Thanks Tal for your help
Your instructions were clear and easy to follow. I appreciate that since I am computer challenged (hince, the VIRUS!!!)
Here are the Logs you wanted me to give you:
SmitfraudFixSmitFraudFix v2.309
Scan done at 14:21:52.71, Fri 04/04/2008
Run from C:\Documents and Settings\Jan\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jan
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jan\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jan\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{f43bfc6c-47cc-4798-8798-a0721b8ed7ab}"="enviva"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
OTMoveIt2File/Folder C:\WINDOWS\sysavxjgdu.exe not found.
File/Folder C:\WINDOWS\system32\fkpyzwts.exe not found.
File/Folder C:\WINDOWS\system32\defabexm.exe not found.
File/Folder C:\WINDOWS\system32\ilwrkhev.exe not found.
File/Folder C:\WINDOWS\system32\ktylipyh.exe not found.
File/Folder C:\WINDOWS\system32\ojspktih.exe not found.
File/Folder C:\WINDOWS\system32\hqzqlsfq.exe not found.
File/Folder C:\WINDOWS\system32\ipuridap.exe not found.
File/Folder C:\WINDOWS\system32\nqngvqds.exe not found.
File/Folder C:\WINDOWS\system32\fkpyzwts.exe not found.
File/Folder C:\WINDOWS\system32\defabexm.exe not found.
File/Folder C:\WINDOWS\system32\ilwrkhev.exe not found.
File/Folder C:\WINDOWS\system32\ktylipyh.exe not found.
File/Folder C:\WINDOWS\system32\ojspktih.exe not found.
File/Folder C:\WINDOWS\system32\hqzqlsfq.exe not found.
File/Folder C:\WINDOWS\system32\ipuridap.exe not found.
File/Folder C:\WINDOWS\system32\nqngvqds.exe not found.
File/Folder C:\Documents and Settings\All Users\Application Data\lstqhwbg not found.
File/Folder C:\WINDOWS\system32\raeiepj not found.
File/Folder C:\WINDOWS\system32\raeiepj\Director_egfcae.dll not found.
Folder C:\Program Files\Common Files\BOONTY Shared\ not found.
OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04042008_144153
Deckard's MAINDeckard's System Scanner v20071014.68
Run by Jan on 2008-04-04 14:43:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Unable to create WMI object; The operation completed successfully.
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Jan.exe) -------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:32 PM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jan\Local Settings\Temporary Internet Files\Content.IE5\J07WVJTR\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jan.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\01-eBay\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\01-eBay\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-21-2666842717-3188095394-2630002627-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2666842717-3188095394-2630002627-1007\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O4 - S-1-5-21-2666842717-3188095394-2630002627-1007 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User '?')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\01-eBay\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - Shdocvw.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell....iler/SysPro.CABO16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -
http://zone.msn.com/...UI.cab55579.cabO16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnote...ad/mnviewer.cabO16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Jigsaw Puzzle 2 Mix\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} (WCLoaderCtl Class) -
http://download.palt...od/wcloader.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www.snapfish....fishActivia.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by21fd.bay21....es/MsnPUpld.cabO16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -
http://zone.msn.com/...at.cab55579.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onec...wlscbase370.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebo...otoUploader.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1145044195140O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) -
http://www.kodakgall..._1/axofupld.cabO16 - DPF: {7A7BA269-2D21-4B33-B60A-8510A1865D5F} (IWS Photo Upload Tool) -
http://public2.uploa...eX/MsnPUpld.cabO16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} (ScanFile.FileScan) -
http://www.contentpu.../ScanFilexp.CABO16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) -
http://www.bigad.com.../vivid_ocx.jpegO16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -
http://games-dl.real...ArcadeRdxIE.cabO16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Jigsaw Puzzle 2 Mix\Images\armhelper.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
http://www.symantec....rl/SymAData.cabO16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) -
http://chat.yahoo.com/cab/yvwrctl.cabO16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
http://h30043.www3.h.../qdiagh.cab?326O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) -
http://zone.msn.com/...on.cab64162.cabO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
--
End of file - 11490 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080404-143014-113 O4 - HKUS\S-1-5-21-2666842717-3188095394-2630002627-1007\..\Run: [srorzyau] C:\WINDOWS\system32\hqzqlsfq.exe (User '?')
backup-20080404-143014-131 O4 - HKCU\..\Run: [zyriuqkv] C:\WINDOWS\system32\defabexm.exe
backup-20080404-143014-162 O4 - HKUS\S-1-5-21-2666842717-3188095394-2630002627-1007\..\Run: [qdlcrjgu] C:\WINDOWS\system32\ojspktih.exe (User '?')
backup-20080404-143014-291 O22 - SharedTaskScheduler: enviva - {f43bfc6c-47cc-4798-8798-a0721b8ed7ab} - (no file)
backup-20080404-143014-328 O4 - HKUS\S-1-5-21-2666842717-3188095394-2630002627-1007\..\Run: [nnlgbsgk] C:\WINDOWS\system32\ktylipyh.exe (User '?')
backup-20080404-143014-346 O4 - HKCU\..\Run: [nnlgbsgk] C:\WINDOWS\system32\ktylipyh.exe
backup-20080404-143014-348 O4 - HKUS\S-1-5-21-2666842717-3188095394-2630002627-1007\..\Run: [khynmgmj] C:\WINDOWS\system32\nqngvqds.exe (User '?')
backup-20080404-143014-421 O4 - HKCU\..\Run: [qdlcrjgu] C:\WINDOWS\system32\ojspktih.exe
backup-20080404-143014-527 O4 - HKCU\..\Run: [khynmgmj] C:\WINDOWS\system32\nqngvqds.exe
backup-20080404-143014-574 O4 - HKCU\..\Run: [rqacatrs] C:\WINDOWS\system32\ipuridap.exe
backup-20080404-143014-688 O4 - HKUS\S-1-5-21-2666842717-3188095394-2630002627-1007\..\Run: [jhshcmfh] C:\WINDOWS\system32\fkpyzwts.exe (User '?')
backup-20080404-143014-736 O4 - HKCU\..\Run: [jhshcmfh] C:\WINDOWS\system32\fkpyzwts.exe
backup-20080404-143014-752 O4 - HKUS\S-1-5-21-2666842717-3188095394-2630002627-1007\..\Run: [zyriuqkv] C:\WINDOWS\system32\defabexm.exe (User '?')
backup-20080404-143014-769 O4 - HKLM\..\Policies\Explorer\Run: [P1Y0GhzAPm] C:\Documents and Settings\All Users\Application Data\lstqhwbg\tsvcvero.exe
backup-20080404-143014-830 O4 - HKUS\S-1-5-21-2666842717-3188095394-2630002627-1007\..\Run: [jkcetncn] C:\WINDOWS\system32\ilwrkhev.exe (User '?')
backup-20080404-143014-837 O4 - HKCU\..\Run: [srorzyau] C:\WINDOWS\system32\hqzqlsfq.exe
backup-20080404-143014-945 O4 - HKCU\..\Run: [jkcetncn] C:\WINDOWS\system32\ilwrkhev.exe
backup-20080404-143014-956 O4 - HKLM\..\Run: [{2C70168B-97CE-4f31-B85D-1FEC5002721D}] "C:\WINDOWS\sysavxjgdu.exe"
backup-20080404-143014-996 O4 - HKUS\S-1-5-21-2666842717-3188095394-2630002627-1007\..\Run: [rqacatrs] C:\WINDOWS\system32\ipuridap.exe (User '?')
backup-20080404-143015-188 O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
3 ApfiltrService (Alps Touch Pad Filter Driver for Windows 2000/XP) - system32\drivers\apfiltr.sys (file missing)
2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys
2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.7) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)
3 SDDMI2 - c:\windows\system32\ddmi2.sys <Not Verified; Gteko Ltd.; DDMI>
3 ZSMC0305 (VIMICRO USB PC Camera V) - c:\windows\system32\drivers\usbvm305.sys <Not Verified; Vimicro Corporation; >
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
4 Boonty Games - c:\program files\common files\boonty shared\service\boonty.exe (file missing)
2 NWCWorkstation (Client Service for NetWare) - c:\windows\system32\svchost.exe
2 Viewpoint Manager Service - c:\program files\viewpoint\common\viewpointservice.exe
3 WmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
3 YPCService - c:\windows\system32\ypcservice.exe <Not Verified; Yahoo! Inc.; YPCService Module>
-- Device Manager: Disabled ----------------------------------------------------
Unable to create WMI object.
-- Scheduled Tasks -------------------------------------------------------------
2008-04-04 14:35:04 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-04 14:10:00 250 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-04-04 00:20:17 360 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-03-31 09:00:00 386 --a------ C:\WINDOWS\Tasks\rpc.job
-- Files created between 2008-03-04 and 2008-04-04 -----------------------------
2008-04-04 14:30:25 0 dr-h----- C:\Documents and Settings\Jan\Recent
2008-04-04 14:19:55 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-04 14:19:55 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-04 14:19:55 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-04 14:19:55 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-04 14:19:55 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-04 14:19:55 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-04 14:19:54 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-04-03 22:39:29 0 d-------- C:\VundoFix Backups
2008-04-03 22:16:20 2746 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-03 21:40:54 0 d-------- C:\Program Files\Trend Micro
2008-04-03 15:27:49 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-03 15:03:41 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-03 15:03:40 68096 --a------ C:\WINDOWS\zip.exe
2008-04-03 15:03:40 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-03 15:03:40 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-03 15:03:40 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-03 15:03:40 98816 --a------ C:\WINDOWS\sed.exe
2008-04-03 15:03:40 80412 --a------ C:\WINDOWS\grep.exe
2008-04-03 15:03:40 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-02 19:19:54 0 d-------- C:\Program Files\Windows Live Safety Center
2008-04-02 13:41:23 0 d-------- C:\Program Files\Windows Defender
2008-04-01 21:36:09 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-03-31 16:41:33 691545 --a------ C:\WINDOWS\unins000.exe
2008-03-31 16:41:33 2546 --a------ C:\WINDOWS\unins000.dat
2008-03-31 09:20:08 1409 --a------ C:\WINDOWS\zysaxyczld.exe
2008-03-31 09:20:08 3072 --a------ C:\WINDOWS\zysaoxcjiy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-30 17:43:10 0 d-------- C:\TAX FILES
2008-03-30 17:31:33 0 d-------- C:\Documents and Settings\All Users\Application Data\pdf995
2008-03-30 17:31:32 249856 --a------ C:\WINDOWS\system32\pdfmona.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-03-30 17:31:32 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2008-03-30 17:02:50 0 d-------- C:\Documents and Settings\Jan\Application Data\TaxCut
2008-03-30 17:01:34 0 d-------- C:\Program Files\TaxCut07
2008-03-30 17:01:34 0 d-------- C:\Program Files\PDF995
2008-03-30 17:01:34 0 d-------- C:\Documents and Settings\Jan\My Documents
2008-03-30 16:58:55 0 d-------- C:\Documents and Settings\All Users\Application Data\TaxCut
2008-03-30 16:57:50 0 d--hs---- C:\WINDOWS\ftpcache
2008-03-25 01:59:35 0 d-------- C:\Program Files\AskPBar
2008-03-14 13:49:41 0 d-------- C:\Program Files\TryMedia
-- Find3M Report ---------------------------------------------------------------
2008-04-04 14:38:25 0 d-------- C:\Program Files\Common Files
2008-04-04 01:23:57 0 d-------- C:\Program Files\Paltalk Messenger
2008-04-04 01:23:53 0 d-------- C:\Documents and Settings\Jan\Application Data\Paltalk
2008-04-03 21:13:17 0 d-------- C:\Program Files\Microsoft Works
2008-04-01 21:36:10 0 d-------- C:\Program Files\Common Files\Scanner
2008-04-01 21:36:08 0 d-------- C:\Program Files\Yahoo!
2008-04-01 21:26:10 0 d-------- C:\Program Files\CollectionMaster13
2008-04-01 21:26:09 0 d-------- C:\Program Files\Collection Master
2008-04-01 21:26:09 0 d-------- C:\Program Files\Biblesoft
2008-03-24 09:03:58 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-21 21:23:21 0 d-------- C:\Documents and Settings\Jan\Application Data\Move Networks
2008-03-21 19:50:30 0 d-------- C:\Program Files\Microsoft Home Publishing 2000
2008-03-20 10:05:27 0 d-------- C:\Program Files\Windows Live
2008-02-26 08:50:35 0 d-------- C:\Program Files\Google
2008-02-25 07:16:26 0 d-------- C:\Program Files\Macrogaming
2008-02-01 11:11:10 586240 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [11/26/2006 02:35 PM]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [11/26/2006 02:35 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [12/14/2004 11:07 AM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 11:56 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 06:43 PM]
C:\Documents and Settings\Jan\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [6/13/2007 4:11:16 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 1:36:04 PM]
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [12/11/2007 2:34:40 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"ClearRecentDocsOnExit"=1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- End of Deckard's System Scanner: finished at 2008-04-04 14:47:01 ------------
Deckard's EXTRADeckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Unable to create WMI object.
Architecture: X86; Language: English
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 511.21 MiB / 188.37 MiB
Pagefile Memory (total/avail): 1247.72 MiB / 996.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.74 MiB
C: is Fixed (NTFS) - 55.84 GiB total, 35.51 GiB free.
D: is CDROM (CDFS)
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before download.
Windows Internal Firewall is enabled.
Unable to create WMI object.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jan\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GLASSSURVIVOR
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jan
LOGONSERVER=\\GLASSSURVIVOR
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jan\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jan\LOCALS~1\Temp
USERDOMAIN=GLASSSURVIVOR
USERNAME=Jan
USERPROFILE=C:\Documents and Settings\Jan
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Jan
(admin)Michael
(admin)Administrator
(admin)Guest
(guest)-- Add/Remove Programs ---------------------------------------------------------
--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
CA Yahoo! Anti-Spy (remove only) --> "C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Flock (Photobucket Edition) 0.7 --> C:\Program Files\Flock\uninst.exe
Freeze Clip Art --> "C:\PROGRA~1\Freeze.com\Freeze Clip Art\UNINSTAL.EXE"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Extended Capabilities 4.7 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
Lavasoft VX2 Cleaner --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\INSTALL.LOG
LSP Explorer plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\LSPEXP~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\LSPEXP~1\INSTALL.LOG
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Messenger-Control plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\MESSEN~1\INSTALL.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Works 6-9 Converter --> MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Jan\Application Data\Move Networks\ie_bin\Uninst.exe
OE/W Messengerctrl plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\OEMESS~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\OEMESS~1\INSTALL.LOG
PaltalkScene --> "C:\WINDOWS\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall
Picture Package Music Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 -removeonly
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
TaxCut Premium 2007 --> MsiExec.exe /X{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}
Tweak-SE plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\tweakse\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\tweakse\INSTALL.LOG
VBRunDLL 3.2 --> C:\PROGRA~1\ZAKFRO~1\VBRunDLL\Setup.exe /remove
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
VIMICRO USB PC Camera V --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}\setup.exe" -l0x9
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yazak Chat 8.81.4 --> C:\PROGRA~1\ZAKFRO~1\YAZAKC~1\Setup.exe /remove
-- Application Event Log -------------------------------------------------------
Event Record #/Type2809 / Warning
Event Submitted/Written: 04/04/2008 02:30:29 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type2804 / Warning
Event Submitted/Written: 04/04/2008 02:11:06 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type2802 / Error
Event Submitted/Written: 04/04/2008 02:02:56 PM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Microsoft Office Word Viewer 2003 - Update 'Security Update for Office 2003 (KB947355): MSO' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support:
http://go.microsoft....k/?LinkId=23127Event Record #/Type2800 / Error
Event Submitted/Written: 04/04/2008 02:02:46 PM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Microsoft Office Word Viewer 2003 - Update 'Security Update for Word Viewer 2003 (KB943992): WORDVIEW' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support:
http://go.microsoft....k/?LinkId=23127Event Record #/Type2798 / Error
Event Submitted/Written: 04/04/2008 02:02:42 PM
Event ID/Source: 1024 / MsiInstaller
Event Description:
Product: Microsoft Office Word Viewer 2003 - Update 'Word Viewer 2003 Service Pack 3 (SP3): WDVIEWSP3' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support:
http://go.microsoft....k/?LinkId=23127-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type57472 / Warning
Event Submitted/Written: 04/04/2008 02:46:32 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%GLASSSURVIVOR27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GLASSSURVIVOR27 can't undo changes that you allow.
For more information please see the following:
%GLASSSURVIVOR275
Scan ID: {B25F9678-EB4C-4871-8155-F898636B6016}
User: GLASSSURVIVOR\Jan
Name: %GLASSSURVIVOR271
ID: %GLASSSURVIVOR272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %GLASSSURVIVOR276
Alert Type: %GLASSSURVIVOR278
Detection Type: 1.1.1593.02
Event Record #/Type57471 / Warning
Event Submitted/Written: 04/04/2008 02:46:32 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%GLASSSURVIVOR27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GLASSSURVIVOR27 can't undo changes that you allow.
For more information please see the following:
%GLASSSURVIVOR275
Scan ID: {53D31540-AEB2-46CC-8A43-4190E555A106}
User: GLASSSURVIVOR\Jan
Name: %GLASSSURVIVOR271
ID: %GLASSSURVIVOR272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %GLASSSURVIVOR276
Alert Type: %GLASSSURVIVOR278
Detection Type: 1.1.1593.02
Event Record #/Type57470 / Warning
Event Submitted/Written: 04/04/2008 02:46:32 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%GLASSSURVIVOR27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GLASSSURVIVOR27 can't undo changes that you allow.
For more information please see the following:
%GLASSSURVIVOR275
Scan ID: {15A1F379-8844-4B3E-971A-A4104106783A}
User: GLASSSURVIVOR\Jan
Name: %GLASSSURVIVOR271
ID: %GLASSSURVIVOR272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %GLASSSURVIVOR276
Alert Type: %GLASSSURVIVOR278
Detection Type: 1.1.1593.02
Event Record #/Type57469 / Warning
Event Submitted/Written: 04/04/2008 02:46:29 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%GLASSSURVIVOR27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GLASSSURVIVOR27 can't undo changes that you allow.
For more information please see the following:
%GLASSSURVIVOR275
Scan ID: {1092825C-F68C-40DB-8AA2-B2EDA533EE47}
User: GLASSSURVIVOR\Jan
Name: %GLASSSURVIVOR271
ID: %GLASSSURVIVOR272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %GLASSSURVIVOR276
Alert Type: %GLASSSURVIVOR278
Detection Type: 1.1.1593.02
Event Record #/Type57468 / Warning
Event Submitted/Written: 04/04/2008 02:46:29 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%GLASSSURVIVOR27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %GLASSSURVIVOR27 can't undo changes that you allow.
For more information please see the following:
%GLASSSURVIVOR275
Scan ID: {F9442858-8447-4082-8D85-CCDCC5E2DECD}
User: GLASSSURVIVOR\Jan
Name: %GLASSSURVIVOR271
ID: %GLASSSURVIVOR272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %GLASSSURVIVOR276
Alert Type: %GLASSSURVIVOR278
Detection Type: 1.1.1593.02
-- End of Deckard's System Scanner: finished at 2008-04-04 14:47:01 ------------