I have the following issue pop up with Kaspersky Labs's scan:

will be deleted when the computer is restarted: Trojan program Backdoor.Win32.Agent.dpw File: C:\WINDOWS\SysWOW64\wbcmgr.exe

I'm pretty sure it's the MSN "Check my Profile" virus... But I've seen nothing about how to actually get rid of it once and for all. K-Labs hasn't been effective in 2 weeks+, and there is no online info regarding how to terminate it manually.

It says the file will be deleted on next reboot... But if it is, then the file re-creates itself, including the virus/Trojan. It's come down to uninstalling MSN (since it will auto-spam my list with the "Check my Profile" message, spreading the virus/trojan)... Which, of course, is not long-term solution.

Any advice would be greatly appreciated!

- Jason

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Please download SmitFraudFix from this link:

SmitfraudFix

Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Open SmitfraudFix, and choose Option 4 to check for updates and download any updates. Then exit SmitfraudFix.

Now, reboot your computer in Safe Mode by doing the following :
Restart your computer.
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Well, followed the instructions to the letter (as far as I can tell [;-)... But K-Labs still says I have Backdoor.Win32.Agent.dpw in file c:\windows\syswow64\wbcmgr.exe

I did successfully lose my desktop picture though [:-P

Attached are the Log Files from HiJack, Sm!t-Option1 & Sm!t-Option2 (SafeMode)

I look forward to someone ELSE trying to make heads & tails of this mess!

- Jason

PS. K-Labs notification attached (image).

PPS. In analyzing the HiJack file, it errors on my Program locations. In reality, G: is Games, H: is Programs and I: is Internet... So these are the correct locations.

=============================================================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:29 AM, on 3/7/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
I:\AdAware\aawservice.exe
H:\Utilities\APCPower\mainserv.exe
I:\Kaspersky7\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\SysWOW64\PSIService.exe
h:\Programs\ProShow3\ScsiAccess.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
H:\Utilities\WeatherEye\WeatherEye.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
H:\Utilities\Daemon\daemon.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
I:\Kaspersky7\avp.exe
H:\Utilities\AtomicClock\Atomic.exe
C:\WINDOWS\irfnga.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\wbcmgr.exe
H:\Utilities\Logitech\Setpoint\SetPoint\x86\SetPoint32.exe
H:\Utilities\APCPower\apcsystray.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
G:\HMM5\bin\H5_Game.exe
I:\Firefox\firefox.exe
C:\Documents and Settings\Jason\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tvgrapevine.com/index.php?op...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?Lin...
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Wbcmgr] wbcmgr.exe
O4 - HKLM\..\Run: [AVP] "I:\Kaspersky7\avp.exe"
O4 - HKLM\..\Run: [Windows Relay Service] irfnga.exe
O4 - HKLM\..\Run: [Atomic.exe] H:\Utilities\AtomicClock\Atomic.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKLM\..\RunServices: [Windows Relay Service] irfnga.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] H:\Utilities\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [LaunchList] H:\Programs\Pinnacle11\LaunchList2.exe
O4 - HKCU\..\Run: [System Services Monitor] C:\WINDOWS\system32\wbcmgr.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Utilities\Daemon\daemon.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = H:\Utilities\APCPower\Display.exe
O4 - Global Startup: Logitech SetPoint.lnk = H:\Utilities\Logitech\Setpoint\SetPoint\SetPoint.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Append to existing PDF - res://H:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://H:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://H:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://H:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://H:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://H:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://H:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://H:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\Programs\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Programs\OFFICE~1\OFFICE11\REFIEBAR.DLL
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - I:\AdAware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - H:\Utilities\APCPower\mainserv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - I:\Kaspersky7\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - H:\Utilities\Diskeeper2K8\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\SysWOW64\drivers\pclepci.sys
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\SysWOW64\PSIService.exe
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - h:\Programs\ProShow3\ScsiAccess.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 10418 bytes

=============================================================================================================

SmitFraudFix v2.300

Scan done at 0:04:39.00, Fri 03/07/2008
Run from C:\Documents and Settings\Jason\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 5.2.3790] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
I:\AdAware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
H:\Utilities\APCPower\mainserv.exe
I:\Kaspersky7\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
H:\Utilities\Diskeeper2K8\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc64.exe
C:\WINDOWS\SysWOW64\PSIService.exe
h:\Programs\ProShow3\ScsiAccess.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
H:\Utilities\WeatherEye\WeatherEye.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
H:\Utilities\Daemon\daemon.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
I:\Kaspersky7\avp.exe
H:\Utilities\AtomicClock\Atomic.exe
C:\WINDOWS\irfnga.exe
H:\Utilities\Logitech\Setpoint\SetPoint\SetPoint.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\wbcmgr.exe
H:\Utilities\Logitech\Setpoint\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
H:\Utilities\APCPower\apcsystray.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\cidaemon.exe
G:\HMM5\bin\H5_Game.exe
C:\WINDOWS\system32\LMabcoms.exe
I:\Firefox\firefox.exe
C:\Documents and Settings\Jason\Desktop\HiJackThis.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jason

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jason\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jason\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="lsass.exe"

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller - Packet Scheduler Miniport
DNS Server Search Order: 199.185.220.36
DNS Server Search Order: 199.185.220.52
DNS Server Search Order: 198.80.55.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{54210A4A-257F-4708-9768-F64D1A8EBC25}: DhcpNameServer=199.185.220.36 199.185.220.52 198.80.55.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{54210A4A-257F-4708-9768-F64D1A8EBC25}: DhcpNameServer=199.185.220.36 199.185.220.52 198.80.55.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{54210A4A-257F-4708-9768-F64D1A8EBC25}: DhcpNameServer=199.185.220.36 199.185.220.52 198.80.55.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=199.185.220.36 199.185.220.52 198.80.55.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=199.185.220.36 199.185.220.52 198.80.55.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=199.185.220.36 199.185.220.52 198.80.55.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

=============================================================================================================

SmitFraudFix v2.300

Scan done at 0:19:08.92, Fri 03/07/2008
Run from C:\Documents and Settings\Jason\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 5.2.3790] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{54210A4A-257F-4708-9768-F64D1A8EBC25}: DhcpNameServer=199.185.220.36 199.185.220.52 198.80.55.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{54210A4A-257F-4708-9768-F64D1A8EBC25}: DhcpNameServer=199.185.220.36 199.185.220.52 198.80.55.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{54210A4A-257F-4708-9768-F64D1A8EBC25}: DhcpNameServer=199.185.220.36 199.185.220.52 198.80.55.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=199.185.220.36 199.185.220.52 198.80.55.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=199.185.220.36 199.185.220.52 198.80.55.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=199.185.220.36 199.185.220.52 198.80.55.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="lsass.exe"

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

'chcp.com' is not recognized as an internal or external command,
operable program or batch file.

Please wait.
ComboFix is preparing to run.

===============================================================

After this it says that it is preparing to run and that it could take 10 mins, and not to close the window... Well, the window closes itself, and it's no longer a running process.

I apologize for the inconvenience, but this doesn't appear to be working - although it did succeed in toasting my Internet connection [;-)

- J

Go to start> run> type in combofix /u (there must be a space after combofix) then press ok.

This will unistall combofix.

Set up the computer to view hidden files:
To show hidden files do the following:
Click Start > My Computer
On the Tools menu, click Folder Options.
Click the View tab.
Uncheck Hide file extensions for known file types.
Uncheck Hide protected operating system files.
Under the Hidden files folder, locate and check Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply > OK.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Now from safe mode navigate to and delete these files if found:

C:\WINDOWS\irfnga.exe
C:\Windows\svehost.exe

While still in safe mode do a search for svehost.exe and delete all instances of it.

Reboot into normal mode, download a new copy of combofix, run a scan and post the results.

There were no 'irfnga' or 'svehost' files anywhere on my drive. And there was no change in result from uninstalling & reinstalling ComboFix (first instance from Link 1, second download from Link 3) made no change in the result, as:
'chcp.com' is not recognized as an internal or external command

and the window self-terminates after it says it could run for 10 minutes. About all it seems to do successfully is terminate my online connection.

Could it be an x64 issue?

- J

No, its a baddie.

Download SDFix to your desktop from the following link:

SDFix.exe.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt.

Please download Deckard’s Syatem Scanner (dss): Copy the following bolded address into your browser.
http://www.techsupportforum.com/sec...
Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

SDFix closes within a 1/2 second of running RunThis.bat (from the C:\SDFix folder).

Catchme.log generates this:

detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error

Here are the DSS logs:
Deckard's System Scanner v20071014.68
Run by Jason on 2008-03-21 10:53:26
Computer is in Normal Mode.
----------------------

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as J

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55, on 2008-03-21
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
I:\AdAware\aawservice.exe
H:\Utilities\APCPower\mainserv.exe
I:\Kaspersky7\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\SysWOW64\PSIService.exe
h:\Programs\ProShow3\ScsiAccess.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
H:\Utilities\WeatherEye\WeatherEye.exe
H:\Utilities\Daemon\daemon.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
I:\Kaspersky7\avp.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\irfnga.exe
H:\Utilities\AtomicClock\Atomic.exe
C:\WINDOWS\system32\wbcmgr.exe
H:\Utilities\Logitech\Setpoint\SetPoint\x86\SetPoint32.exe
H:\Utilities\APCPower\apcsystray.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
I:\Firefox\firefox.exe
C:\Documents and Settings\Jason\Desktop\Virus\dss.exe
C:\DOCUME~1\Jason\Desktop\Virus\Jason.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?Lin...
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Wbcmgr] wbcmgr.exe
O4 - HKLM\..\Run: [AVP] "I:\Kaspersky7\avp.exe"
O4 - HKLM\..\Run: [Windows Relay Service] irfnga.exe
O4 - HKLM\..\Run: [Atomic.exe] H:\Utilities\AtomicClock\Atomic.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKLM\..\RunServices: [Windows Relay Service] irfnga.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] H:\Utilities\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [LaunchList] H:\Programs\Pinnacle11\LaunchList2.exe
O4 - HKCU\..\Run: [System Services Monitor] C:\WINDOWS\system32\wbcmgr.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Utilities\Daemon\daemon.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = H:\Utilities\APCPower\Display.exe
O4 - Global Startup: Logitech SetPoint.lnk = H:\Utilities\Logitech\Setpoint\SetPoint\SetPoint.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Append to existing PDF - res://H:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://H:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://H:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://H:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://H:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://H:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://H:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://H:\Programs\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\Programs\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Programs\OFFICE~1\OFFICE11\REFIEBAR.DLL
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - D:\Quicken\Quicktax07\ic2007pp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - I:\AdAware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - H:\Utilities\APCPower\mainserv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - I:\Kaspersky7\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - H:\Utilities\Diskeeper2K8\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\SysWOW64\drivers\pclepci.sys
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\SysWOW64\PSIService.exe
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - h:\Programs\ProShow3\ScsiAccess.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 10291 bytes

-- File Associat------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys (file missing)
R0 atapi (Standard IDE/ESDI Hard Disk Controller) - c:\windows\system32\drivers\atapi.sys (file missing)
R0 Compbatt (Microsoft Composite Battery Driver) - c:\windows\system32\drivers\compbatt.sys (file missing)
R0 crcdisk (CRC Disk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing)
R0 Disk (Disk Driver) - c:\windows\system32\drivers\disk.sys (file missing)
R0 dmio (Logical Disk Manager Driver) - c:\windows\system32\drivers\dmio.sys (file missing)
R0 dmload - c:\windows\system32\drivers\dmload.sys (file missing)
R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
R0 Ftdisk (Volume Manager Driver) - c:\windows\system32\drivers\ftdisk.sys (file missing)
R0 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing)
R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing)
R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing)
R0 Mup - c:\windows\system32\drivers\mup.sys (file missing)
R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing)
R0 ohci1394 (VIA OHCI Compliant IEEE 1394 Host Controller) - c:\windows\system32\drivers\ohci1394.sys (file missing)
R0 PartMgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing)
R0 PCI (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys (file missing)
R0 PCIIde - c:\windows\system32\drivers\pciide.sys (file missing)
R0 PxHlpa64 - c:\windows\system32\drivers\pxhlpa64.sys (file missing)
R0 sptd - c:\windows\system32\drivers\sptd.sys (file missing)
R0 sr (System Restore Filter Driver) - c:\windows\system32\drivers\sr.sys (file missing)
R0 VolSnap (Storage volumes) - c:\windows\system32\drivers\volsnap.sys (file missing)
R1 AFD - c:\windows\system32\drivers\afd.sys (file missing)
R1 Beep - c:\windows\system32\drivers\beep.sys (file missing)
R1 Cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys (file missing)
R1 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys (file missing)
R1 Fips - c:\windows\system32\drivers\fips.sys (file missing)
R1 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing)
R1 imapi (CD-Burning Filter Driver) - c:\windows\system32\drivers\imapi.sys (file missing)
R1 IPSec (IPSEC driver) - c:\windows\system32\drivers\ipsec.sys (file missing)
R1 Kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys (file missing)
R1 kbdhid (Keyboard HID Driver) - c:\windows\system32\drivers\kbdhid.sys (file missing)
R1 mnmdd - c:\windows\system32\drivers\mnmdd.sys (file missing)
R1 Mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys (file missing)
R1 MRxSmb - c:\windows\system32\drivers\mrxsmb.sys (file missing)
R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing)
R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing)
R1 NetBT (NetBios over Tcpip) - c:\windows\system32\drivers\netbt.sys (file missing)
R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing)
R1 Null - c:\windows\system32\drivers\null.sys (file missing)
R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing)
R1 Rdbss - c:\windows\system32\drivers\rdbss.sys (file missing)
R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing)
R1 redbook (Digital CD Audio Playback Filter Driver) - c:\windows\system32\drivers\redbook.sys (file missing)
R1 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing)
R1 VgaSave (VGA Display Controller.) - c:\windows\system32\drivers\vga.sys (file missing)
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys (file missing)
R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys (file missing)
R2 Secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing)
R3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys (file missing)
R3 AEAudio (AE Audio Service) - c:\windows\system32\drivers\aeaudio.sys (file missing)
R3 Arp1394 (1394 ARP Client Protocol) - c:\windows\system32\drivers\arp1394.sys (file missing)
R3 audstub (Audio Stub Driver) - c:\windows\system32\drivers\audstub.sys (file missing)
R3 Fdc (Floppy Disk Controller Driver) - c:\windows\system32\drivers\fdc.sys (file missing)
R3 Flpydisk (Floppy Disk Driver) - c:\windows\system32\drivers\flpydisk.sys (file missing)
R3 Gpc (Generic Packet Classifier) - c:\windows\system32\drivers\msgpc.sys (file missing)
R3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - c:\windows\system32\drivers\hdaudbus.sys (file missing)
R3 hidusb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys (file missing)
R3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
R3 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
R3 IpNat (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing)
R3 ksthunk (Kernel Streaming WOW64 Thunk Service) - c:\windows\system32\drivers\ksthunk.sys (file missing)
R3 L8042Kbd (SetPoint Keyboard Driver) - c:\windows\system32\drivers\l8042kbd.sys (file missing)
R3 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys (file missing)
R3 MRxDAV (WebDav Client Redirector) - c:\windows\system32\drivers\mrxdav.sys (file missing)
R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing)
R3 MTsensor (ATK0110 ACPI UTILITY) - c:\windows\system32\drivers\asacpi.sys (file missing)
R3 NdisTapi (Remote Access NDIS TAPI Driver) - c:\windows\system32\drivers\ndistapi.sys (file missing)
R3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing)
R3 NdisWan (Remote Access NDIS WAN Driver) - c:\windows\system32\drivers\ndiswan.sys (file missing)
R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing)
R3 NIC1394 (1394 Net Driver) - c:\windows\system32\drivers\nic1394.sys (file missing)
R3 nv - c:\windows\system32\drivers\nv4_mini.sys (file missing)
R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing)
R3 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\psched.sys (file missing)
R3 Ptilink (Direct Parallel Link Driver) - c:\windows\system32\drivers\ptilink.sys (file missing)
R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing)
R3 RasPppoe (Remote Access PPPOE Driver) - c:\windows\system32\drivers\raspppoe.sys (file missing)
R3 Raspti (Direct Parallel) - c:\windows\system32\drivers\raspti.sys (file missing)
R3 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing)
R3 SenFiltService (SenFilt Service) - c:\windows\system32\drivers\senfilt.sys (file missing)
R3 Srv - c:\windows\system32\drivers\srv.sys (file missing)
R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys (file missing)
R3 sysaudio (Microsoft Kernel System Audio Device) - c:\windows\system32\drivers\sysaudio.sys (file missing)
R3 Update (Microcode Update Driver) - c:\windows\system32\drivers\update.sys (file missing)
R3 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys (file missing)
R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys (file missing)
R3 usbhub (Microsoft USB Standard Hub Driver) - c:\windows\system32\drivers\usbhub.sys (file missing)
R3 usbuhci (Microsoft USB Universal Host Controller Miniport Driver) - c:\windows\system32\drivers\usbuhci.sys (file missing)
R3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
R3 wdmaud (Microsoft WINMM WDM Audio Compatibility Driver) - c:\windows\system32\drivers\wdmaud.sys (file missing)
R3 yukonx64 (NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller) - c:\windows\system32\drivers\yk51x64.sys (file missing)
R4 Cdfs - c:\windows\system32\drivers\cdfs.sys (file missing)
R4 Fastfat - c:\windows\system32\drivers\fastfat.sys (file missing)
R4 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing)

S1 Sfloppy - c:\windows\system32\drivers\sfloppy.sys (file missing)
S2 Serial - c:\windows\system32\drivers\serial.sys (file missing)
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
S3 aec (Microsoft Kernel Acoustic Echo Canceller) - c:\windows\system32\drivers\aec.sys (file missing)
S3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys (file missing)
S3 Atmarpc (ATM ARP Client Protocol) - c:\windows\system32\drivers\atmarpc.sys (file missing)
S3 HidBatt (HID UPS Battery Driver) - c:\windows\system32\drivers\hidbatt.sys (file missing)
S3 Ip6Fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)
S3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys (file missing)
S3 IpInIp (IP in IP Tunnel Driver) - c:\windows\system32\drivers\ipinip.sys (file missing)
S3 IRENUM (IR Enumerator Service) - c:\windows\system32\drivers\irenum.sys (file missing)
S3 kmixer (Microsoft Kernel Wave Audio Mixer) - c:\windows\system32\drivers\kmixer.sys (file missing)
S3 LHidFilt (Logitech SetPoint KMDF HID Filter Driver) - c:\windows\system32\drivers\lhidfilt.sys (file missing)
S3 LMouFilt (Logitech SetPoint KMDF Mouse Filter Driver) - c:\windows\system32\drivers\lmoufilt.sys (file missing)
S3 Modem - c:\windows\system32\drivers\modem.sys (file missing)
S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing)
S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys (file missing)
S3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys (file missing)
S3 Parport - c:\windows\system32\drivers\parport.sys (file missing)
S3 RDPWD - c:\windows\system32\drivers\rdpwd.sys (file missing)
S3 SkLaggProtocol (Marvell Link Aggregation Protocol (LAGG) Support) - c:\windows\system32\drivers\y51x64l.sys (file missing)
S3 SkVlanProtocol (Marvell Virtual LAN (VLAN) Support) - c:\windows\system32\drivers\y51x64v.sys (file missing)
S3 splitter (Microsoft Kernel Audio Splitter) - c:\windows\system32\drivers\splitter.sys (file missing)
S3 swmidi (Microsoft Kernel GS Wavetable Synthesizer) - c:\windows\system32\drivers\swmidi.sys (file missing)
S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing)
S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing)
S3 usbprint (Microsoft USB PRINTER Class) - c:\windows\system32\drivers\usbprint.sys (file missing)
S3 usbscan (USB Scanner Driver) - c:\windows\system32\drivers\usbscan.sys (file missing)
S3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys (file missing)
S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing)
S3 Wdf01000 - c:\windows\system32\drivers\wdf01000.sys (file missing)
S3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - c:\windows\system32\drivers\wudfpf.sys (file missing)
S3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - c:\windows\system32\drivers\wudfrd.sys (file missing)
S4 ACPIEC - c:\windows\system32\drivers\acpiec.sys (file missing)
S4 dmboot - c:\windows\system32\drivers\dmboot.sys (file missing)
S4 Pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing)
S4 Udfs - c:\windows\system32\drivers\udfs.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files (x86)\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Eventlog (Event Log) - c:\windows\system32\services.exe (file missing)
R2 NVSvc (NVIDIA Display Driver Service) - c:\windows\system32\nvsvc64.exe (file missing)
R2 PlugPlay (Plug and Play) - c:\windows\system32\services.exe (file missing)
R2 PolicyAgent (IPSEC Services) - c:\windows\system32\lsass.exe (file missing)
R2 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe (file missing)
R2 ProtexisLicensing - c:\windows\syswow64\psiservice.exe <Not Verified; ; PSIService>
R2 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe (file missing)
R2 ScsiAccess - h:\programs\proshow3\scsiaccess.exe
R3 HTTPFilter (HTTP SSL) - c:\windows\system32\lsass.exe (file missing)

S2 PCLEPCI - c:\windows\syswow64\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
S3 dmadmin (Logical Disk Manager Administrative Service) - c:\windows\system32\dmadmin.exe /com (file missing)
S3 FLEXnet Licensing Service - "c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 ImapiService (IMAPI CD-Burning COM Service) - c:\windows\system32\imapi.exe (file missing)
S3 lmab_device - c:\windows\system32\lmabcoms.exe -service <Not Verified; ; Printer Communication System>
S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing)
S3 Netlogon (Net Logon) - c:\windows\system32\lsass.exe (file missing)
S3 NtLmSsp (NT LM Security Support Provider) - c:\windows\system32\lsass.exe (file missing)
S3 RDSessMgr (Remote Desktop Help Session Manager) - c:\windows\system32\sessmgr.exe (file missing)
S3 vds (Virtual Disk Service) - c:\windows\system32\vds.exe (file missing)
S3 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe (file missing)
S3 WmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
S4 TlntSvr (Telnet) - c:\windows\system32\tlntsvr.exe (file missing)

-- Device Manager: Disa

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&625283&0&00E5
Manufacturer: Marvell
Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2
PNP Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&625283&0&00E5
Service: yukonx64

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Keyboard
Device ID: ACPI\PNP0303\4&B6AFFD&0
Manufacturer: Logitech
Name: PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&B6AFFD&0
Service: i8042prt

-- Files created between 2008-02-21 and 20---------

2008-03-20 21:52:46 0 d-------- C:\Documents and Settings\Jason\Application Data\My Games
2008-03-20 11:00:57 0 d-------- C:\Documents and Settings\Jason\Application Data\Intuit Canada
2008-03-20 10:59:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Intuit Canada
2008-03-09 14:27:47 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-09 14:27:47 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-09 14:27:47 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-09 14:27:47 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-09 14:27:47 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-03-07 01:04:39 2414 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-06 15:09:58 0 dr-h----- C:\Documents and Settings\Jason\Recent
2008-03-06 14:04:16 49167 -r-hs---- C:\WINDOWS\irfnga.exe
2008-03-06 13:40:27 0 d-------- C:\Documents and Settings\Jason\Application Data\MSNInstaller
2008-03-06 13:04:13 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
2008-03-06 13:04:13 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
2008-03-06 13:04:13 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
2008-03-05 18:31:34 0 d-------- C:\Program Files (x86)\MSXML 6.0
2008-03-05 18:31:30 0 d-------- C:\Program Files (x86)\MSXML 4.0
2008-03-05 17:33:09 0 d-------- C:\Program Files (x86)\Photodex Presenter
2008-03-05 17:33:09 0 d-------- C:\Documents and Settings\Jason\Application Data\Netscape
2008-03-04 17:45:25 0 d-------- C:\Documents and Settings\Jason\Application Data\WinAmp
2008-03-01 16:17:32 0 d-------- C:\Documents and Settings\Jason\Application Data\Acoustica
2008-02-25 13:30:51 0 d-------- C:\Documents and Settings\Jason\Incomplete
2008-02-25 13:30:46 0 d-------- C:\Documents and Settings\Jason\Application Data\LimeWire
2008-02-22 01:46:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-22 01:44:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-22 00:26:14 79360 -r-hs---- C:\WINDOWS\system32\wbcmgr.exe

-- Find3M Re----------

2008-03-20 11:00:52 0 d-------- C:\Program Files (x86)\Common Files\AnswerWorks 4.0
2008-03-19 12:56:16 0 d-------- C:\Program Files (x86)\Java
2008-03-09 18:58:33 1024 --a------ C:\Documents and Settings\Jason\Application Data\WavCodec.wff
2008-03-06 14:23:43 0 d-------- C:\Documents and Settings\Jason\Application Data\DAEMON Tools
2008-03-05 17:33:13 4921 --a------ C:\WINDOWS\mozver.dat
2008-03-05 17:33:09 0 d-------- C:\Documents and Settings\Jason\Application Data\Mozilla
2008-03-03 14:03:20 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-25 01:16:42 0 d-------- C:\Documents and Settings\Jason\Application Data\DivX
2008-02-21 21:10:51 0 d-------- C:\Program Files (x86)\Common Files
2008-02-19 20:41:56 0 d-------- C:\Documents and Settings\Jason\Application Data\Ulead Systems
2008-02-19 20:40:44 0 d-------- C:\Program Files (x86)\Common Files\SONY Digital Images
2008-02-19 20:39:33 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2008-02-19 03:54:36 0 d-------- C:\Program Files (x86)\Common Files\Ulead Systems
2008-02-19 03:48:54 85 --a------ C:\AUTOEXEC.BAT
2008-02-19 03:44:42 0 d-------- C:\Program Files (x86)\Pinnacle
2008-02-19 03:44:17 0 d-------- C:\Documents and Settings\Jason\Application Data\InstallShield
2008-02-19 03:40:57 0 d-------- C:\Documents and Settings\Jason\Application Data\Adobe
2008-02-15 12:46:54 0 d-------- C:\Program Files (x86)\Common Files\Nero
2008-02-03 21:57:16 335 --a------ C:\WINDOWS\nsreg.dat
2008-02-03 21:57:12 118784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe
2008-02-03 21:57:10 118784 --a------ C:\WINDOWS\GREUninstall.exe
2008-01-31 02:20:35 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-01-30 15:13:13 0 d-------- C:\Documents and Settings\Jason\Application Data\Corel
2008-01-24 15:58:30 0 d-------- C:\Program Files (x86)\Common Files\Intuit
2008-01-13 16:43:43 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-01-04 15:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 15:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 15:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 15:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 15:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 15:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 15:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 15:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-30 17:35:01 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-12-22 03:29:34 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-22 03:29:23 26405 --a------ C:\WINDOWS\DIIUnin.dat
2007-12-22 03:27:47 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-12-22 03:27:47 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-12-22 03:27:47 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2007-12-22 03:09:01 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-12-22 03:09:01 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2007-12-22 01:37:16 1 --a------ C:\WINDOWS\system32\SI.bin

-- Registry ----------

-- End of Deckard's System Scanner: finished at 2008-03-21 10:57:37 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
----------------------

-- System Informa-----

Microsoft(R) Windows(R) XP Professional x64 Edition (build 3790) SP 2.0
Architecture: X64; Language: English

CPU 0: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
CPU 1: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
CPU 2: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
CPU 3: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of Memory in Use: 29%
Physical Memory (total/avail): 2046.93 MiB / 1451.98 MiB
Pagefile Memory (total/avail): 3966.68 MiB / 3539.27 MiB
Virtual Memory (total/avail): 4095.88 MiB / 3937.27 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 21.23 GiB total, 3.9 GiB free.
D: is Fixed (NTFS) - 4.4 GiB total, 3.91 GiB free.
E: is Fixed (NTFS) - 48.01 GiB total, 40.12 GiB free.
F: is Fixed (NTFS) - 128 GiB total, 89.09 GiB free.
G: is Fixed (NTFS) - 24.01 GiB total, 2.68 GiB free.
H: is Fixed (NTFS) - 24.01 GiB total, 15.8 GiB free.
I: is Fixed (NTFS) - 4.01 GiB total, 3.64 GiB free.
J: is Fixed (NTFS) - 95.04 GiB total, 76.7 GiB free.
M: is CDROM (No Media)
P: is Network (NTFS)
Q: is Network (NTFS)
R: is Network (NTFS)
S: is Network (NTFS)
T: is Network (NTFS)
U: is Network (NTFS)
V: is Network (NTFS)
W: is Network (NTFS)
X: is CDROM (No Media)
Y: is CDROM (No Media)
Z: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - ST3300622AS - 279.46 GiB - 5 partitions
\PARTITION0 - Extended w/Extended Int 13 - 279.45 GiB - D: - E: - F: - I: - J:

\\.\PHYSICALDRIVE0 - WDC WD740ADFD-60NLR1 - 69.24 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 21.23 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 48.02 GiB - G: - H:

-- Security Ce--------

Windows Internal Firewall is disabled.

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files (x86)\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files (x86)\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files (x86)\\MSN Messenger\\livecall.exe"="C:\\Program Files (x86)\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\\NW2\\nwn2main.exe"="G:\\NW2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"G:\\NW2\\nwn2main_amdxp.exe"="G:\\NW2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"G:\\NW2\\nwupdate.exe"="G:\\NW2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"G:\\NW2\\nwn2server.exe"="G:\\NW2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\\Program Files (x86)\\Bonjour\\mDNSResponder.exe"="C:\\Program Files (x86)\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files (x86)\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"="C:\\Program Files (x86)\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\\WINDOWS\\system32\\LMabcoms.exe"="C:\\WINDOWS\\system32\\LMabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP"
"I:\\LimeWire\\LimeWire.exe"="I:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files (x86)\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files (x86)\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files (x86)\\MSN Messenger\\livecall.exe"="C:\\Program Files (x86)\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"H:\\Programs\\Pinnacle11\\programs\\RM.exe"="H:\\Programs\\Pinnacle11\\programs\\RM.exe:*:Enabled:Render Manager"
"H:\\Programs\\Pinnacle11\\programs\\Studio.exe"="H:\\Programs\\Pinnacle11\\programs\\Studio.exe:*:Enabled:Studio"
"H:\\Programs\\Pinnacle11\\programs\\PMSRegisterFile.exe"="H:\\Programs\\Pinnacle11\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"H:\\Programs\\Pinnacle11\\programs\\umi.exe"="H:\\Programs\\Pinnacle11\\programs\\umi.exe:*:Enabled:umi"

-- Environment Varia--

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jason\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=VIRIDEL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jason
LOGONSERVER=\\VIRIDEL
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files (x86)\Common Files\Ulead Systems\MPEG;H:\UTILIT~1\DISKEE~1;H:\Programs\Pinnacle\Shared Files;H:\Programs\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=EM64T Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jason\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jason\LOCALS~1\Temp
USERDOMAIN=VIRIDEL
USERNAME=Jason
USERPROFILE=C:\Documents and Settings\Jason
windir=C:\WINDOWS

-- User Prof----------

Jason [I](admin)[/I]
Administrator [I](admin)[/I]

-- Add/Remove Prog----

--> C:\Program Files (x86)\Installshield Installation Information\{1002F320-18D1-4A79-95C8-84EA3E940287}\QBReplace.exe {1002F320-18D1-4A79-95C8-84EA3E940287}#{97397C17-A929-4a6b-A68D-17829274C6CB}
--> h:\Utilities\DivX\DivXConverterUninstall.exe /CONVERTER
--> H:\Utilities\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
ACDSee 10 Photo Manager --> MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611}
Acoustica CD/DVD Label Maker --> H:\Utilities\Acoustica\cdlabel.exe UNINSTALL
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Add or Remove Adobe Creative Suite 3 Master Collection --> C:\Program Files (x86)\Common Files\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe
Adobe After Effects CS3 --> MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files (x86)\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Master Collection --> MsiExec.exe /I{8718DC03-D066-4957-94E5-50C3C5042E8E}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 --> MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe Encore CS3 Codecs --> MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe ExtendScript Toolkit 2 --> C:\Program Files (x86)\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3 --> MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player ActiveX --> C:\WINDOWS\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 --> MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 --> MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Setup --> MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 --> MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Soundbooth CS3 Codecs --> MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AI Direct Link --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C312984C-E386-4C2D-B33E-7B54355FB16E}\Setup.exe" -l0x9
AI Suite --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\setup.exe" -l0x9
AnswerWorks 5.0 English Runtime --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
AnyDVD --> "H:\Utilities\Slysoft\AnyDVD\AnyDVD-uninst.exe" /D="H:\Utilities\Slysoft\AnyDVD"
APC PowerChute Personal Edition --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
ASUSUpdate --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
Atomic Clock Sync --> H:\UTILIT~1\ATOMIC~1\UNWISE.EXE H:\UTILIT~1\ATOMIC~1\INSTALL.LOG
CCleaner (remove only) --> "H:\Utilities\CCleaner\uninst.exe"
Charm Tale 2 Mermaid Lagoon --> "g:\Reflexive\CharmTale2\ReflexiveArcade\unins000.exe"
CloneCD --> "H:\Utilities\Slysoft\CloneCD\ccd-uninst.exe" /D="H:\Utilities\Slysoft\CloneCD"
CloneDVD2 --> "H:\Utilities\Slysoft\CloneDVD2\CloneDVD2-uninst.exe" /D="H:\Utilities\Slysoft\CloneDVD2"
Corel Painter X --> H:\Programs\Corel\PainterX\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A} C:\DOCUME~1\Jason\LOCALS~1\Temp\PainterX.log
Corel Painter X --> MsiExec.exe /I{05D60953-9012-44DF-A1A6-9DD97AD6580A}
CorelDRAW Graphics Suite X3 --> H:\Programs\Corel\CGSX3\Programs\MSILauncher {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CGSX3.log
CorelDRAW Graphics Suite X3 --> MsiExec.exe /I{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
CuteFTP Pro --> I:\CUTEFT~1\UNWISE32.EXE I:\CUTEFT~1\INSTALL.LOG
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX Codec --> h:\Utilities\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> h:\Utilities\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> h:\Utilities\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> h:\Utilities\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> h:\Utilities\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dream Aquarium --> "h:\Utilities\Dream Aquarium\unins000.exe"
EN --> MsiExec.exe /I{32A72502-BC2C-4C39-ACEA-BC3D463F0697}
EPSON Printer Software --> C:\Program Files (x86)\EPSON\PrinterDriverTemp\SPR800\EPUPDATE.EXE /r
EPSON Scan --> C:\Program Files (x86)\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\setup.exe" -l0x9 -u
FireTune --> C:\WINDOWS\iun6002.exe "i:\Firefox\Firetune\irunin.ini"
FontNav --> MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
Heroes of Might & Magic V: Hammers of Fate --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{4272516D-0E81-48EF-AB66-7F6E28B4A615}\setup.exe" -l0x9
Heroes of Might and Magic V - Tribes of the East --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{66FF4C48-0083-4E60-8556-B883AB200092}\setup.exe" -l0x9
Heroes of Might and Magic V Collector Edition --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{28101984-0BA6-40FD-9ABE-72F62F80C06C}\setup.exe" -l0x9
HijackThis 2.0.2 --> "C:\Documents and Settings\Jason\Desktop\HijackThis.exe" /uninstall
Home Sweet Home --> "g:\reflexive\HomeSweetHome\ReflexiveArcade\unins000.exe"
ImgBurn --> "h:\Utilities\ImgBurn\uninstall.exe"
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.5.7 Full --> "C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
LightScribe System Software 1.10.27.1 --> MsiExec.exe /X{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}
LimeWire 4.16.6 --> "I:\LimeWire\uninstall.exe"
Logitech SetPoint --> C:\Program Files (x86)\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Magic ISO Maker v5.4 (build 0247) --> H:\UTILIT~1\MagicISO\UNWISE.EXE H:\UTILIT~1\MagicISO\INSTALL.LOG
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.12) --> I:\Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.12) --> I:\Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 8 --> MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Neverwinter Nights 2 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photodex Presenter --> C:\Program Files (x86)\Photodex Presenter\uninst.exe
ProShow Producer --> h:\Programs\ProShow3\proshow.exe . -u
QuickBooks EasyStart --> C:\Program Files (x86)\Installshield Installation Information\{C4168477-5416-4224-8BE9-E4349642595B}\QBReplace.exe {C4168477-5416-4224-8BE9-E4349642595B}#{9058A930-BC63-4FA9-A35B-D74BE4054F40}
Quicken 2008 --> MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
QuickTax 2007 --> MsiExec.exe /X{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}
SeaMonkey (1.1.5) --> C:\WINDOWS\SeaMonkeyUninstall.exe /ua "1.1.5 (en)"
Security Update for Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Sid Meier's Civilization 4 - Beyond the Sword --> C:\Program Files (x86)\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's Civilization 4 - Warlords --> C:\Program Files (x86)\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe -runfromtemp -l0x0009 -removeonly
SimonT Hockey Simulator Support Files --> MsiExec.exe /I{BA5388B6-7107-4565-A438-E86933B74341}
SoundMAX --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Studio 11 --> C:\Program Files (x86)\InstallShield Installation Information\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}\Setup2.exe -runfromtemp -l0x0009 UNINSTALL -removeonly
The Great Tree --> "G:\Reflexive\GreatTree\ReflexiveArcade\unins000.exe"
Thief - Deadly Shadows --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FC123EEA-330A-4685-911C-95B8F5E9DE68}\Setup.exe" -l0x9
UHS Reader (Version 6.00) --> G:\UHS\UNWISE.EXE G:\UHS\INSTALL.LOG
Ulead DVD Workshop 2 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9869D4DD-D553-40D3-8859-F8911D406C69}\setup.exe" -l0x9
Ulead MediaStudio Pro 8.0 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A6E71574-2126-4E95-816E-32B2411C94BA}\setup.exe" -l0x9
Update Manager --> MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
USB Share Switch --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B573170F-3802-4B1A-934A-5F1D83CF26A8}\Setup.exe"
VBA --> MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Virtual Cable Tester --> MsiExec.exe /X{3D654496-9C3D-4565-858C-3E551ECDA4E2}
WavePad Uninstall --> C:\Program Files (x86)\NCH Swift Sound\WavePad\uninst.exe
Winamp --> "h:\Utilities\WinAmp\UninstWA.exe"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR archiver --> h:\Utilities\WinRAR\uninstall.exe
Yahoo! Desktop Login --> MsiExec.exe /I{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}

-- Application Event--

Event Record #/Type6750 / Error
Event Submitted/Written: 03/21/2008 10:48:34 AM
Event ID/Source: 8211 / VSS
Event Description:
WMI Writer{a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

Event Record #/Type6732 / Error
Event Submitted/Written: 03/17/2008 04:35:31 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 284671649.

Event Record #/Type6731 / Error
Event Submitted/Written: 03/17/2008 04:35:30 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application mplayerc.exe, version 6.4.9.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type6722 / Error
Event Submitted/Written: 03/13/2008 02:25:51 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 512331303.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type6721 / Error
Event Submitted/Written: 03/13/2008 02:25:48 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application proshow.exe, version 0.0.0.0, faulting module pshow.dnt, version 0.0.0.0, fault address 0x0027ec83.
Processing media-specific event for [proshow.exe!ws!]

-- Security Event-----

No Errors/Warnings found.

-- System Event-------

Event Record #/Type13833 / Warning
Event Submitted/Written: 03/21/2008 10:56:09 AM
Event ID/Source: 257 / PlugPlayManager
Event Description:
WndClass_CWinDrivesNotifyerHelperWindow

Event Record #/Type13832 / Warning
Event Submitted/Written: 03/21/2008 10:56:05 AM
Event ID/Source: 257 / PlugPlayManager
Event Description:
WndClass_CWinDrivesNotifyerHelperWindow

Event Record #/Type13831 / Warning
Event Submitted/Written: 03/21/2008 10:56:00 AM
Event ID/Source: 257 / PlugPlayManager
Event Description:
WndClass_CWinDrivesNotifyerHelperWindow

Event Record #/Type13830 / Warning
Event Submitted/Written: 03/21/2008 10:55:23 AM
Event ID/Source: 257 / PlugPlayManager
Event Description:
WndClass_CWinDrivesNotifyerHelperWindow

Event Record #/Type13829 / Warning
Event Submitted/Written: 03/21/2008 10:55:23 AM
Event ID/Source: 257 / PlugPlayManager
Event Description:
WndClass_CWinDrivesNotifyerHelperWindow

-- End of Deckard's System Scanner: finished at 2008-03-21 10:57:37 ------------