Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Or Winfixer


  • This topic is locked This topic is locked
10 replies to this topic

#1 flynskyhigh

flynskyhigh

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 30 May 2008 - 02:43 AM

MAIN.txt file from scan results

Deckard's System Scanner v20071014.68
Run by Wbfranks on 2008-05-30 00:04:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-05-30 07:05:01 UTC - RP526 - Deckard's System Scanner Restore Point
3: 2008-05-29 09:07:05 UTC - RP525 - System Checkpoint
2: 2008-05-28 08:35:44 UTC - RP524 - Software Distribution Service 3.0
1: 2008-05-28 04:25:58 UTC - RP523 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 82% (more than 75%).
System Drive C: has 0.85 GiB (less than 15%) free.


-- HijackThis (run as Wbfranks.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:37 AM, on 5/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\SpamBlockerUtility\SBTV\SBTV.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbSrv.exe
C:\Documents and Settings\Wbfranks\Desktop\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\Wbfranks.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) - {DE09D68E-0488-4DF0-BD46-5BF35F2D1F2A} - C:\WINDOWS\DOWNLO~1\COPERN~1.DLL (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - C:\WINDOWS\system32\nnnnMEvv.dll
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107D98AE75760EA83FA5EF80752B94E2DB795B78412D3DC1 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\spamblockerutility\sbtv\sbtvhelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ArsPlugin Class - {DABE0C57-5B57-4E2D-837A-08F290F7458E} - C:\Program Files\GSR\arsplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.computergeeks.com
O15 - Trusted Zone: http://www.uproar.com
O16 - DPF: Copernic Meta -
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/share...GamesLoader.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {25336921-03F9-11CF-8FD0-00AA00686F13} (Microsoft HTML Document 6.0) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v57/bjattack/bja.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127367670089
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://clubgames.pogo.com/online2/pogop/ma...mesLauncher.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://pogoclub.oberon-media.com/online2/p...mjolauncher.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - http://clubgames.pogo.com/online2/pogop/ma...mesLauncher.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/cda/islandr...uncherSetup.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...nce/install.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v40/hangman/hangman.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/famil.../familyfeud.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/pogop/zu...aploader_v5.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://lakepalace.microgaming.com/lakepalace/FlashAX2.cab
O18 - Protocol: copernicmeta - {9B46B30C-CB70-4551-9806-3238CC816A55} - C:\WINDOWS\DOWNLO~1\COPERN~1.DLL (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: nnnnMEvv - C:\WINDOWS\SYSTEM32\nnnnMEvv.dll
O20 - Winlogon Notify: __c00D9089 - C:\WINDOWS\system32\__c00D9089.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 13899 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.js - jsfile - DefaultIcon - unable to read value
.js - jsfile - shell\open\command - unable to read value
.scr - unable to read key
.vbs - vbsfile - DefaultIcon - unable to read value
.vbs - vbsfile - shell\open\command - unable to read value
.vbs - vbsfile - shell\edit\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>

S2 ALIEHCD (ALi PCI to USB Enhanced Host Controller) - c:\windows\system32\drivers\aliehci.sys <Not Verified; ALi Corporation; ALi Ehci Host Controller Driver>
S3 aliroothub (USB 2.0 Root Hub) - c:\windows\system32\drivers\alirthub.sys <Not Verified; ALi Corporation; ALi Roothub Driver for USB2.0>
S3 AMDPCI - c:\docume~1\wbfranks\locals~1\temp\amdpci.sys (file missing)
S3 DzlUsb (Dazzle DVC USB Device) - c:\windows\system32\drivers\dzlusb.sys <Not Verified; Dazzle Multimedia, Inc.; Dazzle DVC>
S3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
S3 razerusb - c:\windows\system32\drivers\razerusb.sys <Not Verified; Razer Inc.; Razer USB Mouse Driver>
S3 SCDELUXES (SiPix StyleCam Deluxe (still)) - c:\windows\system32\drivers\se402sc.sys (file missing)
S3 SCDELUXEV (SiPix StyleCam Deluxe (video)) - c:\windows\system32\drivers\se402vc.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Logitech-compatible Mouse PS/2
Device ID: ACPI\PNP0F13\4&2EEFE43E&0
Manufacturer: Logitech
Name: Logitech-compatible Mouse PS/2
PNP Device ID: ACPI\PNP0F13\4&2EEFE43E&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-05-29 19:13:03 444 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job


-- Files created between 2008-04-30 and 2008-05-30 -----------------------------

2008-05-29 23:22:52 370176 --a------ C:\WINDOWS\system32\rqRJCSKE.dll
2008-05-29 23:22:52 370176 --a------ C:\WINDOWS\system32\pmnkIXNg.dll
2008-05-29 23:22:51 370176 --a------ C:\WINDOWS\system32\pmnkIAqR.dll
2008-05-29 23:22:51 370176 --a------ C:\WINDOWS\system32\iifdaaYP.dll
2008-05-29 23:22:51 370176 --a------ C:\WINDOWS\system32\hgGwVLBT.dll
2008-05-29 23:22:02 370176 --a------ C:\WINDOWS\system32\hgGvtQJA.dll
2008-05-29 23:02:58 0 d-------- C:\VundoFix Backups
2008-05-29 14:39:35 55 --a------ C:\xcrashdump.dat
2008-05-29 01:31:35 59904 --a------ C:\WINDOWS\system32\nnnnMEvv.dll
2008-05-29 01:31:28 27136 --a------ C:\WINDOWS\system32\__c00D9089.dat
2008-05-29 01:31:27 42496 --a------ C:\WINDOWS\system32\~.exe
2008-05-27 20:55:14 0 d-------- C:\WINDOWS\Prefetch
2008-05-27 20:30:32 0 d-------- C:\WINDOWS\system32\scripting
2008-05-27 20:30:21 0 d-------- C:\WINDOWS\l2schemas
2008-05-27 20:30:20 0 d-------- C:\WINDOWS\system32\en
2008-05-27 18:14:41 0 d-------- C:\Program Files\Free Download Manager
2008-05-27 18:14:41 0 d-------- C:\Documents and Settings\Wbfranks\Application Data\Free Download Manager
2008-05-27 18:14:38 0 d-------- C:\Program Files\FunWebProducts
2008-05-27 18:14:37 0 d-------- C:\Documents and Settings\Wbfranks\Application Data\FunWebProducts
2008-05-27 18:14:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-27 18:14:34 0 d-------- C:\Program Files\MyWebSearch
2008-05-27 18:14:34 0 d-------- C:\Program Files\Freeze.com Toolbar
2008-05-26 03:48:02 2551 --a------ C:\WINDOWS\unins000.dat
2008-05-09 00:14:33 0 d-------- C:\Documents and Settings\Wbfranks\Application Data\Ludia


-- Find3M Report ---------------------------------------------------------------

2008-05-27 20:47:49 0 d-------- C:\Program Files\Oberon Media
2008-05-27 20:45:21 0 d-------- C:\Program Files\DreamRender
2008-05-27 20:31:32 0 d-------- C:\Program Files\Messenger
2008-05-27 20:30:17 0 d-------- C:\Program Files\Movie Maker
2008-05-27 20:22:23 0 d-------- C:\Program Files\Windows NT
2008-05-27 19:01:26 0 d-------- C:\Documents and Settings\Wbfranks\Application Data\SpamBlockerUtility
2008-05-27 18:15:38 0 d-------- C:\Program Files\CamelCasino
2008-05-27 18:15:26 0 d-------- C:\Program Files\Hog Heaven Buddy Pogo
2008-05-27 18:14:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 18:02:24 0 d-------- C:\Program Files\DivX
2008-05-09 23:44:59 0 d-------- C:\Program Files\Yahoo!
2008-05-09 00:32:34 0 d-------- C:\Program Files\Avery Wizard 3.1
2008-04-29 13:41:09 0 d-------- C:\Documents and Settings\Wbfranks\Application Data\Pogo Games
2008-04-25 03:09:43 0 d-------- C:\Documents and Settings\Wbfranks\Application Data\InstallShield
2008-04-24 17:38:31 0 d-------- C:\Documents and Settings\Wbfranks\Application Data\AVG7
2008-04-15 17:35:48 0 d-------- C:\Documents and Settings\Wbfranks\Application Data\Adobe
2008-04-15 17:21:51 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-15 17:19:08 0 d-------- C:\Documents and Settings\Wbfranks\Application Data\AdobeUM
2008-04-15 17:18:34 0 d-------- C:\Program Files\Adobe Media Player
2008-04-15 17:18:11 0 d-------- C:\Program Files\Common Files
2008-04-15 17:18:11 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-04-11 14:44:07 0 d-------- C:\Documents and Settings\Wbfranks\Application Data\StumbleUpon
2008-04-05 05:32:29 0 d-------- C:\Program Files\Palm
2008-04-03 12:41:29 0 d-------- C:\Program Files\Google
2008-04-03 12:19:42 0 d-------- C:\Program Files\Coupons


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32341E7E-C319-46DE-91D0-E30BB1A3CABA}]
05/29/2008 01:31 AM 59904 --a------ C:\WINDOWS\system32\nnnnMEvv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B18DD50-C996-44fc-AC52-0FECFF82ED58}]
09/14/2006 03:57 AM 124568 --a------ c:\program files\spamblockerutility\sbtv\sbtvhelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74CC49F7-EB32-4A08-B204-948962A6E3DB}]
11/09/2006 07:07 AM 546440 --a------ C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{74CC49F7-EB32-4A08-B204-948962A6E3DB}"= C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll [11/09/2006 07:07 AM 546440]

[-HKEY_CLASSES_ROOT\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}]
[HKEY_CLASSES_ROOT\SbHostIE.Bho.1]
[HKEY_CLASSES_ROOT\TypeLib\{45397063-D7D0-47C2-9508-26487608A298}]
[HKEY_CLASSES_ROOT\SbHostIE.Bho]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe" [09/09/2003 09:12 PM]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 09:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/02/2004 11:03 AM]
"nwiz"="nwiz.exe" [08/02/2004 11:03 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [08/02/2004 11:03 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/17/2008 09:52 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [07/25/2007 04:02 PM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [07/25/2007 04:06 PM]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/12/2004 02:38 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 04:18 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 05:12 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=00000000
"NoSaveSettings"=00000000
"ClearRecentDocsOnExit"=00000000
"SpecifyDefaultButtons"=0 (0x0)
"Btn_Search"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{32341E7E-C319-46DE-91D0-E30BB1A3CABA}"= C:\WINDOWS\system32\nnnnMEvv.dll [05/29/2008 01:31 AM 59904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnMEvv]
nnnnMEvv.dll 05/29/2008 01:31 AM 59904 C:\WINDOWS\system32\nnnnMEvv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00D9089]
C:\WINDOWS\system32\__c00D9089.dat 05/29/2008 01:31 AM 27136 C:\WINDOWS\system32\__c00D9089.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check]
D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Launcher]
C:\Program Files\Creative\Launcher\CTLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
"C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\razertra]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Themes"=2 (0x2)
"cisvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 http://desktop.kazaa.com/us/kmdstart.htm?c...kmd&ver=260
127.0.0.1 http://www.kazanon.com/
127.0.0.1 sitefinder.Verisign.com # Verisign has joined the game
127.0.0.1 sitefinder-idn.Verisign.com # of trying to hijack mistyped
127.0.0.1 # URLs to their site.
127.0.0.1 #up CSS on livejournal
127.0.0.1 # problems with NPR.org
127.0.0.1 06272002-dbase.hitcountz.net # Web bugs in spam
127.0.0.1 adlog.com.com # Used by Ziff Davis to serve
127.0.0.1 best-search.cc #spyware

84 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-30 00:16:28 ------------

Extra.txt log file from scan

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ Processor
Percentage of Memory in Use: 83%
Physical Memory (total/avail): 767.55 MiB / 129.98 MiB
Pagefile Memory (total/avail): 3026.21 MiB / 2424.6 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1886.99 MiB

C: is Fixed (NTFS) - 14.65 GiB total, 0.85 GiB free.
D: is Fixed (NTFS) - 42.59 GiB total, 16.78 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 96147H6 - 57.25 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 14.65 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 42.59 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Wbfranks\Application Data
ASLOGDIR=D:\Program Files\Intuit\QuickBooks 2006\
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HARRYBALLZACK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Wbfranks
LOGONSERVER=\\HARRYBALLZACK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;;D:\PROGRA~1\MOVIES~1\BIN;C:\PROGRA~1\COMMON~1\AUTODE~1
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 4 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0402
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Wbfranks\LOCALS~1\Temp
TMP=C:\DOCUME~1\Wbfranks\LOCALS~1\Temp
USERDOMAIN=HARRYBALLZACK
USERNAME=Wbfranks
USERPROFILE=C:\Documents and Settings\Wbfranks
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Wbfranks (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Launcher\Launcher.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\PlayCenter\Player.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Recorder\Recorder.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Keytar\Keytar.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Midi.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Rhythmania\Rhythm.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SoundFont.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Wstudio.isu"
--> C:\WINDOWS\st6unst.exe -n "C:\Program Files\AAForwardObserver\ST6UNST.000"
--> MsiExec.exe /I{688A3383-3CE7-4094-9188-9C39D1E4FCB6}
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> MsiExec.exe /X{1AFDB2AB-DF91-47B8-8A9C-A6E4BBAD562B}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ivx D4 4.5 (remove only) --> "C:\Program Files\3ivx\3ivx D4 4.5\uninstall.exe"
7 Sultans Online Casino --> C:\PROGRA~1\7sultans\UNWISE.EXE C:\PROGRA~1\7sultans\INSTALL.LOG
AAC Parser (remove only) --> "C:\Program Files\AAC Parser\uninstall.exe"
AAForwardObserver --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\AAForwardObserver\ST6UNST.LOG"
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
AccessDiver v4.130 --> "D:\Program Files\Accessdiver\unins000.exe"
ACE Mega CoDecS Pack - ProXP --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{F8EAF733-396C-4974-BDCC-F43FC7361E3B}
AcroChallenge 2.86 --> MsiExec.exe /X{FA3D29BC-9440-4CB4-993D-189543036C1E}
Acrophobia --> C:\WINDOWS\system32\javaws.exe -uninstall "http://garden1.gamegardens.com/gardens/game_25.jnlp"
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.amp 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Adobe Media Player --> MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe MPEG Encoder --> MsiExec.exe /I{9811A185-3D3D-11D6-9E14-00036D172B00}
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advanced RealMedia Export Plug-in for Premiere 6.0 --> C:\Program Files\Adobe\Premiere 6.5\Plug-ins\RNCompiler\rnuninst.exe RealNetworks|RNCompiler|6.0
Ahead Nero Burning ROM --> D:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Alambik Viewer version 1.50 --> "C:\Program Files\Alambik\Alambik Viewer\unins000.exe"
ALi USB2.0 Driver --> C:\WINDOWS\System32\UnUSB20.EXE RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}\Setup.exe" -uninst
Amara - Flash Intro and Banner Builder --> "C:\Program Files\Amara - Flash Intro and Banner Builder\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcadeRockstar --> C:\Program Files\ArcadeRockstar\arsu.exe
ArcSoft Camera Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD708DF0-9F04-4CB3-821A-85804A833B4D}\setup.exe" -l0x9 -uninst
Audacity 1.2.2 --> "D:\Program Files\Audacity\unins000.exe"
Avery Wizard 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{EB7A2041-6A16-4BAC-8079-43B985673C2C}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVIcodec (remove only) --> "D:\Program Files\AVIcodec\uninst.exe"
Ballistik --> "C:\Program Files\Oberon Media\Ballistik\Uninstall.exe" "C:\Program Files\Oberon Media\Ballistik\install.log"
Belltech Greeting Card Designer 4.6 --> "C:\Program Files\Belltech Greeting Card Designer\unins000.exe"
Blackjack Ballroom Casino --> C:\PROGRA~1\BJBALL~1\UNWISE.EXE C:\PROGRA~1\BJBALL~1\INSTALL.LOG
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Bounce Out --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDEC8492-94F7-43E3-8C7C-29CA97B3CE95}\Setup.exe"
CamelCasino --> C:\Program Files\CamelCasino\uninstall.exe
Canon Camera Window for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{570B96D1-70D3-4B48-93EF-029440FA1BCE}
Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B8CD1189-53D6-4C51-8082-14B812EABBA8}
Canon PhotoRecord --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities FileViewerUtility 1.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0627E8E9-6822-4A5E-9225-286741CDC3E4}
Canon Utilities PhotoStitch 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}
Canon Utilities RemoteCapture 2.6 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CD Audio Reader Filter (remove only) --> "D:\Program Files\Zoom Player\CD Audio Reader Filter\uninstall.exe"
CDXA Image Reader Filter (SVCD/XCD) (remove only) --> "D:\Program Files\Zoom Player\CDXA Image Reader Filter (SVCDXCD)\uninstall.exe"
Copernic Meta --> RunDll32.exe C:\WINDOWS\DOWNLO~1\COPERN~1.DLL,UninstallDll
Core AAC Decoder (remove only) --> "C:\Program Files\Core AAC Decoder\uninstall.exe"
CoreFLAC Audio Decoder+Source Filter (remove only) --> "C:\WINDOWS\System32\CoreFLACDecoder-uninstall.exe"
CoreVorbis Audio Decoder (remove only) --> "C:\WINDOWS\System32\CoreVorbis-uninstall.exe"
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Cox Online Support Controls --> "C:\Program Files\Support.com\unins000.exe"
Desktop Weather by The Weather Channel --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\System32\OggDSuninst.exe"
DirectVobSub (remove only) --> "D:\Program Files\Zoom Player\DirectVobSub\uninstall.exe"
DivX 5.0.2 Bundle --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DreamStation DXi --> C:\WINDOWS\DSDXIRMV.EXE D:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI
EnglishHarbourCasino --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3F1BAF0-ABA2-11D5-B8F7-00010323AB2C}\Setup.exe" -l0x9
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Eye Candy 4000 --> D:\PROGRA~1\plug-ins\EYECAN~1\UNWISE.EXE D:\PROGRA~1\plug-ins\EYECAN~1\INSTALL.LOG
Eyetide Viewer --> C:\PROGRA~1\EYETID~1\EYETID~1\UNWISE.EXE C:\PROGRA~1\EYETID~1\EYETID~1\INSTALL.LOG
EZ-DJ Plus --> C:\WINDOWS\unvise32.exe D:\Program Files\Simple Star\EZ-DJ Plus\data\uninstal.log
Free Download Manager 1.9 - Free Downloads Center Edition --> "C:\Program Files\Free Download Manager\unins000.exe"
FrostWire 4.13.5 --> C:\Program Files\FrostWire\Uninstall.exe
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Garfield 25th Anniversary Screen Saver --> C:\WINDOWS\Garfield 25th Anniversary.scr /u
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
GoldenCasino --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1598CA82-4FA7-415B-8EF8-DC1720B2F243}\Setup.exe" -l0x9 -uninst
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GreatSearchResults --> C:\Program Files\GSR\gsru.exe
Greenback Bayou Screen Saver #1 --> C:\WINDOWS\Greenback Bayou Screen Saver #1.scr /u
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HotPepperCasino --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{60066906-D484-4DDE-973D-B5D22E4DB41C}\Setup.exe" -l0x9 -uninst
HP Driver Diagnostics --> MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
HP Image Zone 4.2 --> D:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2 --> "D:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment Standard Edition v1.3.1_02 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_02\Uninst.isu"
Java 2 Runtime Environment, SE v1.4.1_03 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4B03AEB-33D3-11D7-9D37-00010240CE95}\setup.exe" Anytext
Java 2 Runtime Environment, SE v1.4.1_06 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B2F032F-CC54-11D7-9D67-00010240CE95}\setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Jigsaw 365 --> "C:\Program Files\Oberon Media\Jigsaw 365\Uninstall.exe" "C:\Program Files\Oberon Media\Jigsaw 365\install.log"
Karu --> "C:\Program Files\Oberon Media\Karu\Uninstall.exe" "C:\Program Files\Oberon Media\Karu\install.log"
LeechFTP --> C:\WINDOWS\eraser.exe KILL "D:\Program Files\LeechFTP\uninstall.uif"
Light Alloy 2.4 --> C:\WINDOWS\muninst.exe "Light Alloy 2.4"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Logitech QuickCam --> MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
Logitech® Camera Driver --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Love-Free-Games Quick 21 --> "C:\Program Files\Love-Free-Games\Quick_21\uninstall.exe"
Macromedia Flash 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C93C363-414E-11D4-9756-00C04F8EEB39}\Setup.exe" UNINSTALL
Matroska (remove only) --> "D:\Program Files\Zoom Player\Matroska\uninstall.exe"
Microangelo 5.5 --> C:\WINDOWS\IsUninst.exe -f"D:\Program Files\Microangelo\m5uninst.isu"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Millionaire Casino --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A7D56D2-480E-11D6-B9D2-00010323AB2C}\Setup.exe" -l0x9 -uninst
mIRC --> "D:\Program Files\mIRC\mirc.exe" -uninstall
Monkey Audio Source Filter (remove only) --> "D:\Program Files\Zoom Player\Monkey Audio Source Filter\uninstall.exe"
Mozilla Firefox (1.5) --> D:\firefox\uninstall\uninstall.exe /ua "1.5 (en-US)"
Mpeg Layer3 Codec FHG-Radium v1.263 --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\codec\INSTALL.LOG
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Native Instruments Absynth 2 --> D:\PROGRA~1\NATIVE~1\ABSYNT~1\UNWISE.EXE D:\PROGRA~1\NATIVE~1\ABSYNT~1\INSTALL.LOG
Native Instruments FM7 --> D:\PROGRA~1\NATIVE~1\Fm7\UNWISE.EXE D:\PROGRA~1\NATIVE~1\Fm7\INSTALL.LOG
Native Instruments Traktor DJ Studio 2 --> D:\PROGRA~1\NATIVE~1\TRAKTO~1\UNWISE.EXE D:\PROGRA~1\NATIVE~1\TRAKTO~1\INSTALL.LOG
New Dominoes 2.0 --> "C:\Program Files\New Dominoes 2.0\unins000.exe"
Nimo Codecs Pack v5.0 (Remove Only) --> "D:\Program Files\NimoCodec Pack\uninstall.exe"
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenSource AVI Splitter (remove only) --> "D:\Program Files\Zoom Player\OpenSource AVI Splitter\uninstall.exe"
OpenSource OGG Splitter (remove only) --> "C:\Program Files\OpenSource OGG Splitter\uninstall.exe"
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
P.I.M. II Plug-In --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{735D7AC9-BC7B-4491-9D06-7F4642849E7C}\Setup.exe" -l0x9 anything
P.I.M. Plug-In for Photoshop --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{035D095B-4DDD-4DC5-9A74-F1898319F070}\Setup.exe" -l0x9 anything
Palm Desktop --> MsiExec.exe /X{870842F7-18BB-479D-A7B1-FE17E81AFF1A}
PaperPort 9.0 --> MsiExec.exe /I{FDCE9C15-EB45-11D5-89C7-0050DA162A25}
Platinum Play Online Casino --> C:\PROGRA~1\PLATIN~1\UNWISE.EXE C:\PROGRA~1\PLATIN~1\INSTALL.LOG
Quake III Team Arena --> C:\WINDOWS\IsUninst.exe -f"D:\Program Files\Quake III Arena\Q3TA.isu"
QuickBooks Premier Edition 2006 --> msiexec.exe /I {688A3383-3CE7-4094-9188-9C39D1E4FCB6} UNIQUE_NAME="superpro" QBFULLNAME="QuickBooks Premier Edition 2006" ADDREMOVE=1
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RadLight MPC DirectShow Filter (remove only) --> "C:\WINDOWS\System32\RadLightMPCUninstall.exe"
RadLight OptimFROG DirectShow Filter (remove only) --> "C:\WINDOWS\system32\RadLightOFRUninstall.exe"
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealMedia (remove only) --> "D:\Program Files\Zoom Player\RealMedia\uninstall.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ReBirth RB-338 2.0 --> D:\PROGRA~1\rebirth2\UNWISE.EXE D:\PROGRA~1\rebirth2\INSTALL.LOG
Remove DivX Codec --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Codec\UninstalDivXCodec.log
rgcAudio Pentagon I VSTi v1.0 --> "D:\Program Files\FruityLoops 3.56\Plugins\VST\Vstplugins\unins000.exe"
Royal Vegas Online Casino --> C:\PROGRA~1\ROYALV~1\UNWISE.EXE C:\PROGRA~1\ROYALV~1\INSTALL.LOG
Secure Delivery --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\kdx\kdx.inf,DefaultUninstall,5
servers.urbanterror.net Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C965E5A7-CDC7-40A1-A477-F9682B919FC1}\Setup.exe" -l0x9 UNINSTALL
Shizmoo Web Games (Uproar) --> C:\Program Files\shizmoo\uproar_webgames\uninstall.exe
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SHOUTcast Source (remove only) --> "D:\Program Files\Zoom Player\SHOUTcast Source\uninstall.exe"
Sound Blaster Live! --> C:\Program Files\Creative\SBLive\PROGRAM\CTUNINST.EXE
Sound Blaster Live! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x9
Sound Blaster Live! Web 2K/XP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A7B28CF-6BE3-11D6-A285-00A0CC51B2FE}\Setup.exe" -l0x9
SpamBlockerUtility Browser and Wowpapers Tools --> "C:\Program Files\SpamBlockerUtility\Bin\SbUninst.exe" Web
SpeechRedist --> MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Spinword --> "C:\Program Files\Oberon Media\Spinword\Uninstall.exe" "C:\Program Files\Oberon Media\Spinword\install.log"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SYFi - iJenAPE (remove only) --> "D:\Program Files\winamp\5.0\Plugins\Plugins\avs\iJenAPE_remove.exe"
TaxCut Basic 2006 --> C:\PROGRA~1\TaxCut06\Program\removetc.exe
Thomas Bros. Street Guide Digital Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{085FE193-B676-11D4-82BC-00A0C993905F}\setup.exe" -l0x9 AnyText
Tight Backgrounds --> "C:\PROGRA~1\Freeze.com\Tight Backgrounds\UNINSTAL.EXE"
Tri-Peaks Solitaire To Go --> "C:\Program Files\Oberon Media\Tri-Peaks Solitaire To Go\Uninstall.exe" "C:\Program Files\Oberon Media\Tri-Peaks Solitaire To Go\install.log"
TrueCast Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7D562610-430F-40C8-AA78-0D735B3C278A}\Setup.exe" -l0x9
Unreal Tournament 2004 --> D:\Unreal\UT2004\System\Setup.exe uninstall "UT2004"
VP6 VFW Codec --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52A8B9C6-4F6E-41EF-BE78-0D4BC512BCA9}\Setup.exe" -l0x9
Weather Services --> C:\WINDOWS\system32\control.exe C:\WINDOWS\system32\wxfw.cpl,4
WinAce Archiver 2.0 --> D:\Program Files\WinAce\SXUNINST.EXE D:\Program Files\WinAce\SXUNINST.INI
Winamp (remove only) --> "D:\Program Files\Winamp\5.0\UninstWA.exe"
WinAMP on TV (remove only) --> "D:\Program Files\WinAMPonTV\uninstall.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Winferno Registry Power Cleaner --> "C:\Program Files\Winferno\RegistryPowerCleaner\unins000.exe"
WinMX --> D:\Program Files\WinMX\uninstall.exe
WinPatrol --> C:\WINDOWS\uninst.exe -f"C:\Program Files\BillP Studios\WinPatrol\DeIsL1.isu" -c"C:\Program Files\BillP Studios\WinPatrol\_ISREG32.DLL"
WinRAR archiver --> D:\Program Files\uninstall.exe
WinZip --> "D:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xfire (remove only) --> "D:\Program Files\Xfire\uninst.exe"
XVID Decoder (remove only) --> "D:\Program Files\Zoom Player\XVID Decoder\uninstall.exe"
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zoom Player (remove only) --> "C:\Program Files\Zoom Player\uninstall.exe"
Zuma Deluxe --> "C:\Program Files\Oberon Media\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Zuma Deluxe\install.log"
Zuma Deluxe 1.0 --> C:\Program Files\Yahoo! Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\Yahoo! Games\Zuma Deluxe\Install.log"


-- Application Event Log -------------------------------------------------------

Event Record #/Type30901 / Error
Event Submitted/Written: 05/29/2008 11:25:31 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-05-30 06:25:31,843 HARRYBALLZACK [002576:002216] ERROR 000 AVG7.KRNL.ACT File C:\WINDOWS\system32\hgGvtQJA.dll could not be unplaned from CleanDrv removal, error: 2

Event Record #/Type30900 / Error
Event Submitted/Written: 05/29/2008 11:25:22 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-05-30 06:25:22,780 HARRYBALLZACK [002576:002216] ERROR 000 AVG7.KRNL.ACT File C:\WINDOWS\system32\hgGwVLBT.dll could not be unplaned from CleanDrv removal, error: 2

Event Record #/Type30899 / Error
Event Submitted/Written: 05/29/2008 11:25:12 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-05-30 06:25:12,825 HARRYBALLZACK [002576:002216] ERROR 000 AVG7.KRNL.ACT File C:\WINDOWS\system32\iifdaaYP.dll could not be unplaned from CleanDrv removal, error: 2

Event Record #/Type30898 / Error
Event Submitted/Written: 05/29/2008 11:25:03 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-05-30 06:25:03,141 HARRYBALLZACK [002576:002216] ERROR 000 AVG7.KRNL.ACT File C:\WINDOWS\system32\pmnkIAqR.dll could not be unplaned from CleanDrv removal, error: 2

Event Record #/Type30897 / Error
Event Submitted/Written: 05/29/2008 11:24:52 PM
Event ID/Source: 100 / AVG7
Event Description:
2008-05-30 06:24:52,416 HARRYBALLZACK [002576:002216] ERROR 000 AVG7.KRNL.ACT File C:\WINDOWS\system32\rqRJCSKE.dll could not be unplaned from CleanDrv removal, error: 2



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type194371 / Warning
Event Submitted/Written: 05/29/2008 07:15:49 PM
Event ID/Source: 20192 / RemoteAccess
Event Description:
A certificate could not be found. Connections that use the L2TP protocol over IPSec
require the installation of a machine certificate, also known as a computer
certificate. No L2TP calls will be accepted.

Event Record #/Type194348 / Error
Event Submitted/Written: 05/29/2008 07:14:49 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
CTSYN

Event Record #/Type194346 / Error
Event Submitted/Written: 05/29/2008 07:14:49 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The DgiVecp service failed to start due to the following error:
%%2

Event Record #/Type194345 / Error
Event Submitted/Written: 05/29/2008 07:14:49 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ALi PCI to USB Enhanced Host Controller service failed to start due to the following error:
%%1058

Event Record #/Type194341 / Warning
Event Submitted/Written: 05/29/2008 11:17:35 AM
Event ID/Source: 20192 / RemoteAccess
Event Description:
A certificate could not be found. Connections that use the L2TP protocol over IPSec
require the installation of a machine certificate, also known as a computer
certificate. No L2TP calls will be accepted.



-- End of Deckard's System Scanner: finished at 2008-05-30 00:16:28 ------------

Thanks in advance for any help with my problem. I really appreciate you taking the time to look at my log files.

BC AdBot (Login to Remove)

 


m

#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:51 PM

Posted 30 May 2008 - 05:44 PM

Hello flynskyhigh :thumbsup: Welcome to the BC HijackThis Log and Analysis forum.. I will be assisting you and will need some time to look over your log.


Please advice me of any programs you have already ran to try and fix the problems you have encountered. I would also ask that you refrain from running any tools other than those we will ask you to while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 flynskyhigh

flynskyhigh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 30 May 2008 - 10:33 PM

Thanks for responding so quickly to my problem. The problem is actually on my girlfriends computer but that should not make a difference. Anyway, the only programs that were used so far is AVG 7.5 system scan which seems to have brought on this mess. One day later, which was yesterday, AVG kept popping up saying it found 6 viruses and when I moved them to the vault, my internet connection disconnected which may not be related. So then I did a google search for a program to heal the viruses and came across a site called "Artribune.org". On this site it said that I should run a program called "VundoFix.exe" to fix the problem. It was getting late last night and I was tired. I hope I didnt make matters worse by downloading a bogus program. Well that is it. Thanks Again!

#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:51 PM

Posted 31 May 2008 - 09:38 AM

Your welcome,

Vundofix by Atribune is a legit tool so don't worry about that. When you ran the program it should have produced a log located at C:\vundofix.txt. Please make a copy and paste it here.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 flynskyhigh

flynskyhigh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 31 May 2008 - 10:10 PM

The .txt file was very small and it said "starting system scan.........." "No infections found........."
While the scan was running, AVG would pop up warnings about a virus found every 2 minutes which included 6 different files found. I also had WinPatrol popping up every 30 seconds telling me that "nnnnMEvv.dll" was trying to be added to the system. I kept clicking No, but it somehow was still added.
Just a side note: I was looking at the log file and noticed a program called "SpamBlockerUtility" was installed. This seems a little suspicious to me.

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:51 PM

Posted 01 June 2008 - 01:39 PM

Hello again flynskyhigh :thumbsup:


You're correct concerning SpamBlocker, it's a rogue program. We will take care of it during the fix.



Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.





After completing please provide the log from MBAM as well as a new Deckard's System Scan log in your next reply.


Thanks,


thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 flynskyhigh

flynskyhigh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 02 June 2008 - 02:41 AM

Again, thanks for your continued support. I'm going to run the program and post the results tomorrow. I got home late this evening and need to get to bed......

Update: As I was posting this I looked at my girlfriends computer behind me and noticed it only found 138 infections. Is there a program out there that would do a better job? :thumbsup: j/k It is actually doing a pretty good job so far. I don't understand why Ad-Aware, Spybot Search and Destroy and AVG Free couldn't resolve this? Is it because they are all freeware software which only offers limited features?

#8 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:51 PM

Posted 10 June 2008 - 06:17 AM

Hello flynskyhigh,


I need to know if you still require help. If not we will have to close your thread.


Thanks,

thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#9 flynskyhigh

flynskyhigh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 10 June 2008 - 08:52 PM

I apologize for not posting the results. My girlfriends computer is working like a new machine now. Thank you very much for your prompt attention to my problem. BleepingComputer and thewall Kick @ss.

#10 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:51 PM

Posted 11 June 2008 - 03:57 PM

I'm glad to know your girlfriend's computer is running better. :thumbsup: I would advise posting another DSS log just so I can look over it and see if there is anything else that could be lurking on there. Of course that is up to you and if you are satisfied I will post some programs you can use which will help keep Malware off of the the machine.



Thanks,

thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#11 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:01:51 PM

Posted 15 June 2008 - 02:36 PM

For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.
Please also have a look at the following links, giving some advice and suggestions for preventing future infections: Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
I recommend you regularly visit the Windows Update Site , you where lagging behind on a few of them!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Another recommend, is to download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users