Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection Affecting Windows Explorer


  • This topic is locked This topic is locked
2 replies to this topic

#1 ryan_roby

ryan_roby

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 27 April 2008 - 05:28 PM

Hi-

I have something going on that's affecting Windows Explorer. I think it happened after installing FlyakiteOS (Which has been uninstalled). I had an issue where I had no desktop icons or Start bar on startup. I could resolve this by opening Task Manager, ending the current explorer.exe process and then reopening explorer.exe. My desktop was kind of alright but about every 20 seconds it would refresh and any windows I had open would close. I tried to do a system restore but I couldn't access any day except the current day. I ran Spybot--it found some infections including Virtumonde. Now, things are not too bad, but I there's still some infections. After startup there's a kind of "invisible" window on my desktop--it's just the shadow of a window. I can't remove it by Refreshing--I still need to open Task Manager, end current explorer process and restart explorer to get rid of it. Then my firewall says Windows Explorer is trying to access the internet--if I let it, then I get the problem again where my desktop icons and Start bar disappear.

I have Kaspersky and Hijackthis files. Definitley looks like there's some stuff there that shouldn't be there. Hope you can help.

Thanks

KASPERSKY ONLINE SCANNER REPORT
Sunday, April 27, 2008 2:16:55 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/04/2008
Kaspersky Anti-Virus database records: 727671


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 84585
Number of viruses found 17
Number of infected objects 58
Number of suspicious objects 0
Duration of the scan process 01:58:09

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0102\0310\values Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll.zip/iifddaYs.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrd skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll.zip ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll3.zip/wvUmnOIY.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qqw skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll3.zip ZIP: infected - 1 skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Ryan Roby\.housecall6.6\Quarantine\css4[1].bac_a03100 Infected: not-a-virus:AdWare.Win32.Virtumonde.qqw skipped

C:\Documents and Settings\Ryan Roby\.housecall6.6\Quarantine\FlyakiteOSX%20v3.5[1].exe.bac_a03100/stream/data0023 Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a skipped

C:\Documents and Settings\Ryan Roby\.housecall6.6\Quarantine\FlyakiteOSX%20v3.5[1].exe.bac_a03100/stream Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a skipped

C:\Documents and Settings\Ryan Roby\.housecall6.6\Quarantine\FlyakiteOSX%20v3.5[1].exe.bac_a03100 NSIS: infected - 2 skipped

C:\Documents and Settings\Ryan Roby\.housecall6.6\Quarantine\FlyakiteOSX%20v3.5[1].exe.bac_a03100 CryptFF.b: infected - 2 skipped

C:\Documents and Settings\Ryan Roby\.housecall6.6\Quarantine\FlyakiteOSX%20v3.5[1].exe.bac_a03452/stream/data0023 Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a skipped

C:\Documents and Settings\Ryan Roby\.housecall6.6\Quarantine\FlyakiteOSX%20v3.5[1].exe.bac_a03452/stream Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a skipped

C:\Documents and Settings\Ryan Roby\.housecall6.6\Quarantine\FlyakiteOSX%20v3.5[1].exe.bac_a03452 NSIS: infected - 2 skipped

C:\Documents and Settings\Ryan Roby\.housecall6.6\Quarantine\FlyakiteOSX%20v3.5[1].exe.bac_a03452 CryptFF.b: infected - 2 skipped

C:\Documents and Settings\Ryan Roby\Application Data\$_hpcst$.hpc Object is locked skipped

C:\Documents and Settings\Ryan Roby\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Ryan Roby\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Ryan Roby\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Ryan Roby\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Ryan Roby\Local Settings\History\History.IE5\MSHist012008042720080428\index.dat Object is locked skipped

C:\Documents and Settings\Ryan Roby\Local Settings\Temp\WCESLog.log Object is locked skipped

C:\Documents and Settings\Ryan Roby\Local Settings\Temp\~DF1D7.tmp Object is locked skipped

C:\Documents and Settings\Ryan Roby\Local Settings\Temp\~DF7D48.tmp Object is locked skipped

C:\Documents and Settings\Ryan Roby\Local Settings\Temp\~DFCB86.tmp Object is locked skipped

C:\Documents and Settings\Ryan Roby\Local Settings\Temp\~DFCBC4.tmp Object is locked skipped

C:\Documents and Settings\Ryan Roby\Local Settings\Temporary Internet Files\Content.IE5\7495JU2J\YCADK6TF6CAWLJ4NICA3BNBH5CA2JOH4GCA1LW89KCA435LS4CAX08F42CA0TRC5OCAXHTYO9CA7KJGPVCAICN1BYCAZQ9CXXCAKK1F9QCAPDNS9KCAN4F92VCAN2VX94CABY4J4ACAEJVI4ICAQM69JI.htm Object is locked skipped

C:\Documents and Settings\Ryan Roby\Local Settings\Temporary Internet Files\Content.IE5\DJS33T9H\JCAAO4TSZCAOYKH2RCAFM6834CA7KWK94CA3PXJXOCAVRT49KCAHSR7I6CAPBTSQXCADLG50TCANS0OKSCAC89G5KCAEU32WWCACIZKHWCA9W0XTECAZF61A9CA2F5F2OCAYREKMBCA30P8O6CAX1CW3S.htm Object is locked skipped

C:\Documents and Settings\Ryan Roby\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Ryan Roby\Local Settings\Temporary Internet Files\Content.IE5\JXLVUUKW\LCASUW6KNCA2C28Q1CAC4KHRPCAPHH5BFCAV3VR1VCA7T1AJXCAFU0WVFCAZ1T3QACAA2GUZHCAE20ZOECASUNGUHCA9XLITZCA8AB3Z5CAV34M3TCA3OHJBPCA00XLN7CA86HSWNCA0611QPCANL8OPG.htm Object is locked skipped

C:\Documents and Settings\Ryan Roby\Local Settings\Temporary Internet Files\Content.IE5\NZSDIMXW\spamblockerutility[1].exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Shopper.v skipped

C:\Documents and Settings\Ryan Roby\Local Settings\Temporary Internet Files\Content.IE5\NZSDIMXW\spamblockerutility[1].exe/stream Infected: not-a-virus:AdWare.Win32.Shopper.v skipped

C:\Documents and Settings\Ryan Roby\Local Settings\Temporary Internet Files\Content.IE5\NZSDIMXW\spamblockerutility[1].exe NSIS: infected - 2 skipped

C:\Documents and Settings\Ryan Roby\My Documents\Downloads\Disney Movies Complete Collection and Pixar Classic Movies some Extra Movies\Disney Classic 1-10.part01.daa Object is locked skipped

C:\Documents and Settings\Ryan Roby\My Documents\Downloads\Disney Movies Complete Collection and Pixar Classic Movies some Extra Movies\Disney Classic 1-10.part02.daa Object is locked skipped

C:\Documents and Settings\Ryan Roby\My Documents\Ryan's Files\My Download Files\vobripper.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped

C:\Documents and Settings\Ryan Roby\My Documents\Ryan's Files\My Download Files2\Audio-CD Stuff\setupneoaudio.exe/data0033/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.e skipped

C:\Documents and Settings\Ryan Roby\My Documents\Ryan's Files\My Download Files2\Audio-CD Stuff\setupneoaudio.exe/data0033/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped

C:\Documents and Settings\Ryan Roby\My Documents\Ryan's Files\My Download Files2\Audio-CD Stuff\setupneoaudio.exe/data0033/data0001.cab/Weather/Weather.exe Infected: not-a-virus:AdWare.Win32.SaveNow skipped

C:\Documents and Settings\Ryan Roby\My Documents\Ryan's Files\My Download Files2\Audio-CD Stuff\setupneoaudio.exe/data0033/data0001.cab/Weather/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped

C:\Documents and Settings\Ryan Roby\My Documents\Ryan's Files\My Download Files2\Audio-CD Stuff\setupneoaudio.exe/data0033/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped

C:\Documents and Settings\Ryan Roby\My Documents\Ryan's Files\My Download Files2\Audio-CD Stuff\setupneoaudio.exe/data0033 Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped

C:\Documents and Settings\Ryan Roby\My Documents\Ryan's Files\My Download Files2\Audio-CD Stuff\setupneoaudio.exe/data0034 Infected: not-a-virus:AdWare.Win32.EZula.d skipped

C:\Documents and Settings\Ryan Roby\My Documents\Ryan's Files\My Download Files2\Audio-CD Stuff\setupneoaudio.exe/data0035/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.v skipped

C:\Documents and Settings\Ryan Roby\My Documents\Ryan's Files\My Download Files2\Audio-CD Stuff\setupneoaudio.exe/data0035/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped

C:\Documents and Settings\Ryan Roby\My Documents\Ryan's Files\My Download Files2\Audio-CD Stuff\setupneoaudio.exe/data0035 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped

C:\Documents and Settings\Ryan Roby\My Documents\Ryan's Files\My Download Files2\Audio-CD Stuff\setupneoaudio.exe NSIS: infected - 10 skipped

C:\Documents and Settings\Ryan Roby\ntuser.dat Object is locked skipped

C:\Documents and Settings\Ryan Roby\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL\Data\master.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL\Data\mastlog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL\Data\model.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL\Data\modellog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL\Data\tempdb.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL\Data\templog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL\LOG\ERRORLOG Object is locked skipped

C:\Program Files\uTorrent\uTorrent.exe Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP608\A0086937.exe/stream/data0023 Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP608\A0086937.exe/stream Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP608\A0086937.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP608\A0086964.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP610\A0087740.exe Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP611\A0087789.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrd skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP613\A0087994.exe/data0033/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.e skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP613\A0087994.exe/data0033/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP613\A0087994.exe/data0033/data0001.cab/Weather/Weather.exe Infected: not-a-virus:AdWare.Win32.SaveNow skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP613\A0087994.exe/data0033/data0001.cab/Weather/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP613\A0087994.exe/data0033/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP613\A0087994.exe/data0033 Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP613\A0087994.exe/data0034 Infected: not-a-virus:AdWare.Win32.EZula.d skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP613\A0087994.exe/data0035/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.v skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP613\A0087994.exe/data0035/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP613\A0087994.exe/data0035 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP613\A0087994.exe NSIS: infected - 10 skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP613\A0088030.exe Infected: Trojan-Downloader.Win32.Small.usn skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP613\A0088032.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qon skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP613\A0088032.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Small.ury skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP613\A0088032.exe/data.rar/serial.exe Infected: Trojan-Downloader.Win32.Small.usn skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP613\A0088032.exe/data.rar Infected: Trojan-Downloader.Win32.Small.usn skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP613\A0088032.exe RarSFX: infected - 4 skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP613\A0088033.exe Infected: Trojan-Downloader.Win32.Zlob.lqj skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP613\A0088034.exe Infected: Trojan-Downloader.Win32.Small.ury skipped

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP614\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\dpevflbg.dll Infected: Trojan.Win32.Vapsup.eib skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\RYAN.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\olgdqarf.exe Infected: Trojan.Win32.Vapsup.eib skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{B459FB12-1D5C-4519-97CE-2DE03AAC2F87}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\xxyWMfGY.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qpf skipped

C:\WINDOWS\Temp\Perflib_Perfdata_7b8.dat Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_7e8.dat Object is locked skipped

C:\WINDOWS\Temp\ZLT00dbc.TMP Object is locked skipped

C:\WINDOWS\Temp\ZLT00dd6.TMP Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\vadokmxt.dll Infected: Trojan.Win32.Vapsup.eib skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\wxvgsdbq.exe Infected: Trojan.Win32.Vapsup.eib skipped

Scan process completed.


Deckard's System Scanner v20071014.68
Run by Ryan Roby on 2008-04-27 14:22:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
20: 2008-04-27 21:22:47 UTC - RP615 - Deckard's System Scanner Restore Point
19: 2008-04-27 02:53:22 UTC - RP614 - Before theme
18: 2008-04-26 08:45:06 UTC - RP613 - Installed Ad-Aware 2007
17: 2008-04-26 08:42:45 UTC - RP612 - Removed Ad-Aware 2007
16: 2008-04-26 04:00:48 UTC - RP611 - Restore Operation


-- First Restore Point --
1: 2008-04-26 02:17:56 UTC - RP596 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Ryan Roby.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:24:34 PM, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\TopDesk\topdesk.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\WINDOWS\Integrator.exe
C:\Documents and Settings\Ryan Roby\Start Menu\Programs\Startup\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Documents and Settings\Ryan Roby\My Documents\Ryan's Files\My Download Files\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ryan Roby.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=7715
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E10EEE3-05D5-49F8-8674-707CBB50FC66} - C:\WINDOWS\system32\iifddaYs.dll (file missing)
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8469FAAC-33B8-4F1A-8113-4112DDBC6738} - C:\WINDOWS\system32\wvUmnOIY.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - C:\WINDOWS\system32\xxyWMfGY.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: dpevflbg - {CE66268D-0208-4D9E-8BC7-12D91072A34D} - C:\WINDOWS\dpevflbg.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupScanner.exe
O4 - HKLM\..\Run: [syntpenh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Battery Doubler.lnk = C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: Shortcut to YzShadow.lnk = C:\Program Files\YzShadow\YzShadow.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: SynTPEnh.exe
O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q305&bd=presario&pf=laptop
O15 - Trusted Zone: http://www.lyricshosting.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: xxyWMfGY - C:\WINDOWS\SYSTEM32\xxyWMfGY.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9780 bytes

-- File Associations -----------------------------------------------------------

.txt - txtfile - shell\open\command - Notepad.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
R3 SPLITCAM (Splitcam, WDM Camera Stream Splitter) - c:\windows\system32\drivers\splitcam.sys <Not Verified; LoteSoft Co.; Video Capture Splitter driver>

S1 SASKUTIL - c:\program files\superantispyware\saskutil.sys (file missing)
S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
S3 CamDrL (Logitech QuickCam Pro 3000(CamDrl)) - c:\windows\system32\drivers\camdrl.sys (file missing)
S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing)
S3 PhilCam8116 (Logitech QuickCam Pro 3000(PID_08B0)) - c:\windows\system32\drivers\camdrl21.sys <Not Verified; Philips Semiconductors; Audio and Video USB Camera>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-11 12:46:11 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-03-30 13:00:00 354 --a------ C:\WINDOWS\Tasks\SmartDefrag.job


-- Files created between 2008-03-27 and 2008-04-27 -----------------------------

2008-04-27 11:17:14 0 d------c- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-27 11:17:08 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-27 11:17:05 0 d-------- C:\WINDOWS\LastGood
2008-04-27 09:31:02 0 d-------- C:\Program Files\Trend Micro
2008-04-26 21:55:57 0 d-------- C:\WINDOWS\Icons
2008-04-26 15:47:08 0 d-------- C:\Documents and Settings\Ryan Roby\.housecall6.6
2008-04-26 01:44:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-26 01:08:04 9802 --ahs---- C:\WINDOWS\system32\YIOnmUvw.ini2
2008-04-26 00:59:56 0 d-------- C:\Documents and Settings\Ryan Roby\Application Data\OtakuSoftware
2008-04-26 00:59:51 0 d-------- C:\Program Files\TopDesk
2008-04-25 19:17:40 33928 --ahs---- C:\WINDOWS\system32\sYaddfii.ini2
2008-04-25 19:12:20 39936 --a------ C:\WINDOWS\system32\xxyWMfGY.dll
2008-04-24 17:51:07 0 d-------- C:\Program Files\NoteWorthy Composer
2008-04-24 17:22:13 0 d------c- C:\Documents and Settings\All Users\Application Data\Musicnotes
2008-04-23 16:18:26 0 d-------- C:\Program Files\Object Desktop
2008-04-23 15:47:18 0 d-------- C:\Program Files\YzShadow
2008-04-23 15:28:02 0 d-------- C:\Program Files\Stardock
2008-04-23 10:43:41 81920 --a------ C:\WINDOWS\wxvgsdbq.exe
2008-04-23 10:43:41 188416 --a------ C:\WINDOWS\vadokmxt.dll
2008-04-23 10:43:41 94208 --a------ C:\WINDOWS\olgdqarf.exe
2008-04-23 10:43:41 155648 --a------ C:\WINDOWS\dpevflbg.dll
2008-04-22 22:22:22 7852 --a------ C:\WINDOWS\system32\mcdmsg7.dll
2008-04-22 21:58:06 0 d-------- C:\Program Files\Common Files\Stardock
2008-04-19 09:01:52 0 d-------- C:\Program Files\Free DVD Ripper
2008-04-18 05:14:02 0 dr-h----- C:\Documents and Settings\Ryan Roby\Recent
2008-04-03 08:37:46 0 d-------- C:\Documents and Settings\Ryan Roby\Application Data\Printer Info Cache
2008-04-03 08:34:39 0 d-------- C:\Documents and Settings\Ryan Roby\Application Data\U3
2008-03-31 14:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 14:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 14:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 14:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 14:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-30 08:46:36 0 d-------- C:\Documents and Settings\Ryan Roby\Application Data\Sibelius Software
2008-03-28 09:21:56 13824 --a------ C:\WINDOWS\system32\drivers\splitcam.sys <Not Verified; LoteSoft Co.; Video Capture Splitter driver>
2008-03-28 09:21:34 0 d-------- C:\Program Files\SplitCam
2008-03-28 08:30:06 0 d-------- C:\Documents and Settings\Ryan Roby\Application Data\skypePM
2008-03-28 08:30:06 32 --a----c- C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-28 08:28:16 0 d-------- C:\Documents and Settings\Ryan Roby\Application Data\Skype
2008-03-28 08:27:47 0 d-------- C:\Program Files\Common Files\Skype
2008-03-27 10:34:51 0 d-------- C:\Program Files\Sibelius Software


-- Find3M Report ---------------------------------------------------------------

2008-04-27 14:18:03 0 d-------- C:\Documents and Settings\Ryan Roby\Application Data\uTorrent
2008-04-27 12:35:03 337 --ah---c- C:\WINDOWS\winshell.dat
2008-04-27 12:35:03 66 --a----c- C:\WINDOWS\anticrash.dat
2008-04-27 00:40:17 60 --a----c- C:\WINDOWS\zoom.dat
2008-04-27 00:40:10 61 --a----c- C:\WINDOWS\hare.dat
2008-04-27 00:40:02 78 --a----c- C:\WINDOWS\battery.dat
2008-04-26 19:17:46 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-26 01:45:10 0 d-------- C:\Program Files\Lavasoft
2008-04-26 01:44:27 0 d-------- C:\Program Files\Common Files
2008-04-26 00:25:59 0 d-------- C:\Program Files\LIVEUPDATE
2008-04-25 13:11:29 393 --ah---c- C:\WINDOWS\wininf.dat
2008-04-23 15:24:05 0 d-------- C:\Program Files\Windows NT
2008-04-23 15:24:05 0 d-------- C:\Program Files\Movie Maker
2008-04-23 15:24:05 0 d-------- C:\Program Files\Messenger
2008-04-21 12:14:04 0 d-------- C:\Program Files\DivX
2008-04-18 16:25:27 0 d-------- C:\Documents and Settings\Ryan Roby\Application Data\Adobe
2008-04-17 10:28:48 76216 --a----c- C:\Documents and Settings\Ryan Roby\Application Data\GDIPFONTCACHEV1.DAT
2008-04-11 10:03:53 4212 --ah---c- C:\WINDOWS\system32\zllictbl.dat
2008-03-28 13:31:50 0 d-------- C:\Documents and Settings\Ryan Roby\Application Data\SUPERAntiSpyware.com
2008-03-28 13:31:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 09:48:32 0 d-------- C:\Program Files\IObit
2008-03-28 09:21:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-28 08:27:47 0 d-------- C:\Program Files\Skype
2008-03-28 06:29:00 0 d-------- C:\Program Files\HPQ
2008-03-24 23:48:13 0 d-------- C:\Program Files\EAV Antivirus Suite
2008-03-24 23:19:16 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-24 16:11:55 0 d-------- C:\Documents and Settings\Ryan Roby\Application Data\eXPert PDF Reader
2008-03-24 14:39:14 249856 --a------ C:\WINDOWS\system32\pdfmona.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-03-24 14:39:14 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2008-03-21 13:30:08 3596288 --a----c- C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 13:28:54 196608 --a----c- C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 13:28:54 81920 --a----c- C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 13:28:20 12288 --a----c- C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 20:02:03 0 d-------- C:\Program Files\MSXML 6.0
2008-03-20 04:49:31 0 d-------- C:\Program Files\RouterTool
2008-03-20 03:16:44 0 d-------- C:\Program Files\FxBear MOV Video Converter
2008-03-19 18:47:17 0 d-------- C:\Program Files\MSBuild
2008-03-19 18:41:31 0 d-------- C:\Program Files\Reference Assemblies
2008-03-19 11:38:10 0 d-------- C:\Program Files\GSfx Wizard
2008-03-15 10:25:42 0 d--h----- C:\Program Files\Creative Installation Information
2008-03-12 07:34:16 291 --ah---c- C:\WINDOWS\sysdata.dat
2008-03-10 05:13:36 0 d-------- C:\Program Files\Common Files\Logitech
2008-03-10 05:10:24 0 d-------- C:\Program Files\Creative
2008-03-09 04:10:16 0 d-------- C:\Program Files\Ac Browser Plus
2008-03-09 04:10:13 0 d-------- C:\Documents and Settings\Ryan Roby\Application Data\Konrad Papala
2008-03-08 15:05:16 0 d-------- C:\Program Files\CCleaner
2008-03-05 11:54:09 0 d-------- C:\Program Files\Microsoft LifeCam
2008-03-04 09:21:15 4 --a----c- C:\WINDOWS\system32\2720D6
2008-03-03 10:26:28 0 d-------- C:\Program Files\K-litePro
2008-03-02 14:04:49 0 d-------- C:\Documents and Settings\Ryan Roby\Application Data\Google
2008-03-02 14:01:00 0 d-------- C:\Program Files\Google
2008-02-22 11:18:46 2543 --a------ C:\WINDOWS\unins000.dat
2008-02-22 11:14:26 691545 --a------ C:\WINDOWS\unins000.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E10EEE3-05D5-49F8-8674-707CBB50FC66}]
C:\WINDOWS\system32\iifddaYs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8469FAAC-33B8-4F1A-8113-4112DDBC6738}]
C:\WINDOWS\system32\wvUmnOIY.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}]
25/04/2008 07:12 PM 39936 --a------ C:\WINDOWS\system32\xxyWMfGY.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [11/04/2005 03:21 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/02/2005 05:12 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 10:37 AM]
"Openwares LiveUpdate"="C:\Program Files\LiveUpdate\LiveUpdate.exe" [13/12/2003 10:17 AM]
"Startup Manager Scanner"="C:\Program Files\Startup Mechanic\StartupScanner.exe" [06/11/2003 07:25 AM]
"syntpenh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/02/2005 05:11 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [13/03/2008 03:11 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:00 AM]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [16/03/2007 04:51 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [13/11/2006 11:39 AM]
"TopDesk"="C:\Program Files\TopDesk\topdesk.exe" [15/11/2007 11:40 PM]

C:\Documents and Settings\Ryan Roby\Start Menu\Programs\Startup\
AntiCrash.lnk - C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [21/09/2002 9:26:00 AM]
Battery Doubler.lnk - C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe [21/09/2002 10:26:20 AM]
Hare.lnk - C:\Program Files\Dachshund Software\Hare\Hare.exe [21/09/2002 10:26:40 AM]
Shortcut to YzShadow.lnk - C:\Program Files\YzShadow\YzShadow.exe [23/04/2008 3:48:03 PM]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [26/04/2008 12:27:49 AM]
SynTPEnh.exe [02/02/2005 5:11:12 AM]
Zoom.lnk - C:\Program Files\Dachshund Software\Zoom\Zoom.exe [21/09/2002 10:27:14 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 11:05:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"nousernameinstartmenu"=0 (0x0)
"nosimplestartmenu"=0 (0x0)
"nostartmenumfuprogramslist"=0 (0x0)
"nostartmenumoreprograms"=0 (0x0)
"nochangestartmenu"=0 (0x0)
"norecentdochistory"=0 (0x0)
"maxrecentdocs"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F50B3F5E-856E-4757-9BB1-B35D46CA7719}"= C:\WINDOWS\system32\xxyWMfGY.dll [25/04/2008 07:12 PM 39936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyWMfGY]
xxyWMfGY.dll 25/04/2008 07:12 PM 39936 C:\WINDOWS\system32\xxyWMfGY.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\wvUmnOIY

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b74e1d32-0164-11dd-8845-00904bf6880d}]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-04-27 14:25:54 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3500+
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 1278.48 MiB / 619.21 MiB
Pagefile Memory (total/avail): 1898.14 MiB / 1383.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.65 MiB

C: is Fixed (NTFS) - 93.15 GiB total, 17.61 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST9100822A - 93.16 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 93.15 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v7.0.470.000 (Check Point, LTD.)
AV: avast! antivirus 4.8.1169 [VPS 080427-1] v4.8.1169 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ryan Roby\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RYAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ryan Roby
LOGONSERVER=\\RYAN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 15 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\RYANRO~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\RYANRO~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=RYAN
USERNAME=Ryan Roby
USERPROFILE=C:\Documents and Settings\Ryan Roby
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ryan Roby (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Abexo Free Registry Cleaner --> C:\Program Files\Abexo\afrc\uninst.exe
Ac Browser Plus --> "C:\Program Files\Ac Browser Plus\unins000.exe"
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 6.0 Professional - English, Franēais, Deutsch --> MsiExec.exe /I{AC76BA86-1033-F400-7760-000000000001}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Reader for Palm OS, 3.05 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\Adobe Reader for Palm OS\AcroDesk.isu" -c"C:\Program Files\Adobe\Adobe Reader for Palm OS\unpdf.dll"
Advanced WindowsCare Personal --> "C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe"
AntiCrash 3.6 --> "C:\Program Files\Dachshund Software\AntiCrash\Uninstall.exe" "C:\Program Files\Dachshund Software\AntiCrash\install.log"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Battery Doubler 1.2.1 --> "C:\Program Files\Dachshund Software\Battery Doubler\Uninstall.exe" "C:\Program Files\Dachshund Software\Battery Doubler\install.log"
BitPim 0.9.10 --> "C:\Program Files\BitPim\unins000.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Compaq Presario r4000 User Guides --> C:\PROGRA~1\CPQ\UNWISE.EXE C:\PROGRA~1\CPQ\INSTALL.LOG
Conexant AC-Link Audio --> CIAunwdm.exe
Corel Applications --> C:\WINDOWS\Corel\Uninst32.exe
Creative Jukebox Driver --> C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
Cumulus Desktop LE 4.05 --> C:\PROGRA~1\Corel\PHOTO-~1\Cumulus\UNWISE.EXE C:\PROGRA~1\Corel\PHOTO-~1\Cumulus\INSTALL.LOG
Desktop Weather by The Weather Channel --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
DFUeTweaker --> C:\Program Files\DFUeTweaker\Uninstaller.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Ripper Burner 7.0.0.0 --> "C:\Program Files\SoftwareClub.ws\SC DVD Ripper Burner\unins000.exe"
EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
Extensis Intellihance Pro 4.0 --> C:\WINDOWS\unwise32.exe C:\PROGRA~1\Corel\PHOTO-~1\Extensis\install.log
Free DVD Ripper Version 2.25 --> "C:\Program Files\Free DVD Ripper\unins000.exe"
FxBear MOV Video Converter --> MsiExec.exe /I{0E54911F-5E03-4513-AB56-BF7393E64866}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GSfx Wizard 1.1 --> "C:\Program Files\GSfx Wizard\unins000.exe"
Hare 1.5.1 --> "C:\Program Files\Dachshund Software\Hare\Uninstall.exe" "C:\Program Files\Dachshund Software\Hare\install.log"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Wireless Assistant 1.01 A3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
IObit SmartDefrag Beta4.03 --> "C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LiveUpdate 2.5 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
LiveUpdate BVRP Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft LifeCam --> MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server Desktop Engine --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
mobile PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
Mp3Doctor 5.11.042 --> "C:\Program Files\Mp3Doctor\unins000.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
muvee autoProducer 4.0 - SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}\setup.exe" -l0x9
MyPlayCity Data Recovery 3.1 --> "C:\Program Files\MyPlayCity Data Recovery\unins000.exe"
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Netflix Movie Viewer --> MsiExec.exe /X{178FDCAC-0CC9-433B-8E1C-96251615DCBE}
NoteWorthy Composer --> C:\PROGRA~1\NOTEWO~1\Uninstal.exe
ObjectDock --> C:\PROGRA~1\Stardock\OBJECT~2\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~2\INSTALL.LOG
OptiNet (remove only) --> "C:\Program Files\OptiNet\uninst.exe"
PC Inspector File Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9
PENTAX USB DISK Device --> MsiExec.exe /X{AEE9ABDF-CFFD-4CC2-8519-E8ECEB5A2AAF}
Quick Launch Buttons 5.10 B3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
QuickTime Alternative 1.80 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sibelius Scorch (ActiveX Only) --> MsiExec.exe /I{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SplitCam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{00718491-55BF-46C6-83EF-4B3B95AC807A}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Startup Mechanic --> C:\Program Files\Startup Mechanic\uninstall.exe
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TagScanner 4.9 build 492 --> "C:\Program Files\TagScanner\unins000.exe"
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1} /l1033
TopDesk 1.5.4 --> C:\Program Files\TopDesk\uninst.exe
TuneXP 1.5 --> C:\WINDOWS\iun6002.exe "C:\Program Files\TuneXP\irunin.ini"
UltraTagger 2.2 --> "C:\Program Files\UltraTagger\unins000.exe"
UserGuides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02E22217-0E96-4C3F-B831-83AA942B7715}\setup.exe" -l0x9
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Weather Services --> C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\FRAMEW~1\wxfw.cpl,4
WinAce Archiver 2.0 --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
WinASO RegDefrag 1.2 --> "C:\Program Files\WinASO\RegDefrag 1.2\unins000.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! extras --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
Zoom 1.3.1 --> "C:\Program Files\Dachshund Software\Zoom\Uninstall.exe" "C:\Program Files\Dachshund Software\Zoom\install.log"


-- Application Event Log -------------------------------------------------------

Event Record #/Type7169 / Error
Event Submitted/Written: 04/27/2008 02:24:56 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type7168 / Error
Event Submitted/Written: 04/27/2008 02:24:56 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type7163 / Warning
Event Submitted/Written: 04/27/2008 00:40:06 AM
Event ID/Source: 19011 / MSSQLServer
Event Description:
SuperSocket info: (SpnRegister) : Error 1355.

Event Record #/Type7148 / Warning
Event Submitted/Written: 04/27/2008 00:04:17 AM
Event ID/Source: 19011 / MSSQLServer
Event Description:
SuperSocket info: (SpnRegister) : Error 1355.

Event Record #/Type7130 / Warning
Event Submitted/Written: 04/26/2008 08:02:57 PM
Event ID/Source: 19011 / MSSQLServer
Event Description:
SuperSocket info: (SpnRegister) : Error 1355.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type75654 / Error
Event Submitted/Written: 04/27/2008 02:22:14 PM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort1, did not respond within the timeout period.

Event Record #/Type75653 / Warning
Event Submitted/Written: 04/27/2008 02:19:41 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type75652 / Error
Event Submitted/Written: 04/27/2008 02:06:43 PM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort1, did not respond within the timeout period.

Event Record #/Type75651 / Error
Event Submitted/Written: 04/27/2008 01:32:41 PM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort1, did not respond within the timeout period.

Event Record #/Type75650 / Error
Event Submitted/Written: 04/27/2008 01:25:20 PM
Event ID/Source: 9 / atapi
Event Description:
The device, \Device\Ide\IdePort1, did not respond within the timeout period.



-- End of Deckard's System Scanner: finished at 2008-04-27 14:25:54 ------------

BC AdBot (Login to Remove)

 


#2 ryan_roby

ryan_roby
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:30 PM

Posted 03 May 2008 - 05:43 PM

So, I went ahead and installed Kaspersky on my system and I've managed to get it cleaned up. What a great program!! Thanks to everyone who checked out my posting.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:04:30 PM

Posted 03 May 2008 - 06:11 PM

Thanks for telling us what you have done.

Should you find other problems, please begin a new topic.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users