Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
MalwareByte's Anti-Malware Download

> Forum Guidelines

Read this topic before posting a log.


DO NOT post a ComboFix log unless requested to.


Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages V  < 1 2  
Reply to this topicStart new topic
> Htepo.com Has Grabbed My Computer!
rvbeaumont
post Dec 3 2007, 01:41 AM
Post #16


Member
**

Group: Members
Posts: 41
Joined: 15-November 07
From: key west
Member No.: 169,947
Deckard's System Scanner v20071014.68
Run by HP_Owner on 2007-12-03 01:37:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
25: 2007-12-03 06:37:25 UTC - RP205 - Deckard's System Scanner Restore Point
24: 2007-12-03 06:22:13 UTC - RP204 - ComboFix created restore point
23: 2007-12-03 01:33:11 UTC - RP203 - ComboFix created restore point
22: 2007-12-02 19:27:14 UTC - RP202 - System Checkpoint
21: 2007-12-01 07:57:07 UTC - RP201 - Ad-Aware Restore Point 2007-12-01 02:56:58


-- First Restore Point --
1: 2007-11-29 16:34:30 UTC - RP181 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:55 AM, on 12/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe
C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\AT&T\Internet Security Wizard\ISWComHandler.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.manhunt.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.manhunt.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.dotphoto.com/ImageUploader4.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - http://pbells.broadjump.com/wizlet/Standar...aller_4-2-0.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 11968 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 catchme - c:\docume~1\hp_owner\locals~1\temp\catchme.sys (file missing)

S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 PcdrNdisuio (PCDRNDISUIO Usermode I/O Protocol) - c:\windows\system32\drivers\pcdrndisuio.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe

S2 Viewpoint Manager Service -


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\4F36BB11D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\4F36BB11D800
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2007-12-03 01:37:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-12-03 01:15:58 454 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2007-12-03 01:15:58 444 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2007-12-01 03:01:15 368 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
2007-11-29 08:57:00 270 --a------ C:\WINDOWS\Tasks\Find Duplicate Files.job
2007-11-29 03:00:44 378 --a------ C:\WINDOWS\Tasks\RegCure.job
2007-11-28 17:15:06 1010 --ah----- C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
2007-11-23 23:55:00 266 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job
2007-05-27 19:35:29 998 --ah----- C:\WINDOWS\Tasks\HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
2007-05-22 21:40:25 1010 --ah----- C:\WINDOWS\Tasks\HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job


-- Files created between 2007-11-03 and 2007-12-03 -----------------------------

2007-12-01 16:44:27 468 --a----c- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2007-12-01 02:12:04 0 d-------- C:\Program Files\Lavasoft
2007-12-01 02:12:04 0 d------c- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-30 18:19:53 0 d-------- C:\WINDOWS\SDFIX
2007-11-27 03:57:32 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-27 03:03:24 0 d------c- C:\Documents and Settings\All Users\Application Data\{FAE72283-E912-4CA0-A263-E07183A4AF20}
2007-11-27 03:03:00 0 d------c- C:\Documents and Settings\All Users\Application Data\{EF257B1A-26EA-4A90-9BCC-54CA818488E8}
2007-11-27 01:51:37 0 d-------- C:\Program Files\iTunes
2007-11-23 02:50:01 0 d-------- C:\Program Files\Microsoft Games
2007-11-22 23:41:08 0 d-------- C:\Documents and Settings\NetworkService\Start Menu
2007-11-21 19:41:13 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\iWin
2007-11-21 16:42:16 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2007-11-21 16:30:37 0 d-------- C:\Program Files\LimeWire
2007-11-19 16:44:52 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\ArcSoft
2007-11-19 16:42:27 230432 --a----c- C:\PA7311.DAT
2007-11-19 16:39:56 0 d-------- C:\Program Files\VGA USB Camera
2007-11-19 15:39:56 0 d-------- C:\WINDOWS\PixArt
2007-11-19 15:11:55 0 d-------- C:\Program Files\Common Files\ArcSoft
2007-11-19 15:11:53 11776 --a------ C:\WINDOWS\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
2007-11-19 15:11:30 212480 --a------ C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2007-11-19 15:11:27 0 d-------- C:\Program Files\ArcSoft
2007-11-15 15:32:39 0 d-------- C:\Program Files\RegCure
2007-11-15 14:06:13 0 d-------- C:\Program Files\XoftSpySE
2007-11-14 02:13:41 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2007-11-13 12:55:38 6291456 --a------ C:\Documents and Settings\HP_Owner\ntuser.dat
2007-11-13 05:01:38 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Roxio
2007-11-13 02:24:51 0 d-------- C:\Program Files\WinMX Fix v.3.0
2007-11-13 02:24:07 0 d-------- C:\Program Files\iPod
2007-11-13 02:23:53 0 d-------- C:\Program Files\InterVideo
2007-11-13 02:23:53 0 d------c- C:\Documents and Settings\All Users\Application Data\Roxio
2007-11-13 02:23:46 0 d-------- C:\WINDOWS\system32\QuickTime
2007-11-13 02:22:44 0 d-------- C:\audio
2007-11-13 02:22:44 0 d-------- C:\audacity_1_2_temp
2007-11-13 02:22:18 0 d------c- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-13 02:05:23 0 d------c- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion(2)
2007-11-09 15:46:10 1387 --a----c- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-11-08 23:11:33 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-07 15:42:12 0 d-------- C:\WINDOWS\system32\AGEIA
2007-11-07 00:03:01 0 d------c- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-11-06 01:20:19 0 d-------- C:\Program Files\MSXML 6.0
2007-11-04 20:08:47 0 d------c- C:\6c7bce0b76c5c3ff959c14e3fe
2007-11-04 13:33:32 0 d------c- C:\c6616f9bfd906f1ad04bbed7e3dd4f
2007-11-04 13:30:53 0 d------c- C:\Documents and Settings\All Users\Application Data\Sonic
2007-11-04 13:30:39 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-11-04 01:28:43 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Sierra Entertainment
2007-11-03 17:00:28 0 d------c- C:\WINDOWS\system32\DRVSTORE


-- Find3M Report ---------------------------------------------------------------

2007-12-02 20:50:51 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000004-20051102}.dat
2007-12-02 20:50:51 384 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000004-20051102}.dat
2007-12-01 02:11:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-29 19:40:54 0 d-------- C:\Program Files\Real
2007-11-29 03:32:27 0 d-------- C:\Program Files\MSN Gaming Zone
2007-11-29 03:01:19 0 d-------- C:\Program Files\Common Files
2007-11-27 04:02:48 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Real
2007-11-27 03:56:39 0 d-------- C:\Program Files\Common Files\Real
2007-11-27 03:03:46 0 d-------- C:\Program Files\Stamps.com Internet Postage
2007-11-26 20:20:27 4 --a------ C:\WINDOWS\system32\E930B5
2007-11-26 03:14:25 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\IGN_DLM
2007-11-21 12:49:56 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\AT&T
2007-11-21 03:40:23 0 dr-h----- C:\Documents and Settings\HP_Owner\Application Data\yahoo!
2007-11-21 03:40:23 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Viewpoint
2007-11-21 03:40:08 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\My Battle for Middle-earth Files
2007-11-21 03:40:08 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Move Networks
2007-11-21 03:40:06 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Google
2007-11-21 03:40:06 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Audacity
2007-11-21 03:40:05 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Adobe
2007-11-21 01:59:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-20 02:21:39 0 d-------- C:\Program Files\Common Files\AOL
2007-11-19 17:23:21 0 d-------- C:\Program Files\Common Files\Logitech
2007-11-19 13:44:48 0 d-------- C:\Program Files\Google
2007-11-19 12:42:57 0 d-------- C:\Program Files\Yahoo!
2007-11-19 12:42:14 0 d-------- C:\Program Files\QuickTime
2007-11-19 12:42:09 0 d-------- C:\Program Files\Online Backup
2007-11-19 12:42:02 0 d-------- C:\Program Files\MSN Toolbar Suite
2007-11-19 12:42:01 0 d-------- C:\Program Files\MSN Messenger
2007-11-19 12:41:56 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-11-19 12:41:54 0 d-------- C:\Program Files\Java
2007-11-19 12:41:43 0 d-------- C:\Program Files\ICOO Loader
2007-11-19 12:41:43 0 d-------- C:\Program Files\HPQ
2007-11-19 12:41:26 0 d-------- C:\Program Files\GameSpy Arcade
2007-11-19 12:40:57 0 d-------- C:\Program Files\Common Files\aolshare
2007-11-19 12:40:18 0 d-------- C:\Program Files\America Online 9.0i
2007-11-17 14:13:14 0 d-------- C:\Program Files\Common Files\Motive
2007-11-15 17:05:43 0 d-------- C:\Program Files\Advanced System Optimizer
2007-11-15 16:55:17 0 d-------- C:\Program Files\Trend Micro
2007-11-13 17:35:31 0 d-------- C:\Program Files\Hewlett-Packard
2007-11-10 13:52:37 0 d-------- C:\Program Files\InterActual
2007-11-08 18:16:27 0 d-------- C:\Program Files\coolpro2
2007-11-04 13:29:40 0 d-------- C:\Program Files\Sonic
2007-10-30 01:53:17 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Super-Cow
2007-10-25 02:25:24 0 d-------- C:\Program Files\MSECache
2007-10-25 02:05:27 0 d-------- C:\Program Files\Download Manager
2007-10-24 01:44:47 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\QQ Games Plugin
2007-10-22 17:54:20 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2007-10-20 17:35:59 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\muvee Technologies
2007-10-20 12:52:27 0 d-------- C:\Program Files\Common Files\muvee Technologies
2007-10-20 12:11:26 300 --a----c- C:\AUTOEXEC.BAT
2007-10-19 19:11:35 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Nero
2007-10-19 19:03:10 0 d-------- C:\Program Files\Common Files\Nero
2007-10-19 19:01:08 0 d-------- C:\Program Files\Nero
2007-10-19 15:13:12 0 d-------- C:\Program Files\AusLogics Disk Defrag
2007-10-19 14:47:17 0 d-------- C:\Program Files\Common Files\Ahead
2007-10-19 12:47:41 0 d-------- C:\Program Files\PConPoint
2007-10-19 12:07:56 0 d-------- C:\Program Files\Easy Internet signup
2007-10-19 10:52:38 0 d-------- C:\Program Files\IncrediMail
2007-10-19 10:23:04 0 d-------- C:\Program Files\AOL Companion
2007-10-19 00:41:02 0 d-------- C:\Program Files\Audacity
2007-10-19 00:20:48 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-19 00:19:36 110008 --a------ C:\WINDOWS\hpoins08.dat
2007-10-19 00:19:07 0 d-------- C:\Program Files\BellSouth Application Management
2007-10-19 00:18:57 0 d-------- C:\Program Files\AOL Computer Check-Up
2007-10-19 00:18:53 0 d-------- C:\Program Files\America Online 9.0f
2007-10-19 00:18:53 0 d-------- C:\Program Files\America Online 9.0e
2007-10-19 00:18:53 0 d-------- C:\Program Files\America Online 9.0b
2007-10-19 00:18:52 0 d-------- C:\Program Files\America Online 9.0
2007-10-19 00:06:05 3218 --a------ C:\WINDOWS\mozver.dat
2007-10-18 23:40:31 0 d-------- C:\Program Files\HP
2007-10-18 23:40:12 0 d-------- C:\Program Files\Learn2.com
2007-10-18 23:36:13 117716 --a------ C:\WINDOWS\hpoins11.dat
2007-10-18 23:35:21 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2007-10-18 23:34:43 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2007-10-18 23:30:08 0 d-a------ C:\Program Files\Common Files\LightScribe
2007-10-18 23:16:16 0 d-------- C:\Program Files\Windows NT
2007-10-18 23:16:12 0 d-------- C:\Program Files\Movie Maker
2007-10-18 23:16:11 0 d-------- C:\Program Files\Messenger
2007-10-18 22:44:31 0 d-------- C:\Program Files\Webshots
2007-10-18 21:54:34 0 d-------- C:\Program Files\Rhapsody
2007-10-18 21:21:41 0 d-------- C:\Program Files\Common Files\Scanner
2007-10-18 21:16:32 0 d-------- C:\Program Files\Common Files\Authentium
2007-10-18 21:16:17 0 d-------- C:\Program Files\Raxco
2007-10-18 21:15:27 0 d-------- C:\Program Files\AT&T
2007-10-18 21:15:10 0 d-------- C:\Program Files\CA
2007-10-18 21:13:23 0 d-------- C:\Program Files\BellSouth
2007-10-18 21:10:44 132675 --a------ C:\Program Files\INSTALL.LOG
2007-10-18 19:17:33 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\BellSouth
2007-10-18 19:08:20 0 d-------- C:\Program Files\Common Files\SupportSoft
2007-10-18 18:50:49 4 --a----c- C:\WINDOWSRegDefrag.dat
2007-10-17 16:39:52 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\URSoft
2007-10-17 13:12:19 0 d-------- C:\Program Files\DFX
2007-10-17 03:42:08 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-10-17 03:41:23 0 d-------- C:\Program Files\Multimedia Transcoding Tool
2007-10-17 03:40:56 0 d-------- C:\Program Files\AOL 9.0a
2007-10-17 03:37:48 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\AOL
2007-10-11 14:08:06 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2007-10-10 11:50:02 0 d-------- C:\Program Files\ACNielsen
2007-10-06 12:11:52 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-06 03:43:54 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\WeatherBug
2007-09-20 20:00:12 636 --a------ C:\WINDOWS\eReg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [01/05/2005 01:54 AM C:\WINDOWS\system32\SiSPower.dll]
"CTHelper"="CTHELPER.EXE" [11/14/2003 03:18 AM C:\WINDOWS\system32\CTHELPER.EXE]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [06/18/2003 10:00 AM]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [05/03/2007 12:12 PM]
"AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [06/28/2007 03:09 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe" [04/12/2007 04:23 PM]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [08/30/2004 01:04 PM]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [07/07/2006 06:14 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/26/2005 12:34 AM]
"HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [10/22/2007 10:27 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/27/2007 03:53 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [11/16/2006 01:55 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [10/09/2007 11:02 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:00 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/01/2007 05:11 PM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [10/18/2007 10:05 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [10/02/2003 11:06 PM]
"MtdAcq"="C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [10/17/2002 03:13 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"=MIDIDEF.EXE

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [9/15/2005 10:44:01 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"c:\progra~1\common~1\instal~1\update~1\issch.exe" -start




-- End of Deckard's System Scanner: finished at 2007-12-03 01:39:37 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron™ Processor 3000+
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 895.48 MiB / 488.97 MiB
Pagefile Memory (total/avail): 2168.47 MiB / 1861.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.38 MiB

C: is Fixed (NTFS) - 66.49 GiB total, 22.73 GiB free.
D: is Fixed (FAT32) - 8.02 GiB total, 1.94 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST380013AS - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 8.03 GiB - D:
\PARTITION1 (bootable) - Installable File System - 66.49 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: AT&T Internet Security Suite AT&T Firewall v6.0.1 (Bellsouth)
AV: AT&T Internet Security Suite AT&T Anti-Virus v6.0.1 (Bellsouth)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DRAGMAFIA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
LOGONSERVER=\\DRAGMAFIA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\;C:\Program Files\CA\PPRT\bin;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
USERDOMAIN=DRAGMAFIA
USERNAME=HP_Owner
USERPROFILE=C:\Documents and Settings\HP_Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HP_Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {51EF423B-DEAD-4102-A330-2B4260FD6579}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services --> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOL Spyware Protection --> C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB2A3A6-6789-4260-9966-517498589AB5}\setup.exe" -l0x9
ArcSoft VideoImpression 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{244E21B9-164C-4EC1-AED8-9BD64161E66D}\setup.exe" -l0x9
AT&T Internet Security Suite --> C:\Program Files\InstallShield Installation Information\{D7DF917E-C963-42B4-AD48-837ACA6D8859}\setup.exe -runfromtemp -l0x0009 -removeonly
AT&T Internet Security Wizard 1.5.11 --> "C:\Program Files\AT&T\Internet Security Wizard\unins000.exe"
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe"
Authentium AntiVirus SDK - 2 --> MsiExec.exe /I{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}
BellSouth Application Management --> C:\WINDOWS\Motive\BellSouth\UninstallAppManagement.exe
Cool Edit Pro 2.1 --> C:\Program Files\coolpro2\cep2unin.exe
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\Setup.exe" -l0x9 /remove
Download Manager 2.3.6 --> C:\Program Files\Download Manager\uninst.exe
FastAccess® DSL Help Center 4.1 --> "C:\Program Files\Bellsouth\HelpCenter40b\unins000.exe"
FTDI USB Serial Converter Drivers --> C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Homescan Internet Transporter --> C:\Program Files\InstallShield Installation Information\{92BF38A8-5616-4209-87A3-D910B45A1D98}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Boot Optimizer --> MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Driver Diagnostics --> MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
HP Extended Capabilities 6.1 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.8.6 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.8.6 --> C:\Program Files\HP\Digital Imaging\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Imaging Device Functions 6.1 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP PSC & OfficeJet 6.1.A --> "C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Solution Center and Imaging Support Tools 6.1 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{25F6C900-C138-4888-A56C-91D3D063023A}
HPIZplus450 --> MsiExec.exe /X{0E484A60-A429-49A8-982C-D6475F1E80A9}
IncrediMail Xe --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire PRO 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Age of Empires Gold --> "C:\Program Files\Microsoft Games\Age of Empires\UNINSTAL.EXE" /runtemp
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.10) --> c:\progra~1\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
muvee autoProducer 6.1 --> C:\Program Files\InstallShield Installation Information\{7B312BFD-6C04-4409-AB6F-DD41CCD67463}\setup.exe -runfromtemp -l0x0009 -removeonly
muvee coolStyles 1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92518780-C904-409C-B674-528822FEA6E2}\Setup.exe" -l0x9
muvee coolStyles 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AFB057E3-03AF-420D-9E85-F846739CE211}\Setup.exe" -l0x9
muvee corePack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B0BD0D6-D7D1-4D49-9815-5A85081ECC45}\Setup.exe" -l0x9
muvee Hi-Octane stylePack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB320D1D-16E2-45AE-AE48-7952D3E9542C}\Setup.exe" -l0x9
Nero 8 --> MsiExec.exe /X{90AABED0-25A8-41FC-B738-224889E31033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PC-Doctor for Windows --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{19C989C4-50AE-43A4-B06E-8C70FFFF852F} /l1033
PConPoint v4.1 --> "C:\Program Files\PConPoint\unins000.exe"
PerfectDisk --> MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
Photosmart 320,370,7400,8100,8400 Series --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PPSDKRedistributables --> MsiExec.exe /I{C869F4FF-E5FF-4FBB-9A31-33C23605E170}
Pure Networks Port Magic --> C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Radialpoint Security Services --> MsiExec.exe /X{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\INSTALL.LOG
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RPS Ad Blocker --> MsiExec.exe /I{BAF99E78-879B-4811-BFEF-3CC7057BC00D}
RPS AntiFraud --> MsiExec.exe /I{537654FC-556A-4992-BF3D-ADC05E7009DC}
RPS AntiSpyware --> MsiExec.exe /I{99E6E9E1-BBCD-4294-93C6-08537A9E92CB}
RPS AntiVirus --> MsiExec.exe /I{E85A45C2-290F-4C4A-9363-B6399EE648A9}
RPS App Detector --> MsiExec.exe /I{2F4BFC9D-17D7-447A-AEA2-467892D876B3}
RPS AsRealtime --> MsiExec.exe /I{1E164156-3FA1-4389-9B0B-28E88B879639}
RPS Backup --> MsiExec.exe /I{904847DA-FBC0-4726-BE73-830FCB9D4E8A}
RPS Burn --> MsiExec.exe /I{7D11FED9-4214-40A6-A6CA-3CFBAC20DA36}
RPS Diagnostic Utility --> MsiExec.exe /I{0345520E-2A04-4A36-BC31-353AE87A6092}
RPS Firewall --> MsiExec.exe /I{0818687F-F41F-496D-9D6D-DB98F147FC62}
RPS ParentalControl --> MsiExec.exe /I{E5E7B0D0-20E1-4B1A-B8C9-B9E2B93DE1DE}
RPS Performance Tool --> MsiExec.exe /I{3DE72179-FEF4-4846-BF82-62CBFC61F8D7}
RPS PopupBlocker --> MsiExec.exe /I{310F26F3-C769-48E5-BD0D-53D4366C34CD}
RPS Privacy Manager --> MsiExec.exe /I{AC82BF06-223B-42AA-A89F-2D3BCD247366}
RPS RpsCore --> MsiExec.exe /I{295F5142-A223-4164-9A6D-6683C08409FC}
RPS Security Cleanup --> MsiExec.exe /I{58A2663B-56DC-488F-8E29-D44C6DE053B5}
RPS Zip --> MsiExec.exe /I{4AA73DA8-8D69-44ED-B5D7-CB815C81F83E}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem1.inf
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD-VR --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{897CA0D9-948F-4E5B-A20E-535E1060D3E6} /l1033
Sonic MyDVD Deluxe --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sound Blaster Audigy 2 ZS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9FC3677-D5CD-4169-B78A-297D541EEB36}\Setup.exe" -l0x9
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stamps.com --> "C:\Documents and Settings\All Users\Application Data\{EF257B1A-26EA-4A90-9BCC-54CA818488E8}\stamps.exe" REMOVE=TRUE MODIFY=FALSE
Stamps.com support for Corel WordPerfect 8 --> "C:\Documents and Settings\All Users\Application Data\{FAE72283-E912-4CA0-A263-E07183A4AF20}\CWP8PIMstmp.exe" REMOVE=TRUE MODIFY=FALSE
Updates from HP --> C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VGA USB Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1DDF840B-A50A-491E-BF44-6D6964C451A8}\Setup.exe" -l0x9
Webshots Desktop --> "C:\Program Files\Webshots\unins000.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
XoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2433 / Error
Event Submitted/Written: 12/01/2007 03:28:44 AM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 191283752.

Event Record #/Type2432 / Error
Event Submitted/Written: 12/01/2007 03:28:15 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application RNArcade.exe, version 1.2.0.1256, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2409 / Error
Event Submitted/Written: 11/30/2007 06:02:17 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.5.0.9, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2373 / Warning
Event Submitted/Written: 11/30/2007 05:01:21 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type2370 / Error
Event Submitted/Written: 11/29/2007 07:11:37 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 90544754.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type15081 / Error
Event Submitted/Written: 12/03/2007 01:15:49 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Viewpoint Manager Service service failed to start due to the following error:
%%3

Event Record #/Type15067 / Error
Event Submitted/Written: 12/02/2007 08:42:00 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Viewpoint Manager Service service failed to start due to the following error:
%%3

Event Record #/Type15036 / Error
Event Submitted/Written: 12/02/2007 07:14:05 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Viewpoint Manager Service service failed to start due to the following error:
%%3

Event Record #/Type15013 / Error
Event Submitted/Written: 12/02/2007 11:14:53 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register with DCOM within the required timeout.

Event Record #/Type15001 / Error
Event Submitted/Written: 12/02/2007 11:12:13 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Viewpoint Manager Service service failed to start due to the following error:
%%3



-- End of Deckard's System Scanner: finished at 2007-12-03 01:39:37 ------------
Go to the top of the page
 
+Quote Post
rvbeaumont
post Dec 3 2007, 01:43 AM
Post #17


Member
**

Group: Members
Posts: 41
Joined: 15-November 07
From: key west
Member No.: 169,947
well I think that is all you need
Go to the top of the page
 
+Quote Post
Yourhighness
post Dec 4 2007, 03:33 PM
Post #18


The BSG Malware Fighter
******

Group: HJT Team Coach
Posts: 6,424
Joined: 20-April 06
From: Hamburg
Member No.: 64,788
Hey rvbeaumont,

Step #1

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Step #2
  1. Open notepad and copy/paste the text in the codebox below into it:

    CODE
    File::
    C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat

    Folder::
    C:\WINDOWS\SDFIX

  2. Save this as CFScript.txt


  3. Refering to the picture above, drag CFScript.txt into ComboFix.exe
  4. When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Step #3
  1. Download Dr.Web CureIt to the desktop: drweb-cureit.exe
    1. Reboot your computer in SAFEMODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
  2. Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  3. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  4. Once the short scan has finished, Click Options > Change settings
  5. Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  6. Back at the main window, mark the drives that you want to scan.
  7. Select all drives. A red dot shows which drives have been chosen.
  8. Click the green arrow at the right, and the scan will start.
  9. Click 'Yes to all' if it asks if you want to cure/move the file.
  10. When the scan has finished, look if you can click the icon next to the files found:
  11. If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  12. This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  13. After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  14. Save the report to your desktop. The report will be called DrWeb.csv I need that log later.
  15. Close Dr.Web Cureit.
  16. Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
Step #4

Please post back with a fresh HijackThis log, the ComboFix log, and the DrWeb.csv log. Thanks

This post has been edited by Yourhighness: Dec 4 2007, 03:34 PM


--------------------
- "How did I get infected?" - "Safe-hex" - Member of UNITE -
- The HJT forum is very busy. If I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
- HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason! Thanks-
Go to the top of the page
 
+Quote Post
« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »
 

2 Pages V  < 1 2
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 4th July 2009 - 03:19 PM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List   |   Virus Removal Guides
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Malware Removal Guides Archive

© 2003-2009 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2009  IPS, Inc.