Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked Desktop


  • This topic is locked This topic is locked
6 replies to this topic

#1 smitty1263

smitty1263

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 04 June 2008 - 03:21 PM

Message on the desktop reads "Warning! Spyware detected on your computer! Install and antivirus or spyware remover to clean your computer"

I'm running Xp with sp2

Display properties are limited to Theme, Appearance, and Settings Tabs.

Went through the preparation steps. Have info ready.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1023.48 MiB / 559.11 MiB
Pagefile Memory (total/avail): 1746.31 MiB / 1328.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1940.48 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.53 GiB total, 14.9 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

.PHYSICALDRIVE0 - ST380817 AS SCSI Disk Device - 74.53 GiB - 1 partition
PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.


[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Documents and SettingsOwnerDesktopG4_Short-downloader.exe"="C:Documents and SettingsOwnerDesktopG4_Short-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesWorld of WarcraftWoW-1.5.0-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoW-1.5.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Documents and SettingsOwnerDesktopWoW-1.5.1-to-0.6.0-Test-enUS.exe"="C:Documents and SettingsOwnerDesktopWoW-1.5.1-to-0.6.0-Test-enUS.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesAIMaim.exe"="C:Program FilesAIMaim.exe:*:Enabled:AOL Instant Messenger"
"C:Documents and SettingsOwnerDesktopGhost_Gameplay2005-downloader.exe"="C:Documents and SettingsOwnerDesktopGhost_Gameplay2005-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Documents and SettingsOwnerDesktopE32004Ghost-downloader.exe"="C:Documents and SettingsOwnerDesktopE32004Ghost-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Documents and SettingsOwnerDesktopGhost_Multi-player2005-downloader.exe"="C:Documents and SettingsOwnerDesktopGhost_Multi-player2005-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesWorld of WarcraftWoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesWorld of WarcraftWoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Documents and SettingsOwnerDesktopWoW-2.6.1.4544-to-0.7.0-enUS-downloader.exe"="C:Documents and SettingsOwnerDesktopWoW-2.6.1.4544-to-0.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesGoogleGoogle Talkgoogletalk.exe"="C:Program FilesGoogleGoogle Talkgoogletalk.exe:*:Enabled:Google Talk"
"C:Program FileseMuleemule.exe"="C:Program FileseMuleemule.exe:*:Enabled:eMule"
"C:Documents and SettingsOwnerDesktopWoW-1.6.1.4544v2-to-0.7.0-enUS-downloader.exe"="C:Documents and SettingsOwnerDesktopWoW-1.6.1.4544v2-to-0.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Documents and SettingsOwnerDesktopWoW-3.6.1.4544v2-to-0.7.0-enUS-downloader.exe"="C:Documents and SettingsOwnerDesktopWoW-3.6.1.4544v2-to-0.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesWorld of WarcraftWoW-3.6.1.4544v2-to-0.7.0-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoW-3.6.1.4544v2-to-0.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesWorld of WarcraftWoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesWorld of WarcraftWoWTestWoW-0.7.0.4671-to-0.8.0-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoWTestWoW-0.7.0.4671-to-0.8.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Documents and SettingsOwnerDesktopZul'Gurub_English-downloader.exe"="C:Documents and SettingsOwnerDesktopZul'Gurub_English-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Documents and SettingsOwnerDesktopWOWEx_Blizcon-downloader.exe"="C:Documents and SettingsOwnerDesktopWOWEx_Blizcon-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesWarcraft IIIWarcraft III.exe"="C:Program FilesWarcraft IIIWarcraft III.exe:*:Enabled:Warcraft III"
"C:Documents and SettingsOwnerDesktopWoW-1.8.3.4807-to-0.9.0-enUS-downloader.exe"="C:Documents and SettingsOwnerDesktopWoW-1.8.3.4807-to-0.9.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesWorld of WarcraftWoWTestWoW-1.8.3.4807-to-0.9.0-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoWTestWoW-1.8.3.4807-to-0.9.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesWorld of WarcraftWoWTestWoW-0.9.0.4851-to-0.9.0.4869-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoWTestWoW-0.9.0.4851-to-0.9.0.4869-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesCommon FilesAOLLoaderaolload.exe"="C:Program FilesCommon FilesAOLLoaderaolload.exe:*:Enabled:AOL Loader"
"C:Program FilesCommon FilesAOL1133661130eeaolsoftware.exe"="C:Program FilesCommon FilesAOL1133661130eeaolsoftware.exe:*:Enabled:AOL Services"
"C:Program FilesCommon FilesAOL1133661130eeaim6.exe"="C:Program FilesCommon FilesAOL1133661130eeaim6.exe:*:Enabled:AIM"
"C:Program FilesWorld of WarcraftWoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe"="C:Program FilesWorld of WarcraftWoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:World of WarcraftWoW-1.9.0-enUS-downloader.exe"="C:World of WarcraftWoW-1.9.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Documents and SettingsOwnerDesktoputorrent.exe"="C:Documents and SettingsOwnerDesktoputorrent.exe:*:Enabled:utorrent"
"C:Documents and SettingsOwnerDesktopWOW_Snow_EG-downloader.exe"="C:Documents and SettingsOwnerDesktopWOW_Snow_EG-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Documents and SettingsOwnerDesktopWOW_Rain_EG-downloader.exe"="C:Documents and SettingsOwnerDesktopWOW_Rain_EG-downloader.exe:*:Enabled:Blizzard Downloader"
"C:World of WarcraftWoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe"="C:World of WarcraftWoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Documents and SettingsOwnerDesktopNefarian_EG-downloader.exe"="C:Documents and SettingsOwnerDesktopNefarian_EG-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesYahoo! GamesScrabbleScrabble.exe"="C:Program FilesYahoo! GamesScrabbleScrabble.exe:*:Enabled:SCRABBLE ®"
"C:Documents and SettingsOwnerDesktopMonopolyMonopoly.exe"="C:Documents and SettingsOwnerDesktopMonopolyMonopoly.exe:*:Enabled:Monopoly"
"C:Documents and SettingsOwnerDesktopWoW-1.9.4.5086-to-0.10.0.5140-enUS-downloader.exe"="C:Documents and SettingsOwnerDesktopWoW-1.9.4.5086-to-0.10.0.5140-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesEA GAMESThe Battle for Middle-earth ™game.dat"="C:Program FilesEA GAMESThe Battle for Middle-earth ™game.dat:*:Enabled:The Battle for Middle-earth ™"
"C:Program FilesMozilla Firefoxfirefox.exe"="C:Program FilesMozilla Firefoxfirefox.exe:*:Enabled:Firefox"
"C:World of WarcraftWoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"="C:World of WarcraftWoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Documents and SettingsOwnerDesktopWEB-WOWEx-E3-downloader.exe"="C:Documents and SettingsOwnerDesktopWEB-WOWEx-E3-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Documents and SettingsOwnerDesktopNaxxramas_English-downloader.exe"="C:Documents and SettingsOwnerDesktopNaxxramas_English-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Documents and SettingsOwnerDesktopwow-ptr-downloader2.exe"="C:Documents and SettingsOwnerDesktopwow-ptr-downloader2.exe:*:Enabled:Blizzard Downloader"
"C:Documents and SettingsOwnerDesktopDarkmooneFaire_English-downloader.exe"="C:Documents and SettingsOwnerDesktopDarkmooneFaire_English-downloader.exe:*:Enabled:Blizzard Downloader"
"C:World of WarcraftBackgroundDownloader.exe"="C:World of WarcraftBackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:World of WarcraftWoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"="C:World of WarcraftWoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Documents and SettingsOwnerDesktopWoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"="C:Documents and SettingsOwnerDesktopWoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesmIRCmirc.exe"="C:Program FilesmIRCmirc.exe:*:Enabled:mIRC"
"C:Program FilesTHQDawn of WarW40k.exe"="C:Program FilesTHQDawn of WarW40k.exe:*:Enabled:W40K"
"C:World of WarcraftWoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:World of WarcraftWoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Documents and SettingsOwnerDesktopWoW-1.11.2.5464-to-0.12.0.5496-enUS-downloader.exe"="C:Documents and SettingsOwnerDesktopWoW-1.11.2.5464-to-0.12.0.5496-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Documents and SettingsOwnerDesktopWoW-1.11.2.5464-to-0.12.0.5496-enUS-downloader(2).exe"="C:Documents and SettingsOwnerDesktopWoW-1.11.2.5464-to-0.12.0.5496-enUS-downloader(2).exe:*:Enabled:Blizzard Downloader"
"C:World of WarcraftWoWTestWoW-0.11.0.5383-to-0.11.0.5413-enUS-downloader.exe"="C:World of WarcraftWoWTestWoW-0.11.0.5383-to-0.11.0.5413-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:World of WarcraftWoWTestWoW-1.11.2.5464-to-0.12.0.5496-enUS-downloader.exe"="C:World of WarcraftWoWTestWoW-1.11.2.5464-to-0.12.0.5496-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:World of WarcraftWoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"="C:World of WarcraftWoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesMacromediaDreamweaver 8Dreamweaver.exe"="C:Program FilesMacromediaDreamweaver 8Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:Documents and SettingsOwnerDesktopEPL_Trailer_EG.avi-downloader.exe"="C:Documents and SettingsOwnerDesktopEPL_Trailer_EG.avi-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesNAMCO BANDAI GamesWarhammer® Mark of Chaos™ Closed BETAWarhammer.exe"="C:Program FilesNAMCO BANDAI GamesWarhammer® Mark of Chaos™ Closed BETAWarhammer.exe:*:Enabled:Warhammer®: Mark of Chaos™"
"C:Documents and SettingsOwnerLocal SettingsTempUpdaterUpdater.exe"="C:Documents and SettingsOwnerLocal SettingsTempUpdaterUpdater.exe:*:Enabled:Software Update"
"C:Program FilesTHQDawn of War - Dark Crusade DemoDarkCrusade.exe"="C:Program FilesTHQDawn of War - Dark Crusade DemoDarkCrusade.exe:*:Enabled:DarkCrusade"
"C:World of WarcraftWoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"="C:World of WarcraftWoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesRealRealPlayerrealplay.exe"="C:Program FilesRealRealPlayerrealplay.exe:*:Enabled:RealPlayer"
"C:Program FilesCommon FilesAOL1133661130eeaexplore.exe"="C:Program FilesCommon FilesAOL1133661130eeaexplore.exe:*:Enabled:AOL Explorer"
"C:Program FilesNAMCO BANDAI GamesWarhammer Mark of ChaosWarhammer.exe"="C:Program FilesNAMCO BANDAI GamesWarhammer Mark of ChaosWarhammer.exe:*:Enabled:Warhammer®: Mark of Chaos™"
"C:Documents and SettingsOwnerLocal SettingsTempPatcherUpdater.exe"="C:Documents and SettingsOwnerLocal SettingsTempPatcherUpdater.exe:*:Enabled:Updater"
"C:World of WarcraftWoWTestWoW-0.12.0.5537-to-0.12.0.5561-enUS-downloader.exe"="C:World of WarcraftWoWTestWoW-0.12.0.5537-to-0.12.0.5561-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesGameSpy ArcadeAphex.exe"="C:Program FilesGameSpy ArcadeAphex.exe:*:Enabled:GameSpy Arcade"
"C:Program FilesTHQMotoGP URT 3motogp.exe"="C:Program FilesTHQMotoGP URT 3motogp.exe:*:Enabled:motogp"
"C:World of WarcraftWoW-2.0.3-enUS-downloader.exe"="C:World of WarcraftWoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:World of WarcraftWoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"="C:World of WarcraftWoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:World of WarcraftWoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"="C:World of WarcraftWoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:World of WarcraftWoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"="C:World of WarcraftWoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:World of WarcraftWoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"="C:World of WarcraftWoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:World of WarcraftWoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"="C:World of WarcraftWoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:World of WarcraftWoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"="C:World of WarcraftWoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesPando NetworksPandopando.exe"="C:Program FilesPando NetworksPandopando.exe:*:Enabled:pando"
"C:Program FilesLimeWireLimeWire.exe"="C:Program FilesLimeWireLimeWire.exe:*:Enabled:LimeWire"
"C:Program FilesBonjourmDNSResponder.exe"="C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour"
"C:Program FilesiTunesiTunes.exe"="C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes"
"C:Program FilesRoxioEasy Media Creator 8Digital HomeRoxUpnpServer.exe"="C:Program FilesRoxioEasy Media Creator 8Digital HomeRoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:Documents and SettingsAll Users
APPDATA=C:Documents and SettingsOwnerApplication Data
CLASSPATH=.;C:Program FilesJavajre1.5.0_04libextQTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:Program FilesCommon Files
COMPUTERNAME=SMITTY
ComSpec=C:WINDOWSsystem32cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=Documents and SettingsOwner
LOGONSERVER=SMITTY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:Program FilesMozilla Firefox;C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSsystem32wbem;C:Program FilesCommon FilesAdobeAGL;C:Program FilesCommon FilesRoxio SharedDLLShared;C:Program FilesQuickTimeQTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:Program Files
PROMPT=$P$G
QTJAVA=C:Program FilesJavajre1.5.0_04libextQTJava.zip
RoxioCentral=C:Program FilesCommon FilesRoxio SharedRoxio Central
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:WINDOWS
TEMP=C:DOCUME~1OwnerLOCALS~1Temp
TMP=C:DOCUME~1OwnerLOCALS~1Temp
USERDOMAIN=SMITTY
USERNAME=Owner
USERPROFILE=C:Documents and SettingsOwner
windir=C:WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
--> C:WINDOWSsystem32MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{0CDCA5CD-C404-41FD-9216-9B4B3D24A7AA}
--> MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
--> MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
--> MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{6D4F02C4-F6AF-4659-A933-7FC06235A8D5}
--> MsiExec.exe /I{7FD9FD10-9F7F-4DDF-B9F0-911209FF0CEA}
--> MsiExec.exe /I{8C60949A-46F9-4DD7-BA9F-78C00D9D4C8D}
--> MsiExec.exe /I{EB748B9B-F872-4E95-98E8-5CA7E5425DAF}
--> MsiExec.exe /I{F0EACC27-A729-406C-9BF6-C8F10CEC36F8}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
AC3Filter (remove only) --> C:Program FilesAC3Filteruninstall.exe
Ad-Aware SE Personal --> C:PROGRA~1LavasoftAD-AWA~1UNWISE.EXE C:PROGRA~1LavasoftAD-AWA~1INSTALL.LOG
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Download Manager 2.0 (Remove Only) --> "C:Program FilesCommon FilesAdobeESDuninst.exe"
Adobe Flash Player ActiveX --> C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player Plugin --> C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AIM 6 --> C:Program FilesAIM6uninst.exe
ANIO Service --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}Setup.exe"
ANIWZCS2 Service --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{4C590030-7469-453E-8589-D15DA9D03F52}Setup.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:Program FilesCommon FilesAOLuninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft PhotoImpression 5 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}Setup.exe" -l0x9
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Cool Edit Pro 2.1 --> C:Program Filescoolpro2cep2unin.exe
Digidesign Pro Tools LE 7.1 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{9717EE69-75AF-45F9-B6B4-3022F69EF186}setup.exe" -l0x9 -removeonly
Digidesign Shared Plug-Ins 7.0 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{92B43A6F-E328-495A-ACFA-FC47C1B7215D}Setup.exe" -l0x9 FromUninstall -removeonly
DivX --> C:Program FilesDivXDivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:Program FilesDivXDivXContentUploaderUninstall.exe /CUPLOADER
DivX Player --> C:Program FilesDivXDivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:Program FilesDivXDivXWebPlayerUninstall.exe /PLUGIN
EPSON Print CD --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}Setup.exe" -l0x9 -SYSTEM
EPSON Printer Software --> C:WINDOWSSystem32spoolDRIVERSW32X863EPUPDATE.EXE /R
EPSON Stylus Photo R260 User's Guide --> C:Program Filesepsonguidespr260_euninstall.exe
ewido security suite --> C:Program Filesewidosecurity suiteUninstall.exe
FileZilla (remove only) --> "C:Program FilesFileZillauninstall.exe"
Final Draft 7 --> MsiExec.exe /I{78D62D17-D970-42DA-B8CF-5E5576293B33}
FinePixViewer Resource --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{B44529FF-501E-47CD-A06D-223C161BE058}SETUP.EXE" -l0x9
FinePixViewer Ver.5.2 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{24ED4D80-8294-11D5-96CD-0040266301AD}SETUP.EXE" -l0x9
Firewire Family --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0901Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{92CFE459-E641-4293-8884-83FB2B97FDFC}setup.exe" -l0x9
FL Studio 5 --> C:Program FilesImage-LineFLStudio5uninstall.exe
Fraps (remove only) --> "C:Frapsuninstall.exe"
Free Bomb Factory Plug-Ins 7.0 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{E17AF7A0-B0A8-4B55-A4B4-1D8D4E171BA2}Setup.exe" -l0x9 FromUninstall -removeonly
FUJIFILM USB Driver --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{5490882C-6961-11D5-BAE5-00E0188E010B}SETUP.EXE"
Full Tilt Poker.Net --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0901Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{E07B7A31-E160-466D-A003-3BB7B8989D52}setup.exe" -l0x9
GameSpy Arcade --> C:PROGRA~1GAMESP~1UNWISE.EXE C:PROGRA~1GAMESP~1INSTALL.LOG
Google Talk (remove only) --> "C:Program FilesGoogleGoogle Talkuninstall.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:Program FilesTrend MicroHijackThisHijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe"
IEEE 802.11g USB Wireless LAN Adapter --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{581CE7EA-A30D-F000-1211-088635773309}Setup.exe" -l0x9
IL Download Manager --> C:Program FilesImage-LineDownloaderuninstall.exe
ImageMixer VCD2 LE for FinePix --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{B093990A-AAF2-44AC-9216-14BB7A2189B6}SETUP.EXE" -l0x9
InterLok Driver Kit --> MsiExec.exe /X{6CFB4CA5-782E-4606-A9FE-C39F301CF9DA}
iPod for Windows 2005-09-23 --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iPod for Windows 2006-01-10 --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Kaspersky Online Scanner --> C:WINDOWSsystem32Kaspersky LabKaspersky Online Scannerkavuninstall.exe
LimeWire 4.16.6 --> "C:Program FilesLimeWireuninstall.exe"
Live 6.0.1 --> C:PROGRA~1AbletonLIVE60~1.1InstallUNWISE.EXE C:PROGRA~1AbletonLIVE60~1.1InstallINSTALL.LOG
LiveReg (Symantec Corporation) --> C:Program FilesCommon FilesSymantec SharedLiveRegVcSetup.exe /REMOVE
LiveUpdate 1.6 (Symantec Corporation) --> C:Program FilesSymantecLiveUpdateLSETUP.EXE /U
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFswflash.inf,DefaultUninstall,5
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe"
Microsoft Data Access Components KB870669 --> C:WINDOWSmuninst.exe C:WINDOWSINFKB870669.inf
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe"
Mozilla Firefox (2.0.0.14) --> C:Program FilesMozilla Firefoxuninstallhelper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:WINDOWSINFmsninst.inf,Uninstall
Musicmatch® Jukebox --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0901Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{85D3CC30-8859-481A-9654-FD9B74310BEF}setup.exe" -l0x9 -uninst
Norton AntiVirus 2002 --> MsiExec.exe /I{3075C5C3-0807-4924-AF8F-FF27052C12AE}
Pando --> MsiExec.exe /I{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}
Quicklinks --> "C:Program FilesQLuninstall.exe" -u
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RAW FILE CONVERTER LE --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{D680C913-5955-469D-9D88-C1940F7506D6}SETUP.EXE" -l0x9
RealPlayer --> C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}setup.exe" REMOVE
Roxio Easy Media Creator 8 Suite --> MsiExec.exe /I{868901EE-7807-4F89-A134-7C705D34F91F}
Scrabble --> C:PROGRA~1YAHOO!~1ScrabbleUNWISE.EXE C:PROGRA~1YAHOO!~1ScrabbleINSTALL.LOG
Spybot - Search & Destroy 1.4 --> "C:Program FilesSpybot - Search & Destroyunins000.exe"
SpywareBlaster 4.0 --> "C:Program FilesSpywareBlasterunins000.exe"
TeamSpeak 2 RC2 --> "C:Program FilesTeamspeak2_RC2unins000.exe"
Uno --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0901Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{F8E28912-A7B8-488C-B259-33F9014B9D09}setup.exe" -l0x9
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server --> MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
Viewpoint Manager (Remove Only) --> C:Program FilesViewpointViewpoint ManagerViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:Program FilesViewpointViewpoint Media PlayermtsAxInstaller.exe /u
Viewpoint Toolbar (Remove Only) --> C:Program FilesViewpointViewpoint ToolbarViewBarInstaller.exe /u /k
Warcraft III: All Products --> C:WINDOWSWar3Unin.exe C:WINDOWSWar3Unin.dat
Windows Media Format 11 runtime --> "C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe"
WinRAR archiver --> C:Program FilesWinRARuninstall.exe
XoftSpy --> C:Program FilesXoftSpyuninstall.exe
Yahoo! Toolbar --> rundll32.exe C:PROGRA~1Yahoo!COMPAN~1InstallscpnYCOMP5~1.DLL,DllCommand ui


-- Application Event Log -------------------------------------------------------

Event Record #/Type618 / Warning
Event Submitted/Written: 06/02/2008 08:13:10 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{91110409-6000-11D3-8CFE-0050048383C9}', feature 'WORDFiles' failed during request for component '{8E46FEFA-D973-6294-B305-E968CEDFFCB9}'

Event Record #/Type617 / Warning
Event Submitted/Written: 06/02/2008 08:13:10 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{91110409-6000-11D3-8CFE-0050048383C9}', feature 'ProductFiles', component '{66CD2C91-2A15-4DA4-BBD2-5EC1075F3C0E}' failed. The resource 'HKEY_CLASSES_ROOT.pip' does not exist.

Event Record #/Type616 / Error
Event Submitted/Written: 06/02/2008 07:33:46 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application coolpro2.exe, version 2.1.3097.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type615 / Error
Event Submitted/Written: 06/02/2008 07:03:43 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application coolpro2.exe, version 2.1.3097.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type606 / Error
Event Submitted/Written: 06/02/2008 06:46:38 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application coolpro2.exe, version 2.1.3097.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type38904 / Warning
Event Submitted/Written: 06/04/2008 02:11:33 AM
Event ID/Source: 11050 / dnscache
Event Description:
The DNS Client service could not contact any DNS servers for
a repeated number of attempts. For the next 30 seconds the
DNS Client service will not use the network to avoid further
network performance problems. It will resume its normal behavior
after that. If this problem persists, verify your TCP/IP
configuration, specifically check that you have a preferred
(and possibly an alternate) DNS server configured. If the problem
continues, verify network conditions to these DNS servers or contact
your network administrator.

Event Record #/Type38822 / Warning
Event Submitted/Written: 06/03/2008 11:41:00 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 000C7696A1E7. The IP address being used is 169.254.130.31.

Event Record #/Type38821 / Warning
Event Submitted/Written: 06/03/2008 11:40:58 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000C7696A1E7. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type38721 / Error
Event Submitted/Written: 06/03/2008 10:43:22 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 1000008e, parameter1 c0000005, parameter2 bf81bf1e, parameter3 997c3610, parameter4 00000000.

Event Record #/Type38720 / Error
Event Submitted/Written: 06/03/2008 10:43:19 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 1000008e, parameter1 c0000005, parameter2 bfb209de, parameter3 9c6a2c20, parameter4 00000000.



-- End of Deckard's System Scanner: finished at 2008-06-04 13:11:59 ------------

Merged posts. ~ OB

Edited by Orange Blossom, 07 June 2008 - 10:33 PM.


BC AdBot (Login to Remove)

 


#2 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 29 June 2008 - 03:49 PM

HI

Sorry for the delay in responding to you, we have a long list of posters waiting for their threads to be analysed.

As it has been some time since you posted, you may have resolved your problem, please let us know if you have ?

If you still require help, Please make sure you have read this :-

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Please follow all the directions in the above thread, then come back here & copy & paste the requested updated logs... do NOT attach them

Logs requested :-

1. Deckard's System Scanner main.txt & extra.txt

Note: you'll find extra.txt here :- C:\Deckard\System Scanner\extra.txt

Please remember to post both txt files ...

2. KASPERSKY ONLINE SCANNER 7 REPORT

Please be sure to give as detailed an explanation of your problem as you can, tell us what programs you may have run whilst waiting for a reply & if you have received help elsewhere ... also any new developments with your problem ?

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#3 smitty1263

smitty1263
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 30 June 2008 - 08:20 PM

Main.txt Is as follows

Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-30 15:42:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 8.6 GiB (less than 15%) free.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42, on 2008-06-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\MAFWTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphcpssj0et1c.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Wireless LAN\WLanUtil.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\WINDOWS\system32\sol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\coolpro2\coolpro2.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\shcvssj0et1c\shcvssj0et1c.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [D-Link RangeBooster G WDA-2320] C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lphcpssj0et1c] C:\WINDOWS\system32\lphcpssj0et1c.exe
O4 - HKLM\..\Run: [SMshcvssj0et1c] C:\Program Files\shcvssj0et1c\shcvssj0et1c.exe
O4 - HKCU\..\Run: [umldio] C:\WINDOWS\system32\umldio.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R260 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Policies\Explorer\Run: [umldio] C:\WINDOWS\system32\umldio.exe
O4 - HKUS\S-1-5-18\..\Run: [kioo] C:\PROGRA~1\COMMON~1\kioo\kioom.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [kioo] C:\PROGRA~1\COMMON~1\kioo\kioom.exe (User 'Default user')
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WLanUtil.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119478700155
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Protools\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Service Cvasvr (Service Cvas) - Unknown owner - C:\WINDOWS\csvas.exe (file missing)
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8684 bytes

-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2008-06-30 15:38:10 0 d-------- C:\Documents and Settings\Owner\Application Data\shcvssj0et1c
2008-06-30 15:38:01 0 d-------- C:\Program Files\shcvssj0et1c
2008-06-20 14:35:48 0 d-------- C:\Documents and Settings\Owner\Application Data\AXPDefender
2008-06-06 20:24:24 0 d-------- C:\Program Files\SpyZooka
2008-06-06 20:24:11 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-04 12:20:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-04 12:20:10 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-04 02:04:55 0 d-------- C:\ComboFix(2)
2008-06-04 00:22:23 68096 --a------ C:\WINDOWS\zip.exe
2008-06-04 00:22:23 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-04 00:22:23 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-04 00:22:23 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-04 00:22:23 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-04 00:22:23 98816 --a------ C:\WINDOWS\sed.exe
2008-06-04 00:22:23 80412 --a------ C:\WINDOWS\grep.exe
2008-06-04 00:22:23 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-04 00:06:26 0 d-------- C:\Program Files\Trend Micro
2008-06-03 23:55:38 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 18:59:21 52736 --a------ C:\WINDOWS\system32\blphcpssj0et1c.scr <Not Verified; Peter's Productions; Bugs!>
2008-06-03 18:58:38 93184 --a------ C:\WINDOWS\system32\lphcpssj0et1c.exe


-- Find3M Report ---------------------------------------------------------------

2008-06-29 19:26:33 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-06-20 15:31:18 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-06-06 20:24:11 0 d-------- C:\Program Files\Common Files
2008-06-04 11:41:59 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-06-03 23:55:34 0 d-------- C:\Program Files\SpywareBlaster
2008-06-02 18:06:36 6 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{8C94E70D-4BF2-4ADD-92E2-3137E7CCF99A}
2008-05-22 11:38:26 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" [2001-08-16 14:52]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 20:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-07-25 07:36]
"D-Link RangeBooster G WDA-2320"="C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2006-11-15 21:42]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 14:34]
"MAFWTaskbarApp"="C:\WINDOWS\system32\MAFWTray.exe" [2004-06-23 16:13]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36]
"lphcpssj0et1c"="C:\WINDOWS\system32\lphcpssj0et1c.exe" [2008-06-03 18:58]
"SMshcvssj0et1c"="C:\Program Files\shcvssj0et1c\shcvssj0et1c.exe" [2008-06-11 01:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"umldio"="C:\WINDOWS\system32\umldio.exe" []
"EPSON Stylus Photo R260 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.exe" [2006-05-19 01:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 18:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"kioo"=C:\PROGRA~1\COMMON~1\kioo\kioom.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
IEEE 802.11g USB Wireless LAN Utility.lnk - C:\Program Files\Wireless LAN\WLanUtil.exe [2006-09-04 19:19:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
"disableregistrytools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"umldio"=C:\WINDOWS\system32\umldio.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher 2.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher 2.lnk
backup=C:\WINDOWS\pss\Exif Launcher 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adtech2006]
C:\windows\adtech2006.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1133661130\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\timessquare]
C:\windows\timessquare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\umldio]
C:\WINDOWS\system32\umldio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
C:\Program Files\webHancer\Programs\whagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
C:\Program Files\webHancer\Programs\whsurvey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe




-- End of Deckard's System Scanner: finished at 2008-06-30 15:42:51 ------------

Extra.txt is as follows

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1023.48 MiB / 559.11 MiB
Pagefile Memory (total/avail): 1746.31 MiB / 1328.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1940.48 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.53 GiB total, 14.9 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380817 AS SCSI Disk Device - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Owner\\Desktop\\G4_Short-downloader.exe"="C:\\Documents and Settings\\Owner\\Desktop\\G4_Short-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.5.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.5.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Owner\\Desktop\\WoW-1.5.1-to-0.6.0-Test-enUS.exe"="C:\\Documents and Settings\\Owner\\Desktop\\WoW-1.5.1-to-0.6.0-Test-enUS.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Documents and Settings\\Owner\\Desktop\\Ghost_Gameplay2005-downloader.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Ghost_Gameplay2005-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Owner\\Desktop\\E32004Ghost-downloader.exe"="C:\\Documents and Settings\\Owner\\Desktop\\E32004Ghost-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Owner\\Desktop\\Ghost_Multi-player2005-downloader.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Ghost_Multi-player2005-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Owner\\Desktop\\WoW-2.6.1.4544-to-0.7.0-enUS-downloader.exe"="C:\\Documents and Settings\\Owner\\Desktop\\WoW-2.6.1.4544-to-0.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Documents and Settings\\Owner\\Desktop\\WoW-1.6.1.4544v2-to-0.7.0-enUS-downloader.exe"="C:\\Documents and Settings\\Owner\\Desktop\\WoW-1.6.1.4544v2-to-0.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Owner\\Desktop\\WoW-3.6.1.4544v2-to-0.7.0-enUS-downloader.exe"="C:\\Documents and Settings\\Owner\\Desktop\\WoW-3.6.1.4544v2-to-0.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-3.6.1.4544v2-to-0.7.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-3.6.1.4544v2-to-0.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.7.0.4671-to-0.8.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.7.0.4671-to-0.8.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Owner\\Desktop\\Zul'Gurub_English-downloader.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Zul'Gurub_English-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Owner\\Desktop\\WOWEx_Blizcon-downloader.exe"="C:\\Documents and Settings\\Owner\\Desktop\\WOWEx_Blizcon-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Documents and Settings\\Owner\\Desktop\\WoW-1.8.3.4807-to-0.9.0-enUS-downloader.exe"="C:\\Documents and Settings\\Owner\\Desktop\\WoW-1.8.3.4807-to-0.9.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-1.8.3.4807-to-0.9.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-1.8.3.4807-to-0.9.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.9.0.4851-to-0.9.0.4869-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoWTest\\WoW-0.9.0.4851-to-0.9.0.4869-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1133661130\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1133661130\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1133661130\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1133661130\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\World of Warcraft\\WoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\World of Warcraft\\WoW-1.9.0-enUS-downloader.exe"="C:\\World of Warcraft\\WoW-1.9.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Owner\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Owner\\Desktop\\utorrent.exe:*:Enabled:utorrent"
"C:\\Documents and Settings\\Owner\\Desktop\\WOW_Snow_EG-downloader.exe"="C:\\Documents and Settings\\Owner\\Desktop\\WOW_Snow_EG-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Owner\\Desktop\\WOW_Rain_EG-downloader.exe"="C:\\Documents and Settings\\Owner\\Desktop\\WOW_Rain_EG-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe"="C:\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Owner\\Desktop\\Nefarian_EG-downloader.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Nefarian_EG-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Yahoo! Games\\Scrabble\\Scrabble.exe"="C:\\Program Files\\Yahoo! Games\\Scrabble\\Scrabble.exe:*:Enabled:SCRABBLE ®"
"C:\\Documents and Settings\\Owner\\Desktop\\Monopoly\\Monopoly.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Monopoly\\Monopoly.exe:*:Enabled:Monopoly"
"C:\\Documents and Settings\\Owner\\Desktop\\WoW-1.9.4.5086-to-0.10.0.5140-enUS-downloader.exe"="C:\\Documents and Settings\\Owner\\Desktop\\WoW-1.9.4.5086-to-0.10.0.5140-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"="C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat:*:Enabled:The Battle for Middle-earth ™"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"="C:\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Owner\\Desktop\\WEB-WOWEx-E3-downloader.exe"="C:\\Documents and Settings\\Owner\\Desktop\\WEB-WOWEx-E3-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Owner\\Desktop\\Naxxramas_English-downloader.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Naxxramas_English-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Owner\\Desktop\\wow-ptr-downloader2.exe"="C:\\Documents and Settings\\Owner\\Desktop\\wow-ptr-downloader2.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Owner\\Desktop\\DarkmooneFaire_English-downloader.exe"="C:\\Documents and Settings\\Owner\\Desktop\\DarkmooneFaire_English-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\World of Warcraft\\BackgroundDownloader.exe"="C:\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"="C:\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Owner\\Desktop\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"="C:\\Documents and Settings\\Owner\\Desktop\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\THQ\\Dawn of War\\W40k.exe"="C:\\Program Files\\THQ\\Dawn of War\\W40k.exe:*:Enabled:W40K"
"C:\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Owner\\Desktop\\WoW-1.11.2.5464-to-0.12.0.5496-enUS-downloader.exe"="C:\\Documents and Settings\\Owner\\Desktop\\WoW-1.11.2.5464-to-0.12.0.5496-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Owner\\Desktop\\WoW-1.11.2.5464-to-0.12.0.5496-enUS-downloader(2).exe"="C:\\Documents and Settings\\Owner\\Desktop\\WoW-1.11.2.5464-to-0.12.0.5496-enUS-downloader(2).exe:*:Enabled:Blizzard Downloader"
"C:\\World of Warcraft\\WoWTest\\WoW-0.11.0.5383-to-0.11.0.5413-enUS-downloader.exe"="C:\\World of Warcraft\\WoWTest\\WoW-0.11.0.5383-to-0.11.0.5413-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\World of Warcraft\\WoWTest\\WoW-1.11.2.5464-to-0.12.0.5496-enUS-downloader.exe"="C:\\World of Warcraft\\WoWTest\\WoW-1.11.2.5464-to-0.12.0.5496-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"="C:\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\\Documents and Settings\\Owner\\Desktop\\EPL_Trailer_EG.avi-downloader.exe"="C:\\Documents and Settings\\Owner\\Desktop\\EPL_Trailer_EG.avi-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\NAMCO BANDAI Games\\Warhammer® Mark of Chaos™ Closed BETA\\Warhammer.exe"="C:\\Program Files\\NAMCO BANDAI Games\\Warhammer® Mark of Chaos™ Closed BETA\\Warhammer.exe:*:Enabled:Warhammer®: Mark of Chaos™"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Updater\\Updater.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Updater\\Updater.exe:*:Enabled:Software Update"
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade Demo\\DarkCrusade.exe"="C:\\Program Files\\THQ\\Dawn of War - Dark Crusade Demo\\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"="C:\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Common Files\\AOL\\1133661130\\ee\\aexplore.exe"="C:\\Program Files\\Common Files\\AOL\\1133661130\\ee\\aexplore.exe:*:Enabled:AOL Explorer"
"C:\\Program Files\\NAMCO BANDAI Games\\Warhammer Mark of Chaos\\Warhammer.exe"="C:\\Program Files\\NAMCO BANDAI Games\\Warhammer Mark of Chaos\\Warhammer.exe:*:Enabled:Warhammer®: Mark of Chaos™"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Patcher\\Updater.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\Patcher\\Updater.exe:*:Enabled:Updater"
"C:\\World of Warcraft\\WoWTest\\WoW-0.12.0.5537-to-0.12.0.5561-enUS-downloader.exe"="C:\\World of Warcraft\\WoWTest\\WoW-0.12.0.5537-to-0.12.0.5561-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\THQ\\MotoGP URT 3\\motogp.exe"="C:\\Program Files\\THQ\\MotoGP URT 3\\motogp.exe:*:Enabled:motogp"
"C:\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"="C:\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"="C:\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"="C:\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"="C:\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"="C:\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"="C:\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"="C:\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:pando"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"="C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SMITTY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\SMITTY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\Roxio Central\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=SMITTY
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{0CDCA5CD-C404-41FD-9216-9B4B3D24A7AA}
--> MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
--> MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
--> MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{6D4F02C4-F6AF-4659-A933-7FC06235A8D5}
--> MsiExec.exe /I{7FD9FD10-9F7F-4DDF-B9F0-911209FF0CEA}
--> MsiExec.exe /I{8C60949A-46F9-4DD7-BA9F-78C00D9D4C8D}
--> MsiExec.exe /I{EB748B9B-F872-4E95-98E8-5CA7E5425DAF}
--> MsiExec.exe /I{F0EACC27-A729-406C-9BF6-C8F10CEC36F8}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
ANIO Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Cool Edit Pro 2.1 --> C:\Program Files\coolpro2\cep2unin.exe
Digidesign Pro Tools LE 7.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9717EE69-75AF-45F9-B6B4-3022F69EF186}\setup.exe" -l0x9 -removeonly
Digidesign Shared Plug-Ins 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92B43A6F-E328-495A-ACFA-FC47C1B7215D}\Setup.exe" -l0x9 FromUninstall -removeonly
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.exe" -l0x9 -SYSTEM
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Stylus Photo R260 User's Guide --> C:\Program Files\epson\guide\spr260_e\uninstall.exe
ewido security suite --> C:\Program Files\ewido\security suite\Uninstall.exe
FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"
Final Draft 7 --> MsiExec.exe /I{78D62D17-D970-42DA-B8CF-5E5576293B33}
FinePixViewer Resource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x9
FinePixViewer Ver.5.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x9
Firewire Family --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92CFE459-E641-4293-8884-83FB2B97FDFC}\setup.exe" -l0x9
FL Studio 5 --> C:\Program Files\Image-Line\FLStudio5\uninstall.exe
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
Free Bomb Factory Plug-Ins 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E17AF7A0-B0A8-4B55-A4B4-1D8D4E171BA2}\Setup.exe" -l0x9 FromUninstall -removeonly
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Full Tilt Poker.Net --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E07B7A31-E160-466D-A003-3BB7B8989D52}\setup.exe" -l0x9
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IEEE 802.11g USB Wireless LAN Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{581CE7EA-A30D-F000-1211-088635773309}\Setup.exe" -l0x9
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
ImageMixer VCD2 LE for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x9
InterLok Driver Kit --> MsiExec.exe /X{6CFB4CA5-782E-4606-A9FE-C39F301CF9DA}
iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Live 6.0.1 --> C:\PROGRA~1\Ableton\LIVE60~1.1\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE60~1.1\Install\INSTALL.LOG
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Norton AntiVirus 2002 --> MsiExec.exe /I{3075C5C3-0807-4924-AF8F-FF27052C12AE}
Pando --> MsiExec.exe /I{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}
Quicklinks --> "C:\Program Files\QL\uninstall.exe" -u
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Roxio Easy Media Creator 8 Suite --> MsiExec.exe /I{868901EE-7807-4F89-A134-7C705D34F91F}
Scrabble --> C:\PROGRA~1\YAHOO!~1\Scrabble\UNWISE.EXE C:\PROGRA~1\YAHOO!~1\Scrabble\INSTALL.LOG
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Uno --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8E28912-A7B8-488C-B259-33F9014B9D09}\setup.exe" -l0x9
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server --> MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Viewpoint Toolbar (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarInstaller.exe /u /k
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XoftSpy --> C:\Program Files\XoftSpy\uninstall.exe
Yahoo! Toolbar --> rundll32.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YCOMP5~1.DLL,DllCommand ui


-- Application Event Log -------------------------------------------------------

Event Record #/Type618 / Warning
Event Submitted/Written: 06/02/2008 08:13:10 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{91110409-6000-11D3-8CFE-0050048383C9}', feature 'WORDFiles' failed during request for component '{8E46FEFA-D973-6294-B305-E968CEDFFCB9}'

Event Record #/Type617 / Warning
Event Submitted/Written: 06/02/2008 08:13:10 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{91110409-6000-11D3-8CFE-0050048383C9}', feature 'ProductFiles', component '{66CD2C91-2A15-4DA4-BBD2-5EC1075F3C0E}' failed. The resource 'HKEY_CLASSES_ROOT\.pip\' does not exist.

Event Record #/Type616 / Error
Event Submitted/Written: 06/02/2008 07:33:46 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application coolpro2.exe, version 2.1.3097.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type615 / Error
Event Submitted/Written: 06/02/2008 07:03:43 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application coolpro2.exe, version 2.1.3097.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type606 / Error
Event Submitted/Written: 06/02/2008 06:46:38 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application coolpro2.exe, version 2.1.3097.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type38904 / Warning
Event Submitted/Written: 06/04/2008 02:11:33 AM
Event ID/Source: 11050 / dnscache
Event Description:
The DNS Client service could not contact any DNS servers for
a repeated number of attempts. For the next 30 seconds the
DNS Client service will not use the network to avoid further
network performance problems. It will resume its normal behavior
after that. If this problem persists, verify your TCP/IP
configuration, specifically check that you have a preferred
(and possibly an alternate) DNS server configured. If the problem
continues, verify network conditions to these DNS servers or contact
your network administrator.

Event Record #/Type38822 / Warning
Event Submitted/Written: 06/03/2008 11:41:00 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 000C7696A1E7. The IP address being used is 169.254.130.31.

Event Record #/Type38821 / Warning
Event Submitted/Written: 06/03/2008 11:40:58 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000C7696A1E7. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type38721 / Error
Event Submitted/Written: 06/03/2008 10:43:22 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 1000008e, parameter1 c0000005, parameter2 bf81bf1e, parameter3 997c3610, parameter4 00000000.

Event Record #/Type38720 / Error
Event Submitted/Written: 06/03/2008 10:43:19 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 1000008e, parameter1 c0000005, parameter2 bfb209de, parameter3 9c6a2c20, parameter4 00000000.



-- End of Deckard's System Scanner: finished at 2008-06-04 13:11:59 ------------



Kaspaersky report

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, June 30, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, July 01, 2008 00:28:16
Records in database: 900369
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 68176
Threat name: 3
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 01:36:30


File name / Threat name / Threats count
C:\WINDOWS\system32\lphcpssj0et1c.exe/C:\WINDOWS\system32\lphcpssj0et1c.exe Infected: Trojan.Win32.Pakes.dda 1
C:\Program Files\shcvssj0et1c\shcvssj0et1c.exe/C:\Program Files\shcvssj0et1c\shcvssj0et1c.exe Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1
C:\Program Files\Norton AntiVirus\Quarantine\1D1A40C1.exe Infected: Trojan-Downloader.Win32.Small.cam 1
C:\Program Files\Norton AntiVirus\Quarantine\597F7B6F.exe Infected: Trojan-Downloader.Win32.Small.cam 1
C:\Program Files\shcvssj0et1c\shcvssj0et1c.exe Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1
C:\WINDOWS\system32\lphcpssj0et1c.exe Infected: Trojan.Win32.Pakes.dda 1

The selected area was scanned.


Since the last message I haven't done much to try and get rid of it as I was awaiting a response. Today, however, I accidentally click yes on the pop up message that says I have Spyware and need their spyware remover tool. So now I have this malware protection 2008 program on my computer which I know is the problem in the first place but can't remove it by conventional means.

All the previous symptoms still exist ie, background is hijacked. Message about having spyware still pops up. Can't control desktop settings. And every now and then a screensaver pops up with bugs eating the screen. Thank you for your help.

#4 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 01 July 2008 - 02:40 PM

Hi

I see you have downloaded Combofix previously ... have you run it at all ? do you still have it ? Don't run it now, just let me know ?

Please Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#5 smitty1263

smitty1263
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 02 July 2008 - 01:07 AM

Read a similar thread so I followed their step and downloaded combofix. Ran it but it ended up freezing before finishing so i didn't do anything else. Thought it best to just try my own thread. Anywho, here's Malwarebytes log.

Malwarebytes' Anti-Malware 1.19
Database version: 913
Windows 5.1.2600 Service Pack 2

22:58:23 2008-07-01
mbam-log-7-1-2008 (22-58-23).txt

Scan type: Quick Scan
Objects scanned: 40264
Time elapsed: 5 minute(s), 18 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 24
Files Infected: 38

Memory Processes Infected:
C:\WINDOWS\system32\lphcpssj0et1c.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcpssj0et1c (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\T3duZXI (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender\Quarantine (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender\Quarantine\BrowserObjects (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AXPDefender\AXPDefender\Quarantine\Packages (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shcvssj0et1c (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shcvssj0et1c\Quarantine (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shcvssj0et1c\Quarantine\Autorun (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shcvssj0et1c\Quarantine\Autorun\HKCU (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shcvssj0et1c\Quarantine\Autorun\HKCU\RunOnce (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shcvssj0et1c\Quarantine\Autorun\HKLM (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shcvssj0et1c\Quarantine\Autorun\HKLM\RunOnce (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shcvssj0et1c\Quarantine\Autorun\StartMenuAllUsers (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shcvssj0et1c\Quarantine\Autorun\StartMenuCurrentUser (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shcvssj0et1c\Quarantine\BrowserObjects (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shcvssj0et1c\Quarantine\Packages (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\blphcpssj0et1c.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt10CC.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt127.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt19D.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt1CF.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt20.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt22.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt24.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt26.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt371.tmp (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt39.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt4.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt41.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt4F8.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt878.tmp (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt8D.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.ttA78.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.ttB28.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.ttC.tmp (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.ttC47.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.ttC96.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\T3duZXI\naxRtrK.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcpssj0et1c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcpssj0et1c.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

#6 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 02 July 2008 - 03:19 PM

Hi

OK ... that's a good start ... we'll get back to Combofix later ...

Please do the following in the order written ...

NEXT ...

Please Download CCleaner from :-

http://www.filehippo.com/download_ccleaner/ (click the download tab)

During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.

doubleclick the ccsetup.exe file and install the program...

After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

Make sure the "windows" tab is selected

Under "internet explorer" tick...

Temporary internet files
Cookies* > see Note below
History
Recently typed URL's
(leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
Delete index.dat files
Last download location
Autocomplete form history


under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"

Other explorer MRU's
(leave this unticked if you DON'T want to clear lists such as the start\run list)

under "System"

Tick ALL these ...


under "Advanced"

no need to tick any of these (but you can if you want, and realise what they do)


Applications tab...

These will mostly clean out old log files for these applications...

Clean:- (if you use them)

Firefox/Mozilla (optional - leave the cookies - see note)
Opera
Sun Java
ZoneAlarm

...
Personally I clean everything in the applications tab... but you tick what you want...

Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your password when you next visit that site) ... click options > cookies > then keep the cookies you want.

click "analyse" if you want to see a list of what is going to be removed, before it is removed.

Or

click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up

"This process will permanently delete files from your system. Are you sure you wish to proceed?"

click OK.

THEN ...

You are running an out-of-date version of java

Go to add/remove programs and uninstall any earlier versions ... in your case :-

ALL these :-
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4

Then You can go here and install the latest version of Java.

http://java.sun.com/javase/downloads/index.jsp

Scroll down the page to 'Java Runtime Environment (JRE) 6 Update 6' and press the 'Download' button.


Running an out-of-date version of java is an infection risk.

THEN ...

Empty your Norton AntiVirus\Quarantine

THEN ...


Run & post a new KASPERSKY ONLINE SCANNER 7 REPORT ...

Please be sure to select my computer in the select a target to scan: ..

THEN ...

Please run DSS (Deckard's System Scanner) again, & this time just post the main.txt

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#7 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 26 July 2008 - 04:24 PM

Due to lack of feedback This thread is now treated as resolved and duly closed.

If the original poster would like it re-opened, please send me a PM with a link to this thread.

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users