Hello All,
This is my first post on this website, so I am sorry if I do something wrong. I need your help guys. Looks like my machine got infected with agent.zo which downloaded different spyware including Antivirus XP 2008 and other spyware than mess up with the background and screen saver. I tried Spy Hunter and Kaspersky Antivirus, but they never helped. I then installed Spyware Doctor which found 24 different Trojan Hourses and seemed like it got rid of them. In reality after a reboot they reappeared again. I manually removed Antivirus XP 2008 from the registry (using instructions I found on some websites) using "regedit". Looks like Antivirus XP 2008 is gone, but agent.zo tries now to install XP Security Center which is blogged by Spyware Doctor. I tried to even remove that agent.zo from the "Safe Mode", and Spyware Doctor said it was removed but right after the reboot it comes back and back again and starts to install other stuff into my PC when internet connection is up. PLease see the results of the Deckard System Scanner and HJTInstall bellow and help if there is anything that can be done. NOTE: Spyware Doctor constantly blocks this file "buritos.exe" and says it will remove it on the next reboot because it says it is agent.zo, but for some reason does not delete the file. Sorry for the long post, and thank you for any help!!
main.txt results:
Deckard's System Scanner v20071014.68
Run by Visas Inc on 2008-08-17 13:40:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 1 Restore Point(s) --
1: 2008-08-17 18:40:39 UTC - RP1 - Deckard's System Scanner Restore Point
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 0.92 GiB (less than 15%) free.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-17 13:45:56
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\lphclg5j0ecaa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Visas Inc\Desktop\dss(2).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PersonalWeb] "C:\Program Files\Claria\PersonalWeb\PersonalWeb.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [lphclg5j0ecaa] C:\WINDOWS\system32\lphclg5j0ecaa.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [buritos] buritos.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-18\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Open PersonalWeb - {03F0E28F-1C51-4a56-A8F1-E8BF15AF8346} - C:\Program Files\Claria\PersonalWeb\PersonalWebIE_v1602.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Add to My Sites - {1BD60387-6806-4897-8002-0B855DFEAEEA} - C:\Program Files\Claria\PersonalWeb\PersonalWebIE_v1602.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {10EC6CEC-5A1D-4E4E-AB85-8CC516F2A687} (AICPAViewer.clsViewer) - http://www.cpa-exam.org/AICPATutorial/i ... Viewer.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocach ... 0.0.15.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/ ... vc1dmo.cab
O16 - DPF: {3EEFCD4B-E9FD-4601-BE5D-C5C1776E51D3} (AICPASSV.Spreadsheet) - http://www.cpa-exam.org/AICPATutorial/i ... SSItem.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/25.20/uploader2.cab
O16 - DPF: {4DCCD2FC-132F-45EC-BFDA-72235B85047C} (AICPAAuthLit.AuthLitItem) - http://www.cpa-exam.org/AICPATutorial/i ... mItems.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} () - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stag ... taller.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-L ... uncher.cab
O16 - DPF: {909A35CA-61DC-4437-887E-30ED6D89F6C8} (AICPAUI.ucHyperlink) - http://www.cpa-exam.org/AICPATutorial/i ... eneral.cab
O16 - DPF: {96F2228B-0D43-48AC-B857-29972C87EBA4} (AICPACR.ConstructedResponse) - http://www.cpa-exam.org/AICPATutorial/i ... CRItem.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
O16 - DPF: {D4C9E474-9A6C-4FBF-B13A-4BE2BDD34FD5} (AICPA treeView control) - http://www.cpa-exam.org/AICPATutorial/i ... ewerIL.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - AppInit_DLLs: ,
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\ramaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 13545 bytes
-- File Associations -----------------------------------------------------------
.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 Vax347b - c:\windows\system32\drivers\vax347b.sys
R0 Vax347s - c:\windows\system32\drivers\vax347s.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 MRVW225 (802.11g/b Wireless LAN Dirver for Windows XP) - c:\windows\system32\drivers\mrvw225.sys <Not Verified; Marvell Semiconductor, Inc; Marvell Wireless LAN Cilent Adapter-USB>
S3 sysrest.sys - c:\windows\system32\sysrest.sys
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-08-04 22:00:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-07-17 and 2008-08-17 -----------------------------
2008-08-17 13:32:48 9728 --a------ C:\WINDOWS\system32\buritos.exe
2008-08-17 13:23:12 0 d-------- C:\Program Files\Trend Micro
2008-08-17 13:18:46 66048 --a------ C:\WINDOWS\system32\blphclg5j0ecaa.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-08-17 13:18:03 6144 --a------ C:\WINDOWS\system32\karina.dat
2008-08-17 13:18:03 6144 --a------ C:\WINDOWS\karina.dat
2008-08-16 10:23:52 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-08-13 14:05:09 9728 --a------ C:\WINDOWS\buritos.exe
2008-08-10 19:38:14 15328 --a------ C:\WINDOWS\system32\sysrest.sys
2008-08-10 19:29:07 18512 --a------ C:\WINDOWS\karakiko.reg
2008-08-10 19:29:07 19711 --a------ C:\Program Files\Common Files\lijamu.reg
2008-08-10 19:29:06 19411 --a------ C:\WINDOWS\system32\uhuhegifu.vbs
2008-08-10 19:29:06 17885 --a------ C:\WINDOWS\system32\ruzyhi.com
2008-08-10 19:29:06 12968 --a------ C:\WINDOWS\onemocevad.exe
2008-08-10 19:29:06 16721 --a------ C:\WINDOWS\okolyvenec.dat
2008-08-10 19:29:06 15340 --a------ C:\WINDOWS\kigyjenyve.pif
2008-08-10 19:29:06 11796 --a------ C:\WINDOWS\hygas.vbs
2008-08-10 19:29:06 17213 --a------ C:\WINDOWS\godus.pif
2008-08-10 19:29:06 13389 --a------ C:\Program Files\Common Files\cefolefyf.bat
2008-08-10 19:29:06 18002 --a------ C:\Documents and Settings\Visas Inc\Application Data\ixanati.dll
2008-08-10 00:54:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-08-09 23:35:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-08-09 23:34:12 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-08-09 23:34:12 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-08-09 23:34:12 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-08-09 23:34:12 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-08-09 23:34:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-08-09 23:34:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-08-09 23:34:12 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-08-09 23:34:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-08-09 23:34:11 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-08-09 23:34:11 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-08-09 23:34:11 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-08-09 23:34:11 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-08-09 23:34:11 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-08-09 23:34:11 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-08-09 23:34:11 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-08-09 23:34:11 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-08-09 23:34:11 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-08-06 21:29:41 0 d-------- C:\Program Files\Spyware Doctor
2008-08-06 21:29:41 0 d-------- C:\Documents and Settings\Visas Inc\Application Data\PC Tools
2008-08-05 23:58:02 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-05 21:35:21 0 d-------- C:\Program Files\Enigma Software Group
2008-08-05 18:11:14 130048 --a------ C:\WINDOWS\system32\lphclg5j0ecaa.exe
2008-08-04 23:09:39 0 d-------- C:\Program Files\Veoh Networks
2008-08-04 23:00:12 0 d-------- C:\Program Files\Kaspersky Lab
2008-08-04 22:02:20 0 d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-04 22:02:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SoftLand Ltd
2008-08-04 21:59:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-02 17:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-02 17:15:13 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-08-01 22:30:42 11167 --a------ C:\WINDOWS\bydew.exe
2008-08-01 22:30:42 10457 --a------ C:\Program Files\Common Files\pyne.reg
2008-08-01 22:30:42 16176 --a------ C:\Documents and Settings\All Users\Application Data\ided.sys
2008-08-01 22:30:41 12557 --a------ C:\WINDOWS\tafohic.com
2008-08-01 22:30:41 10067 --a------ C:\WINDOWS\system32\titek.bin
2008-08-01 22:30:41 11706 --a------ C:\WINDOWS\gofikani.bin
2008-08-01 22:30:41 16637 --a------ C:\WINDOWS\baqyzi.com
2008-08-01 22:30:41 16552 --a------ C:\Documents and Settings\Visas Inc\Application Data\abuceso.dat
2008-07-28 22:18:16 19018 --a------ C:\WINDOWS\system32\oqabujafy.dll
2008-07-28 22:18:16 18427 --a------ C:\WINDOWS\system32\ihoheqehe.dll
2008-07-28 22:18:16 14710 --a------ C:\WINDOWS\system32\ahyxa.scr
2008-07-28 22:18:16 16621 --a------ C:\WINDOWS\odopuc.bat
2008-07-28 22:18:16 10353 --a------ C:\WINDOWS\kigazisat.dll
2008-07-28 22:18:16 19782 --a------ C:\WINDOWS\cunaj.bat
2008-07-28 22:18:16 17529 --a------ C:\Program Files\Common Files\rucirirol.reg
2008-07-28 22:18:16 14561 --a------ C:\Program Files\Common Files\bygucyw.dat
2008-07-28 22:18:16 13959 --a------ C:\Documents and Settings\Visas Inc\Application Data\okijofuf.vbs
2008-07-28 22:18:16 19926 --a------ C:\Documents and Settings\All Users\Application Data\acar.com
2008-07-28 22:14:33 0 dr-h----- C:\Documents and Settings\LogMeInRemoteUser\SendTo
2008-07-28 22:14:33 0 dr-h----- C:\Documents and Settings\LogMeInRemoteUser\Recent
2008-07-28 22:14:33 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\PrintHood
2008-07-28 22:14:33 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\NetHood
2008-07-28 22:14:33 0 dr------- C:\Documents and Settings\LogMeInRemoteUser\My Documents
2008-07-28 22:14:33 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\Local Settings
2008-07-28 22:14:33 0 dr------- C:\Documents and Settings\LogMeInRemoteUser\Favorites
2008-07-28 22:14:33 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Desktop
2008-07-28 22:14:33 0 d--hs---- C:\Documents and Settings\LogMeInRemoteUser\Cookies
2008-07-28 22:14:33 0 dr-h----- C:\Documents and Settings\LogMeInRemoteUser\Application Data
2008-07-28 22:14:33 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Symantec
2008-07-28 22:14:33 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Sun
2008-07-28 22:14:33 0 d---s---- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Microsoft
2008-07-28 22:14:33 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Identities
2008-07-28 22:14:32 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\Templates
2008-07-28 22:14:32 0 dr------- C:\Documents and Settings\LogMeInRemoteUser\Start Menu
2008-07-28 22:14:32 786432 --ah----- C:\Documents and Settings\LogMeInRemoteUser\NTUSER.DAT
2008-07-28 10:36:45 314724 --a------ C:\WINDOWS\system32\winivstr.exe
2008-07-28 10:34:16 106 --a------ C:\WINDOWS\system32\delself.bat
-- Find3M Report ---------------------------------------------------------------
2008-08-17 13:39:50 0 d-------- C:\Documents and Settings\Visas Inc\Application Data\Skype
2008-08-17 13:18:11 0 d-------- C:\Program Files\LogMeIn
2008-08-10 19:29:07 0 d-------- C:\Program Files\Common Files
2008-08-10 19:29:06 12303 --a------ C:\Documents and Settings\Visas Inc\Application Data\ahydux.db
2008-08-05 20:48:20 0 d--h----- C:\Program Files\eMule
2008-08-05 19:28:05 0 d-------- C:\Program Files\Lavasoft
2008-08-02 17:08:25 0 d-------- C:\Documents and Settings\Visas Inc\Application Data\Lavasoft
2008-08-01 22:30:41 12338 --a------ C:\Program Files\Common Files\kocivofake.db
2008-07-28 22:18:16 16750 --a------ C:\Program Files\Common Files\aganavy.lib
2008-07-13 09:50:38 50576 --a------ C:\Documents and Settings\Visas Inc\Application Data\GDIPFONTCACHEV1.DAT
2008-07-12 10:48:45 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-12 10:48:43 88 -r-hs---- C:\WINDOWS\system32\F675261E57.sys
2008-07-06 15:36:24 0 d-------- C:\Documents and Settings\Visas Inc\Application Data\TeamViewer
2008-07-06 15:36:22 0 d-------- C:\Program Files\TeamViewer3
2008-07-04 20:31:03 44480 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-07-04 19:41:32 0 d-------- C:\Program Files\Picasa2
2008-07-04 19:35:32 1905 --a------ C:\WINDOWS\mozver.dat
2008-06-30 08:02:12 67424 --a------ C:\Program Files\MC
2008-06-21 03:09:03 0 d-------- C:\Documents and Settings\Visas Inc\Application Data\AdobeUM
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 07:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 07:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 07:50 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [11/09/2006 03:07 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [05/03/2006 02:12 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [05/16/2006 11:58 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [05/16/2006 11:58 AM]
"PD0630 STISvc"="P0630Pin.dll" [06/05/2005 12:01 PM C:\WINDOWS\system32\P0630Pin.dll]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [02/09/2006 05:34 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 10:12 PM]
"PersonalWeb"="C:\Program Files\Claria\PersonalWeb\PersonalWeb.exe" [02/01/2007 12:29 AM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [04/17/2007 01:03 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [04/27/2007 10:25 AM]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [06/03/2004 03:51 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [06/03/2004 03:50 AM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [05/16/2006 11:58 AM]
"lphclg5j0ecaa"="C:\WINDOWS\system32\lphclg5j0ecaa.exe" [08/05/2008 06:11 PM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [11/07/2006 02:49 PM]
"sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"buritos"="buritos.exe" [08/17/2008 01:37 PM C:\WINDOWS\system32\buritos.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/23/2007 03:32 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [05/18/2007 12:14 PM]
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [08/24/2005 05:25 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 11:54 AM]
"eyeBeam SIP Client"="C:\Program Files\CounterPath\X-Lite\x-lite.exe" [04/22/2008 12:20 PM]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [11/06/2006 10:44 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"braviax"=C:\WINDOWS\system32\braviax.exe
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [5/15/2003 12:19:50 AM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage"=1 (0x1)
"NoDispBackgroundPage"=1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 05/28/2008 12:32 PM 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=,
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\WBR1310.exe
-- End of Deckard's System Scanner: finished at 2008-08-17 13:47:18 ------------
extra.txt results:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 2.80GHz
CPU 1: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1014.07 MiB / 572.53 MiB
Pagefile Memory (total/avail): 2441.25 MiB / 2073.99 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.25 MiB
C: is Fixed (NTFS) - 52.7 GiB total, 0.92 GiB free.
D: is Fixed (NTFS) - 18.51 GiB total, 0.07 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)
G: is Removable (FAT)
\\.\PHYSICALDRIVE0 - WDC WD800JD-75MSA2 - 74.5 GiB - 4 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 52.7 GiB - C:
\PARTITION2 - Installable File System - 18.51 GiB - D:
\PARTITION3 - Unknown - 3.26 GiB
\\.\PHYSICALDRIVE1 - USB Flash Disk USB Device - 117.66 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 124.98 MiB - G:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Visas Inc\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D7YPL1B1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Visas Inc
LOGONSERVER=\\D7YPL1B1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\VISASI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\VISASI~1\LOCALS~1\Temp
USERDOMAIN=D7YPL1B1
USERNAME=Visas Inc
USERPROFILE=C:\Documents and Settings\Visas Inc
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Visas Inc (admin)
LogMeInRemoteUser (admin)
Administrator (new local, admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
--> MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80426743-0CC7-4967-BFEC-10DE08D1B6F3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80426743-0CC7-4967-BFEC-10DE08D1B6F3}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93CC99FD-FCFC-4BAB-BCB0-3814826DF93D}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 6.0 Professional - English, Français, Deutsch --> MsiExec.exe /I{AC76BA86-1033-F400-7760-000000000001}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced Video FX Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x9 /remove
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Comcast High-Speed Internet Install Wizard --> C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Creative Photo Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9 /remove
Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove
Creative WebCam Live! Driver (1.02.03.0606) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script Pd0630.uns -unsext NT -plugin P0630Pin.dll -pluginres P0630Pin.crl
Creative WebCam Live! User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam\Creative WebCam Live! User's Guide\English\CTManual.isu"
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
DellConnect --> MsiExec.exe /X{52D56C42-8C69-4882-A661-39695537C9CF}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMule --> "C:\Program Files\eMule\Uninstall.exe"
eMusic - 50 Free MP3 offer --> "C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
iTunes --> MsiExec.exe /I{3592F5CB-B524-43AA-92F2-2377268199CC}
J2SE Development Kit 5.0 Update 10 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150100}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
jGRASP --> "C:\Program Files\jGRASP\uninstall.exe"
K-Lite Codec Pack 2.72 Basic --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
LogMeIn --> MsiExec.exe /I{BA2D4D22-0B99-4D63-BCEE-D2EA4736F27F}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Location Finder --> MsiExec.exe /I{9D18F7F8-B984-4249-8512-CC621BC59F12}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Streets & Trips 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}
Monkey's Audio --> "C:\Program Files\Monkey's Audio\unins000.exe"
Mozilla Firefox (2.0.0.16) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
PersonalWeb --> C:\Program Files\Claria\PersonalWeb\PWUninstall.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Qualxserve Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickBooks Simple Start Special Edition --> msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Spyware Doctor 4.0 --> "C:\Program Files\Spyware Doctor\unins000.exe"
TeamViewer 3 --> C:\Program Files\TeamViewer3\uninstall.exe
TightVNC 1.3.9 --> "C:\Program Files\TightVNC\unins000.exe"
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
TypingMaster Pro --> "C:\Program Files\TypingMaster\unins000.exe"
Uninstall CEDP Stealer 5.0 for Messenger --> C:\Program Files\CEDP Stealer 5.0 for Messenger\Uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCam Live! Product Registration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93CC99FD-FCFC-4BAB-BCB0-3814826DF93D}\SETUP.EXE" -l0x9 /remove
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless USB utility V1.01 --> C:\Program Files\InstallShield Installation Information\{253E469A-8F3D-487E-82C9-B9EB66044022}\setup.exe -runfromtemp -l0x0009 -removeonly
X-Lite 3.0 --> "C:\Program Files\CounterPath\X-Lite\unins000.exe"
X-Lite 3.0 --> "C:\Program Files\CounterPath\X-Lite\unins001.exe"
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
-- Application Event Log -------------------------------------------------------
Event Record #/Type1570 / Success
Event Submitted/Written: 08/17/2008 01:38:58 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type1567 / Warning
Event Submitted/Written: 08/17/2008 01:38:21 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'
Event Record #/Type1566 / Warning
Event Submitted/Written: 08/17/2008 01:38:21 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.
Event Record #/Type1560 / Warning
Event Submitted/Written: 08/17/2008 01:26:47 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'
Event Record #/Type1559 / Warning
Event Submitted/Written: 08/17/2008 01:26:47 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type12355 / Error
Event Submitted/Written: 08/17/2008 01:43:13 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460
Event Record #/Type12325 / Warning
Event Submitted/Written: 08/17/2008 01:37:44 PM / 08/17/2008 01:38:08 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom1 during a paging operation.
Event Record #/Type12324 / Error
Event Submitted/Written: 08/17/2008 01:37:38 PM / 08/17/2008 01:38:08 PM
Event ID/Source: 1 / sr
Event Description:
The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'buritos.exe' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
Event Record #/Type12320 / Error
Event Submitted/Written: 08/17/2008 01:37:05 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type12315 / Error
Event Submitted/Written: 08/17/2008 01:34:41 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
Vax347b
-- End of Deckard's System Scanner: finished at 2008-08-17 13:47:18 ------------
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
