Deckard’s System Scanner v20071014.68
Run by Karina on 2008-04-27 09:36:08
Computer is in Normal Mode.
– System Restore --------------------------------------------------------------
Successfully created a Deckard’s System Scanner Restore Point.
– Last 5 Restore Point(s) –
75: 2008-04-27 08:36:18 UTC - RP524 - Deckard’s System Scanner Restore Point
74: 2008-04-26 22:25:33 UTC - RP523 - Installed AVG Free 8.0
73: 2008-04-25 19:01:33 UTC - RP522 - System Checkpoint
72: 2008-04-24 12:09:48 UTC - RP521 - Installed Java 6 Update 5
71: 2008-04-24 12:09:07 UTC - RP520 - Removed Java 6 Update 5
– First Restore Point –
1: 2008-01-26 20:47:24 UTC - RP450 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
– HijackThis (run as Karina.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:58 AM, on 4/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\VoipCheapCom\VoipCheapCom.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Karina\Local Settings\Temporary Internet Files\Content.IE5\BAJ25GB1\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Karina.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM…\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [dlcxmon.exe] “C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe”
O4 - HKLM…\Run: [MemoryCardManager] “C:\Program Files\Dell Photo AIO Printer 926\memcard.exe”
O4 - HKLM…\Run: [FaxCenterServer] “C:\Program Files\Dell PC Fax\fm3032.exe” /s
O4 - HKLM…\Run: [iSUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -startup
O4 - HKLM…\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM…\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM…\Run: [LogitechCommunicationsManager] “C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe”
O4 - HKLM…\Run: [LogitechQuickCamRibbon] “C:\Program Files\Logitech\QuickCam\Quickcam.exe” /hide
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”
O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM…\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM…\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU…\Run: [VoipCheapCom] “C:\Program Files\VoipCheapCom\VoipCheapCom.exe” -nosplash -minimized
O4 - Global Startup: Dell Network Assistant.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac … oader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac … loader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 7096007218
O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://andthisis.myphotoalbum.com/ImageUploader4.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac … der4_5.cab
O17 - HKLM\System\CCS\Services\Tcpip…{3E386186-25BC-4407-83AB-93ECC3DCC76C}: NameServer = 87.194.0.51,87.194.0.52
O17 - HKLM\System\CCS\Services\Tcpip…{6B13790E-FA29-4AE4-9B16-090834F50C54}: NameServer = 192.168.1.254,87.194.0.52
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: bdkpfxqw - {2282D2C8-F7BA-4CE8-B554-42A7E08806A0} - C:\WINDOWS\bdkpfxqw.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: B’s Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
–
End of file - 11345 bytes
– HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups) -----------
backup-20080427-002236-192 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2
backup-20080427-003144-113 O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
backup-20080427-003144-419 O4 - HKLM…\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
backup-20080427-003144-644 O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
backup-20080427-003144-915 O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
backup-20080427-090231-867 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2
backup-20080427-092207-116 O21 - SSODL: bdkpfxqw - {51A83188-D4DD-4F64-A00D-D02E8FD8646E} - C:\WINDOWS\bdkpfxqw.dll
backup-20080427-092207-188 O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
backup-20080427-092207-595 O18 - Protocol: linkscanner - (no CLSID) - (no file)
backup-20080427-092207-815 O3 - Toolbar: wxdbpfvo - {DDA28099-DACF-415D-A5A8-BB134FCA3D6A} - C:\WINDOWS\wxdbpfvo.dll (file missing)
backup-20080427-092207-836 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080427-092207-990 O21 - SSODL: qadovnel - {ED6BE11B-3DFB-4859-A511-29E591E7F31C} - C:\WINDOWS\qadovnel.dll (file missing)
– File Associations -----------------------------------------------------------
All associations okay.
– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys
R2 ACEDRV07 - c:\windows\system32\drivers\acedrv07.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys
R2 hnmwrlspkt (HomeNet Manager Wireless Protocol) - c:\windows\system32\drivers\hnm_wrls_pkt.sys
R2 Packet (Auto Internet Protocol) - c:\windows\system32\drivers\packet.sys
R2 STEC3 - c:\windows\system32\stec3.sys
R2 wsppkt (Wireless Security Protocol) - c:\windows\system32\drivers\wsp_pkt.sys
S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys
S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys
S3 se59bus (Sony Ericsson Device 089 driver (WDM)) - c:\windows\system32\drivers\se59bus.sys
– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 bgsvcgen (B’s Recorder GOLD Library General Service) - c:\windows\system32\bgsvcgen.exe
R2 PRISMSVC - c:\windows\system32\prismsvc.exe
– Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
– Scheduled Tasks -------------------------------------------------------------
2008-04-26 21:58:13 424 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5A98B218-16CF-4D13-BF09-50237CDE795F}.job
2008-02-15 19:07:11 342 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-02-12 11:50:03 334 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-04-22 12:45:31 402 --ah----- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
– Files created between 2008-03-27 and 2008-04-27 -----------------------------
2008-04-27 08:33:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-27 08:33:18 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-27 00:39:07 0 d-------- C:\Documents and Settings\Karina\DoctorWeb
2008-04-27 00:20:16 0 d-------- C:\Program Files\Trend Micro
2008-04-26 23:28:40 0 d–h----- C:$AVG8.VAULT$
2008-04-26 23:25:54 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-26 23:25:33 0 d-------- C:\Program Files\AVG
2008-04-26 23:25:33 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-26 22:53:30 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-26 22:52:44 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-04-26 22:52:43 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-04-26 22:52:43 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-04-26 22:52:43 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-04-26 22:52:43 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-04-26 22:52:42 0 d-------- C:\Program Files\Trojan Remover
2008-04-26 22:52:42 0 d-------- C:\Documents and Settings\Karina\Application Data\Simply Super Software
2008-04-26 22:52:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-04-26 22:01:00 0 d-------- C:\Documents and Settings\Karina\Application Data\TmpRecentIcons
2008-04-26 21:28:36 0 d-------- C:\Program Files\a-squared Free
2008-04-26 20:31:24 0 d-------- C:\WINDOWS\system32\smp
2008-04-26 20:31:24 0 d-------- C:\Program Files\Inet Delivery
2008-04-26 20:31:23 0 d-------- C:\WINDOWS\mslagent
2008-04-26 20:31:23 0 d-------- C:\Program Files\akl
2008-04-26 20:31:13 0 d-------- C:\Documents and Settings\All Users\Application Data\vwfqrcvm
2008-04-26 20:31:07 81920 --a------ C:\WINDOWS\spwoqbmv.exe
2008-04-01 22:24:40 0 d-------- C:\Program Files\Kontiki
2008-04-01 22:24:40 0 d-------- C:\logs3
– Find3M Report ---------------------------------------------------------------
2008-04-27 00:17:40 0 d-------- C:\Program Files\Dl_cats
2008-04-26 22:50:42 0 d-------- C:\Program Files\Napisy
2008-04-26 21:47:22 0 d-------- C:\Program Files\VoipCheapCom
2008-04-26 20:57:37 0 d-------- C:\Program Files\DivX
2008-04-26 19:42:02 0 d-------- C:\Program Files\McAfee
2008-04-25 23:23:14 0 d-------- C:\Program Files\eMule
2008-04-24 13:10:34 0 d-------- C:\Program Files\Java
2008-04-23 19:40:19 0 d-------- C:\Documents and Settings\Karina\Application Data\Skype
2008-04-23 19:32:27 0 d-------- C:\Documents and Settings\Karina\Application Data\skypePM
2008-04-18 11:16:27 0 d-------- C:\Documents and Settings\Karina\Application Data\Adobe
2008-04-13 23:04:43 0 d-------- C:\Documents and Settings\Karina\Application Data\U3
2008-03-25 23:57:05 0 d-------- C:\Program Files\Ubisoft
2008-03-25 23:57:01 0 d–h----- C:\Program Files\InstallShield Installation Information
2008-03-19 10:59:42 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-03-19 10:56:55 0 d-------- C:\Program Files\Common Files
2008-03-19 10:56:51 0 d-------- C:\Program Files\Logitech
2008-03-18 16:27:35 0 d-------- C:\Documents and Settings\Karina\Application Data\dvdcss
2008-03-04 20:14:26 0 d-------- C:\Program Files\Yahoo!
2008-03-04 20:06:26 0 d-------- C:\Documents and Settings\Karina\Application Data\Yahoo!
2008-03-01 17:56:12 0 d-------- C:\Program Files\Kodak
2008-02-28 14:41:00 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-02-13 13:40:05 187 --a------ C:\Documents and Settings\Karina\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
– Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
11/26/2007 10:46 AM 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“MSKDetectorExe”=“C:\Program Files\McAfee\SpamKiller\MSKDetct.exe” [11/07/2006 03:49 PM]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [04/29/2007 11:50 AM]
“dlcxmon.exe”=“C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe” [01/12/2007 05:57 PM]
“MemoryCardManager”=“C:\Program Files\Dell Photo AIO Printer 926\memcard.exe” [11/03/2006 11:04 PM]
“FaxCenterServer”=“C:\Program Files\Dell PC Fax\fm3032.exe” [11/03/2006 11:09 PM]
“ISUSPM Startup”=“C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” [06/10/2005 10:44 AM]
“SiteAdvisor”=“C:\Program Files\SiteAdvisor\6253\SiteAdv.exe” [08/24/2007 10:57 PM]
“mcagent_exe”=“C:\Program Files\McAfee.com\Agent\mcagent.exe” [08/03/2007 11:33 PM]
“LogitechCommunicationsManager”=“C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe” [10/25/2007 05:33 PM]
“LogitechQuickCamRibbon”=“C:\Program Files\Logitech\QuickCam\Quickcam.exe” [10/25/2007 05:37 PM]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [02/22/2008 04:25 AM]
“UserFaultCheck”=“C:\WINDOWS\system32\dumprep 0 -u” []
“TrojanScanner”=“C:\Program Files\Trojan Remover\Trjscan.exe” [04/24/2008 06:40 PM]
“AVG8_TRAY”=“C:\PROGRA~1\AVG\AVG8\avgtray.exe” [04/26/2008 11:25 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [08/10/2004 05:00 AM]
“Uniblue RegistryBooster 2”=“C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe” []
“VoipCheapCom”=“C:\Program Files\VoipCheapCom\VoipCheapCom.exe” [02/20/2007 03:23 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - C:\WINDOWS\Installer{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [10/12/2006 10:17:39 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“InstallVisualStyle”=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
“InstallTheme”=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“DisableRegistryTools”=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
“bdkpfxqw”= {2282D2C8-F7BA-4CE8-B554-42A7E08806A0} - C:\WINDOWS\bdkpfxqw.dll []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
PRISMAPI.DLL 12/22/2005 08:08 PM 450646 C:\WINDOWS\system32\PRISMAPI.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“appinit_dlls”=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk
backup=C:\WINDOWS\pss\dlbcserv.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless USB 2.0 WLAN Card Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk
backup=C:\WINDOWS\pss\Wireless USB 2.0 WLAN Card Utility.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Karina^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Karina\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
“C:\PROGRA~1\DELLSU~1\DSAgnt.exe” /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
“C:\Program Files\Gadu-Gadu\gg.exe” /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
“C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
“C:\Program Files\iTunes\iTunesHelper.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
“C:\Program Files\Messenger\msmsgs.exe” /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
“C:\Program Files\QuickTime\qttask.exe” -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe
– End of Deckard’s System Scanner: finished at 2008-04-27 09:42:46 ------------
W dniu 27.04.2008 , o godzinie 10:45 został dopisany post przez paulaaa
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
extra.txt–>
Deckard’s System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
– System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Core2 CPU 6400 @ 2.13GHz
CPU 1: Intel® Core2 CPU 6400 @ 2.13GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 1021.98 MiB / 481.37 MiB
Pagefile Memory (total/avail): 2458.33 MiB / 1994.89 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.82 MiB
C: is Fixed (NTFS) - 169.93 GiB total, 105.71 GiB free.
D: is Fixed (NTFS) - 58.19 GiB total, 17.37 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
\.\PHYSICALDRIVE0 - ST3250824AS - 232.83 GiB - 4 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 169.93 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 58.19 GiB - D:
\PARTITION3 - Unknown - 4.64 GiB
\.\PHYSICALDRIVE5 - Dell USB Mass Storage USB Device
\.\PHYSICALDRIVE1 - TEAC USB HS-CF Card USB Device
\.\PHYSICALDRIVE3 - TEAC USB HS-MS Card USB Device
\.\PHYSICALDRIVE4 - TEAC USB HS-SD Card USB Device
\.\PHYSICALDRIVE2 - TEAC USB HS-xD/SM USB Device
– Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
FW: McAfee Personal Firewall v (McAfee)
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AV: McAfee VirusScan v (McAfee)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe”=“C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL”
“C:\Program Files\Common Files\AOL\ACS\AOLDial.exe”=“C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL”
“C:\Program Files\AOL 9.0\waol.exe”=“C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL”
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe”=“C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL”
“C:\Program Files\Common Files\AOL\ACS\AOLDial.exe”=“C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL”
“C:\Program Files\AOL 9.0\waol.exe”=“C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL”
“C:\Program Files\Dell Network Assistant\ezi_hnm2.exe”=“C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant”
“C:\Program Files\Messenger\msmsgs.exe”=“C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger”
“C:\Program Files\Gadu-Gadu\gg.exe”=“C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glówny”
“E:\STHIW\stInstall.exe”=“E:\STHIW\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard”
“C:\Program Files\Kontiki\KService.exe”=“C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service”
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\LimeWire\LimeWire.exe”=“C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire”
“C:\Program Files\eMule\emule.exe”=“C:\Program Files\eMule\emule.exe:*:Enabled:eMule”
“C:\Program Files\iTunes\iTunes.exe”=“C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes”
“C:\Program Files\Real\RealPlayer\realplay.exe”=“C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer”
“C:\Program Files\Internet Explorer\iexplore.exe”=“C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer”
“C:\Program Files\QuickTime\QuickTimePlayer.exe”=“C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player”
“C:\WINDOWS\system32\dlcxcoms.exe”=“C:\WINDOWS\system32\dlcxcoms.exe:*:Enabled:Lexmark Communications System”
“C:\Program Files\Winamp Remote\bin\Orb.exe”=“C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb”
“C:\Program Files\Winamp Remote\bin\OrbTray.exe”=“C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray”
“C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe”=“C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client”
“C:\Program Files\Tlen.pl\tlen.exe”=“C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl”
“C:\Program Files\VoipCheapCom\VoipCheapCom.exe”=“C:\Program Files\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom”
“C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe”=“C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent”
“C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype”
“C:\Program Files\AVG\AVG8\avgupd.exe”=“C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe”
“C:\Program Files\AVG\AVG8\avgemc.exe”=“C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe”
– Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Karina\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=IDONTKNOW
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Karina
LOGONSERVER=\IDONTKNOW
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Karina\LOCALS~1\Temp
TMP=C:\DOCUME~1\Karina\LOCALS~1\Temp
USERDOMAIN=IDONTKNOW
USERNAME=Karina
USERPROFILE=C:\Documents and Settings\Karina
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
– User Profiles ---------------------------------------------------------------
Karina (admin)
Administrator (admin)
– Add/Remove Programs ---------------------------------------------------------
–> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
–> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 3.5 --> “C:\Program Files\a-squared Free\unins000.exe”
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Archiwizator WinRAR --> C:\Program Files\WinRAR\uninstall.exe
ATI Catalyst Control Center --> MsiExec.exe /I{6913FBE5-1B4B-4308-8DDD-2944F9C91E06}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.4 --> “C:\Program Files\Audacity\unins000.exe”
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Network Assistant --> MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell PC Fax --> C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe /R:faxunst
Dell Photo AIO Printer 926 --> C:\Program Files\Dell Photo AIO Printer 926\Install\x86\Uninst.exe
Dell Photo Printer 720 Logger --> C:\Program Files\Dell Photo Printer 720\dlbcunst.exe
Dell Support 3.2 --> MsiExec.exe /X{3846E811-639D-4DE1-844B-30491C0A6C0C}
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
eMule --> “C:\Program Files\eMule\Uninstall.exe”
FinePixViewer Resource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE” -l0x9
FinePixViewer Ver.5.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE” -l0x9
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE”
Gadu-Gadu 7.7 --> C:\Program Files\Gadu-Gadu\Setup.exe
GemMaster Mystic --> “C:\Program Files\GemMaster\uninstallgemmaster.exe”
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> “C:\Program Files\Trend Micro\HijackThis\HijackThis.exe” /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> “C:\WINDOWS$NtUninstallKB929399$\spuninst\spuninst.exe”
Intel® Matrix Storage Manager --> C:\WINDOWS\System32\Imsmudlg.exe
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech QuickCam Driver Package --> “C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe” -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
MAGIX Goya burnR (UK) --> C:\MAGIX\Goya_burnR\instslct.exe
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Compression Client Pack 1.0 for Windows XP --> “C:\WINDOWS$NtUninstallMSCompPackV1$\spuninst\spuninst.exe”
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> “C:\WINDOWS$NtUninstallWudf01000$\spuninst\spuninst.exe”
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nikon FotoShare --> C:\Program Files\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG
Nikon Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe” -l0x9 UNINSTALL
Otto --> “C:\Program Files\EnglishOtto\uninstallotto.exe”
PictureProject --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe” -l0x9 UNINSTALL
Prince of Persia Warrior Within --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{EE5BC0BB-9EDA-423C-8276-48857B735D68}\setup.exe” -l0x9
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE” -l0x9
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\rnuninst.exe RealNetworks|RealPlayer|6.0
SearchAssist --> C:\DELL\SearchAssist\UninstSA.bat
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Text-To-Speech-Runtime --> MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
Tlen.pl --> “C:\Program Files\Tlen.pl\uninstall.exe”
Trojan Remover 6.6.9 --> “C:\Program Files\Trojan Remover\unins000.exe”
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant --> regsvr32 /u /s “C:\Program Files\BAE\BAE.dll”
USB 2.0 Wireless LAN Card Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\setup.exe” -l0x9 -L0x9 -removeonly
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
VoipCheapCom --> “C:\Program Files\VoipCheapCom\unins000.exe”
WebVideo Support --> C:\WINDOWS\spwoqbmv.exe
Winamp --> “C:\Program Files\Winamp\UninstWA.exe”
Windows Media Format 11 runtime --> “C:\WINDOWS$NtUninstallWMFDist11$\spuninst\spuninst.exe”
Windows Media Format SDK Hotfix - KB898549 --> “C:\WINDOWS$NtUninstallKB898549$\spuninst\spuninst.exe”
Windows XP Media Center Edition 2005 KB908246 --> “C:\WINDOWS$NtUninstallKB908246$\spuninst\spuninst.exe”
Windows XP Media Center Edition 2005 KB925766 --> “C:\WINDOWS$NtUninstallKB925766$\spuninst\spuninst.exe”
– Application Event Log -------------------------------------------------------
Event Record #/Type1728 / Warning
Event Submitted/Written: 04/27/2008 09:32:07 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product ‘{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}’, feature ‘QuickCam’ failed during request for component ‘{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}’
Event Record #/Type1727 / Warning
Event Submitted/Written: 04/27/2008 09:32:07 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product ‘{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}’, feature ‘QuickCam’, component ‘{B52C7B4D-F46F-438C-ADF2-05A138C57757}’ failed. The resource ‘HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey’ does not exist.
Event Record #/Type1726 / Warning
Event Submitted/Written: 04/27/2008 09:32:07 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product ‘{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}’, feature ‘QuickCam’ failed during request for component ‘{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}’
Event Record #/Type1725 / Warning
Event Submitted/Written: 04/27/2008 09:32:07 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product ‘{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}’, feature ‘QuickCam’, component ‘{B52C7B4D-F46F-438C-ADF2-05A138C57757}’ failed. The resource ‘HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey’ does not exist.
Event Record #/Type1724 / Warning
Event Submitted/Written: 04/27/2008 09:32:06 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product ‘{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}’, feature ‘QuickCam’ failed during request for component ‘{62BA7C13-20BB-41F7-A6A4-482632CE53D4}’
– Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
– System Event Log ------------------------------------------------------------
Event Record #/Type23290 / Warning
Event Submitted/Written: 04/27/2008 09:00:22 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type23224 / Warning
Event Submitted/Written: 04/27/2008 00:42:35 AM
Event ID/Source: 27 / e1express
Event Description:
Intel® 82566DC Gigabit Network Connection
Link has been disconnected.
Event Record #/Type23220 / Warning
Event Submitted/Written: 04/27/2008 00:42:18 AM
Event ID/Source: 27 / e1express
Event Description:
Intel® 82566DC Gigabit Network Connection
Link has been disconnected.
Event Record #/Type23218 / Error
Event Submitted/Written: 04/27/2008 00:41:20 AM
Event ID/Source: 8007 / BROWSER
Event Description:
The browser was unable to update the service status bits. The data is the error.
Event Record #/Type23138 / Warning
Event Submitted/Written: 04/26/2008 11:20:22 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
– End of Deckard’s System Scanner: finished at 2008-04-27 09:42:46 ------------
No rootkits found!
File “C:\WINDOWS\bdkpfxqw.dll” deleted successfully.
Folder “C:\WINDOWS\privacy_danger” deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
W dniu 27.04.2008 , o godzinie 10:48 został dopisany post przez paulaaa
http://www.wklej.org/id/eaae5d0a29