Exception Processing Message - ready to throw computer at brick wall

[Berna]

Tom,

I guess I'm still confused. As I mentioned, after I ran this last scan I went to my C drive but the only combofix listed there was a combofix folder. Not sure why the earlier combofix that I posted (which I understand should now be listed combofix2 disappeared), hence, I went into the combofix folder and posted the text documents. I then ran a search for all combofix*.* on my C drive and I found the combofix2.txt (now my first scan) and the combofix.txt (now my second scan) listed in My Recent Documents which I posted above. Incidentally this is the same as the text document I found in the combofix folder. Wow, I hope that made sense.

[Jintan]

Repeat the step to save that exact same CFScipt log to your desktop as before. Important it is on the desktop itself. Also make sure ComboFix.exe is on the desktop.

You will want to copy or have other access to these steps while working in Safe Mode.

================================================== =

Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).

In Safe Mode open the Task Manager (Ctrl - Alt - Delete) and under the Processes tab click on explorer.exe to hilight it, then click End Process (okay any warnings). This will cause your desktop to disappear.

Then in Task Manager go to File - New task, and type the following exactly as shown (and OK):

"%Userprofile%\Desktop\Combofix.exe" "C:\Full Filepath\CFScript.txt"

This should start Combofix again. When the scan completes it likely will bring on a reboot to complete the task. If not in Task Manager go to Shutdown - Restart to reboot the system.

Post back the new C:\ComboFix.txt log please.

[Berna]

Tom,

I followed your instructions (saving the CFscript log on my desktop and ensured combofix.exe is also on my desktop) then went to safe mode but I keep getting an error message in safe mode when combofix attempts to run. It states, "the system cannot find the path specified." I tried it four separate times to insure I was typing everything correctly ("%Userprofile%\Desktop\Combofix.exe" "C:\Full Filepath\CFScript.txt") and the same "cannot find path" message appears.

[Jintan]

Try this instead. If it still does not work, in Task Manager go to File - New Task, type explorer.exe (and OK) to return the desktop. Then do the CFScript drag into ComboFix on the desktop as you did once before. But first this:

"%Userprofile%\Desktop\Combofix.exe" "%Userprofile%\Desktop\CFScript.txt"

I see I was copy/pasting a script that required changes I did not make just then.

[Berna]

I copied and pasted the following: "%Userprofile%\Desktop\Combofix.exe" "%Userprofile%\Desktop\CFScript.txt" in safe mode and still received the error message system cannot find path specified so I did the CFScript drag into ComboFix (in safe mode), the computer rebooted, I copied the combofix log and I believe it's the same as it was previously.

ComboFix 08-01-04.1 - Nee Dobbs 2008-01-08 8:22:17.10 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1266 [GMT -6:00]
Running from: C:\Documents and Settings\Nee Dobbs\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nee Dobbs\Desktop\CFScript

FILE
C:\HTGD0002.bmp
C:\HTGD0003.exe
C:\HTGD0005.exe
C:\HTGD0006.ini
C:\Program Files\Internet Explorer\3776.EXE
C:\test.exe
C:\WINDOWS\SYSTEM32\00044f77.inf
C:\WINDOWS\SYSTEM32\0004c49d.inf
C:\WINDOWS\SYSTEM32\a.jpg
C:\WINDOWS\SYSTEM32\arsneo.DRV
c:\windows\system32\azftzw.dll
C:\WINDOWS\SYSTEM32\azftzw.KEY
C:\WINDOWS\SYSTEM32\Down(0).exe
C:\WINDOWS\SYSTEM32\Down(1).exe
C:\WINDOWS\SYSTEM32\Down(10).exe
C:\WINDOWS\SYSTEM32\Down(11).exe
C:\WINDOWS\SYSTEM32\Down(13).exe
C:\WINDOWS\SYSTEM32\Down(14).exe
C:\WINDOWS\SYSTEM32\Down(15).exe
C:\WINDOWS\SYSTEM32\Down(16).exe
C:\WINDOWS\SYSTEM32\Down(17).exe
C:\WINDOWS\SYSTEM32\Down(18).exe
C:\WINDOWS\SYSTEM32\Down(19).exe
C:\WINDOWS\SYSTEM32\Down(2).exe
C:\WINDOWS\SYSTEM32\Down(20).exe
C:\WINDOWS\SYSTEM32\Down(21).exe
C:\WINDOWS\SYSTEM32\Down(22).exe
C:\WINDOWS\SYSTEM32\Down(23).exe
C:\WINDOWS\SYSTEM32\Down(24).exe
C:\WINDOWS\SYSTEM32\Down(25).exe
C:\WINDOWS\SYSTEM32\Down(26).exe
C:\WINDOWS\SYSTEM32\Down(27).exe
C:\WINDOWS\SYSTEM32\Down(28).exe
C:\WINDOWS\SYSTEM32\Down(29).exe
C:\WINDOWS\SYSTEM32\Down(3).exe
C:\WINDOWS\SYSTEM32\Down(30).exe
C:\WINDOWS\SYSTEM32\Down(31).exe
C:\WINDOWS\SYSTEM32\Down(4).exe
C:\WINDOWS\SYSTEM32\Down(5).exe
C:\WINDOWS\SYSTEM32\Down(6).exe
C:\WINDOWS\SYSTEM32\Down(7).exe
C:\WINDOWS\SYSTEM32\Down(8).exe
C:\WINDOWS\SYSTEM32\Down(9).exe
C:\WINDOWS\SYSTEM32\Flower.dll
C:\WINDOWS\SYSTEM32\Flower.exe
C:\WINDOWS\SYSTEM32\gxobza.KEY
C:\WINDOWS\SYSTEM32\IE_ASSII.exe
C:\WINDOWS\SYSTEM32\snhuqt.DRV
C:\WINDOWS\SYSTEM32\svchst.exe
.

[Jintan]

Let's see if we can get back a more complete look then. Run a new ComboFix scan (normal mode) and post back that log please.

[Berna]

I ran combofix in normal mode, other than changing my clock setting, nothing happened. It then attempted to reboot but instead I received a lovely blue screen stating, "A problem has been detected, windows has been shut down to prevent damage" and then it gave this error: PAGE_FAULT_IN_NONPAGED_AREA. So I manually restarted the computer, let it boot normally and then tried to run the combofix again. Same thing happened with the lovely blue screen while trying to reboot but this time the error stated: IRQL_NOT_LESS_OR_EQUAL. Rebooted again, went to C drive and this is the log:

ComboFix 08-01-04.1 - Nee Dobbs 2008-01-09 18:44:56.13 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1113 [GMT -6:00]
Running from: C:\Documents and Settings\Nee Dobbs\Desktop\ComboFix.exe
.

Even shorter than before, LOL.

Now do you see why this computer is destined for a brick wall?


Incidentally, although I haven't mentioned it in my previous posts, I truly appreciate the time you've spent helping me with my computer.

[Jintan]

Do you have a thumb drive/flash drive you can load ComboFix.exe onto and click to run it from there? If so do that now please.

[Berna]

This is getting ugly, isn't it?

On the plus side, I'm no longer getting that exception error when I go to my hard drive, however, I fear we've traded it for the lovely blue screen system error.

As instructed, I downloaded ComboFix on my Thumbnail, ran it and here is the log (for what it's worth):

ComboFix 08-01-09.2 - Nee Dobbs 2008-01-10 6:50:12.15 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1133 [GMT -6:00]
Running from: H:\ComboFix.exe
.


After running it I received a new system error stating: "BAD_POOL_HEADER." I did a reboot and then received the other system error: IRQL_NOT_LESS_OR_EQUAL. Actually it took about 5 reboots to stop getting that error and now everything appears to be working, however, I'm expecting another system error to pop up any minute.

[Jintan]

Reads like driver issues, which suggest we are attempting repairs on something that both does not want us to and is causing system problems as well. I should make sure to mention the malware on that system has installed into some very sensitive system areas, without regard to what it might do to the system. As such I cannot guarantee our work to remove the infection and effect repairs will still not lead to a need to reformat and reinstall here. Although you will want to offload personal data to save, you should minimize what data, and avoid executable files such as those used by software.


I will provide three different tools to get a view of what is there, so we can make some advances here. I would like all three log files (4 actually) but do your best to complete what you can.


Go here and download reglooks.exe to your Desktop. Doubleclick on it to run it and when it has finished scanning, a log named result.txt will open in Notepad. Copy the log and post it in this thread.

-----------------------

Download gmer.zip from here. Once downloaded, doubleclick on gmer.zip and unzip the file to its own folder

When you have done this, doubleclick on Gmer.exe to run it and click on Settings. Check the first five settings (see below)

System Protection and Tracing
Processes
Save created processes to the log
Drivers
Save loaded drivers to the log

You will be prompted to restart your computer. Please do so.

Run Gmer again and click on the Rootkit tab. Look at the righthand side (under Files) and uncheck all drives with the exception of your C drive and then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.


1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, it will create two text files - main.txt <- this one will be maximized and extra.txt<-this one will be minimized on your Taskbar.
4. Copy/paste both logs back here please (they will also be located at C:\Deckard\System Scanner).

Make sure you notice the extra.txt second log that will show as minimized on your Task Bar, "Maximize" that and be sure to paste those contents here as well.

[Berna]

Ok, here we go, log #1, Reglooks:

REGLOOKS logfile

version 0.977
2008-01-10 9:45:24.07
running from: "C:\Documents and Settings\Nee Dobbs\Desktop"

--- SSODL regkeys ---

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad
only standard or legit regkeys found


--- STS regkeys ---

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler
only standard or legit regkeys found


--- USERINIT regkey ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Userinit"="C:\\WINDOWS\\system32\\userinit.ex e,"


--- SHELL regkey ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Shell"="Explorer.exe"


--- SYSTEM regkey ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"System"=""


--- APPINIT_DLLS regkey ---

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
"AppInit_DLLs"=""


--- NOTIFY regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
only standard or legit regkeys found


--- BOOTEXECUTE regkey ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager
BootExecute= autocheck autochk *\0\0


--- SHELLEXECUTEHOOKS regkey ---

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""


--- HKLM\Run regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDr vCheck.exe -CheckReg"
"WinampAgent"="\"C:\\Program Files\\Winamp\\Winampa.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"HP Software Update"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.ex e"
"DetectorApp"="C:\\Program Files\\Roxio\\MyDVD\\MyDVD\\DetectorApp.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE ~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"PCLEPCI"="C:\\PROGRA~1\\PINNAC~1\\PPE\\PPE.EX E"
"GoogleUpdate"="C:\\Program Files\\Internet Explorer\\3776.EXE"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72, 6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b ,00
[Run\OptionalComponents]
[Run\OptionalComponents\IMAIL]
"Installed"="1"
[Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[Run\OptionalComponents\MSFS]
"Installed"="1"


--- HKLM\RunOnce regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce
no HKLM RunOnce keys found


--- HKLM\RunOnceEx regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx
no HKLM RunOnceEx keys found


--- HKLM\RunServices regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices
no HKLM RunServices keys found


--- HKLM\RunServicesOnce regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce
regkey does not exist


--- HKCU\Run regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run
"mschkdsk.exe"="C:\\WINDOWS\\system32\\mschkdsk.ex e"
[Run\AdobeUpdater]
@=""


--- HKCU\RunOnce regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce
no HKCU RunOnce keys found


--- HKCU\RunOnceEx regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnceEx
regkey does not exist


--- HKCU\RunServices regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices
no HKCU RunServices keys found


--- HKCU\RunServicesOnce regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce
no HKCU RunServicesOnce keys found


--- HKU\.DEFAULT\Run regkeys - Default user ---

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run
no HKU\.DEFAULT\Run keys found


--- HKU\S-1-5-18\Run regkeys - user SYSTEM ---

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
no HKU\S-1-5-18\Run keys found


--- HKU\S-1-5-19\Run regkeys - User Lokale service ---

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
no HKU\S-1-5-19\Run keys found


--- HKU\S-1-5-20\Run regkeys - User Netwerkservice ---

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
no HKU\S-1-5-20\Run keys found


--- HKLM\Explorer\Run regkeys ---

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run
no HKLM Explorer\Run keys found


--- HKCU\Explorer\Run regkeys ---

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\Run
no HKCU Explorer\Run keys found


--- Image File Execution regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
no debuggers found


--- BROWSER HELPER OBJECTS regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" FILE ="C:\\Program Files\\Adobe\\Acrobat 6.0\\Reader\\ActiveX\\AcroIEHelper.dll"
"{53707962-6F74-2D53-2644-206D7942484F}" FILE ="C:\\Program Files\\Spybot - Search & Destroy\\SDHelper.dll"
"{5CA3D70E-1895-11CF-8E15-001234567890}" FILE ="C:\\WINDOWS\\system32\\dla\\tfswshx.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\ssv.dll"
"{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}" regkey not found (ERROR)


--- TOOLBAR regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
no toolbars found


--- URLSEARCHHOOKS regkeys ---

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
only standard regkeys found


--- CONTEXTMENUHANDLERS regkeys ---

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
"AceFTP" CLSID ={1EBC3533-B289-409F-9924-B84B3F0717D2} FILE ="C:\\PROGRA~1\\VISICO~1\\ACEFTP~1\\FTPCntxt.dl l"
"Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
"Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll
"Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
"WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"
"{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHan dlers
"AceFTP" CLSID ={1EBC3533-B289-409F-9924-B84B3F0717D2} FILE ="C:\\PROGRA~1\\VISICO~1\\ACEFTP~1\\FTPCntxt.dl l"
"EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
"Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
"Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll"
"WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandle rs
"WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"


--- ALTERNATESHELL regkey ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot
"AlternateShell"="cmd.exe"


--- SAFEBOOT MINIMAL SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal
no unknown services found


--- SAFEBOOT NETWORK SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Network
no unknown services found


--- SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aeaudio
system32\drivers\aeaudio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\arsneo
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\AspiXNT
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\BENDER
"DisplayName"="Pinnacle AV/DV2 Capture"
system32\drivers\bender.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\bvrp_pci
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\drvmcdb
system32\drivers\drvmcdb.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\drvncdb
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\drvnddm
system32\drivers\drvnddm.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ILADFtmi
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\mohfilt
System32\DRIVERS\mohfilt.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NATServices
"DisplayName"="NATServicesware"
C:\WINDOWS\system32\svchost.exe -k NATServices

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\omci
"DisplayName"="OMCI WDM Device Driver"
System32\DRIVERS\omci.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\roawiy
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\snhuqt
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SQTECH905C
"DisplayName"="DB CIF Cam"
System32\Drivers\Capt905c.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sscdbhk5
system32\drivers\sscdbhk5.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ssrtln
system32\drivers\ssrtln.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\swwd
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\tfsnboio
system32\dla\tfsnboio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\tfsncofs
system32\dla\tfsncofs.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\tfsndrct
system32\dla\tfsndrct.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\tfsndres
system32\dla\tfsndres.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\tfsnifs
system32\dla\tfsnifs.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\tfsnopio
system32\dla\tfsnopio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\tfsnpool
system32\dla\tfsnpool.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\tfsnudf
system32\dla\tfsnudf.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\tfsnudfa
system32\dla\tfsnudfa.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wanatw
"DisplayName"="WAN Miniport (ATW)"
System32\DRIVERS\wanatw4.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WebPost
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{82FF0C3E-0D36-4B68-86B0-B67BA3BD1AD3}
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{D0A146A3-12D5-45D7-A360-25D5791140CA}
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{EB88B259-6D58-4F07-A392-4891C7B04A03}
no imagepath value found


--- SECURITYPROVIDERS regkey ---

HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


--- SVCHOST regkey ---

HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost
LocalService: Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService: DnsCache\0\0
netsvcs: 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServ er\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCom patibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServ er\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntm ssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\ 0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedacc ess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0 WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0TermService\0wuaus erv\0BITS\0ShellHWDetection\0helpsvc\0WmdmPmSN\0xm lprov\0wscsvc\0\0
rpcss: RpcSs\0\0
imgsvc: StiSvc\0\0
termsvcs: TermService\0\0
HTTPFilter: HTTPFilter\0\0
DcomLaunch: DcomLaunch\0TermService\0\0


--- WOW-CMDLINE regkeys ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\WOW
"cmdline" = %SystemRoot%\system32\ntvdm.exe
"wowcmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386


--- DNS SERVER regkeys ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{D0A146A3-12D5-45D7-A360-25D5791140CA}
"NameServer"="192.168.2.1"


--- STARTUP FOLDERS ---

C:\Documents and Settings\Nee Dobbs\SendTo\Start Menu\Programs\Startup\DESKTOP.INI
C:\Documents and Settings\Nee Dobbs\SendTo\Start Menu\Programs\Startup\Morpheus.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk


--- TASK SCHEDULER JOBS ---

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1092363366.job
C:\WINDOWS\tasks\Symantec NetDetect.job


--- File associations ---

.BAT files: ("%1" %*)
.COM files: ("%1" %*)
.EXE files: ("%1" %*)
.HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
.PIF files: ("%1" %*)
.REG files: (regedit.exe "%1")
.SCR files: ("%1" /S)
.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)


FINISHED

[Berna]

Log #2, gmer scan:

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2008-01-10 11:08:20
Windows 5.1.2600 Service Pack 2


---- Processes - GMER 1.0.13 ----

Process C:\Program Files\Internet Explorer\3776.EXE (*** hidden *** ) 1944
Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 2564
Process C:\Documents and Settings\Nee Dobbs\Desktop\gmer.exe (*** hidden *** ) 2856
Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 2948
Process C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe (*** hidden *** ) 3216
Process C:\WINDOWS\system32\wuauclt.exe (*** hidden *** ) 3496

---- Registry - GMER 1.0.13 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af164764 4e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2e cedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023 a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be0 6337561aa48 0x86 0x8C 0x21 0x01 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d96 86d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b7 4b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e 232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb 204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a 51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe 080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a 6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616 fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.13 ----

[Berna]

Log #3, DSS main:

Deckard's System Scanner v20071014.68
Run by Nee Dobbs on 2008-01-10 11:11:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
36: 2008-01-10 17:11:19 UTC - RP1331 - Deckard's System Scanner Restore Point
35: 2008-01-10 00:11:51 UTC - RP1330 - System Checkpoint
34: 2008-01-08 22:22:14 UTC - RP1329 - ComboFix created restore point
33: 2008-01-08 20:48:04 UTC - RP1328 - System Checkpoint
32: 2008-01-07 19:23:10 UTC - RP1327 - ComboFix created restore point


-- First Restore Point --
1: 2007-12-27 04:28:51 UTC - RP1296 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 10.02 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-10 11:13:24
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
C:\Program Files\Roxio\MyDVD\MyDVD\DetectorApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\SYSTEM32\mschkdsk.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Roxio\MyDVD\MyDVD\USBDeviceService.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\WINDOWS\SYSTEM32\HPZipm12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.knology.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://security.symantec.com/default...n-us&venid=sym
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O1 - Hosts: 200.124.131.116 casinocontroller.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Roxio\MyDVD\MyDVD\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
O4 - HKLM\..\Run: [GoogleUpdate] C:\Program Files\Internet Explorer\3776.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [mschkdsk.exe] C:\WINDOWS\system32\mschkdsk.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1135319494359
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} () - http://3dlifeplayer.dl.3dvia.com/pla.../installer.exe
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?322
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{D0A146A3-12D5-45D7-A360-25D5791140CA}: NameServer = 192.168.2.1
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\HPZipm12.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\SYSTEM32\r_server.exe
O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\system32\IEXPLORER.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Roxio\MyDVD\MyDVD\USBDeviceService.exe
O24 - Desktop Component 0: - http://www.webkinz.com/assets/images...bkinz_fill.png

--
End of file - 9508 bytes

-- HijackThis Fixed Entries (C:\Documents and Settings\Nee Dobbs\Desktop\backups\) --------------------------------------------------------------------------------

backup-20080102-183844-158 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-198 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-251 O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
backup-20080102-183844-316 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-357 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-401 O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe (file missing)
backup-20080102-183844-444 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-451 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-459 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-474 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-518 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-582 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-583 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-599 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-652 O9 - Extra button: Gam Trak Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\GAMTRA~1\client.exe
backup-20080102-183844-661 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-690 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-709 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-782 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-853 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-874 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-889 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-900 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-911 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-930 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-931 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-935 O1 - Hosts: 200.124.131.116 casinocontroller.com
backup-20080102-183844-947 O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe (file missing)
backup-20080102-183844-950 O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe
backup-20080102-183845-192 O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
backup-20080102-183845-224 O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://bigdollar.microgaming.com/bi...r/FlashAX2.cab
backup-20080102-183845-785 O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://firstweb.microgaming.com/firstweb/FlashAX.cab
backup-20080102-183845-843 O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
backup-20080102-184006-633 O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHel...7/DLHelper.cab

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
R3 mohfilt - c:\windows\system32\drivers\mohfilt.sys <Not Verified; Intel Corporation; Intel(R) 537EP V9x DFV PCI Modem>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

S3 catchme - c:\docume~1\needob~1\locals~1\temp\catchme.sys (file missing)
S3 SQTECH905C (DB CIF Cam) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 ##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 USBDeviceService - c:\program files\roxio\mydvd\mydvd\usbdeviceservice.exe <Not Verified; ; USBDeviceService Module>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 r_server (Remote Administrator Service) - "c:\windows\system32\r_server.exe" /service <Not Verified; ; Remote Administrator>
S4 seclogon (Secondary Logon) - c:\windows\system32\iexplorer.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E969-E325-11CE-BFC1-08002BE10318}
Description: Standard floppy disk controller
Device ID: ACPI\PNP0700\4&1506BB2E&0
Manufacturer: (Standard floppy disk controllers)
Name: Standard floppy disk controller
PNP Device ID: ACPI\PNP0700\4&1506BB2E&0
Service: fdc

[Berna]

DSS Log, main continued:

-- Scheduled Tasks -------------------------------------------------------------

2008-01-10 09:50:12 380 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-01-04 10:22:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2004-11-13 00:33:17 350 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1092363366.job


-- Files created between 2007-12-10 and 2008-01-10 -----------------------------

2008-01-06 19:37:17 3045 --a------ C:\Documents and Settings\Nee Dobbs\CFScript
2008-01-06 11:19:35 198 --a------ C:\Documents and Settings\Nee Dobbs\servstop.bat
2008-01-06 11:18:42 92 --a------ C:\Documents and Settings\Nee Dobbs\servstart.bat
2008-01-06 10:14:46 219728 --a------ C:\WINDOWS\system32\Down(31).exe
2008-01-05 11:57:00 196608 --a------ C:\WINDOWS\system32\Down(30).exe
2008-01-05 11:56:51 196608 --a------ C:\WINDOWS\system32\Down(29).exe
2008-01-05 11:56:10 196608 --a------ C:\WINDOWS\system32\Down(28).exe
2008-01-05 11:56:00 196608 --a------ C:\WINDOWS\system32\Down(27).exe
2008-01-05 10:44:09 196608 --a------ C:\WINDOWS\system32\Down(26).exe
2008-01-05 10:43:58 196608 --a------ C:\WINDOWS\system32\Down(25).exe
2008-01-05 10:16:01 196608 --a------ C:\WINDOWS\system32\Down(24).exe
2008-01-05 10:15:09 196608 --a------ C:\WINDOWS\system32\Down(23).exe
2008-01-05 10:15:03 196608 --a------ C:\WINDOWS\system32\Down(22).exe
2008-01-05 10:14:51 196608 --a------ C:\WINDOWS\system32\Down(21).exe
2008-01-05 09:18:15 196608 --a------ C:\WINDOWS\system32\Down(20).exe
2008-01-05 09:18:06 196608 --a------ C:\WINDOWS\system32\Down(19).exe
2008-01-05 08:57:36 196608 --a------ C:\WINDOWS\system32\Down(18).exe
2008-01-05 08:57:27 196608 --a------ C:\WINDOWS\system32\Down(17).exe
2008-01-05 08:41:45 196608 --a------ C:\WINDOWS\system32\Down(16).exe
2008-01-05 08:41:38 196608 --a------ C:\WINDOWS\system32\Down(15).exe
2008-01-05 08:32:02 196608 --a------ C:\WINDOWS\system32\Down(14).exe
2008-01-05 08:31:40 196608 --a------ C:\WINDOWS\system32\Down(13).exe
2008-01-05 07:02:36 196608 --a------ C:\WINDOWS\system32\Down(11).exe
2008-01-05 06:58:06 196608 --a------ C:\WINDOWS\system32\Down(10).exe
2008-01-05 06:57:57 196608 --a------ C:\WINDOWS\system32\Down(9).exe
2008-01-05 06:47:54 196608 --a------ C:\WINDOWS\system32\Down(8).exe
2008-01-05 06:47:52 196608 --a------ C:\WINDOWS\system32\Down(7).exe
2008-01-03 07:25:39 389120 --a------ C:\WINDOWS\system32\IE_ASSII.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
2008-01-02 20:42:21 36864 --a------ C:\HTGD0005.exe
2008-01-02 20:42:21 40960 --a------ C:\HTGD0003.exe
2008-01-02 15:23:26 0 d-------- C:\Program Files\Trend Micro
2008-01-02 14:34:12 0 d-------- C:\Program Files\Apple Software Update
2008-01-02 14:34:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-01 23:18:00 0 dr-h----- C:\Documents and Settings\Nee Dobbs\Recent
2008-01-01 10:03:55 57036 --a------ C:\WINDOWS\system32\Down(6).exe
2008-01-01 09:21:27 61678 --a------ C:\WINDOWS\system32\Down(5).exe
2008-01-01 09:14:07 61678 --a------ C:\WINDOWS\system32\Down(4).exe
2008-01-01 09:12:24 61678 --a------ C:\WINDOWS\system32\Down(3).exe
2008-01-01 09:10:40 61678 --a------ C:\WINDOWS\system32\Down(2).exe
2007-12-30 09:49:07 196608 --a------ C:\WINDOWS\system32\Down(1).exe
2007-12-30 09:07:58 196608 --a------ C:\WINDOWS\system32\Down(0).exe
2007-12-29 19:23:57 178688 --a------ C:\WINDOWS\system32\svchst.exe
2007-12-29 19:23:02 20229 ---hs---- C:\test.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
2007-12-29 19:22:09 20229 ---hs---- C:\WINDOWS\system32\Flower.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
2007-12-28 18:28:39 0 d-------- C:\Documents and Settings\Nee Dobbs\Application Data\Ulead Systems
2007-12-28 18:28:34 0 d-------- C:\WINDOWS\ulead.dat
2007-12-26 20:58:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-12-26 20:58:23 0 d-------- C:\Program Files\Web Publish
2007-12-26 14:03:51 0 d-------- C:\Program Files\Casino Extreme
2007-12-16 19:54:31 0 d-------- C:\Program Files\Magic Photo Editor
2007-12-12 17:50:43 0 d-------- C:\Program Files\CCleaner
2007-12-10 15:09:56 0 d-------- C:\Documents and Settings\Nee Dobbs\.housecall6.6


-- Find3M Report ---------------------------------------------------------------

2008-01-07 15:23:31 0 d-------- C:\Documents and Settings\Nee Dobbs\Application Data\AdobeUM
2008-01-05 20:58:25 0 d-------- C:\Program Files\Personalised Letters
2008-01-05 20:56:15 0 d-------- C:\Program Files\Phoenician
2008-01-05 20:54:36 0 d-------- C:\Program Files\firstweb
2008-01-05 20:52:29 0 d-------- C:\Program Files\e-texaspoker client
2008-01-05 20:49:54 0 d-------- C:\Program Files\Canon
2008-01-05 20:47:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-05 19:39:03 0 d-------- C:\Program Files\exPressit S.E. 2.1
2008-01-02 16:46:13 0 d-------- C:\Program Files\Common Files
2008-01-01 21:36:36 0 d-------- C:\Program Files\Club Player Casino
2007-12-26 21:39:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-12 19:03:21 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-12 19:03:06 0 d-------- C:\Program Files\Symantec
2007-12-05 21:14:52 6367 --a------ C:\Documents and Settings\Nee Dobbs\Application Data\Hewlett-PackardHP Photosmart 2570 series1146795559_UI.log
2007-12-05 21:14:52 2228 --a------ C:\Documents and Settings\Nee Dobbs\Application Data\Hewlett-PackardHP Photosmart 2570 series1146795559_PROTOCOL.log
2007-12-05 19:50:25 0 d-------- C:\Program Files\Club World Casinos
2007-11-23 09:09:29 0 d-------- C:\Documents and Settings\Nee Dobbs\Application Data\uTorrent
2007-11-19 17:45:03 0 --a------ C:\WINDOWS\system32\ISHARE
2007-11-14 14:08:57 0 d-------- C:\Program Files\Cool Cat Casino


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 02:06]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 10:43]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 19:12]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 19:15]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCh eck.exe" [2004-03-10 16:26]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-01 20:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-08-26 04:33]
"DetectorApp"="C:\Program Files\Roxio\MyDVD\MyDVD\DetectorApp.exe" [2005-08-31 05:15]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-27 15:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50]
"nwiz"="nwiz.exe" [2005-12-10 02:06 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2005-12-10 02:06]
"PCLEPCI"="C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE" [2003-09-23 10:04]
"GoogleUpdate"="C:\Program Files\Internet Explorer\3776.EXE" [2008-01-05 07:34]
"KernelFaultCheck"="C:\WINDOWS\system32\dumpre p 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"mschkdsk.exe"="C:\WINDOWS\system32\mschkdsk.e xe" [2006-09-06 18:32]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\Nee Dobbs\SendTo\Start Menu\Programs\Startup\
DESKTOP.INI [2004-03-20 11:58:38]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"ClearRecentDocsOnExit"=0000000000000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

61 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-01-10 11:13:52 ------------

[Berna]

Log #4, DSS extra:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 57%
Physical Memory (total/avail): 1534.98 MiB / 656.81 MiB
Pagefile Memory (total/avail): 2156.42 MiB / 1887.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.07 MiB

C: is Fixed (NTFS) - 70.95 GiB total, 10.02 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (FAT32) - 19 GiB total, 1.9 GiB free.
G: is Removable (No Media)

\\.\PHYSICALDRIVE1 - QUANTUM FIREBALL CX20.4A - 19.01 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 19.01 GiB - F:

\\.\PHYSICALDRIVE0 - ST380011A - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 70.95 GiB - C:
\PARTITION2 - Unknown - 3.5 GiB

\\.\PHYSICALDRIVE2 - HP Photosmart 2575x USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Nee Dobbs\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NEECHUCK1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Nee Dobbs
LOGONSERVER=\\NEECHUCK1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\sys tem32\wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\OpenLibraries\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
PYTHONPATH=C:\Program Files\OpenLibraries\python
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\NEEDOB~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\NEEDOB~1\LOCALS~1\Temp
USERDOMAIN=NEECHUCK1
USERNAME=Nee Dobbs
USERPROFILE=C:\Documents and Settings\Nee Dobbs
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Nee Dobbs (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Download Manager 1.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\7328fdfcb73660ec8b11d5a3d5c 6232\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Setup --> MsiExec.exe /I{0650BB10-BCF4-400A-85EE-04097E3046C6}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Advanced GIF Animator 2.22 --> "C:\Program Files\Advanced GIF Animator\unins000.exe"
All Jackpots Casino --> C:\MicroGaming\Casino\AllJackpots\install.exe -uninstall
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Audacity 1.2.3 --> "C:\Program Files\Audacity\unins000.exe"
AVI to MPEG Converter --> C:\PROGRA~1\AVITOM~1\UNWISE.EXE C:\PROGRA~1\AVITOM~1\INSTALL.LOG
Aztec Riches Casino --> C:\MicroGaming\Casino\AztecRiches\install.exe -uninstall
Aztec Riches Casino --> C:\PROGRA~1\AZTECR~2\UNWISE.EXE C:\PROGRA~1\AZTECR~2\INSTALL.LOG
Bingo Gala --> C:\Program Files\Common Files\CA Shared\BIUninstML.exe /C:\Program Files\Bingo Gala\Support\InstallerGala.dll
CanBet Casino --> "C:\Program Files\CanBet Casino\Install.exe" -u
Casino Extreme --> "C:\Program Files\Casino Extreme\Install.exe" -u
Casino Grand Bay --> C:\PROGRA~1\grandbay\UNWISE.EXE C:\PROGRA~1\grandbay\INSTALL.LOG
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDRWIN --> C:\PROGRA~1\CDRWIN\UNWISE.EXE C:\PROGRA~1\CDRWIN\INSTALL.LOG
Challenge Casino --> C:\MicroGaming\Casino\challengev2\install.exe -uninstall
Challenge Casino --> C:\PROGRA~1\CHALLE~1\UNWISE.EXE C:\PROGRA~1\CHALLE~1\INSTALL.LOG
Cirrus Casino --> "C:\Program Files\Cirrus Casino\Install.exe" -u
Club World Casinos --> "C:\Program Files\Club World Casinos\Install.exe" -u
Cool Cat Casino --> "C:\Program Files\Cool Cat Casino\Install.exe" -u
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Support --> MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
DesignPro 5.0 Media Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{BC8032F1-0D5E-43C6-B14A-77AC8F9690B5}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivxToDVD 0.5.2 --> "C:\Program Files\vso\DivxToDVD\unins000.exe"
exPressit S.E. 2.1 --> "C:\Program Files\exPressit S.E. 2.1\UninstallerData\Uninstall exPressit S.E. 2.1.exe"
First Web Casino --> C:\PROGRA~1\firstweb\UNWISE.EXE C:\PROGRA~1\firstweb\INSTALL.LOG
GrabIt 1.5.1 Beta (build 888) --> "C:\Program Files\GrabIt\unins000.exe"
HP Document Viewer 5.3 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Image Zone 5.3 --> C:\Program Files\Hewlett-Packard\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 2100 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
HP PSC & OfficeJet 5.3.A --> "C:\Program Files\Hewlett-Packard\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
hp psc 2100 series --> MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2}
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
iNetBet Casino --> C:\iNetBet Casino\Install.exe -u
Intel(R) 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
Intel(R) PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Intertops --> C:\MicroGaming\Casino\Intertops\install.exe -uninstall
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
LSP Explorer plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\LSPEXP~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\LSPEXP~1\INSTALL.LOG
Magic Photo Editor 4.19 --> "C:\Program Files\Magic Photo Editor\unins000.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2004 --> MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Mozilla Firefox (1.0) --> C:\WINDOWS\UninstallFirefox.exe /ua "1.0 (en-US)"
MP3 Player Utilities 3.11 --> MsiExec.exe /I{2D5B83B8-98A0-4F9C-AE1D-BED98AE17467}
MPEG Converter 2.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\MPEG Converter\irunin.ini"
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
msxml4 --> MsiExec.exe /X{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}
Music Hall Casino --> C:\MicroGaming\Casino\MusicHall\install.exe -uninstall
Music Hall Casino --> C:\PROGRA~1\MUSICH~1\UNWISE.EXE C:\PROGRA~1\MUSICH~1\INSTALL.LOG
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Nostalgia Casino --> C:\MicroGaming\Casino\Nostalgia\install.exe -uninstall
Nostalgia Casino --> C:\PROGRA~1\NOSTAL~1\UNWISE.EXE C:\PROGRA~1\NOSTAL~1\INSTALL.LOG
NTFS4DOS --> C:\Program Files\Datapol\NTFS4DOS\uninst.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenLibraries --> C:\Program Files\OpenLibraries\uninst-openlibraries.exe
OTOY --> RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,_RemoveGroove@16
Painter --> C:\PROGRA~1\Painter\UNWISE.EXE C:\PROGRA~1\Painter\INSTALL.LOG
Phoenician Casino --> C:\PROGRA~1\PHOENI~1\UNWISE.EXE C:\PROGRA~1\PHOENI~1\INSTALL.LOG
Photo Story 3 for Windows --> MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Pinnacle Hollywood FX --> C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
Pinnacle Hollywood FX 5 --> C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX 5\uninstal.log
Pinnacle PCI Performance Enhancer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3E5A81BA-4702-490A-B729-0BFF6E7CBF96}\setup.exe" -l0x9
Powerbet --> "C:\Program Files\Powerbet\Install.exe" -u
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remote Administrator v2.2 --> C:\Program Files\Radmin\uninstal.exe
Roxio MyDVD --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio UDF Reader --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spunins t.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spunins t.exe"
Shark Casino --> C:\Shark Casino\Install.exe -u
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Skype 1.3 --> "C:\Program Files\Skype\Phone\unins000.exe"
SmartSoft Video Converter --> "C:\Program Files\SmartSoftVideoConverter\unins000.exe"
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Studio 9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x9 UNINSTALL
Studio 9.4 Patch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E217EA-C3E0-402D-8D4F-6189DB74497A}\setup.exe" -l0x9 UNINSTALL
Studio Content DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B67624DE-75CE-4FAD-9F29-5C115773CE61}\Setup.exe" -l0x9
Ultimate Paint 2.88 Freeware Edition --> "C:\Program Files\UP\unins000.exe"
Vegas Magic Casino --> C:\Vegas Magic Casino\Install.exe -u
Video Converter 3 --> C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VX2 Cleaner plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\VX2CLE~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\VX2CLE~1\INSTALL.LOG
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media 9 Capture Tool --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wm9cap.inf, Uninstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}


-- Application Event Log -------------------------------------------------------

Event Record #/Type438 / Warning
Event Submitted/Written: 01/07/2008 01:27:53 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type420 / Warning
Event Submitted/Written: 01/06/2008 07:57:10 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type389 / Error
Event Submitted/Written: 01/05/2008 08:57:15 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application UNWISE.EXE, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type388 / Error
Event Submitted/Written: 01/05/2008 08:54:42 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application UNWISE.EXE, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type387 / Error
Event Submitted/Written: 01/05/2008 08:54:40 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application UNWISE.EXE, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.