First, to answer your questions. The weird characters show at the end on my emails. I believe that it shows only on emails sent in html format. They do not show up on messages sent in text only format.
Showing up in message bodies. An example would be when I sent an article from PC Magazine to a friend and tried to write something in the message box. As I typed the weird characters showed in the body.
Bill Ottoson
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ATF Cleaner...Loaded, ran, and completed instructions. Had error message: IE cannot open Internet site http:\www.majorgeeks.com
Operation aborted
But it did finish and noted that it had cleaned 147.445 MBS
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware
Downloaded and Installed
Following is Log:
Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 5.1.2600 Service Pack 3
4:15:35 PM 7/31/2008
mbam-log-7-31-2008 (16-15-35).txt
Scan type: Full Scan (C:\|I:\|)
Objects scanned: 185336
Time elapsed: 2 hour(s), 21 minute(s), 52 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 14
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 10
Memory Processes Infected:
C:\Program Files\RegistrySmart\RegistrySmart.exe (Rogue.RegistrySmart) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files\RegistrySmart\RegCleaner.dll (Rogue.RegistrySmart) -> Delete on reboot.
C:\Program Files\RegistrySmart\TCL.dll (Rogue.RegistrySmart) -> Delete on reboot.
C:\Program Files\RegistrySmart\zlib.dll (Rogue.RegistrySmart) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\a1dc0fc00707a5a47b1b8c47064e8e01 (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\a1dc0fc00707a5a47b1b8c47064e8e01 (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrysmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\documents and settings\all users\start menu\programs\registrysmart\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\DataBase.ref (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\RegCleaner.dll (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\RegistrySmart.exe (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\RegistrySmart.url (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\TCL.dll (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\zlib.dll (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RegistrySmart\RegistrySmart on the Web.lnk (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RegistrySmart\RegistrySmart.lnk (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Application Data\RegistrySmart\Log\2008 Jul 31 - 08_32_59 AM_906.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Downloaded Deckard's Stystem Scanner
Main Text File
Deckard's System Scanner v20071014.68
Run by Bill on 2008-07-31 16:56:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Failed to create restore point; System Restore is disabled (service is not running).
-- Last 5 Restore Point(s) --
75: 2008-06-20 20:32:31 UTC - RP198 - Installed Creative Software AutoUpdate
74: 2008-06-20 20:29:39 UTC - RP197 - Installed Creative WebCam
73: 2008-06-20 20:29:07 UTC - RP196 - Installed Creative Live! Cam Video Chat / Video IM
72: 2008-06-20 20:28:57 UTC - RP195 - Installed Creative System Information
71: 2008-06-20 20:28:41 UTC - RP194 - Installed Creative Live! Cam User's Guide
-- First Restore Point --
1: 2008-03-28 04:16:14 UTC - RP124 - Made by Registry Mechanic
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 480 MiB (512 MiB recommended).-- HijackThis (run as Bill.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:59:01 PM, on 7/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\PC Magazine Utilities\HD HeartBeat 2\HBSrvApp.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\V0350Mon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\FREEME~1\fmempro.exe
C:\Program Files\PC Magazine Utilities\NoteWhen\NoteWhen.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\PC Magazine Utilities\Desktoplet\Desktoplet.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ClipCache\clipc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Downloaded Files\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bill.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\SnagIt 8\SnagItBHO.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: CallingID LinkAdvisor - {F67BEA7B-70D4-4417-9227-480B35DDD500} - C:\Program Files\CallingID\LinkAdvisor\CIDLinkAdvisor.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [FreeMem Pro] "C:\PROGRA~1\FREEME~1\fmempro.exe" autostart
O4 - HKCU\..\Run: [NoteWhen3] "C:\Program Files\PC Magazine Utilities\NoteWhen\NoteWhen.exe"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PCMagSurfSpeed2] "C:\Program Files\PC Magazine Utilities\SurfSpeed 2\SurfSpeed.exe" /m
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: ClipCache Pro.lnk = C:\Program Files\ClipCache\clipc.exe
O4 - Global Startup: Desktoplet.lnk = C:\Program Files\PC Magazine Utilities\Desktoplet\Desktoplet.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Fill Forms -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/betapit/PCPitStop.CABO16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -
http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 0351727296O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cabO16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) -
http://www.nanoscan.com/cabs/nanoinst.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://www.adobe.com/products/acrobat/nos/gp.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
http://h30155.www3.hp.com/ediags/hpfix/ ... gh.cab?326O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://www.creative.com/softwareupdate/ ... /CTPID.cabO16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) -
http://utilities.pcpitstop.com/optimize2/pcpitstop2.dllO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HBService - Ziff Davis Media, Inc - C:\Program Files\PC Magazine Utilities\HD HeartBeat 2\HBSrvApp.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 11765 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
S3 ListOpenedFileDrv - c:\documents and settings\bill\application data\pc magazine utilities\taskpower\drivers\listopenedfiledrv.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 HBService - c:\program files\pc magazine utilities\hd heartbeat 2\hbsrvapp.exe /startedbyscm:3ed1b58a-40e2f974-hbservice <Not Verified; Ziff Davis Media, Inc; HDHeartbeat>
R2 NTService1 (MaxSyncService) - "c:\program files\maxtor\utils\syncservices.exe" <Not Verified; ; SyncServices>
S2 AdobeActiveFileMonitor4.0 (Adobe Active File Monitor V4) - c:\program files\adobe\photoshop elements 4.0\photoshopelementsfileagent.exe
S4 MaxBackServiceInt - "c:\program files\maxtor\maxtor backup\maxbackserviceint.exe" <Not Verified; ; MaxBackServiceInt Module>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-07-23 16:18:00 406 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-06-20 09:18:47 436 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-06-19 19:06:01 780 --a------ C:\WINDOWS\Tasks\Daily Backup.job
2008-06-19 18:00:00 716 --a------ C:\WINDOWS\Tasks\daily backup2.job
2008-04-20 14:13:35 370 -----n--- C:\WINDOWS\Tasks\RegCure.job
-- Files created between 2008-06-30 and 2008-07-31 -----------------------------
2008-07-31 13:47:42 0 d-------- C:\Documents and Settings\Bill\Application Data\Malwarebytes
2008-07-31 13:47:31 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-31 13:47:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-31 13:09:08 0 d-------- C:\Program Files\Trend Micro
2008-07-28 14:55:10 0 d-------- C:\Program Files\IrfanView
2008-07-24 13:22:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-24 13:21:28 0 d-------- C:\Program Files\Webroot
2008-07-24 13:21:28 0 d-------- C:\Documents and Settings\Bill\Application Data\Webroot
2008-07-24 13:21:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-24 13:21:24 0 d-------- C:\Program Files\AskSBar
2008-07-24 13:18:27 164 --a------ C:\install.dat
2008-07-23 16:48:30 0 d-------- C:\Program Files\Common Files\xing shared
2008-07-23 16:46:49 0 d-------- C:\Program Files\Real
2008-07-23 16:45:57 0 d-------- C:\Program Files\Common Files\Real
2008-07-23 16:40:19 0 d-------- C:\Documents and Settings\Bill\Application Data\Real
2008-07-23 16:20:45 0 d-------- C:\Program Files\Picasa2
2008-07-23 16:19:03 0 d-------- C:\WINDOWS\system32\runtime
2008-07-23 16:17:14 0 d-------- C:\Program Files\Norton Security Scan
2008-07-14 13:56:12 0 d-------- C:\Program Files\keyfinder
2008-07-14 13:47:56 0 d-------- C:\KeyFinder
2008-07-08 13:45:51 0 d-------- C:\Documents and Settings\Bill\Application Data\RegClean
2008-07-08 13:45:43 0 d-------- C:\Program Files\RegClean
2008-07-08 10:20:48 0 d-------- C:\WINDOWS\Fonts Temp APS Repair
2008-07-06 14:40:12 1843200 --a------ C:\WINDOWS\system32\acXMLParser.dll <Not Verified; Apache Software Foundation; Xerces-C Version 2.7.0>
2008-07-06 14:40:05 3497984 --a------ C:\WINDOWS\system32\cdintf300.dll <Not Verified; Amyuni Technologies
http://www.amyuni.com; Amyuni Common Driver Interface>
2008-07-06 10:47:21 0 d-------- C:\WINDOWS\FontsWhollyGenes
2008-07-06 09:16:22 0 d-------- C:\Program Files\CamVideo
-- Find3M Report ---------------------------------------------------------------
2008-07-31 16:48:12 0 d-------- C:\Documents and Settings\Bill\Application Data\Skype
2008-07-31 16:08:21 0 d-------- C:\Documents and Settings\Bill\Application Data\skypePM
2008-07-31 10:11:49 0 d-------- C:\Program Files\ZipCentral
2008-07-25 12:57:57 0 d-------- C:\Program Files\Taskbar Shuffle
2008-07-24 11:00:32 0 d-------- C:\Program Files\PC Magazine Utilities
2008-07-23 22:24:23 0 d-------- C:\Program Files\Google
2008-07-23 16:48:30 0 d-------- C:\Program Files\Common Files
2008-07-23 11:25:53 0 d-------- C:\Documents and Settings\Bill\Application Data\The Master Genealogist v7
2008-07-11 12:28:15 0 d-------- C:\Documents and Settings\Bill\Application Data\PC Magazine Utilities
2008-07-09 14:30:25 134448 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-07-08 16:19:10 0 d-------- C:\Program Files\Ad-Aware
2008-07-06 14:40:02 0 d-------- C:\Program Files\Map my Family Tree
2008-07-06 09:19:26 0 d-------- C:\Program Files\Creative
2008-07-01 09:16:22 0 d-------- C:\Program Files\ClipCache
2008-06-30 16:42:15 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-30 16:40:44 0 d-------- C:\Documents and Settings\Bill\Application Data\Adobe
2008-06-30 16:00:04 0 d-------- C:\Program Files\The Master Genealogist v7
2008-06-20 15:55:27 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-20 15:52:52 0 d-------- C:\Program Files\Skype
2008-06-20 15:52:49 0 d-------- C:\Program Files\Common Files\Skype
2008-06-20 15:45:34 0 d-------- C:\Documents and Settings\Bill\Application Data\Creative
2008-06-20 15:32:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-20 15:29:22 0 d-------- C:\Program Files\SightSpeed
2008-06-20 12:27:26 0 d-------- C:\Program Files\PCPitstop
2008-06-19 10:09:35 0 d-------- C:\Program Files\The Master Genealogist
2008-06-10 12:12:30 0 d-------- C:\Documents and Settings\Bill\Application Data\Brother
2008-06-10 12:03:13 0 --a------ C:\WINDOWS\system32\Biport
2008-06-10 11:49:02 50 --a------ C:\WINDOWS\system32\bridf06a.dat
2008-06-06 11:31:31 41438 --ah----- C:\Program Files\UFTREE.GID
2008-06-06 11:14:25 0 d-------- C:\Program Files\Family Tree SuperTools
2008-06-05 12:30:37 0 d-------- C:\Program Files\TimezAttack
2008-06-01 12:01:26 0 d-------- C:\Program Files\Northern Hills Software
2008-06-01 12:00:34 0 d-------- C:\Program Files\RegCure
2008-06-01 08:41:59 0 d-------- C:\Documents and Settings\Bill\Application Data\CallingID
2008-05-14 10:56:58 1024 -r-h----- C:\WINDOWS\system32\NTIBUN4.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
07/24/2008 01:21 PM 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/03/2008 08:54 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/03/2008 08:54 PM 2055960]
[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [01/27/2008 12:38 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [01/13/2006 07:36 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/03/2008 08:54 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [09/09/2005 01:18 AM]
"V0350Mon.exe"="C:\WINDOWS\V0350Mon.exe" [08/23/2007 01:03 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [07/23/2008 04:15 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/23/2008 04:46 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [12/03/2007 11:29 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 02:39 PM]
"FreeMem Pro"="C:\PROGRA~1\FREEME~1\fmempro.exe" [10/07/2004 01:29 AM]
"NoteWhen3"="C:\Program Files\PC Magazine Utilities\NoteWhen\NoteWhen.exe" [06/18/2008 04:55 PM]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [06/07/2007 02:01 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [05/30/2008 03:54 PM]
"PCMagSurfSpeed2"="C:\Program Files\PC Magazine Utilities\SurfSpeed 2\SurfSpeed.exe" [05/23/2008 08:02 AM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [05/31/2008 11:53 AM]
C:\Documents and Settings\Bill\Start Menu\Programs\Startup\
ClipCache Pro.lnk - C:\Program Files\ClipCache\clipc.exe [12/1/2007 7:40:42 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Desktoplet.lnk - C:\Program Files\PC Magazine Utilities\Desktoplet\Desktoplet.exe [7/24/2008 11:00:32 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [12/3/2007 11:29:27 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [12/17/2007 2:55:04 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= C:\Program Files\CallingID\LinkAdvisor\CIDLinkAdvisor.dll [12/14/2007 09:07 PM 562616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
-- End of Deckard's System Scanner: finished at 2008-07-31 17:00:05 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) XP 2000+
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 479.48 MiB / 157.16 MiB
Pagefile Memory (total/avail): 1123.95 MiB / 666.85 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.1 MiB
A: is Removable (FAT)
C: is Fixed (NTFS) - 76.33 GiB total, 55.2 GiB free.
D: is Removable (FAT)
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (FAT)
H: is Removable (FAT)
\\.\PHYSICALDRIVE1 - IOMEGA ZIP 250 - 94.13 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 95.98 MiB - D:
\\.\PHYSICALDRIVE0 - Maxtor 6Y080P0 - 76.33 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.33 GiB - C:
\\.\PHYSICALDRIVE4 - 3SYSTEM USB FLASH DISK USB Device - 117.66 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 124.95 MiB - G:
\\.\PHYSICALDRIVE2 - IOMEGA ZIP 250 USB Device - 235.33 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 238.98 MiB - H:
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before download.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Bill\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OTTOSON2
ComSpec=C:\WINDOWS\system32\cmd.exe
DEVMGR_SHOW_DETAILS=1
DEVMGR_SHOW_NONPRESENT_DEVICES=1
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Bill
LOGONSERVER=\\OTTOSON2
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
RNLOG_BASEKEY=Software\RealNetworks\RealPlayer\6.0\Preferences\BrowserRecordPluginLog
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Bill\LOCALS~1\Temp
TMP=C:\DOCUME~1\Bill\LOCALS~1\Temp
USERDOMAIN=OTTOSON2
USERNAME=Bill
USERPROFILE=C:\Documents and Settings\Bill
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Bill
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\HP CD-Writer\DeIsL1.isu"
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EDB7E6-D292-44BD-8CA6-A3E33C9D7750}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5549DC52-211C-44BE-8347-0C22812DEB31}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9814AC8C-FDA8-431F-A6EB-D7294E2D362E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3Space ClipArtist 2.0 CD --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3Space ClipArtist\DeIsL1.isu"
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Photoshop Elements 4.0 --> msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advanced Audio FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
akFontViewer --> C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\Anatoli Klassen Software\akFontViewer\UnInst.log " "/APPNAME=akFontViewer"
AnswerWorks Runtime --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
Ashampoo Burning Studio 7.21 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 7\unins000.exe"
Ashampoo Magical Snap 2.30 --> "C:\Program Files\Ashampoo\Ashampoo Magical Snap 2\unins000.exe"
Ashampoo PowerUp 3.10 --> "C:\Program Files\Ashampoo\Ashampoo PowerUp 3\unins000.exe"
Ashampoo UnInstaller Platinum 2 --> "C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\Uninstall\UIP_Uninstall.exe"
Ashampoo WinOptimizer 4.51 --> "C:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\unins000.exe"
Ask Toolbar --> rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
Aspell English Dictionary-0.50-2 --> "C:\Program Files\Aspell\unins001.exe"
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0F563C4-D4AD-41C4-A8A6-26664C027D11}\Setup.exe" -l0x9 Brunin03.dll -removeonly
Calculator Powertoy for Windows XP --> MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
CallingID Link Advisor --> MsiExec.exe /X{6071E0F5-A11A-4AAC-9AB8-468A2DA8C2A2}
CD Labeler II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\CD Labeler II\Setup.exe"
Citi Virtual Account Numbers --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\CitiVAN.INF, DefaultUninstall.ntx86
ClipCache --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ClipCache\Uninst.isu"
ClipCache Pro 3.1.3 --> "C:\Program Files\ClipCache\unins000.exe"
COA2 --> C:\PROGRA~1\COA2\UNWISE.EXE C:\PROGRA~1\COA2\INSTALL.LOG
Corel Applications --> C:\WINDOWS\Corel\Uninst32.exe
Creative Live! Cam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9 /remove
Creative Live! Cam Doodling --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5549DC52-211C-44BE-8347-0C22812DEB31}\setup.exe" -l0x9 /remove
Creative Live! Cam FX Creator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9814AC8C-FDA8-431F-A6EB-D7294E2D362E}\setup.exe" -l0x9 /remove
Creative Live! Cam Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x9 /remove
Creative Live! Cam User's Guide --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EDB7E6-D292-44BD-8CA6-A3E33C9D7750}\setup.exe" -l0x9 /remove
Creative Live! Cam Video Chat or Video IM Driver (1.03.01.00) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0350.uns -unsext NT -plugin V0350Pin.dll -pluginres CtCamPin.crl
Creative Photo Calendar --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x9 /remove
Creative Photo Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9 /remove
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
DriverMax 3 --> "C:\Program Files\Innovative Solutions\DriverMax\unins000.exe"
Family Tree Maker 7.0 --> C:\WINDOWS\IsUninst.exe -fC:\FTW\Uninst.isu
Family Tree SuperTools --> MsiExec.exe /I{99867949-A794-11D5-8228-005004A6E645}
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
FreeMem Professional Version 5.2 --> C:\PROGRA~1\FREEME~1\UNWISE.EXE C:\PROGRA~1\FREEME~1\INSTALL.LOG
GENMatcher 1.08 --> "C:\Program Files\MudCreek\GENMatcher\unins000.exe"
GENViewer version 1.23 --> "C:\Program Files\MudCreek\GENViewer\unins000.exe"
getPlus(R)_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
GNU Aspell 0.50-3 --> "C:\Program Files\Aspell\unins000.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Photos Screensaver --> MsiExec.exe /X{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Greeting Card Creator 32 --> C:\PROGRA~1\GREETI~1\UNWISE.EXE C:\PROGRA~1\GREETI~1\INSTALL.LOG
Greetings Workshop --> C:\Program Files\Greetings Workshop\SETUP\setup.exe
HijackThis 2.0.2 --> "C:\DOCUME~1\Bill\LOCALS~1\Temp\_ZCTmp.Dir\HijackThis.exe" /uninstall
hp deskjet 930c series (Remove only) --> C:\Program Files\hp deskjet 930c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=930c -huninstall
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 1.0 - Scanjet 3500c Series --> MsiExec.exe /I{B8E952E3-A823-443A-8493-39A0CCE0E3EB}
HP Photo and Imaging 2.0 - Scanners --> MsiExec.exe /I{6CC93102-135E-49E2-99A4-C431E671C12A}
HP Product Detection --> MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map My Family Tree --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03739F6A-16F6-49FB-8E00-AC4AC8FB1FC2}\setup.exe" -l0x9 -uninst -removeonly
Maxtor Backup --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9C3F9580-F5CF-4288-894E-9FF0EB24A21C} /l1033
Maxtor OneTouch III --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{FF268652-B3E8-494F-8343-1FC6DD0FF523} /l1033
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft PhotoDraw 2000 --> "C:\Program Files\Microsoft Office\Office\Setup\PhotoDraw\setup.exe"
Microsoft Virtual PC 2007 --> MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Moffsoft FreeCalc --> "C:\Program Files\Moffsoft FreeCalc\unins000.exe"
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Norton Security Scan --> MsiExec.exe /I{3A4FFB84-D070-4DA5-AB7B-D41D87FD8D19}
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
NTI Backup NOW! 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
NTI DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
Panda NanoScan --> C:\Program Files\Panda Security\NanoScan\nanounst.exe
PaperPort --> MsiExec.exe /I{71C97545-E547-4A8B-B0C8-61FF853270AC}
PC Magazine's Top 100s as Internet Explorer Favorites --> "C:\Documents and Settings\Bill\Application Data\unins000.exe"
PC Magazine ButtonBoogie 2.1.1 --> "C:\Program Files\PC Magazine Utilities\ButtonBoogie\unins000.exe"
PC Magazine Defrag-A-File 2.0.2 --> "C:\Program Files\PC Magazine Utilities\Defrag-A-File\unins000.exe"
PC Magazine Desktoplet --> "C:\Program Files\PC Magazine Utilities\Desktoplet\unins000.exe"
PC Magazine DiskAction v2.4 --> "C:\Program Files\PC Magazine Utilities\DiskAction 2\unins000.exe"
PC Magazine ExhumeIt 1.0 --> "C:\Program Files\PC Magazine Utilities\ExhumeIt\unins000.exe"
PC Magazine File Utility Pack --> "C:\Program Files\PC Magazine Utilities\File Utility Pack\unins000.exe"
PC Magazine FontViewer 3 --> "C:\Program Files\PC Magazine Utilities\FontViewer3\unins000.exe"
PC Magazine HD HeartBeat 2.0 --> "C:\Program Files\PC Magazine Utilities\HD HeartBeat 2\unins000.exe"
PC Magazine IconEdit --> "C:\Program Files\PC Magazine Utilities\IconEdit\unins000.exe"
PC Magazine InstaBack 2.0 --> "C:\Program Files\PC Magazine Utilities\InstaBack 2\unins000.exe"
PC Magazine NoteWhen 3.0 --> "C:\Program Files\PC Magazine Utilities\NoteWhen\unins000.exe"
PC Magazine Shred 3.0 --> "C:\Program Files\PC Magazine Utilities\Shred 3\unins000.exe"
PC Magazine TaskPower 3 --> "C:\Program Files\PC Magazine Utilities\TaskPower\unins000.exe"
PC Magazine Top Stats --> "C:\Program Files\PC Magazine Utilities\Top Stats\unins000.exe"
PC Magazine TrayManager 3.0 --> "C:\Program Files\PC Magazine Utilities\TrayManager\unins000.exe"
PC Pitstop Driver Alert 1.0 --> "C:\Program Files\PCPitstop\Driver Alert\unins000.exe"
PCMagazine SurfSpeed 2 --> "C:\Program Files\PC Magazine Utilities\SurfSpeed 2\unins000.exe"
Perfect Uninstaller v3.7 --> "C:\Program Files\Perfect Uninstaller\unins000.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PIXELA ImageMixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13413C6C-C640-40B8-917E-CA3062826B18}\setup.exe"
Pocket Genealogist V3 --> C:\Program Files\Northern Hills Software\Pocket Genealogist V3\PGInstall.exe /CTL=PGENIE.UIN
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Qlock Lite --> "C:\Program Files\Qlock\uninstall.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
RegClean --> MsiExec.exe /X{BA79750B-24D6-42C1-8589-2AB84662DEF8}
RegCure 1.3.0.2 --> C:\Program Files\RegCure\uninst.exe
Registry Mechanic 5.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
RegistrySmart --> MsiExec.exe /X{F233CA97-817E-4DC2-9D76-04A2A8D96687}
S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
SightSpeed (remove only) --> "C:\Program Files\SightSpeed\uninst.exe"
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SnagIt 8 --> MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Startup Cop Pro 3.0 --> "C:\Program Files\PC Magazine Utilities\Startup Cop Pro\unins000.exe"
Taskbar Shuffle version 2.2 --> "C:\Program Files\Taskbar Shuffle\unins000.exe"
The Master Genealogist (for All Users) --> C:\Program Files\The Master Genealogist\sysdata\UNWISE.EXE /U "C:\Program Files\The Master Genealogist\sysdata\INSTALL.LOG" Uninstall The Master Genealogist (for All Users)
The Master Genealogist v7 (for All Users) --> C:\PROGRA~1\THEMAS~2\UNWISE.EXE C:\PROGRA~1\THEMAS~2\sysdata\INSTALL.LOG
TMG Utility --> C:\PROGRA~1\TMGUTI~1\UNWISE.EXE C:\PROGRA~1\TMGUTI~1\INSTALL.LOG
Uniblue ProcessScanner --> "C:\Program Files\Uniblue\ProcessScanner\unins000.exe"
VERITAS StorageGuard 1.95 --> C:\WINDOWS\uninst.exe -fC:\PROGRA~1\HPCD-W~1\VERITA~1\DeIsL1.isu -c"C:\Program Files\HP CD-Writer\VERITAS StorageGuard\System\UNINST.DLL"
Visual FoxPro ODBC Driver --> MsiExec.exe /X{31821EFE-1B31-4744-9FB0-208F92BD7168}
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Creativity Fun Packs - Windows XP Power Toys --> MsiExec.exe /X{485E6526-EA98-4F04-925A-67424D12E1E2}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows XP Video Screensaver Powertoy --> C:\WINDOWS\system32\unins000.exe
WinPatrol 2007 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
ZipCentral 4.01 --> "C:\Program Files\ZipCentral\unins000.exe"
-- Application Event Log -------------------------------------------------------
No Errors/Warnings found.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
No Errors/Warnings found.
-- End of Deckard's System Scanner: finished at 2008-07-31 17:00:05 ------------