Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something Has Overwritten My Desktop


  • This topic is locked This topic is locked
2 replies to this topic

#1 QueenDawm1

QueenDawm1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 04 May 2008 - 03:30 PM

Hi, my computer worked fine earlier before I went to the store but when I got back my desk top had turned blue and there is a advertisement for malware removal covering the whole thing. Any help would be great, Here are my logs.......I am using windows xp


Deckard's System Scanner v20071014.68
Run by Dawn on 2008-05-04 16:15:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
66: 2008-05-04 20:15:46 UTC - RP1063 - Deckard's System Scanner Restore Point
65: 2008-05-04 19:25:26 UTC - RP1062 - Last known good configuration
64: 2008-05-04 04:39:12 UTC - RP1061 - System Checkpoint
63: 2008-05-02 03:02:59 UTC - RP1060 - System Checkpoint
62: 2008-04-30 19:49:12 UTC - RP1059 - System Checkpoint


-- First Restore Point --
1: 2008-05-04 19:25:19 UTC - RP998 - Removed RegistrySmart


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Dawn.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:29 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\winself.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\QuickTime\bak\qttask.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Dawn\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\Dawn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5E6C7D03-1600-4353-A8F1-5A1D6B3773AE} - C:\WINDOWS\system32\qoMffDwu.dll
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {B3102264-D09D-4322-B625-503FBF18DD7E} - C:\WINDOWS\system32\awtrRKBr.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe (User 'Default user')
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZU
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O15 - Trusted Zone: *.olivegarden.com
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Hidden%20Relics/Images/stg_drm.ocx
O16 - DPF: {2A510DC8-C9B5-4269-B9BA-E5B04D47D981} (CPlayFirstDDSonicControl Object) - http://www.shockwave.com/content/dinerdash...ic.1.0.0.92.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9}
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146266670413
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Turbo%20Pizza/Images/armhelper.ocx
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://comcast.oberon-media.com/online2/di...sh.1.0.0.80.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...135/mcfscan.cab
O20 - Winlogon Notify: awtrRKBr - C:\WINDOWS\SYSTEM32\awtrRKBr.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 16126 bytes

-- HijackThis Fixed Entries (C:\HJT\backups\) ----------------------------------

backup-20070730-101621-356 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 SetupNT - c:\windows\system32\setupnt.sys
R3 EL2000 (3Com 3C2000x EtherLink XL Adapter) - c:\windows\system32\drivers\el2k_xp.sys <Not Verified; 3Com Corporation; 3Com Gigabit NIC (3C2000 Family)>
R3 SMBios (Intel ® System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel ® System Management BIOS Driver>

S2 Fallback - c:\windows\system32\drivers\hsf_fall.sys (file missing)
S2 Fsks - c:\windows\system32\drivers\hsf_fsks.sys (file missing)
S2 SoftFax - c:\windows\system32\drivers\hsf_faxx.sys (file missing)
S2 Tones - c:\windows\system32\drivers\hsf_tone.sys (file missing)
S3 basic2 - c:\windows\system32\drivers\hsf_bsc2.sys (file missing)
S3 catchme - c:\docume~1\dawn\locals~1\temp\catchme.sys (file missing)
S3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
S3 DCamUSBSQTECH (Dual-Mode DSC(2770)) - c:\windows\system32\drivers\sqcaptur.sys (file missing)
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 Rksample - c:\windows\system32\drivers\hsf_samp.sys (file missing)
S3 SGUARD - c:\windows\system32\drivers\sguard.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\winself.exe service
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1106&DEV_3164&SUBSYS_80F41043&REV_06\4&2E98101C&0&20F0
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1106&DEV_3164&SUBSYS_80F41043&REV_06\4&2E98101C&0&20F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-05-02 15:17:51 444 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-05-02 03:30:00 424 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
2008-04-30 20:28:47 574 --a------ C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Dawn.job


-- Files created between 2008-04-04 and 2008-05-04 -----------------------------

2008-05-04 15:36:15 24320 --a------ C:\WINDOWS\voiceip.dll
2008-05-04 15:36:15 22016 --a------ C:\WINDOWS\swin32.dll
2008-05-04 15:36:15 32768 --a------ C:\WINDOWS\stcloader.exe
2008-05-04 15:36:14 13568 --a------ C:\WINDOWS\mssvr.exe
2008-05-04 15:36:14 19200 --a------ C:\WINDOWS\mspphe.dll
2008-05-04 15:36:14 9472 --a------ C:\WINDOWS\cdsm32.dll
2008-05-04 15:36:14 24064 --a------ C:\WINDOWS\bokja.exe
2008-05-04 15:36:14 12288 --a------ C:\WINDOWS\bjam.dll
2008-05-04 15:36:14 25344 --a------ C:\WINDOWS\2020search2.dll
2008-05-04 15:36:14 25856 --a------ C:\WINDOWS\2020search.dll
2008-05-04 15:36:10 19712 --a------ C:\WINDOWS\saiemod.dll
2008-05-04 15:36:09 29184 --a------ C:\WINDOWS\msapasrc.dll
2008-05-04 15:36:09 27392 --a------ C:\WINDOWS\msa64chk.dll
2008-05-04 15:36:08 28928 --a------ C:\WINDOWS\shdocpl.dll
2008-05-04 15:36:07 20480 --a------ C:\WINDOWS\winsb.dll
2008-05-04 15:36:07 28416 --a------ C:\WINDOWS\shdocpe.dll
2008-05-04 15:36:07 27904 --a------ C:\WINDOWS\ntnut.exe
2008-05-04 15:36:06 30720 --a------ C:\WINDOWS\browserad.dll
2008-05-04 15:36:06 11264 --a------ C:\WINDOWS\aviwrap32.dll
2008-05-04 15:36:06 18176 --a------ C:\WINDOWS\avisynthex32.dll
2008-05-04 15:36:06 12288 --a------ C:\WINDOWS\avifile32.dll
2008-05-04 15:36:06 20736 --a------ C:\WINDOWS\autodisc32.dll
2008-05-04 15:36:06 21760 --a------ C:\WINDOWS\audiosrv32.dll
2008-05-04 15:36:05 18176 --a------ C:\WINDOWS\changeurl_30.dll
2008-05-04 15:36:05 29696 --a------ C:\WINDOWS\ati2dvag32.dll
2008-05-04 15:36:05 12544 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-05-04 15:36:05 16384 --a------ C:\WINDOWS\athprxy32.dll
2008-05-04 15:36:05 14336 --a------ C:\WINDOWS\asycfilt32.dll
2008-05-04 15:36:05 18944 --a------ C:\WINDOWS\asferror32.dll
2008-05-04 15:36:05 10240 --a------ C:\WINDOWS\apphelp32.dll
2008-05-04 15:25:09 7203 --ahs---- C:\WINDOWS\system32\uwDffMoq.ini2
2008-05-04 15:25:03 281088 --a------ C:\WINDOWS\system32\qoMffDwu.dll
2008-05-04 15:20:00 43520 --a------ C:\WINDOWS\system32\awtrRKBr.dll
2008-05-04 15:19:29 0 d-------- C:\Program Files\webHancer
2008-05-04 15:19:29 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-04 15:19:24 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-05-04 15:19:23 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-05-04 15:19:22 87979 --a------ C:\WINDOWS\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
2008-05-04 15:19:22 87979 --a------ C:\WINDOWS\lfn.exe <Not Verified; Microsoft; XML Media>
2008-05-04 15:19:12 20992 --a------ C:\WINDOWS\winself.exe
2008-05-03 23:43:08 0 d-------- C:\Program Files\Family Feud III - Dream Home
2008-05-02 15:45:08 229518 --a------ C:\WINDOWS\system32\000090.exe
2008-04-30 16:45:56 0 d-------- C:\Program Files\Brainiversity
2008-04-25 13:25:46 0 d-------- C:\Documents and Settings\Dawn\Application Data\Jane s Hotel Family Hero
2008-04-20 15:07:10 62 --a------ C:\WINDOWS\Update.dat
2008-04-20 15:06:53 4530 --a------ C:\WINDOWS\system32\atielf.dat
2008-04-19 21:56:59 0 d-------- C:\Program Files\Build-a-lot 2 - Town of the Year
2008-04-12 23:22:34 0 d-------- C:\Program Files\Cooking Academy


-- Find3M Report ---------------------------------------------------------------

2008-05-04 16:17:56 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-04 15:45:59 0 d-------- C:\Program Files\TrueSwitchAT&TYahoo
2008-05-04 15:20:22 0 d-------- C:\Program Files\Common Files
2008-05-02 15:00:01 0 d-------- C:\Program Files\Norton Security Scan
2008-04-28 20:59:35 0 d-------- C:\Program Files\LimeWire
2008-04-25 13:24:26 0 d-------- C:\Program Files\Yahoo! Games
2008-04-12 23:10:33 0 d-------- C:\Program Files\bfgclient
2008-03-30 15:39:44 0 d-------- C:\Documents and Settings\Dawn\Application Data\Boomzap
2008-03-23 19:33:25 0 d-------- C:\Documents and Settings\Dawn\Application Data\PlayFirst
2008-03-23 19:33:13 0 d-------- C:\Program Files\Doggie Dash
2008-03-21 19:24:40 0 d-------- C:\Documents and Settings\Dawn\Application Data\Meridian93
2008-03-21 19:24:17 0 d-------- C:\Program Files\Escape From Paradise
2008-03-18 11:51:39 0 d-------- C:\Program Files\MyWebSearch
2008-03-18 09:01:31 0 d-------- C:\Program Files\FunWebProducts
2008-03-17 17:32:29 40 --a----c- C:\WINDOWS\RSoftInfo.dat
2008-03-14 17:29:24 0 d-------- C:\Program Files\RealArcade
2008-03-08 22:19:45 0 d-------- C:\Documents and Settings\Dawn\Application Data\cerasus.media
2008-03-06 20:29:24 0 d-------- C:\Program Files\Mystery Case Files - Madame Fate
2008-03-02 21:33:00 0 --a------ C:\Program Files\temp01


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E6C7D03-1600-4353-A8F1-5A1D6B3773AE}]
05/04/2008 03:25 PM 281088 --a------ C:\WINDOWS\system32\qoMffDwu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3102264-D09D-4322-B625-503FBF18DD7E}]
05/04/2008 03:20 PM 43520 --a------ C:\WINDOWS\system32\awtrRKBr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}]
10/11/2007 01:49 PM 159744 --a------ C:\Program Files\webHancer\programs\whiehlpr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"QuickTime Task"="C:\Program Files\QuickTime\bak\qttask.exe" [12/25/2005 02:44 PM]
"Logitech Utility"="LOGI_MWX.EXE" [11/08/2002 05:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"zzzHPSETUP"="D:\Setup.exe" []
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 08:51 PM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [10/26/2007 04:42 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59 AM]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 03:11 AM]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 05:19 PM]
"webHancer Agent"="C:\Program Files\webHancer\Programs\whagent.exe" [10/11/2007 01:49 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/11/2007 09:19 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Dawn\Start Menu\Programs\Startup\
TrueAssistant.lnk - C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe [9/13/2007 8:45:20 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 1:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [1/19/2005 10:28:34 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 1:05:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B3102264-D09D-4322-B625-503FBF18DD7E}"= C:\WINDOWS\system32\awtrRKBr.dll [05/04/2008 03:20 PM 43520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtrRKBr]
awtrRKBr.dll 05/04/2008 03:20 PM 43520 C:\WINDOWS\system32\awtrRKBr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\qoMffDwu

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - CLBDRIVER
*Newly Created Service* - COMHOST



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.dj8910.com
127.0.0.1 user1.33225.net
127.0.0.1 wx.uuzzvv.com
127.0.0.1 dd00.2008dajiafa.cn
127.0.0.1 www.aixiaoshuo.net
127.0.0.1 b.158dm.com
127.0.0.1 c.158dm.com
127.0.0.1 a.158dm.com
127.0.0.1 c.wacsy.com/new.txt
127.0.0.1 74.5460w.cn

20 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-04 16:21:31 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
CPU 1: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 1022.73 MiB / 458.34 MiB
Pagefile Memory (total/avail): 2463.88 MiB / 1939.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.55 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.78 GiB total, 62.38 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD1200JB-00GVA0 - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.78 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Security Online v2007 (Symantec Corporation)
AV: Norton Security Online v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dawn\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OFFICEWORK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dawn
LOGONSERVER=\\OFFICEWORK
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0205
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Dawn\LOCALS~1\Temp
TMP=C:\DOCUME~1\Dawn\LOCALS~1\Temp
USERDOMAIN=OFFICEWORK
USERNAME=Dawn
USERPROFILE=C:\Documents and Settings\Dawn
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Bill (admin)
Dawn (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adventures in Typing with Timon and Pumbaa --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC1D8269-A50C-4C1E-88D6-1B6E1320FEE8}\setup.exe" -l0x9 Adventures in Typing with Timon and Pumbaa
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Alice Greenfingers --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\Alice Greenfingers.rguninst"
AOL Explorer --> C:\Program Files\Common Files\AOL\1124841373\ee\services\browser\ver1_1_1042\uninst.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Toolbar 2.0 --> "C:\Program Files\AOL\AOL Toolbar 2.0\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Artful GIF Animator 1.2 --> "C:\Program Files\Artful GIF Animator\unins000.exe"
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Azada (remove only) --> "C:\Program Files\Azada\Uninstall.exe"
Babysitting Mania --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\Babysitting Mania.rguninst" "AddRemove"
Babysitting Mania (remove only) --> "C:\Program Files\Babysitting Mania\Uninstall.exe"
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
Brainiversity --> "C:\Program Files\Brainiversity\Uninstall.exe"
BRATZ - Rock Angelz --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C92937F-7E79-4A32-AB80-BD7637146308}\setup.exe" -l0x9 -uninst
Build-a-lot --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\Build-a-lot.rguninst" "AddRemove"
Build-a-lot (remove only) --> "C:\Program Files\Build-a-lot\Uninstall.exe"
Build-a-lot 2: Town of the Year --> "C:\Program Files\Build-a-lot 2 - Town of the Year\Uninstall.exe"
Burger Island --> C:\Program Files\Burger Island\uninstall.exe
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
Cake Mania 2 --> "C:\Program Files\Comcast Play Games\Cake Mania 2\Uninstall.exe" "C:\Program Files\Comcast Play Games\Cake Mania 2\install.log"
Cake Mania 2 (remove only) --> "C:\Documents and Settings\Dawn\Desktop\Games\Cake Mania 2\Uninstall.exe"
Cake Mania 2 (remove only) --> "C:\Program Files\Cake Mania 2\Uninstall.exe"
Cake Mania™ 2 --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\Cake Mania™ 2.rguninst"
Cake Mania™ 2 Evaluation --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\Cake Mania™ 2 Evaluation.rguninst"
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Clifford Phonics --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75B6C1BF-B98C-4B99-BD0D-CC9BF16C490D}\Setup.exe" -l0x9
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Cooking Academy --> "C:\Program Files\Cooking Academy\Uninstall.exe"
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Delicious 2 --> C:\Program Files\Delicious 2\uninstall.exe
Delicious 2 Deluxe --> C:\PROGRA~1\YAHOO!~1\DELICI~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\DELICI~1\INSTALL.LOG
Delicious Deluxe --> "C:\Program Files\Zylom Games\Delicious Deluxe\GameInstaller.exe" --uninstall UnInstall.log
Digimax 420 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E90931A-1A03-4B96-8BC2-DE88B8195B5A}\Setup.exe" -l0x9
Digimax Viewer 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9EE54C1F-FC99-44D6-916A-0CA2D45E740F}\Setup.exe"
Diner Dash --> "C:\Program Files\Comcast Play Games\Diner Dash\Uninstall.exe" "C:\Program Files\Comcast Play Games\Diner Dash\install.log"
Diner Dash --> MsiExec.exe /X{CABAEEF9-DB89-9ACB-97E0-44D156FAC6AD}
Diner Dash - Flo on the Go --> "C:\Program Files\Diner Dash - Flo on the Go\unins000.exe"
Diner Dash - Flo on the Go (remove only) --> "C:\Program Files\Yahoo! Games\Diner Dash - Flo on the Go\Uninstall.exe"
Diner Dash Flo on the Go --> "C:\Program Files\Comcast Play Games\Diner Dash Flo on the Go\Uninstall.exe" "C:\Program Files\Comcast Play Games\Diner Dash Flo on the Go\install.log"
Doggie Dash --> "C:\Program Files\Doggie Dash\Uninstall.exe"
Dora's Carnival Adventure (remove only) --> C:\Program Files\Doras Carnival Adventure\Uninstall.exe
Dragon Tales --> C:\PROGRA~1\SCHOLA~1\DRAGON~1\UNWISE.EXE /U C:\PROGRA~1\SCHOLA~1\DRAGON~1\INSTALL.LOG
ebgcInfra --> MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes --> MsiExec.exe /X{F54364FB-5C28-4B2D-AF42-9DF1A2756394}
ebgcSDK --> MsiExec.exe /X{13AD768A-9E04-499D-AE80-967A65DCCBA5}
Escape From Paradise --> "C:\Program Files\Escape From Paradise\ReflexiveArcade\unins000.exe"
Escape From Paradise (remove only) --> "C:\Program Files\Escape From Paradise\Uninstall.exe"
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Family Feud III: Dream Home --> "C:\Program Files\Family Feud III - Dream Home\Uninstall.exe"
Farm Frenzy (remove only) --> "C:\Program Files\Farm Frenzy\Uninstall.exe"
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Documents and Settings\Dawn\Local Settings\Temporary Internet Files\Content.IE5\C9KMI38G\HijackThis.exe" /uninstall
HLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPRFO --> MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
Home Sweet Home --> "C:\Program Files\Home Sweet Home\unins000.exe"
Home Sweet Home (remove only) --> "C:\Program Files\Home Sweet Home\Uninstall.exe"
Hot Dish (remove only) --> "C:\Program Files\Hot Dish\Uninstall.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HyperLoad - Mah Jongg --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B314244C-753A-413B-B0F1-30972D6B58A0}\setup.exe" -l0x9 -uninst -removeonly
Imikimi Plugin 0.3.0 --> MsiExec.exe /I{3E99B1F8-61B7-4317-AB38-855810CCE5C3}
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
InCD EasyWrite Reader --> C:\WINDOWS\unmrw.exe /UNINSTALL
iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{78F4DFCE-1336-4027-BCB2-1A00C24A8653} /l1033
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Jane's Hotel Family Hero (remove only) --> "C:\Program Files\Yahoo! Games\Jane's Hotel Family Hero\Uninstall.exe"
Jasc Paint Shop Pro 9 --> MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java 2 Runtime Environment Standard Edition v1.3.1_04 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_04\Uninst.isu"
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Labtec Media Keyboard V5.0 --> C:\Program Files\Labtec\Media Keyboard\V5.0\unins000.EXE
Labtec Mouse V2.1 --> C:\Program Files\Labtec\Mouse\2.1\uninst00.exe
Lexmark X5100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBAUN5C.EXE -dLexmark X5100 Series
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.75 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center --> C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
MGI PhotoSuite III SE (Remove Only) --> "C:\Program Files\MGI\MGI PhotoSuite III SE\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\MGI PhotoSuite III SE\Uninst.isu" -c"C:\Program Files\MGI\MGI PhotoSuite III SE\System\CustomUninstall.dll"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money Essentials --> "C:\Program Files\Microsoft Money Plus\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries --> MsiExec.exe /X{7F1B3341-A94E-4F5C-B587-CA0EB964221E}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mirror Magic --> C:\PROGRA~1\SHOCKW~1.COM\MIRROR~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\MIRROR~1\INSTALL.LOG
Mirror Magic Free Trial --> "C:\Program Files\MirrorMagic_at\unins000.exe"
Miss Management (remove only) --> "C:\Program Files\Miss Management\Uninstall.exe"
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Dawn\Application Data\Move Networks\ie_bin\Uninst.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
My DSC --> C:\Program Files\InstallShield Installation Information\{225af9a1-b556-88d5-94aa-0010b5426419}\setup.exe
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Mystery Case Files - Huntsville --> "C:\Program Files\Comcast Play Games\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\Comcast Play Games\Mystery Case Files - Huntsville\install.log"
Mystery Case Files Prime Suspects --> "C:\Program Files\Mystery Case Files Prime Suspects\ReflexiveArcade\unins000.exe"
Mystery Case Files: Madame Fate (remove only) --> "C:\Program Files\Mystery Case Files - Madame Fate\Uninstall.exe"
Mysteryville 2 --> C:\Program Files\Mysteryville 2\uninstall.exe
Nanny Mania (remove only) --> "C:\Program Files\Nanny Mania\Uninstall.exe"
Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Norton™ Security Scan --> MsiExec.exe /I{666CF041-77BE-414E-9A9D-0A227E9B48F8}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
Oregon Trail 5 --> C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Oregon Trail 5\Uninstall.xml"
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Outerinfo --> "C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe"
PCDADDIN --> MsiExec.exe /I{65D85050-5610-4A91-A3B1-D5C744291AD4}
PCDHELP --> MsiExec.exe /I{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PCI SoftV92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1\HXFSETUP.EXE -U -IPSCRCTR5K.INF
PhotoParade Player --> "C:\Program Files\PhotoParade\Uninstall PhotoParade Player.exe" "PhotoParade.exe"
Plant Tycoon --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\Plant Tycoon.rguninst" "AddRemove"
Plant Tycoon (remove only) --> "C:\Program Files\Plant Tycoon\Uninstall.exe"
Plantasia --> C:\PROGRA~1\Disney\DISNEY~1\PLANTA~1\UNWISE.EXE C:\PROGRA~1\Disney\DISNEY~1\PLANTA~1\INSTALL.LOG
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653} /l1033
RealArcade --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Sally's Salon --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\Sally's Salon.rguninst"
Sandlot Games Client Services 1.2.2 --> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
SATMath --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\SATMath\ST5UNST.LOG"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
Spark 2.5.5 --> C:\Program Files\Spark\uninstall.exe
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
The Apprentice - Los Angeles (remove only) --> "C:\Program Files\The Apprentice - Los Angeles\Uninstall.exe"
The Game of Life (remove only) --> "C:\Program Files\GameHouse\The Game of Life\Uninstall.exe"
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 Pets --> C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University --> C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
Tropix --> "C:\Program Files\Tropix\unins000.exe"
TrueSwitch Wizard AT&T Yahoo! --> C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe -uninstall
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
VCAMCEN --> MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual Villagers --> "C:\Program Files\MSN Games\Virtual Villagers\Uninstall.exe" "C:\Program Files\MSN Games\Virtual Villagers\install.log"
Virtual Villagers --> "C:\Program Files\Virtual Villagers2\ReflexiveArcade\unins000.exe"
Virtual Villagers --> C:\PROGRA~1\SHOCKW~1.COM\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\VIRTUA~1\INSTALL.LOG
Virtual Villagers - The Lost Children (remove only) --> C:\Program Files\Virtual Villagers - The Lost Children\Uninstall.exe
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
webHancer Customer Companion --> C:\Program Files\webHancer\Programs\whInstaller.exe -uninstall
WebIQ Technology Engine --> C:\WINDOWS\system32\WebIQEngineSetup.exe u
Wedding Dash (remove only) --> "C:\Program Files\Wedding Dash\Uninstall.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wireless USB Card --> C:\Program Files\InstallShield Installation Information\{9E3AC895-92F3-4176-92A9-4C3A04A21B28}\setup.exe deinst -removeonly
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Zoo Tycoon 2 --> "C:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTAL.EXE" /runtemp /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type65861 / Error
Event Submitted/Written: 05/03/2008 06:29:47 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module unknown, version 0.0.0.0, fault address 0x001cb17a.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type65856 / Error
Event Submitted/Written: 05/03/2008 00:02:02 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module unknown, version 0.0.0.0, fault address 0x001cc7c0.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type65764 / Error
Event Submitted/Written: 04/29/2008 08:47:52 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application yop.exe, version 2007.6.26.2, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.
Processing media-specific event for [yop.exe!ws!]

Event Record #/Type65604 / Error
Event Submitted/Written: 04/25/2008 02:28:51 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type65597 / Error
Event Submitted/Written: 04/25/2008 08:24:10 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module unknown, version 0.0.0.0, fault address 0x0490b84d.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type103317 / Error
Event Submitted/Written: 05/04/2008 03:46:06 PM / 05/04/2008 03:46:07 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Beep

Event Record #/Type103310 / Warning
Event Submitted/Written: 05/04/2008 03:19:35 PM
Event ID/Source: 31240 / Windows File Protection
Event Description:
The protected system file c:\windows\system32\drivers\beep.sys could not be verified as valid because Windows
File Protection is terminating.
Use the SFC utility to verify the integrity of the file at a later time.

Event Record #/Type103218 / Warning
Event Submitted/Written: 05/01/2008 10:31:32 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type103199 / Warning
Event Submitted/Written: 04/30/2008 09:52:06 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type103163 / Warning
Event Submitted/Written: 04/29/2008 09:06:33 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-05-04 16:21:31 ------------

also here is my Kaspersky log:
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 04, 2008 9:56:18 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/05/2008
Kaspersky Anti-Virus database records: 740017


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 317232
Number of viruses found 29
Number of infected objects 52
Number of suspicious objects 9
Duration of the scan process 03:13:11

Infected Object Name Virus Name Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\Dawn\LOCALS~1\Temp\syswcc32.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.423 skipped

C:\Deckard\System Scanner\backup\DOCUME~1\Dawn\LOCALS~1\Temp\syswcc32.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Deckard\System Scanner\backup\DOCUME~1\Dawn\LOCALS~1\Temp\syswcc32.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Deckard\System Scanner\backup\DOCUME~1\Dawn\LOCALS~1\Temp\syswcc32.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Deckard\System Scanner\backup\DOCUME~1\Dawn\LOCALS~1\Temp\syswcc32.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Deckard\System Scanner\backup\DOCUME~1\Dawn\LOCALS~1\Temp\syswcc32.exe RarSFX: infected - 5 skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\482755b0870c2b6ca18bd22f5499552a_0b32d61c-5297-4a0d-bb47-b8e0de60ad6e Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4e2b5febbafec1e20240010f5c3bdfeb_0b32d61c-5297-4a0d-bb47-b8e0de60ad6e Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bef0e9808b6a137b6847a3081b812f81_0b32d61c-5297-4a0d-bb47-b8e0de60ad6e Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\df8a276c7e50c46ad42316a86da427f0_0b32d61c-5297-4a0d-bb47-b8e0de60ad6e Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy2.zip/msexreg.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy2.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy5.zip/trkgif.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy5.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip/Yazzle1552OinUninstaller.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-05-04_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\2FC665A0.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\8D38D349.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped

C:\Documents and Settings\Dawn\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Dawn\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Dawn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Dawn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Dawn\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Dawn\Local Settings\History\History.IE5\MSHist012008050420080505\index.dat Object is locked skipped

C:\Documents and Settings\Dawn\Local Settings\Temp\Perflib_Perfdata_a70.dat Object is locked skipped

C:\Documents and Settings\Dawn\Local Settings\Temp\~DF2EB6.tmp Object is locked skipped

C:\Documents and Settings\Dawn\Local Settings\Temporary Internet Files\Content.IE5\5N110JXC\css4[1] Infected: Trojan.Win32.Monder.gen skipped

C:\Documents and Settings\Dawn\Local Settings\Temporary Internet Files\Content.IE5\7N2YDH1V\syswcc32[1].exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.423 skipped

C:\Documents and Settings\Dawn\Local Settings\Temporary Internet Files\Content.IE5\7N2YDH1V\syswcc32[1].exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Dawn\Local Settings\Temporary Internet Files\Content.IE5\7N2YDH1V\syswcc32[1].exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Dawn\Local Settings\Temporary Internet Files\Content.IE5\7N2YDH1V\syswcc32[1].exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Dawn\Local Settings\Temporary Internet Files\Content.IE5\7N2YDH1V\syswcc32[1].exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Dawn\Local Settings\Temporary Internet Files\Content.IE5\7N2YDH1V\syswcc32[1].exe RarSFX: infected - 5 skipped

C:\Documents and Settings\Dawn\Local Settings\Temporary Internet Files\Content.IE5\812C6SBG\68_180_219_129[1] Object is locked skipped

C:\Documents and Settings\Dawn\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Dawn\Local Settings\Temporary Internet Files\Content.IE5\WC6D5ZLU\68_180_219_134[1] Object is locked skipped

C:\Documents and Settings\Dawn\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Dawn\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Dawn\Shared\06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Dawn\Shared\07 Track 7.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Dawn\Shared\call from god.wm Infected: Trojan-Downloader.WMA.Wimad.m skipped

C:\Documents and Settings\Dawn\Shared\thats what frinds are for.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\My Games\Alice Greenfingers\AliceGreenfingers.exe Suspicious: Type_Win32 skipped

C:\My Games\Jane's Hotel\Jane's Hotel.exe Suspicious: Type_Win32 skipped

C:\My Games\SpongeBob SquarePants Collapse!\sbc.exe Suspicious: Type_Win32 skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Hot Dish\jwfcplg.exe Infected: Net-Worm.Win32.Kolabc.er skipped

C:\Program Files\Symantec\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Symantec\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Symantec\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Program Files\webHancer\Programs\webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Program Files\webHancer\Programs\whagent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.423 skipped

C:\Program Files\webHancer\Programs\whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Program Files\webHancer\Programs\whinstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{B62C377D-015B-4860-A5B6-2180131C522E}\RP1021\A0325300.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped

C:\System Volume Information\_restore{B62C377D-015B-4860-A5B6-2180131C522E}\RP1021\A0325301.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped

C:\System Volume Information\_restore{B62C377D-015B-4860-A5B6-2180131C522E}\RP1021\A0325302.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{B62C377D-015B-4860-A5B6-2180131C522E}\RP1021\A0325303.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped

C:\System Volume Information\_restore{B62C377D-015B-4860-A5B6-2180131C522E}\RP1021\A0325304.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{B62C377D-015B-4860-A5B6-2180131C522E}\RP1021\A0325305.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{B62C377D-015B-4860-A5B6-2180131C522E}\RP1021\A0325306.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{B62C377D-015B-4860-A5B6-2180131C522E}\RP1021\A0326300.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped

C:\System Volume Information\_restore{B62C377D-015B-4860-A5B6-2180131C522E}\RP1047\A0344759.exe Infected: Backdoor.Win32.Mex.s skipped

C:\System Volume Information\_restore{B62C377D-015B-4860-A5B6-2180131C522E}\RP1050\A0344832.sys Infected: Trojan-PSW.Win32.OnLineGames.abis skipped

C:\System Volume Information\_restore{B62C377D-015B-4860-A5B6-2180131C522E}\RP1050\A0344833.sys Infected: Trojan-PSW.Win32.OnLineGames.abis skipped

C:\System Volume Information\_restore{B62C377D-015B-4860-A5B6-2180131C522E}\RP1051\A0345860.dll Infected: Trojan-PSW.Win32.Agent.ahk skipped

C:\System Volume Information\_restore{B62C377D-015B-4860-A5B6-2180131C522E}\RP1052\A0347014.sys Infected: Trojan-PSW.Win32.Agent.ahl skipped

C:\System Volume Information\_restore{B62C377D-015B-4860-A5B6-2180131C522E}\RP1052\A0347025.dll Infected: Trojan-PSW.Win32.OnLineGames.aayo skipped

C:\System Volume Information\_restore{B62C377D-015B-4860-A5B6-2180131C522E}\RP1053\A0347051.dll Infected: Trojan-PSW.Win32.OnLineGames.abne skipped

C:\System Volume Information\_restore{B62C377D-015B-4860-A5B6-2180131C522E}\RP1063\change.log Object is locked skipped

C:\System Volume Information\_restore{B62C377D-015B-4860-A5B6-2180131C522E}\RP998\A0312333.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.k skipped

C:\System Volume Information\_restore{B62C377D-015B-4860-A5B6-2180131C522E}\RP998\A0312334.rbf Infected: not-a-virus:FraudTool.Win32.AntiSpywareBot.l skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\default.htm Infected: not-virus:Hoax.HTML.Secureinvites.b skipped

C:\WINDOWS\Fonts\micross11.ttf Infected: Trojan.Win32.Agent.kmo skipped

C:\WINDOWS\Fonts\micross12.ttf Infected: Trojan.Win32.Agent.kmo skipped

C:\WINDOWS\Fonts\micross15.ttf Infected: Trojan.Win32.Agent.kmo skipped

C:\WINDOWS\Fonts\micross4.ttf Infected: Trojan-PSW.Win32.OnLineGames.zjk skipped

C:\WINDOWS\Fonts\micross6.ttf Infected: Trojan-PSW.Win32.OnLineGames.abiu skipped

C:\WINDOWS\Fonts\micross8.ttf Infected: Trojan.Win32.Agent.kmo skipped

C:\WINDOWS\Fonts\micross9.ttf Infected: Trojan.Win32.Agent.kmo skipped

C:\WINDOWS\lfn.exe Infected: not-virus:Hoax.Win32.Renos.ccc skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{94006A94-9FBB-4A46-A923-F0964879AA0D}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\awtrRKBr.dll Infected: Trojan.Win32.Monder.gen skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\beep.sys Infected: Rootkit.Win32.Agent.aii skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\qoMffDwu.dll Infected: Trojan.Win32.Monder.gen skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wmsdkns.exe Infected: not-virus:Hoax.Win32.Renos.ccc skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Edited by QueenDawm1, 04 May 2008 - 09:03 PM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:27 AM

Posted 09 May 2008 - 09:31 PM

Hello QueenDawm1,

This computer is really infected so we will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


You need to disable your Symnatec/Norton Antivirus before running ComboFix, as it will prevent it from running.

To disable Norton Antivirus:
Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
  • right-click it -> chose "Disable Auto-Protect."
  • select a duration of 5 hours (this assures no interference with the cleanup of your pc)
  • click "Ok."
  • a popup will warn that protection will now be disabled and the sign will now look like this: Posted Image
You succesfully disabled the Norton Antivirus Guard.


Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop.

When following the instructions please install the Windows XP Recovery Console if you are using XP. <== IMPORTANT It is a simple procedure that will only take a few moments of your time.


You DO NOT need to have the Windows CD to install Recovery Console!

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.


We need Recovery Console because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged.
Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Disconnect from the Internet.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:27 AM

Posted 15 May 2008 - 04:17 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users