Deckard's System Scanner v20071014.68
Run by Bryan on 2008-02-26 14:20:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
31: 2008-02-26 09:03:58 UTC - RP107 - Scheduled Checkpoint
30: 2008-02-25 17:35:19 UTC - RP106 - Restore Operation
29: 2008-02-25 09:39:59 UTC - RP105 - Windows Update
28: 2008-02-25 08:00:02 UTC - RP104 - Scheduled Checkpoint
27: 2008-02-24 10:24:50 UTC - RP103 - Scheduled Checkpoint
-- First Restore Point --
1: 2008-01-31 17:57:42 UTC - RP77 - Scheduled Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-26 14:22:00
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Windows\System32\wpcumi.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\Bryan\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5246R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5246R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.gateway.com/g/startpage.html?Ch...DTP&M=T5246R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=T5246R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: MS Video Control 1.0 - {54629298-47B2-4F79-BC62-7B3648D70020} - C:\Windows\msvidc32.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BigFix.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O10 - Unknown file in Winsock LSP: C:\Windows\System32\wpclsp.dll
O10 - Unknown file in Winsock LSP: C:\Windows\System32\wpclsp.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () -
http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cabO18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\System32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 9896 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
All drivers whitelisted.
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 MyWebSearchService (My Web Search Service) - c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe <Not Verified; MyWebSearch.com; My Web Search Bar>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-02-25 20:22:47 546 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Bryan.job
-- Files created between 2008-01-26 and 2008-02-26 -----------------------------
2008-02-25 01:03:35 230400 --a------ C:\Windows\msvidc32.dll <Not Verified; Adobe; >
2008-02-25 01:03:35 50 --a------ C:\tmp.bat
2008-02-18 05:39:39 0 dr------- C:\Users\Duece Baby\Searches
2008-02-18 05:39:30 0 dr------- C:\Users\Duece Baby\Contacts
2008-02-18 05:39:21 0 d--hs---- C:\Users\Duece Baby\Templates
2008-02-18 05:39:21 0 d--hs---- C:\Users\Duece Baby\Start Menu
2008-02-18 05:39:21 0 d--hs---- C:\Users\Duece Baby\SendTo
2008-02-18 05:39:21 0 d--hs---- C:\Users\Duece Baby\Recent
2008-02-18 05:39:21 0 d--hs---- C:\Users\Duece Baby\PrintHood
2008-02-18 05:39:21 0 d--hs---- C:\Users\Duece Baby\NetHood
2008-02-18 05:39:21 0 d--hs---- C:\Users\Duece Baby\My Documents
2008-02-18 05:39:21 0 d--hs---- C:\Users\Duece Baby\Local Settings
2008-02-18 05:39:21 0 d--hs---- C:\Users\Duece Baby\Cookies
2008-02-18 05:39:21 0 d--hs---- C:\Users\Duece Baby\Application Data
2008-02-18 05:39:20 0 dr------- C:\Users\Duece Baby\Videos
2008-02-18 05:39:20 0 dr------- C:\Users\Duece Baby\Saved Games
2008-02-18 05:39:20 0 dr------- C:\Users\Duece Baby\Pictures
2008-02-18 05:39:20 786432 --ahs---- C:\Users\Duece Baby\NTUSER.DAT
2008-02-18 05:39:20 0 dr------- C:\Users\Duece Baby\Music
2008-02-18 05:39:20 0 dr------- C:\Users\Duece Baby\Links
2008-02-18 05:39:20 0 dr------- C:\Users\Duece Baby\Favorites
2008-02-18 05:39:20 0 dr------- C:\Users\Duece Baby\Downloads
2008-02-18 05:39:20 0 dr------- C:\Users\Duece Baby\Documents
2008-02-18 05:39:20 0 dr------- C:\Users\Duece Baby\Desktop
2008-02-18 05:39:20 0 d--h----- C:\Users\Duece Baby\AppData
2008-02-10 20:58:25 28672 --a------ C:\Windows\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2008-02-10 20:58:25 0 d-------- C:\Program Files\MyWebSearch
2008-02-10 20:58:20 0 d-------- C:\Program Files\FunWebProducts
2008-02-10 02:54:02 0 d-------- C:\Program Files\iPod
2008-02-10 02:53:59 0 d-------- C:\Program Files\iTunes
2008-02-10 02:53:26 0 d-------- C:\Program Files\Bonjour
2008-02-10 02:53:03 0 d-------- C:\Users\All Users\Apple Computer
2008-02-10 02:53:03 0 d-------- C:\Program Files\QuickTime
2008-02-10 02:52:43 0 d-------- C:\Program Files\Apple Software Update
2008-02-10 02:52:09 0 d-------- C:\Program Files\Common Files\Apple
2008-02-10 02:52:08 0 d-------- C:\Users\All Users\Apple
2008-02-09 05:41:17 0 dr------- C:\Users\Mcx1\Videos
2008-02-09 05:41:17 0 d--hs---- C:\Users\Mcx1\Templates
2008-02-09 05:41:17 0 d--hs---- C:\Users\Mcx1\Start Menu
2008-02-09 05:41:17 0 d--hs---- C:\Users\Mcx1\SendTo
2008-02-09 05:41:17 0 d-------- C:\Users\Mcx1\Saved Games
2008-02-09 05:41:17 0 d--hs---- C:\Users\Mcx1\Recent
2008-02-09 05:41:17 0 d--hs---- C:\Users\Mcx1\PrintHood
2008-02-09 05:41:17 0 dr------- C:\Users\Mcx1\Pictures
2008-02-09 05:41:17 262144 --ahs---- C:\Users\Mcx1\NTUSER.DAT
2008-02-09 05:41:17 0 d--hs---- C:\Users\Mcx1\NetHood
2008-02-09 05:41:17 0 d--hs---- C:\Users\Mcx1\My Documents
2008-02-09 05:41:17 0 dr------- C:\Users\Mcx1\Music
2008-02-09 05:41:17 0 d--hs---- C:\Users\Mcx1\Local Settings
2008-02-09 05:41:17 0 dr------- C:\Users\Mcx1\Links
2008-02-09 05:41:17 0 dr------- C:\Users\Mcx1\Favorites
2008-02-09 05:41:17 0 dr------- C:\Users\Mcx1\Downloads
2008-02-09 05:41:17 0 dr------- C:\Users\Mcx1\Documents
2008-02-09 05:41:17 0 dr------- C:\Users\Mcx1\Desktop
2008-02-09 05:41:17 0 d--hs---- C:\Users\Mcx1\Cookies
2008-02-09 05:41:17 0 d--hs---- C:\Users\Mcx1\Application Data
2008-02-09 05:41:17 0 d--h----- C:\Users\Mcx1\AppData
2008-02-09 04:26:13 0 d-------- C:\Program Files\alot
2008-01-31 15:32:57 967 --a------ C:\Windows\ScUnin.pif
2008-01-31 15:32:57 94208 --a------ C:\Windows\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-01-31 15:32:57 35473 --a------ C:\Windows\scunin.dat
2008-01-31 15:32:39 0 d-------- C:\Program Files\Starcraft
2008-01-31 15:23:45 0 d--h----- C:\Users\All Users\CanonBJ
2008-01-30 21:36:39 0 dr------- C:\Users\Bryan\Searches
2008-01-30 21:36:31 0 dr------- C:\Users\Bryan\Contacts
2008-01-30 21:36:26 0 dr------- C:\Users\Bryan\Videos
2008-01-30 21:36:26 0 d--hs---- C:\Users\Bryan\Templates
2008-01-30 21:36:26 0 d--hs---- C:\Users\Bryan\Start Menu
2008-01-30 21:36:26 0 d--hs---- C:\Users\Bryan\SendTo
2008-01-30 21:36:26 0 dr------- C:\Users\Bryan\Saved Games
2008-01-30 21:36:26 0 d--hs---- C:\Users\Bryan\Recent
2008-01-30 21:36:26 0 d--hs---- C:\Users\Bryan\PrintHood
2008-01-30 21:36:26 0 dr------- C:\Users\Bryan\Pictures
2008-01-30 21:36:26 1572864 --ahs---- C:\Users\Bryan\NTUSER.DAT
2008-01-30 21:36:26 0 d--hs---- C:\Users\Bryan\NetHood
2008-01-30 21:36:26 0 d--hs---- C:\Users\Bryan\My Documents
2008-01-30 21:36:26 0 dr------- C:\Users\Bryan\Music
2008-01-30 21:36:26 0 d--hs---- C:\Users\Bryan\Local Settings
2008-01-30 21:36:26 0 dr------- C:\Users\Bryan\Links
2008-01-30 21:36:26 0 dr------- C:\Users\Bryan\Favorites
2008-01-30 21:36:26 0 dr------- C:\Users\Bryan\Downloads
2008-01-30 21:36:26 0 dr------- C:\Users\Bryan\Documents
2008-01-30 21:36:26 0 dr------- C:\Users\Bryan\Desktop
2008-01-30 21:36:26 0 d--hs---- C:\Users\Bryan\Cookies
2008-01-30 21:36:26 0 d--hs---- C:\Users\Bryan\Application Data
2008-01-30 21:36:26 0 d--h----- C:\Users\Bryan\AppData
2008-01-30 21:32:26 0 d--hs---- C:\Users\All Users\Templates
2008-01-30 21:32:26 0 d--hs---- C:\Users\All Users\Start Menu
2008-01-30 21:32:26 0 d--hs---- C:\Users\All Users\Favorites
2008-01-30 21:32:26 0 d--hs---- C:\Users\All Users\Documents
2008-01-30 21:32:26 0 d--hs---- C:\Users\All Users\Desktop
2008-01-30 21:32:26 0 d--hs---- C:\Users\All Users\Application Data
2008-01-30 21:32:25 0 d--hs---- C:\Users\Default\Templates
2008-01-30 21:32:25 0 d--hs---- C:\Users\Default\Start Menu
2008-01-30 21:32:25 0 d--hs---- C:\Users\Default\SendTo
2008-01-30 21:32:25 0 d--hs---- C:\Users\Default\Recent
2008-01-30 21:32:25 0 d--hs---- C:\Users\Default\PrintHood
2008-01-30 21:32:25 0 d--hs---- C:\Users\Default\NetHood
2008-01-30 21:32:25 0 d--hs---- C:\Users\Default\My Documents
2008-01-30 21:32:25 0 d--hs---- C:\Users\Default\Local Settings
2008-01-30 21:32:25 0 d--hs---- C:\Users\Default\Cookies
2008-01-30 21:32:25 0 d--hs---- C:\Users\Default\Application Data
2008-01-30 21:32:25 0 d--hs---- C:\Documents and Settings
-- Find3M Report ---------------------------------------------------------------
2008-02-25 09:53:49 0 d-------- C:\Users\Bryan\AppData\Roaming\Spare Backup
2008-02-25 09:36:54 0 d-------- C:\Program Files\Microsoft Works
2008-02-25 09:36:53 0 d-------- C:\Program Files\Google
2008-02-17 12:01:20 0 d-------- C:\Users\Bryan\AppData\Roaming\Apple Computer
2008-02-12 14:34:17 0 d-------- C:\Program Files\Norton Internet Security
2008-02-12 14:34:17 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-12 07:34:12 0 d-------- C:\Program Files\Symantec
2008-02-11 21:11:29 0 d-------- C:\Program Files\Common Files
2008-02-07 20:28:25 0 d-------- C:\Users\Bryan\AppData\Roaming\Adobe
2008-02-07 03:12:44 0 d-------- C:\Program Files\Windows Mail
2008-02-07 03:12:43 0 d-------- C:\Program Files\Windows Sidebar
2008-02-06 16:35:57 0 d-------- C:\Users\Bryan\AppData\Roaming\Google
2008-02-06 15:34:37 0 d-------- C:\Users\Bryan\AppData\Roaming\Macromedia
2008-01-31 01:49:30 0 d-------- C:\Users\Bryan\AppData\Roaming\WildTangent
2008-01-30 22:37:10 0 d-------- C:\Users\Bryan\AppData\Roaming\Roxio
2008-01-30 21:48:57 0 d-------- C:\Users\Bryan\AppData\Roaming\SampleView
2008-01-30 21:36:54 0 d-------- C:\Users\Bryan\AppData\Roaming\Symantec
2008-01-30 21:36:33 0 d-------- C:\Users\Bryan\AppData\Roaming\Identities
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54629298-47B2-4F79-BC62-7B3648D70020}]
02/25/2008 01:03 AM 230400 --a------ C:\Windows\msvidc32.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}]
11/30/2007 01:52 PM 622376 --a------ C:\Program Files\alot\bin\alot.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
08/24/2007 08:51 PM 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
02/11/2008 09:11 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [08/24/2007 08:51 PM 316784]
[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/17/2007 05:50 PM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [07/05/2007 10:15 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [07/05/2007 10:15 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [07/05/2007 10:15 PM]
"RtHDVCpl"="RtHDVCpl.exe" [09/19/2007 01:50 PM C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [08/03/2007 12:22 PM C:\Windows\SkyTel.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/31/2008 01:15 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [11/17/2007 05:22 PM]
"Spare Backup"="C:\Program Files\Spare Backup\SpareBackup.exe" [09/13/2007 04:22 PM]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [09/06/2006 12:12 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/31/2008 11:13 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/04/2008 02:18 PM]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [02/10/2008 08:58 PM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [02/10/2008 08:58 PM]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [11/02/2006 04:35 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 04:35 AM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [02/10/2008 08:58 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 04:36 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe
C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [11/17/2007 5:21:59 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2008-02-26 14:22:57 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 1918.94 MiB / 950.52 MiB
Pagefile Memory (total/avail): 4060.09 MiB / 2994.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1907.69 MiB
C: is Fixed (NTFS) - 361.95 GiB total, 295.26 GiB free.
D: is Fixed (NTFS) - 10.66 GiB total, 4.53 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
\\.\PHYSICALDRIVE0 - WDC WD40 00AAJS-22YFA SCSI Disk Device - 372.61 GiB - 2 partitions
\PARTITION0 - Installable File System - 10.66 GiB - D:
\PARTITION1 (bootable) - Installable File System - 361.95 GiB - C:
\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device
\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device
\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device
\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AV: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Norton Internet Security v15.0.0.60 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Bryan\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BRYAN-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Bryan
LOCALAPPDATA=C:\Users\Bryan\AppData\Local
LOGONSERVER=\\BRYAN-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Bryan\AppData\Local\Temp
TMP=C:\Users\Bryan\AppData\Local\Temp
USERDOMAIN=Bryan-PC
USERNAME=Bryan
USERPROFILE=C:\Users\Bryan
windir=C:\Windows
-- User Profiles ---------------------------------------------------------------
Bryan
Mcx1
Duece Baby
-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\eMachines Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\eMachines Games\Blasterball 3\Uninstall.exe"
--> "C:\Program Files\eMachines Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\eMachines Games\Diner Dash\Uninstall.exe"
--> "C:\Program Files\eMachines Games\eMachines Game Console\Uninstall.exe"
--> "C:\Program Files\eMachines Games\FATE\Uninstall.exe"
--> "C:\Program Files\eMachines Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\eMachines Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\eMachines Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\eMachines Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\eMachines Games\Virtual Villagers - A New Home\Uninstall.exe"
--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Agere Systems PCI-SV92PP Soft Modem --> agrsmdel
ALOT Toolbar --> "C:\Program Files\alot\alotUninst.exe"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
BigFix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34FF0741-EC67-4C05-AC2A-6D257123DF2E}\setup.exe" -l0x9 -uninst -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Browser Address Error Redirector --> regsvr32 /u /s "c:\windows\system32\BAE.dll"
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61} /l1033
eMachines Connect --> MsiExec.exe /I{DF86A72C-4585-4D75-B592-968C8C6604A1}
eMachines Games --> "C:\Program Files\eMachines Games\Uninstall.exe"
eMachines Recovery Center Installer --> MsiExec.exe /X{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
iTunes --> MsiExec.exe /I{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}
Java(tm) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Microsoft WSE 2.0 SP3 Runtime --> MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
My Web Search (Zwinky) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Power2Go 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Spare Backup --> MsiExec.exe /X{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Starcraft --> C:\Windows\SCunin.exe C:\Windows\SCunin.dat
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
-- Application Event Log -------------------------------------------------------
Event Record #/Type2252 / Error
Event Submitted/Written: 02/25/2008 09:59:25 AM
Event ID/Source: 5007 / WerSvc
Event Description:
The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Event Record #/Type2238 / Success
Event Submitted/Written: 02/25/2008 09:53:19 AM
Event ID/Source: 5617 / WinMgmt
Event Description:
Event Record #/Type2237 / Success
Event Submitted/Written: 02/25/2008 09:53:18 AM
Event ID/Source: 5615 / WinMgmt
Event Description:
Event Record #/Type2233 / Success
Event Submitted/Written: 02/25/2008 09:53:10 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.
Event Record #/Type2213 / Warning
Event Submitted/Written: 02/25/2008 09:52:14 AM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2451316926-822776585-1986153624-1000_Classes:
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2451316926-822776585-1986153624-1000_CLASSES
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type10116 / Warning
Event Submitted/Written: 02/26/2008 02:22:19 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Bryan-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Bryan-PC27 can't undo changes that you allow.
For more information please see the following:
%Bryan-PC275
Scan ID: {FE0F5A80-A7CA-4442-9323-0D1F2DF1464F}
User: Bryan-PC\Bryan
Name: %Bryan-PC271
ID: %Bryan-PC272
Severity ID: %Bryan-PC273
Category ID: %Bryan-PC274
Path Found: %Bryan-PC276
Alert Type: %Bryan-PC278
Detection Type: 1.1.1505.02
Event Record #/Type10115 / Warning
Event Submitted/Written: 02/26/2008 02:22:19 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Bryan-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Bryan-PC27 can't undo changes that you allow.
For more information please see the following:
%Bryan-PC275
Scan ID: {7D972882-DD8A-4DDF-9AD1-F3EAB4FA886E}
User: Bryan-PC\Bryan
Name: %Bryan-PC271
ID: %Bryan-PC272
Severity ID: %Bryan-PC273
Category ID: %Bryan-PC274
Path Found: %Bryan-PC276
Alert Type: %Bryan-PC278
Detection Type: 1.1.1505.02
Event Record #/Type10090 / Warning
Event Submitted/Written: 02/26/2008 09:53:18 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.
Event Record #/Type9859 / Error
Event Submitted/Written: 02/25/2008 09:52:44 AM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 12, function 0.
Please contact your system vendor for technical assistance.
Event Record #/Type9858 / Error
Event Submitted/Written: 02/25/2008 09:52:44 AM
Event ID/Source: 6 / ACPI
Event Description:
IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 11, function 0.
Please contact your system vendor for technical assistance.
-- End of Deckard's System Scanner: finished at 2008-02-26 14:22:57 ------------
Guestolo this is mMr Bell I'm going to let Brian take it from here. This is his first computer so you might need to be patient with him. This computer has some crazy pop up. It shows a set.exe pop up that is requesting to be down loaded. I think Nortons did catch one file and it was a mwssras.dll file. If he has any problems following your directions I'll have to come back over to help the kid out. After this he cab register his own acct on thetechforum.
