Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Spyware and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
MalwareByte's Anti-Malware Download

Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post.

- BleepingComputer Management

> Forum Guidelines

Read this topic before posting a log.


DO NOT post a ComboFix log unless requested to.


Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages V   1 2 >  
Closed TopicStart new topic
> Infected With As2008xp.exe And "worm.win32.netbooster", safe mode loops, registry locked
dhack
post Aug 9 2008, 09:45 PM
Post #1


Member
**

Group: Members
Posts: 15
Joined: 9-August 08
Member No.: 228,820
I clicked on a video I shouldn't have and now have a bunch of fake popup warnings. One is worm.win32.netbooster, one is a "system alert" bubble from a blinking red circle with a white x in it. Internet explorer repeatedly auto-launches with navigation locked to sleazy antispyware sites. Another message is "Windows has detected an internet attack..." I found one file, as2008xp.exe, and deleted it and it's folder - that eliminated one pop-up. I disabled the as2008xp process before I deleted the .exe file.

I am locked out of task manager but have the file to open it. I am also locked out of editing the registry and don't have that file yet. I have attempted to delete all cookies, history, etc. using the Internet explorer tools. My desktop wall paper is overwritten with a red screen and virus logo. I have tried all combinations of rebooting to safe mode, but it just loops back and will only come up in normal, or "normal" last known settings mode. I ran smitfraudfix.exe anyway - it did some things, but the pop-ups came back. I need to be able to get into safe mode. I only have one computer available and I have to work fast between pop-ups. I have internet access with Mozilla. Originally Mozilla was autolaunching and re-directed but something I did changed that.

I cannot view my C: drive with My Computer or any other way I know of. I have to search for files by name. I cannot get into the control panel at all.

I ran chkdisk. It found two orphan files - made no difference, probably not related.

How do I get past the safe mode problem?

Thanks for the help -



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 3200+
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 447.48 MiB / 172.11 MiB
Pagefile Memory (total/avail): 1053.98 MiB / 454.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.71 MiB

C: is Fixed (NTFS) - 144.25 GiB total, 56.75 GiB free.
D: is Fixed (FAT32) - 4.79 GiB total, 0.62 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE5 - EPSON SP 785EPX Storage

\\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 4.79 GiB - D:
\PARTITION1 (bootable) - Installable File System - 144.25 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

AV: Norton AntiVirus v2004 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE:*:Enabled:Yahoo! Messenger"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"="C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe:*:Disabled:BackWeb-137903"
"C:\\Program Files\\InterMute\\SpamSubtract\\SpamSub.exe"="C:\\Program Files\\InterMute\\SpamSubtract\\SpamSub.exe:*:Disabled:SpamSubtract Main Module"
"C:\\Program Files\\Infogrames Interactive\\Civilization III\\Conquests\\Civ3Conquests.exe"="C:\\Program Files\\Infogrames Interactive\\Civilization III\\Conquests\\Civ3Conquests.exe:*:Enabled:Civ3Conquests"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\Program Files\\Anarchy\\Moon Tycoon\\MT.exe"="C:\\Program Files\\Anarchy\\Moon Tycoon\\MT.exe:*:Enabled:Moon Tycoon"
"C:\\Program Files\\Ant War\\AntWar.exe"="C:\\Program Files\\Ant War\\AntWar.exe:*:Enabled:Antwar "
"C:\\Program Files\\WoS\\Souls.exe"="C:\\Program Files\\WoS\\Souls.exe:*:Enabled:Well of Souls"
"C:\\Dynamix\\Tribes2\\GameData\\Tribes2.exe"="C:\\Dynamix\\Tribes2\\GameData\\Tribes2.exe:*:Enabled:Tribes2 Launcher"
"C:\\Program Files\\Anarchy\\AgeOfCastles\\Age-of-Castles.exe"="C:\\Program Files\\Anarchy\\AgeOfCastles\\Age-of-Castles.exe:*:Disabled:Age of Castles "
"C:\\Program Files\\Apprentice\\Appr.exe"="C:\\Program Files\\Apprentice\\Appr.exe:*:Enabled:Appr"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Disabled:Run a DLL as an App"
"C:\\Program Files\\RSSoft\\RSEDNClient.exe"="C:\\Program Files\\RSSoft\\RSEDNClient.exe:*:Enabled:RSEDNClient"
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"="C:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe:*:Enabled:Kernel Executable"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\LieroX\\LieroX v0.56 Pack 1.8\\LieroX.exe"="C:\\Program Files\\LieroX\\LieroX v0.56 Pack 1.8\\LieroX.exe:*:Enabled:LieroX"
"C:\\Program Files\\Gunbound\\GunboundWC\\GunBound.gme"="C:\\Program Files\\Gunbound\\GunboundWC\\GunBound.gme:*:Enabled:GunBound"
"C:\\Program Files\\Softnyx\\Rakion\\Bin\\Rakion.bin"="C:\\Program Files\\Softnyx\\Rakion\\Bin\\Rakion.bin:*:Enabled:Rakion"
"C:\\Program Files\\Yahoo!\\Messenger\\YPAGER.EXE"="C:\\Program Files\\Yahoo!\\Messenger\\YPAGER.EXE:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"="C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Gunbound\\GunboundRV\\Gunbound Revolution\\GunBound.gme"="C:\\Program Files\\Gunbound\\GunboundRV\\Gunbound Revolution\\GunBound.gme:*:Enabled:GunBound"
"C:\\Program Files\\galaxymage\\GalaxyMage\\GalaxyMage.exe"="C:\\Program Files\\galaxymage\\GalaxyMage\\GalaxyMage.exe:*:Enabled:GalaxyMage Tactical RPG"
"C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Age Of Empires II\\age2_x1.exe"="C:\\Program Files\\Age Of Empires II\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Age Of Empires II\\empires2.EXE"="C:\\Program Files\\Age Of Empires II\\empires2.EXE:*:Enabled:Age of Empires II"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:LastFM"
"C:\\Program Files\\Wizet\\MapleStory\\MapleStory.exe"="C:\\Program Files\\Wizet\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\ijji\\ENGLISH\\u_gbound.exe"="C:\\ijji\\ENGLISH\\u_gbound.exe:*:Enabled:<ijji Downloader>"
"C:\\Program Files\\Wesnoth 1.4\\wesnothd.exe"="C:\\Program Files\\Wesnoth 1.4\\wesnothd.exe:*:Enabled:wesnothd"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BOYSROOM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\BOYSROOM
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Gimp\GTK\2.0\bin;C:\Java\bin;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=BOYSROOM
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{0CDCA5CD-C404-41FD-9216-9B4B3D24A7AA}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B095CD4-555F-4F70-9B90-B1DB84D810ED}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B095CD4-555F-4F70-9B90-B1DB84D810ED}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA32BDBB-A91E-47AB-97F1-4C7007F4953C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA32BDBB-A91E-47AB-97F1-4C7007F4953C}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
--> VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
2Wire Wireless Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\Setup.exe" -l0x9 -L0x9
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 4.0, 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe PDF JobReady 1.7 for 48hourprint.com Print Center --> "C:\Program Files\Adobe\PDFJobReady\1.7.0\48hourprint.com\48hourprint.com Print Center\Uninst.exe" "C:\Program Files\Adobe\PDFJobReady\1.7.0\48hourprint.com\48hourprint.com Print Center" B9483D1D-B4D3-4E10-AAA2-5622F7E6965D ENU
Adobe Photoshop 5.0 Limited Edition --> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.0 LE\DeIsL1.isu" -c"C:\Program Files\Adobe\Photoshop 5.0 LE\Uninst.dll"
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Agere Systems PCI Soft Modem --> agrsmdel
Ant War --> C:\PROGRA~1\ANTWAR~1\UNWISE.EXE C:\PROGRA~1\ANTWAR~1\INSTALL.LOG
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft ShowBiz DVD 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE636486-7E13-4051-9067-AFC4E1B8F54E}\Setup.exe" -l0x9
ArcSoft ShowBiz DVD 2.0 (Shared Components) --> C:\Program Files\Common Files\element5 Shared\Uninstall\ArcSoft ShowBiz DVD 20\B2DD9000\UninstApplet.exe /uninstall
AT&T Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Battle Chess II - Chinese Chess --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Interplay Productions\Battle Chess II - Chinese Chess\Uninst.isu"
Battle for Wesnoth 1.5.0 --> "C:\Program Files\Wesnoth developmental\1-5-0\unins000.exe"
BitTornado 0.3.14 --> C:\Program Files\BitTornado\uninst.exe
Blackhawk Striker from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E28167F1-3F42-40C7-9119-1D5A97444F10\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8C4E79CC-03E1-43AA-9910-9A5113F24603\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe"
CampGen 0.25 --> "C:\Program Files\Wesnoth developmental\CampGen\unins000.exe"
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Civ3 Conquests v1.22 Full --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}\Setup.exe"
Civilization III --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}\setup.exe"
Civilization III: Conquests --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F31BC49F-AB7B-4A53-A399-EB7331B585BC}\setup.exe" -l0x9
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen MicroPhoto --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1AEC8F41-4701-415D-9782-F69CFB535463}\SETUP.EXE" -l0x9 /remove
Crystal Maze from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292\Uninstall.exe"
Darwinia Demo2 --> "C:\Program Files\DarwiniaDemo2\unins000.exe"
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell DJ Explorer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9 /remove
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
EA Download Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Enhancement Browser Tools Mxlivemedia --> C:\WINDOWS\system32\hlimiosyrxwkyeta.exe
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
Fable - The Lost Chapters --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Final Draft 7 --> MsiExec.exe /I{78D62D17-D970-42DA-B8CF-5E5576293B33}
Final Fantasy VII --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Square Soft, Inc.\Final Fantasy VII\Uninst.isu"
Finale NotePad 2005a --> C:\WINDOWS\unvise32.exe C:\Program Files\Finale NotePad 2005a\uninstal.log
Five Card Frenzy from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DA44615A-C243-46A4-8E47-184CFF33CD38\Uninstall.exe"
GTK+ 2.4.14 runtime environment --> "C:\Program Files\Gimp\GTK\2.0\unins000.exe"
Gunbound Revolution --> "C:\Program Files\Gunbound\GunboundRV\Gunbound Revolution\unins000.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Owner\My Documents\dad's stuff\hijack\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 3.5 --> C:\Program Files\HP\Digital Imaging\{C6C44651-7C66-4b11-92E8-17565D3D22DD}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photo & Imaging 3.5 - HP Devices --> C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
HPIZ350 --> MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji Auto Installer --> "C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
ijji FireFox Launcher 1.0 --> C:\Documents and Settings\All Users\Application Data\IJJIGame\uninst.exe
IMVU Avatar chat software (BETA) --> C:\Program Files\IMVU\Uninstall.exe
Ink Monitor --> C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe -U
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iScrobbler --> C:\Program Files\iTunes\UninstalliScrobble.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java 2 SDK, SE v1.4.2_07 --> MsiExec.exe /I{35A3A4F4-B792-11D6-A78A-00B0D0142070}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Last.fm 1.1.3.0 --> "C:\Program Files\Last.fm\unins000.exe"
Last.fm Player 1.1.4 --> "C:\Program Files\Last.fm Player\unins000.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.5 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
MapleStory --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEC511B1-59CB-4F15-AD75-0543034572A5}\Setup.exe"
Matroska Pack - Lazy Man's MKV 0.9.9 --> "C:\Program Files\LD-Anime\unins000.exe"
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Age of Empires Gold --> "C:\Program Files\Microsoft Games\Age of Empires\UNINSTAL.EXE" /runtemp
Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MIDI Maestro MM4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4E73E45C-38AD-42BF-9D8D-CE8997713CD8}
MiraScan V3.42 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\Twain_32\Mira3_42\Uninst.isu
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSC Electronic Catalog --> C:\PROGRA~1\MSC\UNWISE.EXE C:\PROGRA~1\MSC\INSTALL.LOG
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
NetBeans IDE 4.0 --> C:\Program Files\netbeans-4.0\_uninst\uninstaller.exe
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Norton AntiVirus 2004 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2004 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Orbital from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\62067F4C-84A9-45B9-8573-B90468B0A3EF\Uninstall.exe"
Otto from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BFBCBAE3-8293-4215-9C4F-C2402C118EDB\Uninstall.exe"
Overball from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6723E59E-322A-417A-8E03-27A61E18253C\Uninstall.exe"
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PhotoPos Pro Toolbar --> C:\Program Files\photoposcomtbr\uninstall.exe
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Polar Bowler from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exe"
PopSubtract --> "C:\Program Files\InterMute\PopSubtract\PopSub.exe" C:\PROGRA~1\INTERM~1\POPSUB~1\STYLES~1\UNWISE.EXE /A C:\PROGRA~1\INTERM~1\POPSUB~1\STYLES~1\INSTALL.LOG
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Python 2.3.5 --> C:\Python23\UNWISE.EXE C:\Python23\INSTALL.LOG
Python 2.4.3 --> MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
Python 2.5.1 --> MsiExec.exe /I{31800004-6386-4999-A519-518F2D78D8F0}
Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RadLight 4.0 FINAL --> C:\Program Files\RadLight Company\RadLight 4.0\uninst.exe
RadLight Ogg Media DirectShow filter (remove only) --> "C:\WINDOWS\system32\RadLightOggUninstall.exe"
Rakion International --> "C:\Program Files\Softnyx\Rakion\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Red Swoosh EDN Client (lol remove only) --> C:\WINDOWS\RSEDNClientUninstaller.exe
Rhapsody Player Engine --> MsiExec.exe /I{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}
S3 S3Display --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
SBC Yahoo! Dial (remove only) --> "C:\WINDOWS\..\Program Files\SBC Yahoo!\Connection Manager\uninst.exe"
SBC Yahoo! DSL --> C:\PROGRA~1\Yahoo!\browser\unyb.exe
SBC Yahoo! DSL Utilities --> C:\PROGRA~1\Yahoo!\Common\unwise.exe /S C:\PROGRA~1\Yahoo!\Common\install.log
SBC Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
SBC Yahoo! Parental Controls --> C:\PROGRA~1\Yahoo!\PARENT~1\unypc.exe
SecondLife (remove only) --> "C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SimCity 2000® Special Edition --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Maxis\SimCity 2000\DeIsL1.isu"
SimCity 3000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\SimCity 3000\Uninst.isu"
SimCopter --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Maxis\SimCopter\DeIsL1.isu"
Slyder from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A\Uninstall.exe"
SmartDraw 2007 --> C:\PROGRA~1\SMARTD~1\UNWISE.EXE C:\PROGRA~1\SMARTD~1\install.log
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Soundflavor DJ 1.21 --> C:\Program Files\Soundflavor DJ\uninst.exe
SpamSubtract --> C:\Program Files\InterMute\SpamSubtract\SSuinst.exe
Spybot - Search & Destroy 1.3 --> "C:\Program Files\CleanUp\unins000.exe"
SpySubtract --> C:\Program Files\interMute\SpySubtract\SpySub.exe -uninstall
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Subway Scramble (remove only) --> "C:\Program Files\Subway Scramble\Uninstall.exe"
SunlitGreen PhotoEdit 1.2 --> "C:\Program Files\SunlitGreen\PhotoEdit\unins000.exe"
SymNet --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
The GIMP 2.2.3 --> "C:\Program Files\Gimp\GIMP-2.2\unins000.exe"
The Incredible Machine: Even More Contraptions --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF7A031F-96C8-404C-99C9-96C675D6099F}\Setup.exe"
Toolkit View(HP) --> c:\Windows\HPTK\unhptkit.exe
Tradewinds from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F5215F01-DFC0-475D-A910-6F1AF94E807E\Uninstall.exe"
Tribes 2 --> C:\Dynamix\Tribes2\UNWISE.EXE C:\Dynamix\Tribes2\INSTALL.LOG
Updates from HP --> C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver --> VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\hg201hp.inf
VideoLAN VLC media player 0.8.4a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
Wesnoth 1.0.2 --> "C:\Program Files\Wesnoth stable\unins000.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Winferno Security Scan --> "C:\Program Files\Winferno\SecurityScan\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WONswap --> C:\Program Files\WON\WONswap\WONswapUninstall.exe
Word Symphony from Hewlett-Packard Desktops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B8610D19-E576-4F91-8A2F-07898D9CA301\Uninstall.exe"
wxPython 2.8.4.0 (unicode) for Python 2.3 --> "C:\Python23\Lib\site-packages\wx-2.8-msw-unicode\unins000.exe"
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Login --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ylogin.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Messenger Explorer Bar --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\yhexbmes.dll
Yahoo! SiteBuilder --> "C:\Program Files\Yahoo SiteBuilder\uninstall.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
YAMAHA SoftSynthesizer S-YXG70 --> C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu -c"C:\WINDOWS\system32\sxgunins.dll


-- Application Event Log -------------------------------------------------------

Event Record #/Type10427 / Error
Event Submitted/Written: 08/09/2008 06:59:19 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.4669, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10426 / Error
Event Submitted/Written: 08/09/2008 06:15:34 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10404 / Error
Event Submitted/Written: 08/09/2008 04:51:13 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10403 / Error
Event Submitted/Written: 08/09/2008 04:34:45 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 83244579.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type10402 / Error
Event Submitted/Written: 08/09/2008 04:34:33 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application motivesb.exe, version 5.6.7.42730, faulting module motivesb.exe, version 5.6.7.42730, fault address 0x000200c2.
Processing media-specific event for [motivesb.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type161172 / Error
Event Submitted/Written: 08/09/2008 06:35:12 PM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on \Device\Harddisk5\D.

Event Record #/Type161171 / Error
Event Submitted/Written: 08/09/2008 06:30:36 PM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on \Device\Harddisk5\D.

Event Record #/Type161160 / Error
Event Submitted/Written: 08/09/2008 05:48:32 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type161140 / Error
Event Submitted/Written: 08/09/2008 05:47:15 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ZESOFT service failed to start due to the following error:
%%2

Event Record #/Type161139 / Error
Event Submitted/Written: 08/09/2008 05:47:15 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The mrtRate service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-08-09 19:00:35 ------------





Deckard's System Scanner v20071014.68
Run by Owner on 2008-08-09 18:55:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-08-10 01:55:26 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 87% (more than 75%).
Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59: VIRUS ALERT!, on 8/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Napster\napster.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\PdeSrv2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\InterMute\SpySubtract\spysub.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\dad's stuff\dss\dss.exe
C:\WINDOWS\system32\dumprep.exe
C:\DOCUME~1\Owner\MYDOCU~1\DAD'SS~1\hijack\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CableRouting module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Documents and Settings\All Users\Application Data\services\services.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\CleanUp\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: PhotoPos Pro Toolbar - {A057A204-BACC-4D26-9F9D-3BEFCFBE6E86} - C:\PROGRA~1\PHOTOP~1\PHOTOP~1.DLL
O2 - BHO: QXK Olive - {A7C24F5D-8407-49B8-807F-BD0B213692EA} - C:\WINDOWS\wnlmdakqgpk.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: mxlivemedia browser optimizer - {becf48f3-f2b3-96d3-979f-b0fa960dc4cd} - C:\WINDOWS\system32\cgnhrsuofg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: bgrqfetx - {8343A9DA-D2C6-46DC-AA55-CE9734B70905} - C:\WINDOWS\bgrqfetx.dll
O4 - HKLM\..\Run: [{4244a32d-8b4c-2b6e-6e58-2d72fd97cc7c}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\cgnhrsuofg.dll" DllStart
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" /autorun
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSSoft\RSEDNClient.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O21 - SSODL: xokvrpwg - {382DCC89-18B5-440D-9FD2-3269F5A47C12} - C:\WINDOWS\xokvrpwg.dll
O21 - SSODL: tfnslopk - {7E1DCC21-799A-495B-950E-FD555EC831C3} - C:\WINDOWS\tfnslopk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

--
End of file - 12252 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Owner\MYDOCU~1\DAD'SS~1\hijack\backups\) --------------------------------------------------------------------------------

backup-20080809-182741-611 O3 - Toolbar: PhotoPos Pro Toolbar - {A057A204-BACC-4D26-9F9D-3BEFCFBE6E86} - C:\PROGRA~1\PHOTOP~1\PHOTOP~1.DLL
backup-20080809-183134-875 O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 EPPSCSIx - c:\windows\system32\drivers\eppscsi.sys <Not Verified; EPPSCSI Miniport Driver; EPPSCSI Parallel Port SCSI Device Driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 ALCXSENS (Service for WDM 3D Audio Driver) - c:\windows\system32\drivers\alcxsens.sys <Not Verified; Sensaura Ltd; >
S3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT®>
S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>

S2 ZESOFT - c:\windows\zeta.exe (file missing)
S3 License Management Service ESD - "c:\program files\common files\element5 shared\service\licence manager esd.exe" <Not Verified; element5; License Management Service ESD>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-09 18:02:45 364 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-08-07 19:15:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-08-01 22:46:28 530 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
2005-01-19 23:45:00 272 --a------ C:\WINDOWS\Tasks\Easy Internet Sign-up.job


-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

2008-08-09 16:28:09 0 d-------- C:\WINDOWS\privacy_danger
2008-08-09 15:45:52 4702 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-09 00:21:21 64362 --a------ C:\WINDOWS\system32\hlimiosyrxwkyeta.exe
2008-08-09 00:21:18 0 d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-09 00:20:10 7888 --a------ C:\WINDOWS\system32\tdssinit.dll
2008-08-09 00:20:08 9216 --a------ C:\WINDOWS\system32\tdssmain.dll
2008-08-09 00:20:08 10240 --a------ C:\WINDOWS\system32\tdsslog.dll
2008-08-09 00:20:08 45056 --a------ C:\WINDOWS\system32\tdssadw.dll
2008-08-09 00:20:06 217 --a------ C:\WINDOWS\system32\tdssservers.dat
2008-08-09 00:20:05 14848 --a------ C:\WINDOWS\system32\tdssl.dll
2008-08-09 00:20:05 33280 --a------ C:\WINDOWS\system32\drivers\tdssserv.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-08-09 00:19:35 0 d-------- C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
2008-08-09 00:19:20 233472 --a------ C:\WINDOWS\xokvrpwg.dll
2008-08-09 00:19:20 380928 --a------ C:\WINDOWS\wnlmdakqgpk.dll
2008-08-09 00:19:20 200704 --a------ C:\WINDOWS\tfnslopk.dll
2008-08-09 00:19:20 86016 --a------ C:\WINDOWS\lnvegaow.exe
2008-08-09 00:19:20 139264 --a------ C:\WINDOWS\emgo.exe
2008-08-09 00:19:20 192512 --a------ C:\WINDOWS\bgrqfetx.dll
2008-07-14 06:14:12 158208 --a------ C:\WINDOWS\system32\cgnhrsuofg.dll
2008-07-09 23:25:12 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-07-09 23:25:00 0 d-------- C:\WINDOWS\Logs
2008-07-09 23:21:10 0 d-------- C:\ProgramData
2008-07-09 23:20:30 486 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-07-09 23:18:59 0 d-------- C:\Program Files\Electronic Arts


-- Find3M Report ---------------------------------------------------------------

2008-08-09 17:46:35 0 d-------- C:\Program Files\Common Files
2008-08-09 03:17:48 0 d-------- C:\Documents and Settings\Owner\Application Data\photoposcomtbr
2008-07-09 23:32:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-08 16:19:12 0 d-------- C:\Documents and Settings\Owner\Application Data\SunlitGreen
2008-07-08 16:19:10 0 d-------- C:\Program Files\SunlitGreen
2008-07-08 16:13:36 0 d-------- C:\Documents and Settings\Owner\Application Data\FrmMain
2008-07-08 16:06:20 0 d-------- C:\Program Files\photoposcomtbr
2008-07-08 15:27:55 0 d-------- C:\Program Files\BetterJPEG 2
2008-07-03 10:58:22 0 d-------- C:\Program Files\Java
2008-06-16 11:00:07 0 d-------- C:\Program Files\MegaHAL


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}]
08/09/2008 00:21: VIRUS ALERT! 295424 --a------ C:\Documents and Settings\All Users\Application Data\services\services.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9F9D-3BEFCFBE6E86}]
10/16/2007 11:58: VIRUS ALERT! 1923584 --a------ C:\PROGRA~1\PHOTOP~1\PHOTOP~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7C24F5D-8407-49B8-807F-BD0B213692EA}]
08/08/2008 20:52: VIRUS ALERT! 380928 --a------ C:\WINDOWS\wnlmdakqgpk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{becf48f3-f2b3-96d3-979f-b0fa960dc4cd}]
07/14/2008 06:14: VIRUS ALERT! 158208 --a------ C:\WINDOWS\system32\cgnhrsuofg.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9F9D-3BEFCFBE6E86}"= C:\PROGRA~1\PHOTOP~1\PHOTOP~1.DLL [10/16/2007 11:58: VIRUS ALERT! 1923584]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9F9D-3BEFCFBE6E86}]
[HKEY_CLASSES_ROOT\photoposcomtbr.PHOTOPOSCOMTBR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{4244a32d-8b4c-2b6e-6e58-2d72fd97cc7c}"="C:\WINDOWS\system32\cgnhrsuofg.dll" [07/14/2008 06:14: VIRUS ALERT!]
"YBrowser"="C:\Program Files\Yahoo!\browser\ybrwicon.exe" [07/11/2003 13:51: VIRUS ALERT!]
"VTTimer"="VTTimer.exe" [10/22/2004 11:53: VIRUS ALERT! C:\WINDOWS\system32\VTTimer.exe]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 02:01: VIRUS ALERT!]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/02/2005 23:30: VIRUS ALERT!]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [11/04/2005 10:59: VIRUS ALERT!]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28: VIRUS ALERT!]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [12/18/2003 00:31: VIRUS ALERT!]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [04/14/2004 13:43: VIRUS ALERT!]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 23:37: VIRUS ALERT!]
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/16/2002 16:57: VIRUS ALERT!]
"PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" []
"NapsterShell"="C:\Program Files\Napster\napster.exe" [01/12/2007 19:36: VIRUS ALERT!]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [11/20/2006 13:55: VIRUS ALERT!]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [01/18/2006 15:00: VIRUS ALERT!]
"KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 20:02: VIRUS ALERT!]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36: VIRUS ALERT!]
"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [08/19/2002 09:12: VIRUS ALERT!]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 17:04: VIRUS ALERT!]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [08/21/2003 04:23: VIRUS ALERT!]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [08/21/2003 04:15: VIRUS ALERT!]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 16:38: VIRUS ALERT!]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/22/2004 18:45: VIRUS ALERT!]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 13:47: VIRUS ALERT! C:\WINDOWS\Alcxmntr.exe]
"AGRSMMSG"="AGRSMMSG.exe" [03/04/2005 12:01: VIRUS ALERT! C:\WINDOWS\AGRSMMSG.exe]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 23:46: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 00:56: VIRUS ALERT!]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 17:43: VIRUS ALERT!]
"s9201"="C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" []
"Red Swoosh EDN Client"="C:\Program Files\RSSoft\RSEDNClient.exe" [12/04/2005 15:19: VIRUS ALERT!]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [06/13/2008 18:27: VIRUS ALERT!]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [01/09/2004 02:34: VIRUS ALERT!]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)
"NoDispCPL"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"= C:\Program Files\interMute\SpySubtract\sshook.dll [11/25/2004 10:53: VIRUS ALERT! 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"xokvrpwg"= {382DCC89-18B5-440D-9FD2-3269F5A47C12} - C:\WINDOWS\xokvrpwg.dll [08/08/2008 20:52: VIRUS ALERT! 233472]
"tfnslopk"= {7E1DCC21-799A-495B-950E-FD555EC831C3} - C:\WINDOWS\tfnslopk.dll [08/08/2008 20:52: VIRUS ALERT! 200704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-08-09 19:00:35 ------------
Go to the top of the page
 
+Quote Post
jmw3
post Aug 10 2008, 12:39 AM
Post #2


Member
**

Group: MRU Student
Posts: 27
Joined: 28-March 08
Member No.: 199,471
Welcome dhack

I will be helping you under the guidance of one of our expert coaches.
Please give me a little time to get back to you with instructions.

In the meantime please note the following:
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • Continue to respond to this thread until I give you the All Clean!
Please Note: My instructions to you are checked by an expert prior to posting. This may cause a small delay between posts.
Thanks
John

Create an Uninstall List
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button
  • Click on the Save list... button and specify where you would like to save this file
  • When you press the Save button a notepad will open with the contents of that file
  • Copy and paste the contents of that notepad here in your next reply


--------------------
In training at MalWare Removal University
Go to the top of the page
 
+Quote Post
dhack
post Aug 10 2008, 02:15 PM
Post #3


Member
**

Group: Members
Posts: 15
Joined: 9-August 08
Member No.: 228,820
Unfortunately, I was already doing things when your reply came in. What I have done has apparently stopped the pop-ups, and removed the blockages so I will now be patient and wait for further instructions before doing anything else. I haven't checked to see if I can boot in safe mode or get into the registry, but I now have access to task manager, my C: drive, and Control Panel. The popups are gone. The Virus warning on the clock is gone. The red wallpaper is gone. Internet explorer and Mozilla seem to be working normally.

When I first boot up there are several message windows that say that some program (doesn't say what) needs Java enabled to work and directs me to enable Java in internet explorer. I just close them and they stay closed. I haven't tried to do anything with Java. The only other problem that is obvious so far is that my wallpaper is gone. I reset the wallpaper to one of the standard windows ones, and it comes up, but then the screen goes white, and it is overlayed with the internet explorer file window. It looks like the IE file window is now acting as my desktop??? The file log I saved to the desktop showed up in IE history?

What I did: I tried to download "Spyware Doctor" but there was so much interference from the various popups that it hung during trying to update its file information and I ended up with no choice but to just turn off the computer. (ouch!) Would you suggest I delete "Spyware Doctor" and all other spyware and virus programs and just keep "Malware bytes"?

I gave up on "Spyware Doctor" and downloaded "Malwarebytes" which loaded fast and clean. The first time I ran it I selected full scan, which was a mistake. It found 24 infections in the first 6 minutes or so, and then ran for about two hours with me closing popups about every minute or two to keep it going. Then the screen went completely blue with nothing on it at all except Knox's enable for task manager. I brought task manager up and stopped the iexplorer process, which brought me back to the red screen "desktop", but Malwarebytes was running underneath it and I had no access to see it. I finally used task manager to "stop" it, and then canceled and it came to the front.

After another 45 minutes of fighting popups, I gave up on it finding more than 24 infections, aborted the scan and "fixed" everything it had found.
Then I ran a quick scan and it found a bunch more, which I had it "fix".
My memory tells me that I then ran it one more time in quick mode and it delivered a clean report. What is wierd is that the logs show I ran it a total of four times, and I am sure I didn't.

Copies of logs:

Malwarebytes' Anti-Malware 1.24
Database version: 1036
Windows 5.1.2600 Service Pack 2

1:03:40 AM 8/10/2008
mbam-log-8-10-2008 (01-03-40).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 226586
Time elapsed: 2 hour(s), 49 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 17
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\xokvrpwg.dll (Trojan.Zlob) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{382dcc89-18b5-440d-9fd2-3269f5a47c12} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{becf48f3-f2b3-96d3-979f-b0fa960dc4cd} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{becf48f3-f2b3-96d3-979f-b0fa960dc4cd} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cablerouting.cablerouting (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cablerouting.cablerouting.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{edc4193f-34ad-4d07-aa87-e3fdb89e3e76} (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\xokvrpwg (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{4244a32d-8b4c-2b6e-6e58-2d72fd97cc7c} (Trojan.Clicker) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\xokvrpwg.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cgnhrsuofg.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\services\services.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.





Malwarebytes' Anti-Malware 1.24
Database version: 1036
Windows 5.1.2600 Service Pack 2

1:17:51 AM 8/10/2008
mbam-log-8-10-2008 (01-17-11).txt

Scan type: Quick Scan
Objects scanned: 41557
Time elapsed: 6 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 2
Registry Data Items Infected: 15
Folders Infected: 2
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mxlivemedia (Malware.Trace) -> No action taken.