I am really short on time as I need this computer fixed until the 29th of this month (july) so any quick help will be appreciated.
as i've stated on http://www.bleepingcomputer.com/forums/topic159181.html , i've got the "bagles" haha.
the following link describes what actions i have taken and what happened in the following events.
*note: J:\ is my iPod!
HJT LOG:
Deckard's System Scanner v20071014.68
Run by MuliY on 2008-07-23 04:26:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
32: 2008-07-23 02:26:28 UTC - RP333 - Deckard's System Scanner Restore Point
31: 2008-07-23 01:24:11 UTC - RP332 - Installed Ad-Aware
30: 2008-07-21 12:11:04 UTC - RP331 - ComboFix created restore point
29: 2008-07-21 11:40:41 UTC - RP330 - Installed SUPERAntiSpyware Professional
28: 2008-07-21 07:41:52 UTC - RP329 - Spybot-S&D Spyware removal
-- First Restore Point --
1: 2008-06-23 01:41:29 UTC - RP302 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as MuliY.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:28, on 2008-07-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VM305_STI.EXE
C:\program files\steam\steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Busted\Busted.exe
C:\WINDOWS\system32\dwwin.exe
C:\ijji\ENGLISH\U_SKID.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\MuliY\Desktop\Utilities\ViruSupport\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MuliY.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe1.dll
O2 - BHO: (no name) - {038D8E56-103C-473B-BA5D-5F54D4432491} - (no file)
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ???? ?????? ?? Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe1.dll
O2 - BHO: (no name) - {A436C8C3-3D99-4F58-AB80-C11FC9882BBC} - (no file)
O2 - BHO: (no name) - {BF37C719-D60B-4EAF-8A6A-BEC7C45A7E78} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {EC09BE63-96B8-4165-90CB-0EA0992C2BE9} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe1.dll
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: intel AMT.exe.lnk = C:\Program Files\Intel\AMT\atchk.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &×â€×•×¨×“ ב×מצעות פל×ש-גט - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &×â€×•×¨×“ ×â€×›×œ ב×מצעות פל×ש-גט - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &×™×¦× ×œ- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ??÷? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BF72F68-72D8-461D-A884-329D936C5581} (Image Uploader Combo Control) - http://www.mekusharim.co.il/ImageUploader5.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss ... gctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://165.91.110.101:2010/activex/AMC.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://support.intel.com/design/motherb ... oardID.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Intel® AMT System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 11118 bytes
-- File Associations -----------------------------------------------------------
.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 ntcdrdrv - c:\windows\system32\drivers\ntcdrdrv.sys <Not Verified; NoteBurn Software; NoteBurn>
R2 Vcs (Vcs support) - c:\windows\system32\drivers\vcs.sys
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 vvftav - c:\windows\system32\drivers\vvftav.sys <Not Verified; Vimicro Corporation; Filter Prototype>
R3 ZSMC0305 (Vimicro USB PC Camera(ZC0301ZN)) - c:\windows\system32\drivers\usbvm305.sys <Not Verified; Vimicro Corporation; >
S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel® iQVW32.SYS>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 LMS (Intel® Active Management Technology LMS Service) - c:\program files\intel\amt\lms.exe <Not Verified; Intel; Intel® Active Management Technology Local Manageability Service>
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
S4 Adobe LM Service - "c:\program files\common files\adobe systems shared\service\adobelmsvc.exe" (file missing)
S4 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 nlsvc (NetLimiter) - "c:\program files\netlimiter 2 pro\nlsvc.exe" <Not Verified; Locktime Software; NetLimiter 2 Pro>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-07-19 10:11:50 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-07-17 23:00:00 278 --a------ C:\WINDOWS\Tasks\shutdown.job
-- Files created between 2008-06-23 and 2008-07-23 -----------------------------
2008-07-23 04:28:10 0 d-------- C:\Program Files\Trend Micro
2008-07-23 03:25:47 0 d-------- C:\Documents and Settings\MuliY\Application Data\Malwarebytes
2008-07-23 03:25:41 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-07-23 03:25:38 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 17:34:25 0 d-------- C:\Downloads
2008-07-21 16:41:30 0 d-------- C:\Documents and Settings\MuliY\Application Data\SUPERAntiSpyware.com
2008-07-21 16:37:44 0 d-------- C:\WINDOWS\system32\drivers\downld
2008-07-21 15:48:58 0 dr-h----- C:\Documents and Settings\Administrator.MULI\Recent
2008-07-21 14:10:43 68096 --a------ C:\WINDOWS\zip.exe
2008-07-21 14:10:43 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-21 14:10:43 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-21 14:10:43 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-21 14:10:43 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-21 14:10:43 98816 --a------ C:\WINDOWS\sed.exe
2008-07-21 14:10:43 80412 --a------ C:\WINDOWS\grep.exe
2008-07-21 14:10:43 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-21 14:10:40 0 d-------- C:\killmal
2008-07-21 13:41:03 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-07-21 13:40:44 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-21 13:40:43 0 d-------- C:\Documents and Settings\Administrator.MULI\Application Data\SUPERAntiSpyware.com
2008-07-21 08:24:16 0 dr-h----- C:\Documents and Settings\MuliY\Recent
2008-07-20 19:54:13 0 d-------- C:\!KillBox
2008-07-20 17:55:24 0 d-------- C:\Program Files\Western Digital
2008-07-20 17:55:12 0 d-------- C:\Program Files\Common Files\eSellerate
2008-07-20 17:54:36 0 d-------- C:\Program Files\Memeo
2008-07-20 17:54:32 0 d---s---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Memeo
2008-07-20 17:52:48 0 d-------- C:\Program Files\Western Digital Technologies
2008-07-19 10:13:22 0 d-------- C:\Program Files\Safari
2008-07-11 13:37:22 0 d-------- C:\psybnc
2008-07-10 15:33:23 0 d-------- C:\WINDOWS\sClient
2008-07-10 15:33:23 0 d-------- C:\Program Files\sClient
2008-07-08 12:27:39 0 d-------- C:\Program Files\Axis Communications
2008-07-08 11:30:23 0 d-------- C:\Westwood
2008-07-03 05:55:23 0 d-------- C:\Program Files\UltraISO
2008-07-03 05:34:02 0 d-------- C:\Program Files\Alcohol Soft
2008-06-24 13:13:53 0 d-------- C:\Documents and Settings\Administrator.MULI\Application Data\Macromedia
2008-06-24 13:05:49 0 d-------- C:\Documents and Settings\Administrator.MULI\Application Data\Adobe
2008-06-24 13:05:37 0 d---s---- C:\Documents and Settings\Administrator.MULI\UserData
2008-06-24 13:00:19 0 d-------- C:\Documents and Settings\Administrator.MULI\WINDOWS
2008-06-24 04:18:07 0 d-------- C:\Program Files\Crazy Machines II
2008-06-24 04:16:46 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-06-24 04:16:46 0 d-------- C:\Program Files\OpenAL
2008-06-24 04:16:45 110592 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-06-24 04:16:44 0 d-------- C:\WINDOWS\EFC1B35CFFF241D8A70ACE6037F8040B.TMP
2008-06-24 01:48:50 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\pI3demoLicense
2008-06-24 01:48:39 0 d-------- C:\Program Files\particleIllusion 3.0 demo
2008-06-24 01:42:42 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\pISE_lic_file
2008-06-24 01:42:34 0 d-------- C:\Program Files\particleIllusion SE
-- Find3M Report ---------------------------------------------------------------
2008-07-23 04:07:21 0 d-------- C:\Program Files\FlashGet
2008-07-23 03:24:14 0 d-------- C:\Program Files\Lavasoft
2008-07-23 03:23:22 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-23 01:56:00 0 d-------- C:\Program Files\mIRC
2008-07-22 17:47:40 0 d-------- C:\Program Files\studentMashov
2008-07-21 19:11:15 0 d-------- C:\Program Files\Steam
2008-07-21 12:33:30 0 d-------- C:\Program Files\AV VCS 3.0
2008-07-21 08:26:26 0 d-------- C:\Program Files\eMule
2008-07-21 00:41:47 2446 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-20 19:41:12 0 d-------- C:\Program Files\Apple Software Update
2008-07-20 17:55:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-20 17:55:12 0 d-------- C:\Program Files\Common Files
2008-07-20 17:54:35 0 d-------- C:\Documents and Settings\MuliY\Application Data\uTorrent
2008-07-14 10:38:33 0 d-------- C:\Program Files\Winamp
2008-07-07 18:31:22 0 d-------- C:\Documents and Settings\MuliY\Application Data\Hamachi
2008-07-01 05:04:24 0 d-------- C:\Documents and Settings\MuliY\Application Data\BSplayer Pro
2008-06-23 22:01:29 0 d-------- C:\Program Files\Windows Live
2008-06-23 22:01:12 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-23 15:25:26 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-23 10:09:09 0 d-------- C:\Program Files\Enigma Software Group
2008-06-19 13:12:27 32 --a------ C:\WINDOWS\go
2008-06-18 03:24:11 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-15 17:51:21 0 d-------- C:\Program Files\ElastoMania111
2008-06-14 18:29:32 0 d-------- C:\Documents and Settings\MuliY\Application Data\Skype
2008-06-14 18:27:36 0 d-------- C:\Documents and Settings\MuliY\Application Data\skypePM
2008-06-14 13:44:56 0 d-------- C:\Program Files\SpeedFan
2008-06-14 03:33:35 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-14 02:36:39 0 d-------- C:\Documents and Settings\MuliY\Application Data\Adobe
2008-06-14 02:25:38 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-06-11 17:37:07 0 d-------- C:\Program Files\MaxMonk
2008-06-11 13:41:13 0 d-------- C:\Documents and Settings\MuliY\Application Data\Opera
2008-06-08 22:35:33 0 d-------- C:\Program Files\Octoshape Streaming Services
2008-06-08 21:33:49 0 d-------- C:\Documents and Settings\MuliY\Application Data\ICQ
2008-06-07 09:37:32 0 d-------- C:\Program Files\DivX
2008-06-07 09:35:28 0 d-------- C:\Documents and Settings\MuliY\Application Data\Media Player Classic
2008-06-05 19:04:19 0 d-------- C:\Program Files\Fx Joiner and Splitter
2008-06-05 12:53:06 0 d-------- C:\Program Files\WMV9_VCM
2008-06-04 19:58:08 0 d-------- C:\Program Files\softnyx
2008-06-03 03:32:52 0 d-------- C:\Program Files\Messenger Plus! Live
2008-06-03 03:30:46 0 d-------- C:\Program Files\MSN Messenger
2008-06-03 02:56:04 0 d-------- C:\Program Files\CCleaner
2008-06-02 21:23:33 0 d-------- C:\Program Files\DNA
2008-06-02 20:08:55 0 d-------- C:\Program Files\videofixer
2008-06-02 20:01:20 0 d-------- C:\Program Files\MULEz SCRIPT V6.01
2008-06-02 19:19:35 0 d-------- C:\Program Files\Alwil Software
2008-06-02 17:33:37 0 d-------- C:\Program Files\XP Codec Pack
2008-06-02 14:48:58 0 d-------- C:\Program Files\MSBuild
2008-06-02 14:48:48 0 d-------- C:\Program Files\Reference Assemblies
2008-05-31 01:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-31 01:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-28 01:34:27 0 d-------- C:\Program Files\MSXML 6.0
2008-05-26 22:07:09 0 d-------- C:\Program Files\GameSpy Arcade
2008-05-23 00:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-23 00:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-23 00:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-23 00:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038D8E56-103C-473B-BA5D-5F54D4432491}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
2008-03-29 13:23 1470488 --a------ C:\Program Files\The_Pirate_Bay\tbThe1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A436C8C3-3D99-4F58-AB80-C11FC9882BBC}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF37C719-D60B-4EAF-8A6A-BEC7C45A7E78}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC09BE63-96B8-4165-90CB-0EA0992C2BE9}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A33FA729-D155-4B23-842B-2C665ECABDB6}"= C:\Program Files\The_Pirate_Bay\tbThe1.dll [2008-03-29 13:23 1470488]
[-HKEY_CLASSES_ROOT\CLSID\{A33FA729-D155-4B23-842B-2C665ECABDB6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2008-01-10 11:11]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2006-04-04 05:05]
"nwiz"="nwiz.exe" [2008-05-02 22:46 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2007-04-09 02:47]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2006-04-04 05:05]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-01-10 11:05]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 00:47]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-11-07 15:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"EnableLUA"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyy]
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MuliY^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
path=C:\Documents and Settings\MuliY\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
backup=C:\WINDOWS\pss\Memeo AutoBackup Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MuliY^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=C:\Documents and Settings\MuliY\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=C:\WINDOWS\pss\Memeo AutoSync Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]
C:\WINDOWS\system32\drivers\hldrrr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emMON]
emMON.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
C:\WINDOWS\TBPanel.exe /A
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\Program Files\LClock\LClock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\awtqo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"aawservice"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"usnjsvc"=3 (0x3)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"NBService"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"mnmsrvc"=3 (0x3)
"CiSvc"=3 (0x3)
"nlsvc"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\bootcd\wintools\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7763fd82-fa36-11db-8df2-001676c1f526}]
AutoRun\command- J:\nideiect.com
explore\Command- J:\nideiect.com
open\Command- J:\nideiect.com
*Newly Created Service* - FSBL-STANDALONE
*Newly Created Service* - MBAMSWISSARMY
-- Hosts -----------------------------------------------------------------------
127.0.0.1 007guard.com
127.0.0.1 http://www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 http://www.008k.com
127.0.0.1 00hq.com
127.0.0.1 http://www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 http://www.032439.com
12788 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-07-23 04:29:30 ------------
and the extras from DSS scan:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Core™2 CPU 6400 @ 2.13GHz
CPU 1: Intel® Core™2 CPU 6400 @ 2.13GHz
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 1005.86 MiB / 256.34 MiB
Pagefile Memory (total/avail): 2446.99 MiB / 1562.77 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.15 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 116.22 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)
H: is CDROM (Unformatted)
J: is Removable (FAT32)
\\.\PHYSICALDRIVE0 - WDC WD2500JS-22NCB1 - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:
\\.\PHYSICALDRIVE1 - Apple iPod USB Device - 27.95 GiB - 1 partition
\PARTITION0 - Unknown - 27.87 GiB - J:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.
FirewallOverride is set.
AV: avast! antivirus 4.8.1227 [VPS 080722-1] v4.8.1227 (ALWIL Software)
AV: Symantec AntiVirus Corporate Edition v10.0.1.1000 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\MuliY\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MULI
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\MuliY
LOGONSERVER=\\MULI
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MuliY\LOCALS~1\Temp
TMP=C:\DOCUME~1\MuliY\LOCALS~1\Temp
USERDOMAIN=MULI
USERNAME=MuliY
USERPROFILE=C:\Documents and Settings\MuliY
WINBOOTDIR=C:\WINDOWS
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
MuliY (admin)
Administrator.MULI (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
3GP Video Converter 3 --> C:\Program Files\ImTOO\3GP Video Converter 3\Uninstall.exe
A4Tech iKeyWorks 7.72 --> C:\Program Files\A4Tech\Keyboard\Uninst32.exe
Acoustic Labs Audio Editor (Demo) --> C:\Program Files\Acoustic Labs Audio Editor (Demo)\uninst.exe
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AlienGUIse Theme Manager --> C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
All Media Fixer 8.8 --> "C:\Program Files\All Media Fixer\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Audiosurf Demo --> "C:\program files\steam\steam.exe" steam://uninstall/12910
AV Voice Changer Software 3.0 --> C:\PROGRA~1\AVVCS3~1.0\UNWISE.EXE C:\PROGRA~1\AVVCS3~1.0\INSTALL.LOG
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
AXIS Media Control Embedded --> rundll32 "C:\Program Files\Axis Communications\AXIS Media Control Embedded\AxisMediaControlEmb.dll",UninstallMe
Badongo --> MsiExec.exe /X{9985ABB2-14F3-4825-B5AF-0EFB23F715CB}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BSPlayer --> "C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
C.D.O - Cheating Defence Organization 1.015 --> "C:\Program Files\CDOrg\unins000.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cheat-Defender --> \UNWISE.EXE
Command & Conquer Generals --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command and ConquerTM Generals Zero Hour --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Continuum --> "C:\games\Continuum\unins001.exe"
Continuum 0.40 --> "C:\games\Continuum\unins000.exe"
CursorXP --> C:\Program Files\CursorXP\CurXPUtil.exe -u
Decal Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BB207D6-0E1E-11D5-9B6A-00C04F7EC248}\Setup.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drift City --> "C:\games\DriftCity\uninstall.exe"
EAX4 Unified Redist --> MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
Elasto Mania --> C:\PROGRA~1\ELASTO~1\UNWISE.EXE C:\PROGRA~1\ELASTO~1\INSTALL.LOG
eMule --> "C:\Program Files\eMule\Uninstall.exe"
EvilLyrics --> "C:\Program Files\EvilLyrics\uninst.exe"
EXPERTool --> RunDll32 Setupapi.dll,InstallHinfSection TB.Remove 4 TBNT4.inf
FlashFXP v3 --> "C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
FlashGet 1.9.0.1012 --> C:\Program Files\FlashGet\uninst.exe
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
GameGuard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9280CD93-B2D6-4D02-B53B-8FC5CF3B6D78}\Setup.exe" -l0x9
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GTA2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}\Setup.exe" -l0x9
GTA2 Game Hunter --> C:\Program Files\GTA2 Game Hunter\uninst.exe
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
Hide IP Platinum 3.42 --> "C:\Program Files\Hide IP Platinum\unins000.exe"
HijackThis 2.0.2 --> "C:\PROGRA~1\TRENDM~1\HIJACK~1\HijackThis.exe" /uninstall
HLTooLz --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\HLTooLz\ST6UNST.LOG"
ICQ6 --> "C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji Auto Installer --> "C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel Audio Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AC7761F-7B49-482A-9BA1-E223D32D2B64}\setup.exe" -l0x9
Intel Audio Studio 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}\setup.exe" -l0x9
Intel® Active Management Technology LMS Service and SOL Driver --> C:\WINDOWS\system32\mesoludlg.exe -uninstall
Intel® Management Engine Interface --> C:\WINDOWS\system32\heciudlg.exe -uninstall
Intel® PRO Network Connections --> MsiExec.exe /I{111A3D14-7596-43B0-92BA-418435C90672}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MaxMonkey --> "C:\Program Files\MaxMonk\unins000.exe"
Memeo AutoBackup --> C:\Program Files\InstallShield Installation Information\{39A908FD-7322-41AE-B374-C7A076B2FC97}\setup.exe -runfromtemp -l0x0409
Memeo AutoSync --> C:\Program Files\InstallShield Installation Information\{FD29EB58-CF8D-4BE9-9AE8-8EE4FEF6D2E0}\setup.exe -runfromtemp -l0x0409
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{2F750C77-1FEC-44F9-88CC-2CE322EBD61E}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040D-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
MIKSOFT Mobile AMR converter --> "C:\Program Files\MIKSOFT\Mobile AMR converter\unins000.exe"
Mirage Driver 1.1 --> "C:\Program Files\DemoForge\Mirage Driver\uninst\unins000.exe"
mIRC --> "C:\Documents and Settings\MuliY\Desktop\Utilities\Gatherbot\Mirc.exe" -uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MULEz SCRIPT V6.01 --> C:\WINDOWS\unvise32.exe C:\Program Files\MULEz SCRIPT V6.01\uninstal.log
Need for Speed™ Most Wanted --> C:\games\Need for Speed Most Wanted\EAUninstall.exe
Nero 7 Ultra Edition --> MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31033}
NetLimiter 2 Pro (remove only) --> "C:\Program Files\NetLimiter 2 Pro\nl2uninst.exe"
No-IP.com DUC (remove only) --> "C:\Program Files\No-IP\DUC20.exe" -uninstall
NoteBurner 2.11 --> "C:\Program Files\NoteBurner\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U
particleIllusion 3.0.3 demo --> "C:\Program Files\particleIllusion 3.0 demo\uninstall\unins000.exe"
PC Wizard 2008.1.84 --> "C:\Program Files\PC Wizard 2008\unins000.exe"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Protected Music Converter 1.0.0.8 --> "C:\Program Files\Protected Music Converter\unins000.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Roll --> C:\WINDOWS\UniFish3.exe C:\games\RollerCoaster Tycoon\RollerCoaster Tycoon.log
RollerCoaster Tycoon 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x9
Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
sClient --> "C:\WINDOWS\sClient\uninstall.exe" "/U:C:\Program Files\sClient\Uninstall\uninstall.xml"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SHOUTcast DNAS (remove only) --> "C:\Program Files\SHOUTcast\uninst-dnas.exe"
SHOUTcast Source DSP 1.9.0 (remove only) --> C:\Program Files\Winamp\uninst-dsp.exe
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SnapShooter v1.0 --> "C:\WINDOWS\unins000.exe"
Sony Media Manager 2.2 --> MsiExec.exe /X{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}
Sony Sound Forge 8.0b --> MsiExec.exe /X{48EB9208-593D-4DC7-B613-9C5A210D87BA}
Sony Vegas 7.0 --> MsiExec.exe /X{251C3815-7A55-4607-A82D-C3B98F0FBAB8}
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins001.exe"
SUPERAntiSpyware Professional --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Incredible Machine: Even More Contraptions --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF7A031F-96C8-404C-99C9-96C675D6099F}\Setup.exe"
The Pirate Bay Toolbar --> C:\PROGRA~1\THE_PI~1\UNWISE.EXE C:\PROGRA~1\THE_PI~1\INSTALL.LOG
thriXXX 3DSexVilla-033.001 --> "C:\Program Files\thriXXX\3D SexVilla\Binaries\Uninstall-3DSexVilla-033.001.exe"
thriXXX WebLaunch --> C:\Program Files\thriXXX\WebLaunch\WebLaunchUninstall.exe
UnHackMe 4.6 beta --> "C:\Program Files\UnHackMe\unins000.exe"
Unreal Tournament 3 --> MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
Uplink --> C:\WINDOWS\IsUninst.exe -fC:\games\Uplink\Uninst.isu
USB PC Camera (SN9C103) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}\Setup.exe" -l0x9
USB PC Camera VC305 --> rm305.exe rm305.ini
USB Video/Audio Device Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}\Setup.exe"
USB2.0 Video/TV Capture 3.1 --> "C:\WINDOWS\Crescentec\uninstall.exe"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Video Fixer 3.21 --> "C:\Program Files\videofixer\unins001.exe"
Video Fixer 3.23 --> "C:\Program Files\videofixer\unins000.exe"
Videora iPod Converter 3.05 --> C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Vimicro USB PC Camera(ZC0301ZN) --> C:\Program Files\InstallShield Installation Information\{4F8EF2C1-6409-42B0-8876-9E5D40ECCF00}\setup.exe -runfromtemp -l0x0009 -removeonly
Virtual DJ - Atomix Productions --> C:\PROGRA~1\VDJ\UNWISE.EXE C:\PROGRA~1\VDJ\INSTALL.LOG
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Ident Server --> MsiExec.exe /I{5D6DEA1E-4D67-42AE-86C2-2FF5F767FA1A}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{5DA5A65C-8612-47B4-B146-4B958A87A6E5}
Windows Live Messenger --> MsiExec.exe /X{F1E17FB0-12BC-45D0-ABA3-287F2A1E3A1E}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WWWinamp (remove only) --> "C:\Program Files\WWWinamp\uninst.exe"
XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe
מסייע ×â€×›× יס׆של Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
×â€×¤×•×š על ×â€×¤×•×š --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\×â€×¤×•×š על ×â€×¤×•×š\ST6UNST.LOG"
-- Application Event Log -------------------------------------------------------
Event Record #/Type230 / Warning
Event Submitted/Written: 07/23/2008 03:52:39 AM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.
Event Record #/Type229 / Warning
Event Submitted/Written: 07/23/2008 03:52:39 AM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80070424.
Event Record #/Type225 / Warning
Event Submitted/Written: 07/23/2008 03:37:47 AM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.
Event Record #/Type224 / Warning
Event Submitted/Written: 07/23/2008 03:37:47 AM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80070424.
Event Record #/Type216 / Error
Event Submitted/Written: 07/23/2008 03:10:29 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application f-bagle.exe, version 1.0.14.0, faulting module f-bagle.exe, version 1.0.14.0, fault address 0x000013fc.
Processing media-specific event for [f-bagle.exe!ws!]
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type1554 / Error
Event Submitted/Written: 07/23/2008 04:26:28 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service IISADMIN with arguments ""
in order to run the server:
{A9E69610-B80D-11D0-B9B9-00A0C922E750}
Event Record #/Type1541 / Error
Event Submitted/Written: 07/23/2008 03:24:11 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service IISADMIN with arguments ""
in order to run the server:
{A9E69610-B80D-11D0-B9B9-00A0C922E750}
Event Record #/Type1535 / Warning
Event Submitted/Written: 07/22/2008 11:42:14 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type1534 / Error
Event Submitted/Written: 07/22/2008 09:51:52 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
Event Record #/Type1533 / Error
Event Submitted/Written: 07/22/2008 09:51:42 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
-- End of Deckard's System Scanner: finished at 2008-07-23 04:29:30 ------------
KASPERSKY LOG:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, July 23, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, July 23, 2008 00:58:55
Records in database: 999278
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\
J:\
Scan statistics:
Files scanned: 123310
Threat name: 1
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 00:07:17
File name / Threat name / Threats count
C:\Documents and Settings\Administrator.MULI\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Administrator.MULI\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Administrator.MULI\Desktop\ViruSupport\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Administrator.MULI\Desktop\ViruSupport\SmitfraudFix\SmitfraudFix.zip Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Administrator.MULI\Desktop\ViruSupport\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
The selected area was scanned.
