected: not-a-virus:FraudTool.Win32.SpywareDetector.d skipped
C:\Documents and Settings\All Users\Documents\Applications\Xilisoft\Xilisoft2\x-video-converter.exe Infected: not-a-virus:FraudTool.Win32.SpywareDetector.d skipped
C:\Documents and Settings\All Users\Documents\Applications\Xilisoft\Xilisoft2\x-video-to-audio-converter.exe Infected: not-a-virus:FraudTool.Win32.SpywareDetector.d skipped
C:\Documents and Settings\All Users\Documents\Applications\Xilisoft\Xilisoft2\x-wma-mp3-converter.exe Infected: not-a-virus:FraudTool.Win32.SpywareDetector.d skipped
C:\Documents and Settings\All Users\Documents\My Music\WebrootSpysweep557124.rar/WebrootSpysweep557124/Webroot Spysweeper 5.5.7.124/sspsetup1.EXE/data0000.cab/is152079.exe Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Documents\My Music\WebrootSpysweep557124.rar/WebrootSpysweep557124/Webroot Spysweeper 5.5.7.124/sspsetup1.EXE/data0000.cab Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Documents\My Music\WebrootSpysweep557124.rar/WebrootSpysweep557124/Webroot Spysweeper 5.5.7.124/sspsetup1.EXE Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Documents\My Music\WebrootSpysweep557124.rar RAR: infected - 3 skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\35\663965a3-575d3605/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\35\663965a3-575d3605 ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008041420080415\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF8E0E.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF8E13.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Juniper Networks\Common Files\NCService.log Object is locked skipped
C:\Program Files\RegistrySmart\TCL.dll Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.al skipped
C:\Program Files\RegistrySmart\zlib.dll Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.al skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SEA3058BD.tmp Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\etc\Hosts.bak Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.













Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-14 07:32:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-04-14 11:32:22 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:35:15 AM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.a...mp;bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11635C4A-ECC7-4ED7-A172-FA5D54D3E3EE} - C:\WINDOWS\system32\geBuUlkj.dll (file missing)
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eread7.0\IEeREAD.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealOne Player\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {509D9577-C220-4F88-A470-3F03714A040F} - C:\WINDOWS\system32\nnnnKbaA.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eread7.0\WebHook.dll (file missing)
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Program Neighborhood Agent.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Subscribe with ArchosLink - file://C:\Program Files\Archos\ArchosLink\\script.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.26.12/ttinst.cab
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: geBuUlkj - geBuUlkj.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Lexmark International, Inc. - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 11196 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 SABKUTIL - c:\program files\superadblocker.com\super ad blocker\sabkutil.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 CDRPDACC (Arrowkey Device Access) - c:\program files\321studios\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SABProcEnum - c:\program files\superadblocker.com\super ad blocker\sabprocenum.sys <Not Verified; SuperAdBlocker.com; >
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S1 SABDIFSV - c:\program files\superadblocker.com\super ad blocker\sabdifsv.sys
S3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT®>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 SansaService (Sansa Updater Service) - c:\program files\sandisk\sansa updater\sansasvr.exe

S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) -
S2 SABSVC (Super Ad Blocker Service) - "c:\program files\superadblocker.com\super ad blocker\sabsvc.exe" <Not Verified; SuperAdBlocker.com; Super Ad Blocker Service>
S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-14 03:30:03 426 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job


-- Files created between 2008-03-14 and 2008-04-14 -----------------------------

2008-04-13 23:50:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-13 23:50:51 0 d-------- C:\WINDOWS\LastGood
2008-04-13 23:35:21 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-13 22:29:41 0 d-------- C:\Program Files\Trend Micro
2008-04-13 21:32:33 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-13 21:32:20 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-13 21:32:19 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-04-13 21:11:07 0 d-------- C:\327882R2FWJFW
2008-04-12 12:10:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-04-12 12:06:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-12 11:44:16 0 d-------- C:\Program Files\Spyware Doctor
2008-04-12 11:44:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-04-12 09:37:35 0 d-------- C:\Documents and Settings\Administrator\G-Force
2008-04-11 23:03:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-11 22:04:25 0 d-------- C:\Documents and Settings\Owner\Application Data\RegistrySmart
2008-04-11 22:04:21 0 d-------- C:\Program Files\RegistrySmart
2008-04-10 21:29:00 0 d-------- C:\Program Files\Security Task Manager
2008-04-08 19:44:23 6554 --ahs---- C:\WINDOWS\system32\FPqBKRqr.ini2
2008-04-08 15:12:36 6554 --ahs---- C:\WINDOWS\system32\xxGiQXbc.ini2
2008-04-08 00:05:18 6554 --ahs---- C:\WINDOWS\system32\YGNWHkkj.ini2
2008-04-07 22:53:19 12025856 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-04-07 22:53:18 1273856 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-04-07 22:52:55 20268 --ahs---- C:\WINDOWS\system32\AabKnnnn.ini2
2008-04-07 22:52:51 315632 -----n--- C:\WINDOWS\system32\nnnnKbaA.dll
2008-04-05 15:35:01 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-04 19:37:36 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-04 16:10:10 0 d-------- C:\Program Files\Norton 360
2008-04-04 15:46:42 0 d-------- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
2008-04-04 15:28:12 200 --a------ C:\Delme.bat


-- Find3M Report ---------------------------------------------------------------

2008-04-13 23:45:24 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-13 23:39:48 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-13 21:46:45 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-04-13 21:31:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-11 22:55:59 0 d-------- C:\Program Files\Real
2008-04-10 22:48:58 0 d-------- C:\Program Files\Common Files
2008-04-10 22:26:47 0 d-------- C:\Program Files\ewido anti-spyware 4.0
2008-04-04 22:25:44 0 d-------- C:\Program Files\Best Buy Rhapsody
2008-04-04 19:37:05 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-04-04 16:41:59 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-04-04 15:59:28 0 d-------- C:\Program Files\Yahoo!
2008-04-04 15:59:24 0 d-------- C:\Program Files\UltraISO
2008-04-04 15:59:22 0 d-------- C:\Program Files\support.com
2008-04-04 15:58:53 0 d-------- C:\Program Files\PC MightyMax
2008-04-04 15:58:49 0 d-------- C:\Program Files\OfficeUpdate11
2008-04-04 15:58:42 0 d-------- C:\Program Files\MeggieSoft Games
2008-04-04 15:58:32 0 d-------- C:\Program Files\InstallShield Installation Information
2008-04-04 15:58:22 0 d-------- C:\Program Files\DivX
2008-04-04 15:58:21 0 d-------- C:\Program Files\Compaq Instant Support
2008-04-04 15:58:17 0 d-------- C:\Program Files\Common Files\InterVideo
2008-04-04 15:58:07 0 d-------- C:\Program Files\Audible
2008-04-04 15:32:25 0 d-------- C:\Program Files\Quicken
2008-04-04 15:27:51 0 d-------- C:\Program Files\TaxCut04
2008-04-04 15:22:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-03-08 00:50:18 0 d-------- C:\Program Files\PeerGuardian2
2008-03-07 01:56:35 0 d-------- C:\Program Files\SpywareBlaster
2008-03-02 17:12:57 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-18 23:34:38 3452 --a------ C:\WINDOWS\unins000.dat
2008-02-18 23:33:09 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-18 18:57:44 0 d-------- C:\Program Files\Real Business Solutions


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11635C4A-ECC7-4ED7-A172-FA5D54D3E3EE}]
C:\WINDOWS\system32\geBuUlkj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24F06550-65E3-4D1C-8CFE-839C296B5530}]
C:\Program Files\eread7.0\IEeREAD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{509D9577-C220-4F88-A470-3F03714A040F}]
04/07/2008 10:52 PM 315632 --------- C:\WINDOWS\system32\nnnnKbaA.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A19C29D-ED45-4483-8999-9F939C8161F2}]
C:\Program Files\eread7.0\WebHook.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 08:04 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 12:43 AM]
"AGRSMMSG"="AGRSMMSG.exe" [03/04/2005 12:01 PM C:\WINDOWS\AGRSMMSG.exe]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 10:44 AM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [01/12/2005 02:54 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 04:44 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/08/2006 11:58 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [11/28/2007 08:51 PM]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [04/01/2008 09:41 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/04/2008 07:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperAdBlocker"="C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe" [12/08/2007 05:34 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Program Neighborhood Agent.lnk.disabled [2/10/2008 5:04:31 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [11/07/2006 01:58 PM 77824]
"{11635C4A-ECC7-4ED7-A172-FA5D54D3E3EE}"= C:\WINDOWS\system32\geBuUlkj.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 08/01/2007 10:28 AM 176128 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBuUlkj]
geBuUlkj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnnKbaA.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
"PCMMRealtime"=C:\Program Files\PC MightyMax\pcmm.exe /R
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"mm_server"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe"
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9a85b69-7c0e-11dc-8918-00112f03dd1a}]




-- End of Deckard's System Scanner: finished at 2008-04-14 07:35:53 ------------

eckard's System Scanner v20071014.68
Run by Owner on 2008-04-14 07:32:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-04-14 11:32:22 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:35:15 AM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.a...mp;bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11635C4A-ECC7-4ED7-A172-FA5D54D3E3EE} - C:\WINDOWS\system32\geBuUlkj.dll (file missing)
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eread7.0\IEeREAD.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealOne Player\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {509D9577-C220-4F88-A470-3F03714A040F} - C:\WINDOWS\system32\nnnnKbaA.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eread7.0\WebHook.dll (file missing)
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Program Neighborhood Agent.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Subscribe with ArchosLink - file://C:\Program Files\Archos\ArchosLink\\script.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.26.12/ttinst.cab
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: geBuUlkj - geBuUlkj.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Lexmark International, Inc. - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 11196 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 SABKUTIL - c:\program files\superadblocker.com\super ad blocker\sabkutil.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 CDRPDACC (Arrowkey Device Access) - c:\program files\321studios\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SABProcEnum - c:\program files\superadblocker.com\super ad blocker\sabprocenum.sys <Not Verified; SuperAdBlocker.com; >
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S1 SABDIFSV - c:\program files\superadblocker.com\super ad blocker\sabdifsv.sys
S3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT®>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 SansaService (Sansa Updater Service) - c:\program files\sandisk\sansa updater\sansasvr.exe

S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) -
S2 SABSVC (Super Ad Blocker Service) - "c:\program files\superadblocker.com\super ad blocker\sabsvc.exe" <Not Verified; SuperAdBlocker.com; Super Ad Blocker Service>
S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-14 03:30:03 426 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job


-- Files created between 2008-03-14 and 2008-04-14 -----------------------------

2008-04-13 23:50:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-13 23:50:51 0 d-------- C:\WINDOWS\LastGood
2008-04-13 23:35:21 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-13 22:29:41 0 d-------- C:\Program Files\Trend Micro
2008-04-13 21:32:33 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-13 21:32:20 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-13 21:32:19 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-04-13 21:11:07 0 d-------- C:\327882R2FWJFW
2008-04-12 12:10:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-04-12 12:06:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-12 11:44:16 0 d-------- C:\Program Files\Spyware Doctor
2008-04-12 11:44:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-04-12 09:37:35 0 d-------- C:\Documents and Settings\Administrator\G-Force
2008-04-11 23:03:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-11 22:04:25 0 d-------- C:\Documents and Settings\Owner\Application Data\RegistrySmart
2008-04-11 22:04:21 0 d-------- C:\Program Files\RegistrySmart
2008-04-10 21:29:00 0 d-------- C:\Program Files\Security Task Manager
2008-04-08 19:44:23 6554 --ahs---- C:\WINDOWS\system32\FPqBKRqr.ini2
2008-04-08 15:12:36 6554 --ahs---- C:\WINDOWS\system32\xxGiQXbc.ini2
2008-04-08 00:05:18 6554 --ahs---- C:\WINDOWS\system32\YGNWHkkj.ini2
2008-04-07 22:53:19 12025856 --a------ C:\Documents and Settings\Owner\ntuser.dat
2008-04-07 22:53:18 1273856 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-04-07 22:52:55 20268 --ahs---- C:\WINDOWS\system32\AabKnnnn.ini2
2008-04-07 22:52:51 315632 -----n--- C:\WINDOWS\system32\nnnnKbaA.dll
2008-04-05 15:35:01 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-04 19:37:36 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-04 16:10:10 0 d-------- C:\Program Files\Norton 360
2008-04-04 15:46:42 0 d-------- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
2008-04-04 15:28:12 200 --a------ C:\Delme.bat


-- Find3M Report ---------------------------------------------------------------

2008-04-13 23:45:24 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-13 23:39:48 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-13 21:46:45 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-04-13 21:31:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-11 22:55:59 0 d-------- C:\Program Files\Real
2008-04-10 22:48:58 0 d-------- C:\Program Files\Common Files
2008-04-10 22:26:47 0 d-------- C:\Program Files\ewido anti-spyware 4.0
2008-04-04 22:25:44 0 d-------- C:\Program Files\Best Buy Rhapsody
2008-04-04 19:37:05 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-04-04 16:41:59 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-04-04 15:59:28 0 d-------- C:\Program Files\Yahoo!
2008-04-04 15:59:24 0 d-------- C:\Program Files\UltraISO
2008-04-04 15:59:22 0 d-------- C:\Program Files\support.com
2008-04-04 15:58:53 0 d-------- C:\Program Files\PC MightyMax
2008-04-04 15:58:49 0 d-------- C:\Program Files\OfficeUpdate11
2008-04-04 15:58:42 0 d-------- C:\Program Files\MeggieSoft Games
2008-04-04 15:58:32 0 d-------- C:\Program Files\InstallShield Installation Information
2008-04-04 15:58:22 0 d-------- C:\Program Files\DivX
2008-04-04 15:58:21 0 d-------- C:\Program Files\Compaq Instant Support
2008-04-04 15:58:17 0 d-------- C:\Program Files\Common Files\InterVideo
2008-04-04 15:58:07 0 d-------- C:\Program Files\Audible
2008-04-04 15:32:25 0 d-------- C:\Program Files\Quicken
2008-04-04 15:27:51 0 d-------- C:\Program Files\TaxCut04
2008-04-04 15:22:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-03-08 00:50:18 0 d-------- C:\Program Files\PeerGuardian2
2008-03-07 01:56:35 0 d-------- C:\Program Files\SpywareBlaster
2008-03-02 17:12:57 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-18 23:34:38 3452 --a------ C:\WINDOWS\unins000.dat
2008-02-18 23:33:09 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-18 18:57:44 0 d-------- C:\Program Files\Real Business Solutions


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11635C4A-ECC7-4ED7-A172-FA5D54D3E3EE}]
C:\WINDOWS\system32\geBuUlkj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24F06550-65E3-4D1C-8CFE-839C296B5530}]
C:\Program Files\eread7.0\IEeREAD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{509D9577-C220-4F88-A470-3F03714A040F}]
04/07/2008 10:52 PM 315632 --------- C:\WINDOWS\system32\nnnnKbaA.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A19C29D-ED45-4483-8999-9F939C8161F2}]
C:\Program Files\eread7.0\WebHook.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 08:04 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 12:43 AM]
"AGRSMMSG"="AGRSMMSG.exe" [03/04/2005 12:01 PM C:\WINDOWS\AGRSMMSG.exe]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 10:44 AM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [01/12/2005 02:54 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 04:44 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/08/2006 11:58 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [11/28/2007 08:51 PM]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [04/01/2008 09:41 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/04/2008 07:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperAdBlocker"="C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe" [12/08/2007 05:34 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Program Neighborhood Agent.lnk.disabled [2/10/2008 5:04:31 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [11/07/2006 01:58 PM 77824]
"{11635C4A-ECC7-4ED7-A172-FA5D54D3E3EE}"= C:\WINDOWS\system32\geBuUlkj.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 08/01/2007 10:28 AM 176128 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBuUlkj]
geBuUlkj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnnKbaA.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
"PCMMRealtime"=C:\Program Files\PC MightyMax\pcmm.exe /R
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"mm_server"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe"
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9a85b69-7c0e-11dc-8918-00112f03dd1a}]




-- End of Deckard's System Scanner: finished at 2008-04-14 07:35:53 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 3000+
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 1983.48 MiB / 1455.25 MiB
Pagefile Memory (total/avail): 2506.23 MiB / 2088.62 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.98 MiB

C: is Fixed (NTFS) - 144.96 GiB total, 51.41 GiB free.
D: is Fixed (FAT32) - 4.07 GiB total, 0.69 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600BB-22FTA0 - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 4.08 GiB - D:
\PARTITION1 (bootable) - Installable File System - 144.96 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\InterMute\\SpamSubtract\\SpamSub.exe"="C:\\Program Files\\InterMute\\SpamSubtract\\SpamSub.exe:*:Enabled:SpamSubtract Main Module"
"C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"="C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe:*:Disabled:BackWeb-1940576"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealOne Player"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Documents and Settings\\Owner\\My Documents\\My Downloads\\utorrent.exe"="C:\\Documents and Settings\\Owner\\My Documents\\My Downloads\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=C:\Program Files\Java\j2re1.4.2_10\lib\ext\QTJava.zip
CLIENTNAME=Console
COLLECTIONID=COL8143
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-C8BH3JAGLT
ComSpec=C:\WINDOWS\system32\cmd.exe
CWALTAHOME=C:\Program Files\ContentWatch
FP_NO_HOST_CHECK=NO
HMSERVER=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
ITEMID=dj-22741-15
LANG=1033
LOGONSERVER=\\YOUR-C8BH3JAGLT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
OSVER=winXPH
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_10\lib\ext\QTJava.zip
SESSIONID=1150250882086htx606094e474:10bdcf022d1:-1ce
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SWUTVER=1.0.22.20030804
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TOOLPATH=/C:\Program%20Files\HP\HP%20Software%20Update\install.htm
UPDATEDIR=C:\DOCUME~1\Owner\LOCALS~1\Temp\rad23AB5.tmp
USERDOMAIN=YOUR-C8BH3JAGLT
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
VERSION=3.0.5.001
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\oggcodecs\uninst.exe
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> Dummy
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
--> VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
1Click DVD Copy 5.1.1.5 --> "C:\Program Files\LG Software Innovations\1Click DVD Copy 5\unins000.exe"
1Click DVD Copy Pro 2.4.0.6 --> "C:\Program Files\LG Software Innovations3\1Click DVD Copy Pro\unins000.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Advanced WindowsCare 2.30 Professional --> "C:\Program Files\IObit\Advanced WindowsCare V2 Pro\unins000.exe"
Agere Systems PCI Soft Modem --> agrsmdel
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
ArchosLink --> C:\Program Files\Archos\ArchosLink\uninstall.exe
ArchosLink --> MsiExec.exe /I{6D046EE4-FABB-485B-9D60-76721FF5FBE6}
ArcSoft MediaConverter 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B15D991-5619-4BC1-B71E-3DE793B792FC}\setup.exe" -l0x9
ArcSoft MediaConverter 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFF08881-43E4-4082-91C4-0E17F82E849D}\setup.exe" -l0x9
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Audio Conversion Wizard 1.8 --> "C:\Program Files\LitexMedia\Audio Conversion Wizard\unins000.exe"
Auto Gordian Knot 2.27 --> C:\Program Files\AutoGK\uninst.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Boson NetSim version 5.31 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BEBCB8F9-F6D5-4997-9562-9812CBC4F2E6}
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Compaq Connections --> C:\WINDOWS\BWUnin-6.2.3.66L.exe -AppId 1940576
Compaq Instant Support --> C:\PROGRA~1\COMPAQ~2\UNWISE.EXE C:\PROGRA~1\COMPAQ~2\INSTALL.LOG
ConvertXtoDVD 2.1.5.173 --> "C:\Program Files\vso\ConvertXtoDVD\unins000.exe"
CopyToDVD --> "C:\Program Files\vso\CopyToDVD\unins000.exe"
DataPilot --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\Intel 32\IDriver.exe /M{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Ripper Platinum 4 --> C:\Program Files\Xilisoft\DVD Ripper Platinum 4\Uninstall.exe
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD X Copy Platinum 4.0.3 --> "C:\Program Files\321Studios\Platinum\uninstall.exe"
DVD X Rescue --> C:\PROGRA~1\321STU~1\DVDXRE~1\UNWISE.EXE C:\PROGRA~1\321STU~1\DVDXRE~1\INSTALL.LOG
DVDFab Decrypter 3.0.6.6 Beta --> "C:\Program Files\DVDFab Decrypter 3\unins000.exe"
Easy File Sharing Web Server 4.1 --> "C:\Program Files\Easy File Sharing Web Server\unins000.exe"
Easy Video Converter 6.0.1 --> "C:\Program Files\Easy Video Converter\unins000.exe"
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
EzRecover --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5DE3117D-408C-43C9-A8D2-640EBA8AC3DF}\Setup.exe" -l0x9
FixTunes (remove only) --> "C:\Program Files\Cloudbrain\FixTunes\uninstall.exe"
FLAC Installer 1.1.2a (remove only) --> C:\Program Files\FLAC\uninstall.exe
FLV Converter 3 --> C:\Program Files\Xilisoft\FLV Converter 3\Uninstall.exe
G-Force --> C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Halloween 3D Screensaver 1.0 --> "C:\Program Files\Halloween 3D Screensaver\unins000.exe"
HHD Software Free Hex Editor 3.12 --> "C:\Program Files\HHD Software\Hex Editor 3.x\Uninstaller.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hoyle Card Games 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D361C406-ED11-4A88-AD42-4A749BBAE6F9}\setup.exe" -l0x9 -removeonly
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
ImageMixer VCD/DVD2 for OLYMPUS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
ImTOO AVI MPEG Converter --> C:\Program Files\ImTOO\AVI MPEG Converter 3\Uninstall.exe
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD 7 --> "C:\Program Files\InstallShield Installation Information\{90885A82-9673-49EA-AB39-AF776639C67C}\setup.exe" REMOVEALL
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{872653C6-5DDC-488B-B7C2-CF9E4D9335E5} /l1033
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Juniper Networks Cache Cleaner 5.3.0 --> "C:\Documents and Settings\Owner\Application Data\Juniper Networks\Cache Cleaner 5.3.0\uninstall.exe"
Juniper Networks Host Checker --> "C:\Documents and Settings\Owner\Application Data\Juniper Networks\Host Checker\uninstall.exe"
Juniper Networks Network Connect 6.0.0 --> "C:\Program Files\Juniper Networks\Network Connect 6.0.0\uninstall.exe"
K-Lite Codec Pack 2.83 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Kiplinger's WILLPower --> C:\PROGRA~1\KIPLIN~1\UNWISE.EXE C:\PROGRA~1\KIPLIN~1\INSTALL.LOG
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 510 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBZUN5C.EXE -dLexmark 510 Series
LifeGlobe Sharks, Terrors of the Deep --> "C:\Program Files\Prolific Publishing, Inc.\Sharks\unins000.exe"
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9
Magic ISO Maker v5.3 (build 0216) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MathPlayer --> C:\Program Files\Design Science\MathPlayer\Setup.exe -u
MediaMonkey 3.0 --> "C:\Program Files\MediaMonkey\unins000.exe"
MeggieSoft Games Rummy 500 --> "C:\Program Files\MeggieSoft Games\unins000.exe"
MetaFrame Presentation Server Client --> MsiExec.exe /I{835E7802-6C36-4B93-8051-41652E680A2D}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Outlook Connector for MSN --> MsiExec.exe /X{DC4DD556-DD03-422A-926B-470746D8B50D}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Express 9 --> C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0900}
Microsoft Picture It! Library 9 --> C:\WINDOWS\System32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Encarta Plus Support Files --> MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall
NeroVision Express Content --> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
OLYMPUS Master --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
OpenMG Limited Patch 4.7-07-14-05-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\Intel 32\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PopSubtract --> "C:\Program Files\InterMute\PopSubtract\PopSub.exe" C:\PROGRA~1\INTERM~1\POPSUB~1\STYLES~1\UNWISE.EXE /A C:\PROGRA~1\INTERM~1\POPSUB~1\STYLES~1\INSTALL.LOG
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
PS3 Media Center X 0.92 --> C:\Program Files\Red Kawa\Media Center\uninst.exe
PS3 Video 9 1.94 --> C:\Program Files\Red Kawa\Video Converter\uninst.exe
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Red Kawa File Server 1.1 --> C:\Program Files\Red Kawa\File Server\uninst.exe
RegistrySmart --> MsiExec.exe /X{7D67CA49-560C-4D27-945E-A247E9BE3E59}
Replay Converter 2.31 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Replay Converter\irunin.ini"
Replay Media Catcher --> C:\PROGRA~1\REPLAY~2\UNWISE.EXE C:\PROGRA~1\REPLAY~2\INSTALL.LOG
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RipIt4Me --> C:\Program Files\RipIt4Me\Uninstal.exe
S3 S3Display --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
Sansa Updater --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}\setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SereneScreen Marine Aquarium 2 --> "C:\Program Files\SereneScreen\Marine Aquarium 2\unins000.exe"
SimAQUARIUM2 Tank-1 Screensaver --> "C:\Program Files\SimAQUARIUM2\unins000.exe"
SolarWinds Advanced Subnet Calculator --> C:\PROGRA~1\SOLARW~1\FREETO~1\Installs\UNWISE.EXE C:\PROGRA~1\SOLARW~1\FREETO~1\Installs\SolarWinds-SubnetCalculator.LOG
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic RecordNow! Deluxe --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicStage 4.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Super Ad Blocker --> MsiExec.exe /X{F8BA8B13-856D-4DFB-A28F-7EC868142453}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec Technical Support Web Controls --> MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
Terayon DOCSIS Modem --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C98F2FE6-5AF5-11D6-8209-00D0B701C7B5}\Setup.exe" -l0x9
TMPGEnc DVD Author 1.5 --> MsiExec.exe /I{F836B31F-4E5C-4DCB-88D7-6F9714B21D83}
TMPGEnc DVD Source Creator --> "C:\Program Files\Pegasys Inc\TMPGEnc DVD Source Creator\unins000.exe"
UltimateBet --> C:\PROGRA~1\UltimateBet\UNWISE.EXE C:\PROGRA~1\UltimateBet\INSTALL.LOG
UltraISO V7.56 ME --> "C:\Program Files\UltraISO\unins000.exe"
USB-IrDA Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}\SETUP.EXE" -l0x9
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver --> VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\hg201hp.inf
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
W2 Mate (2007) 4.0 --> "C:\Program Files\Real Business Solutions\W2 Mate (2007)\unins000.exe"
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinDates --> C:\PROGRA~1\WinDates\unwise.exe C:\PROGRA~1\WinDates\install.log
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB898549 --> "C:\WINDOWS\$NtUninstallKB898549$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Documents and Settings\All Users\Documents\Applications\WinZip\WINZIP32.EXE" /uninstall
XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"
XviD MPEG4 Video Codec v1.0.3 (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Music Jukebox --> MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type35819 / Warning
Event Submitted/Written: 04/13/2008 11:46:02 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C

Event Record #/Type35818 / Warning
Event Submitted/Written: 04/13/2008 11:45:31 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C

Event Record #/Type35817 / Error
Event Submitted/Written: 04/13/2008 11:45:23 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
errorFailed unregistering service.

Event Record #/Type35816 / Error
Event Submitted/Written: 04/13/2008 11:41:16 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type35815 / Error
Event Submitted/Written: 04/13/2008 11:35:50 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type285200 / Error
Event Submitted/Written: 04/13/2008 11:48:31 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SABDIFSV service failed to start due to the following error:
%%183

Event Record #/Type285187 / Error
Event Submitted/Written: 04/13/2008 11:48:24 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
SABDIFSV

Event Record #/Type285182 / Error
Event Submitted/Written: 04/13/2008 11:47:03 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type285181 / Error
Event Submitted/Written: 04/13/2008 11:46:13 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type285178 / Error
Event Submitted/Written: 04/13/2008 11:46:13 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126



-- End of Deckard's System Scanner: finished at 2008-04-14 07:35:53 ------------

Directories/Files moved to C:\Deckard\System Scanner\backup

2008-04-08 19:59:55 0 d-------- C:\DOCUME~1\Owner\LOCALS~1\Temp\BP1.1.0.38
2008-04-10 22:50:54 26052 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\ccEvtPlg-0x06E4.log
2008-04-11 12:05:59 21364 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\dd_depcheck_NETFX20_EXP_35.txt
2008-04-11 12:05:53 2 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\dd_dotnetfx20error.txt
2008-04-11 12:08:53 66770 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\dd_dotnetfx20install.txt
2008-04-11 12:08:49 17993444 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\dd_NET_Framework20_Setup2EAE.txt
2008-04-11 12:04:41 596 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\hpzcoi00.log
2008-04-11 12:04:44 596 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\hpzcoi01.log
2008-04-11 14:40:04 596 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\hpzcoi02.log
2008-04-11 14:40:08 596 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\hpzcoi03.log
2008-04-11 14:40:35 596 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\hpzcoi04.log
2008-04-11 14:40:35 596 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\hpzcoi05.log
2008-04-11 15:50:57 596 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\hpzcoi06.log
2008-04-11 15:51:01 596 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\hpzcoi07.log
2008-04-11 15:51:22 596 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\hpzcoi08.log
2008-04-11 15:51:22 596 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\hpzcoi09.log
2008-04-12 22:04:06 0 d-------- C:\DOCUME~1\Owner\LOCALS~1\Temp\hsperfdata_Owner
2008-04-10 22:49:00 2600 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\IDSinst.LOG
2008-04-12 22:04:28 12024 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\jar_cache18213.tmp
2008-04-11 21:50:06 12024 -----n--- C:\DOCUME~1\Owner\LOCALS~1\Temp\jar_cache47440.tmp
2008-04-12 22:04:25 832 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\java_install_reg.log
2008-02-02 16:18:02 0 dr-hs---- C:\DOCUME~1\Owner\LOCALS~1\Temp\Juniper Networks
2008-04-14 00:27:16 0 d-------- C:\DOCUME~1\Owner\LOCALS~1\Temp\KAV Updater update files
2008-04-10 22:49:25 6707888 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\Norton 360 4-10-2008 22h42m20s.log
2008-04-04 16:14:14 8429964 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\Norton 360 4-4-2008 16h6m36s.log
2008-04-10 22:52:03 4879940 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\Norton Add-on Pack 4-10-2008 22h49m27s.log
2008-04-04 15:37:12 2186918 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\Norton Add-on Pack 4-4-2008 15h35m39s.log
2008-04-04 22:15:50 4876776 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\Norton Add-on Pack 4-4-2008 22h14m6s.log
2008-04-04 15:42:13 9973532 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\Norton Internet Security 2008 Uninstall 4-4-2008 15h34m4s.log
2008-04-10 22:52:08 109222 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\Norton Setup 1,1,0 4-10-2008 22h49m26s.log
2008-04-04 22:23:15 129794 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\Norton Setup 1,1,0 4-4-2008 22h14m4s.log
2008-04-10 23:53:58 300792 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\Norton Setup 1,3,0 4-10-2008 22h42m15s.log
2008-04-04 15:18:14 41444 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\Norton Setup 1,3,0 4-4-2008 15h17m53s.log
2008-04-04 16:14:54 310084 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\Norton Setup 1,3,0 4-4-2008 16h6m30s.log
2008-04-04 15:34:00 28418 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\Norton Setup 15,0,0 4-4-2008 15h33m12s.log
2008-04-04 15:43:29 1125660 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\Norton Setup 15,0,0 4-4-2008 15h34m3s.log
2008-04-04 15:37:30 134804 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\Norton Setup 2,0,0 4-4-2008 15h35m38s.log
2008-04-04 15:44:11 5640 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\Norton Setup 2,0,0 4-4-2008 15h44m2s.log
2008-04-04 15:18:15 1766 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\Norton Stub 3,9,0 4-4-2008 15h17m38s.log
2008-04-04 16:14:54 1766 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\Norton Stub 3,9,0 4-4-2008 16h6m25s.log
2008-04-11 21:57:03 81441 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\Setup Log 2008-04-11 #001.txt
2008-04-10 22:49:11 5188 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\SNDunin.log
2008-04-05 00:22:47 588 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\srtspse.dat
2008-04-05 00:22:47 2204 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\srtspso.dat
2008-04-08 22:48:59 524 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\srtspsp.dat
2008-04-10 22:46:20 9696 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\srtUnin.log
2008-04-10 22:49:17 13775 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\SYMEVENT.LOG
2008-04-10 22:47:17 1174664 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\SymLCSVC.EXE <Verified; Symantec Corporation; Symantec Core Component>
2008-04-11 12:08:53 2362 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\uxeventlog.txt
2008-04-11 21:56:13 1466 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\wmplog00.sqm
2008-04-12 15:23:24 1466 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\wmplog01.sqm
2008-04-13 23:48:29 0 d-------- C:\DOCUME~1\Owner\LOCALS~1\Temp\WPDNSE
2008-04-13 22:37:29 114688 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF308.tmp
2008-04-13 12:00:15 114688 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF3BB5.tmp
2008-04-11 22:04:49 245760 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF6EB.tmp
2008-04-12 15:03:29 114688 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF7BC5.tmp
2008-04-11 22:47:42 114688 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF8BD0.tmp
2008-04-13 23:49:34 16384 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF8E0E.tmp
2008-04-13 23:49:34 512 --a-----t C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF8E13.tmp
2008-04-13 22:29:44 114688 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF9F6E.tmp
2008-04-12 13:10:38 114688 --a------ C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFD6B4.tmp
2008-04-13 00:35:47 0 d--hs---- C:\WINDOWS\temp\Cookies
2008-04-13 00:35:47 0 d--hs---- C:\WINDOWS\temp\History
2008-04-13 00:35:14 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_e54.dat
2008-04-13 00:35:47 0 d--hs---- C:\WINDOWS\temp\Temporary Internet Files
2008-04-13 23:48:04 255 --a------ C:\WINDOWS\temp\WGAErrLog.txt
2008-04-13 23:48:45 409 --a------ C:\WINDOWS\temp\WGANotify.settings
2006-04-11 17:10:10 135168 --a------ C:\WINDOWS\Downloaded Program Files\asinst.dll <Not Verified; Panda Software; ActiveScan>
2005-04-27 09:43:34 202352 --a------ C:\WINDOWS\Downloaded Program Files\avsniff.dll <Verified; Symantec Corporation; Symantec Security Check>
2005-04-27 09:43:34 198256 --a------ C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll <Verified; TODO: <Company name>; TODO: <Product name>>
2007-03-13 15:47:06 325232 --a------ C:\WINDOWS\Downloaded Program Files\clt05PIN.dll <Verified; Symantec Corporation; Norton Vista Upgrade Wizard>
2007-03-13 15:47:04 177776 --a------ C:\WINDOWS\Downloaded Program Files\clt06PIN.dll <Verified; Symantec Corporation; Norton Vista Upgrade Wizard>
2006-10-23 11:37:28 241664 --a------ C:\WINDOWS\Downloaded Program Files\cpcScan.dll <Not Verified; Crucial Technology, Inc.; cpcScan>
2005-07-31 16:09:45 610304 --a------ C:\WINDOWS\Downloaded Program Files\DiagCollectionControl.dll <Not Verified; Musicmatch, Inc.; Diagnostic Collection ActiveX control>
2005-04-27 09:37:52 42112 --a------ C:\WINDOWS\Downloaded Program Files\ecmldr32.dll <Verified; Symantec Corp.; ECOM Loader>
2005-05-04 01:00:00 210552 --a------ C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll <Verified; Symantec Corporation; ECOM Server>
2006-06-15 19:33:54 1132192 --a------ C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll <Verified; eBay, Inc.; Picture Manager, Wells and Layout>
2006-06-20 15:44:04 379704 --a------ C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll <Verified; Microsoft® Corporation; MSN Photo Upload Control>
2005-04-27 09:39:24 201896 --a------ C:\WINDOWS\Downloaded Program Files\navapi32.dll <Verified; Symantec Corp.; NAVAPI>
2005-05-04 01:00:00 124576 --a------ C:\WINDOWS\Downloaded Program Files\naveng32.dll <Verified; Symantec Corporation; Symantec Antivirus Engine>
2005-05-04 01:00:00 685728 --a------ C:\WINDOWS\Downloaded Program Files\navex32a.dll <Verified; Symantec Corporation; Symantec Antivirus Engine>
2007-03-13 15:47:00 333424 --a------ C:\WINDOWS\Downloaded Program Files\nprdtinf.dll <Verified; Symantec Corporation; Norton Vista Upgrade Wizard>
2006-06-20 15:44:02 117560 --a------ C:\WINDOWS\Downloaded Program Files\PURen-us.dll <Verified; Microsoft® Corporation; MSN Photo Upload Control>
2006-05-17 15:32:42 161480 --a------ C:\WINDOWS\Downloaded Program Files\rufsi.dll <Verified; Symantec Corporation; Symantec Security Check>
2006-12-06 10:11:48 224768 --a------ C:\WINDOWS\Downloaded Program Files\symdlmgr.dll <Not Verified; Symantec Corporation; Symantec Shared Components>
2004-12-10 03:51:34 413696 --a------ C:\WINDOWS\Downloaded Program Files\ttinst.dll <Not Verified; Walt Disney Co.; >

-*- End of Logfile -*-

BC AdBot (Login to Remove)

 


#2 tyoung76

tyoung76
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 16 April 2008 - 08:44 PM

:thumbsup: Hello, is anybody out there!!!! : }

Edited by tyoung76, 16 April 2008 - 08:47 PM.


#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:42 AM

Posted 23 April 2008 - 09:12 PM

Hello tyoung76,

Welcome to Bleeping Computer :blink:

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:42 AM

Posted 03 May 2008 - 11:11 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users