Re-install Operating System on Compaq Presario

mikeyb9 · 10-17-2007, 01:43 AM

Please Note From my original thread:
Hello All, I am a newbie here and I would like to say thank you in advance to all you great people who provide such terrific support!

I have a Compaq Presario Media Center SR1834NX Desktop PC running Windows XP Media Center Edition 2005 Ver. 5.1.2715.3011 (xpsp(wmbla).061009-1511 Update Rollup 2.

I am suddenly missing items in the start menu, ie., accessories is missing entries such as under system tools it's blank and many other start up items. Also I am missing some control panel items. What I think has happened is the operating system has had some files erased or corrupted. There are just so many things missing that used to be listed makes me believe that is whats wrong.

How can I restore the original operating system or repair it without losing all of my current data and programs?

No cd's were shipped with my computer but there was directions for making a compaq cd/dvd recovery set
I made dvd recovery disks when the computer was new and I believe there are also recovery files on the secret partition, but I do not want to do a full restore with formatting the drive etc. I just want to repair the operating system if possible.
I tried doing several system restore points, but it does not replace what is missing.
Help Please

Re: Re-install Operating System on Compaq Presario

--------------------------------------------------------------------------------

Welcome to TSF. I am thinking strongly that you have malware on your machine causing this problem, particularly if you cannot do a system restore. GO here and follow the instructions:

(Updated!) IMPORTANT - Read This Before Posting A Log

good luck

Please note: I can do a system restore but it does not restore the missing items.

I followed the 5 steps and the results are below:

Panda Scan

Incident Status Location

Adware:adware/cws Not disinfected C:\Documents and Settings\Compaq_Administrator\Favorites\health
Adware:adware/aureate-radiate Not disinfected Windows Registry
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.zedo.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.overture.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.versiontracker.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.www.burstbeacon.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.statse.webtrendslive.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.target.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.winantivirus.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.stats1.reliablestats.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.stats1.reliablestats.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.server.iad.liveperson.net/hc/53320982]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.server.iad.liveperson.net/hc/52809711]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.hg1.hitbox.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.com.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.ehg.hitbox.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.citi.bridgetrack.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\3u9nz0yc.default\cookies.txt[.as1.falkag.de/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ad.yieldmanager[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ad.yieldmanager[3].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adrevolver[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@adserver.filefront[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atdmt[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atdmt[3].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ccbill[1].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@cdfreaks[1].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@club.cdfreaks[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@com[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@did-it[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@doubleclick[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@media.adrevolver[3].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@mediaplex[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@statse.webtrendslive[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@toplist[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.burstbeacon[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www2.addfreestats[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www5.addfreestats[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@zedo[1].txt
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Spyware:Spyware/PeoplePC Not disinfected C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL
HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:23 PM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SM1BG.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\LaunchOnFly\lf.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\COMPAQ~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mikey's Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: (no name) - - (no file)
O2 - BHO: (no name) - 0CÁ07962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: ****Fish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\****Fish\****Fish.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\****Fish\FloatBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - CÁJ - (no file)
O2 - BHO: (no name) - °BÁ78D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - àBÁ49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Paessler Site Inspector 4 Toolbar - {EC3A37EF-F4CF-447A-B0FD-206073E2DAE9} - C:\PROGRA~1\PAESSL~1\PSITOO~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ****Fish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\****Fish\****Fish.dll
O3 - Toolbar: (no name) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [PhoneTray] C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C68 Series on DEN (from BEDROOM)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.EXE /P45 "EPSON Stylus C68 Series on DEN (from BEDROOM)" /O5 "TS003" /M "Stylus C68"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [EPSON Stylus C68 Series on MIKEYS (from DORIS)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.EXE /P46 "EPSON Stylus C68 Series on MIKEYS (from DORIS)" /O5 "TS002" /M "Stylus C68"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyPrivacyTask] C:\Program Files\My Privacy Online\MyPrivacyTask.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: LaunchOnFly.lnk = C:\Program Files\LaunchOnFly\lf.exe
O4 - Global Startup: EmEditor.lnk = C:\Program Files\EmEditor\emedtray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Lookup Word - C:\Program Files\QDictionary\dict.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: ****Fish Grab movies on this page - C:\Program Files\****Fish\GRABPAGEMOVIES.HTM
O8 - Extra context menu item: ****Fish Grab pictures on this page - C:\Program Files\****Fish\GRABPAGEPICS.HTM
O8 - Extra context menu item: ****Fish Grab pictures this page links to - C:\Program Files\****Fish\GRABPAGELINKS.HTM
O8 - Extra context menu item: ****Fish Grab Target File - C:\Program Files\****Fish\GRABLINK.HTM
O8 - Extra context menu item: ****Fish Grab This Picture - C:\Program Files\****Fish\GRABPIC.HTM
O8 - Extra context menu item: PSI: Copy Image as HTML Tag - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-img-tag
O8 - Extra context menu item: PSI: Copy Image URL - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-img-src
O8 - Extra context menu item: PSI: Copy Link as HTML Tag - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-a-tag
O8 - Extra context menu item: PSI: Copy Meister - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copymeister
O8 - Extra context menu item: PSI: Open Frame In New Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-new-window
O8 - Extra context menu item: PSI: Open Frame In This Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-this-window
O8 - Extra context menu item: PSI: Open Selected Text as URL in New Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-selection
O8 - Extra context menu item: PSI: Show All Forms - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/forms
O8 - Extra context menu item: PSI: Show All Images - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/images
O8 - Extra context menu item: PSI: Show All Links - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/links
O8 - Extra context menu item: PSI: Show All Scripts - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/scripts
O8 - Extra context menu item: PSI: Show All Stylesheets - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/styles
O8 - Extra context menu item: PSI: Show HTTP Header - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/headers
O8 - Extra context menu item: PSI: Show Source - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/source
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: SurfSaver &QuickSave - C:\Program Files\askSam\SurfSaver\QuickSave.htm
O8 - Extra context menu item: SurfSaver Sav&e... - C:\Program Files\askSam\SurfSaver\Add.htm
O8 - Extra context menu item: SurfSaver Searc&h... - C:\Program Files\askSam\SurfSaver\Search.htm
O8 - Extra context menu item: T&hesaurus - C:\Program Files\QDictionary\thes.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra button: SurfSaver - {A6418A39-8884-11D3-A846-00104B8825B9} - C:\Program Files\askSam\SurfSaver\SurfBar.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188921401078
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/download...2/axofupld.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27C876C4-3D2E-4156-8F0C-2776892E285D}: NameServer = 207.69.188.185,207.69.188.186
O18 - Protocol: asksam - {F9FF9EDA-4916-11D1-B6C1-002018305A61} - C:\Program Files\askSam\SurfSaver\AS_AIPP.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 20290 bytes

Attached is the extra.txt log.

If I need to do anything else please let me know, Thank you :)

mikeyb9 · 10-22-2007, 10:46 PM

Bump..

MoralTerror · 10-25-2007, 07:12 PM

Hi mikeyb9 and welcome to TSF

Sorry for the delay in getting to you, the forum has been really busy lately and all our helpers are volunteers.

I see no evidence of an Anti-virus program on board. Please install update and run an Anti-virus. Do not continue until the Antivirus problem has been resolved. Here are some links for anti-virus software.

AVG
Avast
BitDefender Free Edition v7.2

-----------------------

Please clear your firefox cookies

Click Tools > Options select the Cookies tab and press Clear Cookies now

Delete the contents of the following Folder (DO NOT delete the folder)

C:\Documents and Settings\Compaq_Administrator\ Cookies

-----------------------

1. Download combofix to your desktop

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-----------------------

Run a new scan with dss.exe using the following procedure (this procedure presumes dss.exe is located on the desktop and has not been renamed):

Click Start>Select 'Run' - then copy/paste the following text into the run box & click OK

"%userprofile%\desktop\dss.exe" /config

Click on "Check All"

Click Scan!

When finished, it shall produce main.txt and extra.txt for you. Post those here in your next reply.

-----------------------
Required Logs

c:\combofix.txt
main.txt
extra.txt (attached)

mikeyb9 · 10-26-2007, 12:44 PM

Hello, Thank you for your help, I completely understand how busy you all are.
I have antivirus installed. it' v-com system suite pro 7 which uses trend micro I believe. I have updated the current files and ran a scan. no virus was the result.
I removed firefox from my system as I didn't use it anyway.
I deleted all cookies as requested.
I ran combo fix, dss.exe as instructed and logs are below.
If I need anything else please let me know, i think I have included everything.

Thanks,
Mikey

ComboFix 07-10-26.4 - Compaq_Administrator 2007-10-26 12:29:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1268 [GMT -4:00]
Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\iMeshBar
C:\Program Files\iMeshBar\bar\History\search
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\SysPr.prx
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm

((((((((((((((((((((((((( Files Created from 2007-09-26 to 2007-10-26 )))))))))))))))))))))))))))))))
.

2007-10-26 12:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-24 12:22 <DIR> d-------- C:\Program Files\HowTo-Outlook
2007-10-18 10:47 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Windows Desktop Search
2007-10-18 10:20 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-10-18 09:33 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-10-18 09:27 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-18 09:22 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-10-18 09:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-18 09:18 <DIR> dr-h----- C:\MSOCache
2007-10-18 08:38 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-10-18 08:34 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-16 13:04 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-16 02:27 <DIR> d-------- C:\Deckard
2007-10-16 02:17 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-15 09:36 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-14 19:08 <DIR> d-------- C:\Program Files\Common Files\Kodak
2007-10-08 09:52 1,048,576 --a------ C:\Temp\autorun.bin
2007-10-08 09:52 769,024 --a------ C:\Temp\SFDNWIN.exe
2007-10-08 07:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-10-08 06:11 <DIR> d-------- C:\Program Files\SAMSUNG
2007-10-08 05:08 <DIR> d-------- C:\Program Files\EVEREST Home Edition

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-26 16:45 --------- d-----w C:\Program Files\My Privacy Online
2007-10-26 16:25 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\VCOMAntiSpam
2007-10-26 12:19 --------- d-----w C:\Program Files\Magical Jellybean Dictionary Vv1.1
2007-10-26 12:19 --------- d-----w C:\Program Files\CoffeeCup Software
2007-10-26 12:19 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\LaunchOnFly
2007-10-24 21:23 --------- d-----w C:\Program Files\UnH Solutions
2007-10-23 18:10 --------- d-----w C:\Program Files\Microsoft Picture It! PhotoPub
2007-10-18 13:29 --------- d-----w C:\Program Files\Microsoft Works
2007-10-16 20:01 --------- d-----w C:\Program Files\****Fish
2007-10-16 19:46 --------- d-----w C:\Program Files\LaunchOnFly
2007-10-16 19:38 --------- d-----w C:\Program Files\Google
2007-10-16 19:30 --------- d---a-w C:\Program Files\Common Files\LightScribe
2007-10-16 19:30 --------- d-----w C:\Program Files\Common Files\aolshare
2007-10-16 19:25 --------- d-----w C:\Program Files\Bonjour
2007-10-16 09:14 --------- d-----w C:\Program Files\ICQLite
2007-10-16 09:11 --------- d-----w C:\Program Files\Extension Changer
2007-10-16 09:11 --------- d-----w C:\Program Files\EmEditor
2007-10-16 09:11 --------- d-----w C:\Program Files\EditPlus 2
2007-10-16 08:47 --------- d-----w C:\Program Files\ABBYY PDF Transformer 2.0
2007-10-15 16:42 --------- d-----w C:\Program Files\Smart Explorer
2007-10-15 13:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-14 23:09 --------- d-----w C:\Program Files\Kodak
2007-10-12 14:34 --------- d-----w C:\Program Files\dwyco2
2007-10-08 10:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-04 05:38 --------- d-----w C:\Program Files\Media Player Classic
2007-10-01 06:50 --------- d-----w C:\Program Files\The Logo Creator v5
2007-09-20 17:18 --------- d-----w C:\Program Files\The Logo Creator v4
2007-09-20 17:18 --------- d-----w C:\Program Files\SatFinder
2007-09-20 17:18 --------- d-----w C:\Program Files\mceWeather
2007-09-20 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterVideo
2007-09-20 16:01 --------- d-----w C:\Program Files\InterVideo
2007-09-20 12:12 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Media Player Classic
2007-09-18 17:32 --------- d-----w C:\Program Files\Funspot
2007-09-18 17:30 --------- d-----w C:\Program Files\Media Center Karaoke Plug-in
2007-09-12 00:01 --------- d-----w C:\Program Files\Key-Grabber-ddfg
2007-09-07 18:15 --------- d-----w C:\Program Files\DVDlabPro
2007-09-04 16:50 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-04 16:49 --------- d-----w C:\Program Files\MSBuild
2007-09-04 16:45 --------- d-----w C:\Program Files\Reference Assemblies
2007-09-04 16:15 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-30 16:50 --------- d-----w C:\Program Files\Web Page Maker V2
2007-08-30 16:50 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Web Page Maker V2
2007-08-30 15:51 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Smart Recorder
2007-08-28 16:34 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Creative
2007-08-28 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2007-08-28 16:18 --------- d-----w C:\Program Files\Creative
2007-08-28 16:16 --------- d--h--w C:\Program Files\Creative Installation Information
2007-08-28 16:16 --------- d-----w C:\Program Files\Common Files\Creative
2007-08-28 15:38 --------- d-----w C:\Program Files\Realtek AC97
2007-04-23 18:43 254,440 -c--a-w C:\Documents and Settings\Compaq_Administrator\Application Data\GDIPFONTCACHEV1.DAT
2006-12-12 20:29 13 -c-h--w C:\Documents and Settings\All Users\Application Data\ÝÙÃÄ3113›.sys
2006-07-06 19:02 0 -c----w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2003-08-27 18:19 36,963 -c----w C:\Program Files\Common Files\SM1updtr.dll
2006-06-03 23:02:25 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
2006-05-03 10

54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16 31,744 -csh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 03:19 C:\WINDOWS\arpwrmsg.exe]
"DMAScheduler"="c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 13:01]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 02:14]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 11:29]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
"Fix-It AV"="C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe" [2006-09-07 13:32]
"PhoneTray"="C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe" [2006-05-24 13:16]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"VirusScannerPro"="C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe" [2006-09-07 13:32]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-11-17 13:21]
"PCDrProfiler"="C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" [2005-10-31 15:47]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51]
"P17Helper"="P17.dll" [2005-05-03 07:38 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"EPSON Stylus C68 Series on MIKEYS (from DORIS)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.exe" [2005-01-25 04:00]
"EPSON Stylus C68 Series on DEN (from BEDROOM)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.exe" [2005-01-25 04:00]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 03:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-06-04 18:36]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 00:00]
"MyPrivacyTask"="C:\Program Files\My Privacy Online\MyPrivacyTask.exe" [2006-02-28 11:27]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 08:38]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 06:29]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-02-22 00:18:32]

C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\
LaunchOnFly.lnk - C:\Program Files\LaunchOnFly\lf.exe [2007-03-22 12:50:24]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EmEditor.lnk - C:\Program Files\EmEditor\emedtray.exe [2004-09-06 10:29:52]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=01000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [2006-08-17 15:57 86016]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

R1 AutoSave;AutoSave;C:\WINDOWS\system32\drivers\AutoSave.sys
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys
R2 LxrSII1d;Secure II Driver;\??\C:\WINDOWS\system32\Drivers\LxrSII1d.sys
R3 AVMNgBasM780;AVerMedia M780 Base Driver;C:\WINDOWS\system32\DRIVERS\AVerBas.sys
R3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver;C:\WINDOWS\system32\DRIVERS\AVerCap.sys
R3 AVMNgTunM780;AVerMedia M780 TVTuner Driver;C:\WINDOWS\system32\DRIVERS\AVerTun.sys
R3 KFilter;KFilter;\??\C:\PROGRA~1\VCOM\SYSTEM~1\KFilter.sys
R3 P17;SB Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys
S3 NUVision;NUVision II Video Service;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys
S3 XIRLINK;Veo PC Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command -

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2007-10-14 23

53 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exe
"2007-10-26 16:39:04 C:\WINDOWS\Tasks\User_Feed_Synchronization-{44F941E4-56D1-4E8B-9252-6B279C4F57EF}.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-26 12:45:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-26 12:48:59 - machine was rebooted
.
--- E O F ---

Deckard's System Scanner v20071014.68
Run by Compaq_Administrator on 2007-10-26 12:58:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
147: 2007-10-26 16:58:55 UTC - RP417 - Deckard's System Scanner Restore Point
146: 2007-10-26 16:29:23 UTC - RP416 - ComboFix created restore point
145: 2007-10-25 18:07:58 UTC - RP415 - System Checkpoint
144: 2007-10-24 16:22:28 UTC - RP414 - Installed OutlookTools 2
143: 2007-10-24 01:51:50 UTC - RP413 - System Checkpoint

-- First Restore Point --
1: 2007-08-02 02:50:52 UTC - RP271 - System Checkpoint

Performed disk cleanup.

-- HijackThis (run as Compaq_Administrator.exe) --------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:12 PM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\WINDOWS\SM1BG.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\EmEditor\emedtray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\LaunchOnFly\lf.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\EmEditor\EMEDITOR.EXE
C:\Documents and Settings\Compaq_Administrator\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\COMPAQ~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: (no name) - - (no file)
O2 - BHO: (no name) - 0CÁ07962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: ****Fish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\****Fish\****Fish.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\****Fish\FloatBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - CÁJ - (no file)
O2 - BHO: (no name) - °BÁ78D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - àBÁ49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Paessler Site Inspector 4 Toolbar - {EC3A37EF-F4CF-447A-B0FD-206073E2DAE9} - C:\PROGRA~1\PAESSL~1\PSITOO~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ****Fish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\****Fish\****Fish.dll
O3 - Toolbar: (no name) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [PhoneTray] C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [EPSON Stylus C68 Series on MIKEYS (from DORIS)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.EXE /P46 "EPSON Stylus C68 Series on MIKEYS (from DORIS)" /O5 "TS002" /M "Stylus C68"
O4 - HKLM\..\Run: [EPSON Stylus C68 Series on DEN (from BEDROOM)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.EXE /P45 "EPSON Stylus C68 Series on DEN (from BEDROOM)" /O5 "TS003" /M "Stylus C68"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyPrivacyTask] C:\Program Files\My Privacy Online\MyPrivacyTask.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: LaunchOnFly.lnk = C:\Program Files\LaunchOnFly\lf.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: EmEditor.lnk = C:\Program Files\EmEditor\emedtray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Lookup Word - C:\Program Files\QDictionary\dict.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: ****Fish Grab movies on this page - C:\Program Files\****Fish\GRABPAGEMOVIES.HTM
O8 - Extra context menu item: ****Fish Grab pictures on this page - C:\Program Files\****Fish\GRABPAGEPICS.HTM
O8 - Extra context menu item: ****Fish Grab pictures this page links to - C:\Program Files\****Fish\GRABPAGELINKS.HTM
O8 - Extra context menu item: ****Fish Grab Target File - C:\Program Files\****Fish\GRABLINK.HTM
O8 - Extra context menu item: ****Fish Grab This Picture - C:\Program Files\****Fish\GRABPIC.HTM
O8 - Extra context menu item: PSI: Copy Image as HTML Tag - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-img-tag
O8 - Extra context menu item: PSI: Copy Image URL - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-img-src
O8 - Extra context menu item: PSI: Copy Link as HTML Tag - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-a-tag
O8 - Extra context menu item: PSI: Copy Meister - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copymeister
O8 - Extra context menu item: PSI: Open Frame In New Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-new-window
O8 - Extra context menu item: PSI: Open Frame In This Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-this-window
O8 - Extra context menu item: PSI: Open Selected Text as URL in New Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-selection
O8 - Extra context menu item: PSI: Show All Forms - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/forms
O8 - Extra context menu item: PSI: Show All Images - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/images
O8 - Extra context menu item: PSI: Show All Links - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/links
O8 - Extra context menu item: PSI: Show All Scripts - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/scripts
O8 - Extra context menu item: PSI: Show All Stylesheets - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/styles
O8 - Extra context menu item: PSI: Show HTTP Header - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/headers
O8 - Extra context menu item: PSI: Show Source - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/source
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: SurfSaver &QuickSave - C:\Program Files\askSam\SurfSaver\QuickSave.htm
O8 - Extra context menu item: SurfSaver Sav&e... - C:\Program Files\askSam\SurfSaver\Add.htm
O8 - Extra context menu item: SurfSaver Searc&h... - C:\Program Files\askSam\SurfSaver\Search.htm
O8 - Extra context menu item: T&hesaurus - C:\Program Files\QDictionary\thes.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra button: SurfSaver - {A6418A39-8884-11D3-A846-00104B8825B9} - C:\Program Files\askSam\SurfSaver\SurfBar.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188921401078
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} - http://www.kodakgallery.com/download...2/axofupld.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27C876C4-3D2E-4156-8F0C-2776892E285D}: NameServer = 207.69.188.185,207.69.188.186
O18 - Protocol: asksam - {F9FF9EDA-4916-11D1-B6C1-002018305A61} - C:\Program Files\askSam\SurfSaver\AS_AIPP.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 20947 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser %1,%*
.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2
.txt - emeditor.txt - DefaultIcon - C:\Program Files\EmEditor\EMEDRES.DLL,1
.txt - emeditor.txt - shell\open\command - "C:\Program Files\EmEditor\EMEDITOR.EXE" "%1"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AutoSave - c:\windows\system32\drivers\autosave.sys <Not Verified; Avanquest Publishing USA, Inc.; AutoSave>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R1 USIUDF - c:\windows\system32\drivers\usiudf.sys <Not Verified; Ulead Systems, Inc.; Ulead UDF File System Driver>
R2 LxrSII1d (Secure II Driver) - c:\windows\system32\drivers\lxrsii1d.sys
R3 catchme - c:\docume~1\compaq~1\locals~1\temp\catchme.sys (file missing)
R3 KFilter - c:\program files\vcom\systemsuite\kfilter.sys <Not Verified; Avanquest Publishing USA, Inc.; SystemSuite>
R3 ULCDRHlp - c:\windows\system32\drivers\ulcdrhlp.sys <Not Verified; Ulead Systems, Inc.; Ulead CD/DVD Burning Engine>

S3 XUIF (X10 USB Wireless Transceiver) - c:\windows\system32\drivers\x10ufx2.sys <Not Verified; X10 Wireless Technology, Inc.; X10 USB Control Interface>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 LxrSII1s (Lexar Secure II) - lxrsii1s.exe
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
R2 SystemSuite Task Manager - c:\progra~1\vcom\system~1\mxtask.exe -service <Not Verified; Avanquest Publishing USA, Inc.; >

S3 Adobe Version Cue CS2 - "c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe" -win32service <Not Verified; Adobe Systems Incorporated; Adobe Version Cue CS2>
S3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\svchost.exe (pid 1212)
2006-09-07 13:32:30 53248 --a------ C:\Program Files\VCOM\SystemSuite\MxAVlsp.dll <Not Verified; Avanquest Publishing USA, Inc.; SystemSuite>
2006-10-24 16:55:00 81920 --a------ C:\Program Files\VCOM\SystemSuite\MXPM.dll <Not Verified; Avanquest Publishing USA, Inc.; >
2006-12-11 17:12:34 135168 --a------ C:\Program Files\VCOM\SystemSuite\UFilter.dll <Not Verified; Avanquest Publishing USA, Inc.; SystemSuite>
2005-11-28 12:11:28 94208 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Computer, Inc.; Bonjour>
2006-09-07 13:57:52 32768 --a------ C:\Program Files\VCOM\SystemSuite\MXR.dll <Not Verified; Avanquest Publishing USA, Inc.; >

C:\WINDOWS\explorer.exe (pid 2524)
2006-09-07 13:37:12 53248 --a------ C:\Program Files\VCOM\SystemSuite\errhook.dll <Not Verified; Avanquest Publishing USA, Inc.; SystemSuite>
2001-02-07 13:17:02 364607 --a------ C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL <Not Verified; Microsoft Corporation; Microsoft(R) Handwriting Input UI>
2005-07-28 17:28:33 77824 --a------ C:\Program Files\Common Files\aolshare\aolshcpy.dll <Not Verified; America Online Inc.; aolshcpy Module>
2006-09-07 13:32:30 53248 --a------ C:\Program Files\VCOM\SystemSuite\MxAVlsp.dll <Not Verified; Avanquest Publishing USA, Inc.; SystemSuite>
2006-10-24 16:55:00 81920 --a------ C:\Program Files\VCOM\SystemSuite\MXPM.dll <Not Verified; Avanquest Publishing USA, Inc.; >
2006-12-11 17:12:34 135168 --a------ C:\Program Files\VCOM\SystemSuite\UFilter.dll <Not Verified; Avanquest Publishing USA, Inc.; SystemSuite>
2006-08-17 15:57:20 86016 -ra------ C:\Program Files\Qualcomm\Eudora\EuShlExt.dll <Not Verified; Qualcomm Inc.; Eudora>

C:\WINDOWS\system32\rundll32.exe (pid 2804)
2006-12-05 19:01:32 54272 --a------ C:\WINDOWS\system32\DrvTrNTm.dll <Not Verified; High Criteria inc.; Total Recorder (Professional Edition)>
2006-12-05 19:01:12 106496 --a------ C:\WINDOWS\system32\DrvTrNTl.dll <Not Verified; High Criteria inc.; Total Recorder (Professional Edition)>
2006-09-07 13:37:12 53248 --a------ C:\Program Files\VCOM\SystemSuite\errhook.dll <Not Verified; Avanquest Publishing USA, Inc.; SystemSuite>

-- Scheduled Tasks -------------------------------------------------------------

2007-10-26 12:54:05 452 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{44F941E4-56D1-4E8B-9252-6B279C4F57EF}.job
2007-10-14 19

53 466 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job

-- Files created between 2007-09-26 and 2007-10-26 -----------------------------

2007-10-26 11:57:33 0 dr-h----- C:\Documents and Settings\Compaq_Administrator\Recent
2007-10-24 12:22:29 0 d-------- C:\Program Files\HowTo-Outlook
2007-10-18 10:47:16 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Windows Desktop Search
2007-10-18 10:20:40 0 d-------- C:\Program Files\Windows Desktop Search
2007-10-18 09:27:42 0 d-------- C:\Program Files\Microsoft.NET
2007-10-18 09:22:42 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-10-18 09:21:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-18 09:18:45 0 dr-h----- C:\MSOCache
2007-10-18 08:38:26 0 d-------- C:\Program Files\Alcohol Soft
2007-10-18 08:34:06 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-16 13:04:51 0 d-------- C:\Program Files\Trend Micro
2007-10-16 02:17:34 0 d-------- C:\Program Files\SpywareBlaster
2007-10-15 09:36:40 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-14 19:08:46 0 d-------- C:\Program Files\Common Files\Kodak
2007-10-08 07:30:09 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-10-08 06:11:33 0 d-------- C:\Program Files\SAMSUNG
2007-10-08 05:08:49 0 d-------- C:\Program Files\EVEREST Home Edition

-- Find3M Report ---------------------------------------------------------------

2007-10-26 12:45:34 0 d-------- C:\Program Files\My Privacy Online
2007-10-26 12:25:55 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\VCOMAntiSpam
2007-10-26 08:19:21 0 d-------- C:\Program Files\Magical Jellybean Dictionary Vv1.1
2007-10-26 08:19:20 0 d-------- C:\Program Files\CoffeeCup Software
2007-10-26 08:19:06 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\LaunchOnFly
2007-10-24 17:23:44 0 d-------- C:\Program Files\UnH Solutions
2007-10-23 14:10:27 0 d-------- C:\Program Files\Microsoft Picture It! PhotoPub
2007-10-23 04:19:45 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Help
2007-10-18 09:50:30 0 d-------- C:\Program Files\Common Files
2007-10-18 09:29:33 0 d-------- C:\Program Files\Microsoft Works
2007-10-16 16:01:01 0 d-------- C:\Program Files\****Fish
2007-10-16 15:46:04 0 d-------- C:\Program Files\LaunchOnFly
2007-10-16 15:38:34 0 d-------- C:\Program Files\Google
2007-10-16 15:30:42 0 d-a------ C:\Program Files\Common Files\LightScribe
2007-10-16 15:30:10 0 d-------- C:\Program Files\Common Files\aolshare
2007-10-16 15:25:11 0 d-------- C:\Program Files\Bonjour
2007-10-16 12:21:42 49194 --a------ C:\logfile
2007-10-16 05:14:15 0 d-------- C:\Program Files\ICQLite
2007-10-16 05:11:46 0 d-------- C:\Program Files\Extension Changer
2007-10-16 05:11:25 0 d-------- C:\Program Files\EmEditor
2007-10-16 05:11:21 0 d-------- C:\Program Files\EditPlus 2
2007-10-16 04:47:57 0 d-------- C:\Program Files\ABBYY PDF Transformer 2.0
2007-10-15 12:42:01 0 d-------- C:\Program Files\Smart Explorer
2007-10-14 19:09:39 0 d-------- C:\Program Files\Kodak
2007-10-12 10:34:42 0 d-------- C:\Program Files\dwyco2
2007-10-12 01:05:34 768 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-08 06:11:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-04 01:38:20 0 d-------- C:\Program Files\Media Player Classic
2007-10-03 12:54:01 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Macromedia
2007-10-01 02:50:30 0 d-------- C:\Program Files\The Logo Creator v5
2007-09-20 13:18:33 0 d-------- C:\Program Files\The Logo Creator v4
2007-09-20 13:18:29 0 d-------- C:\Program Files\SatFinder
2007-09-20 13:18:24 0 d-------- C:\Program Files\mceWeather
2007-09-20 12:01:33 0 d-------- C:\Program Files\InterVideo
2007-09-20 08:12:00 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Media Player Classic
2007-09-18 13:32:28 0 d-------- C:\Program Files\Funspot
2007-09-18 13:30:48 0 d-------- C:\Program Files\Media Center Karaoke Plug-in
2007-09-11 20:01:45 0 d-------- C:\Program Files\Key-Grabber-ddfg
2007-09-07 14:15:41 0 d-------- C:\Program Files\DVDlabPro
2007-09-04 12:50:01 0 d-------- C:\Program Files\MSXML 6.0
2007-09-04 12:49:19 0 d-------- C:\Program Files\MSBuild
2007-09-04 12:45:43 0 d-------- C:\Program Files\Reference Assemblies
2007-09-04 12:15:29 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-30 12:50:57 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Web Page Maker V2
2007-08-30 12:50:53 0 d-------- C:\Program Files\Web Page Maker V2
2007-08-30 11:51:50 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Smart Recorder
2007-08-28 12:34:14 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Creative
2007-08-28 12:18:50 0 d-------- C:\Program Files\Creative
2007-08-28 12:16:59 0 d-------- C:\Program Files\Common Files\Creative
2007-08-28 12:16:58 0 d--h----- C:\Program Files\Creative Installation Information
2007-08-28 11:38:42 0 d-------- C:\Program Files\Realtek AC97
2007-08-21 19:32:49 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-05 15:58:09 192 --a----c- C:\Documents and Settings\Compaq_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/06/2005 12:56 AM]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/03/2005 03:19 AM C:\WINDOWS\arpwrmsg.exe]
"DMAScheduler"="c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [11/01/2005 01:01 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/23/2005 02:14 AM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [11/09/2005 11:29 AM]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [08/27/2003 02:20 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 04:44 PM]
"Fix-It AV"="C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe" [09/07/2006 01:32 PM]
"PhoneTray"="C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe" [05/24/2006 01:16 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"VirusScannerPro"="C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe" [09/07/2006 01:32 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [11/17/2004 01:21 PM]
"PCDrProfiler"="C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" [10/31/2005 03:47 PM]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [03/19/2002 05:30 PM]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [10/31/2005 10:51 AM]
"P17Helper"="P17.dll" [05/03/2005 07:38 AM C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"EPSON Stylus C68 Series on MIKEYS (from DORIS)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.exe" [01/25/2005 04:00 AM]
"EPSON Stylus C68 Series on DEN (from BEDROOM)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.exe" [01/25/2005 04:00 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/28/2004 03:50 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [06/04/2006 06:36 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 12:00 AM]
"MyPrivacyTask"="C:\Program Files\My Privacy Online\MyPrivacyTask.exe" [02/28/2006 11:27 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/08/2007 08:38 AM]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [07/02/2007 06:29 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\
LaunchOnFly.lnk - C:\Program Files\LaunchOnFly\lf.exe [3/22/2007 12:50:24 PM]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EmEditor.lnk - C:\Program Files\EmEditor\emedtray.exe [9/6/2004 10:29:52 AM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 3:40:46 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartBanner"=01000000
"ClearRecentDocsOnExit"=01000000
"NoRecentDocsHistory"=01000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [08/17/2006 03:57 PM 86016]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command-

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

-- End of Deckard's System Scanner: finished at 2007-10-26 13:00:27 ------------

mikeyb9 · 10-26-2007, 12:46 PM

Here is the extra.txt log
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3500+
Percentage of Memory in Use: 34%
Physical Memory (total/avail): 1982.48 MiB / 1303.14 MiB
Pagefile Memory (total/avail): 3268.45 MiB / 2773.11 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1852.96 MiB

C: is Fixed (NTFS) - 224.95 GiB total, 160.16 GiB free.
D: is Fixed (FAT32) - 7.91 GiB total, 0.54 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (FAT)
L: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500JS-60NCB1 - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 224.95 GiB - C:
\PARTITION1 - Unknown - 7.93 GiB - D:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE1 - LEXAR JUMPDRIVE SECURE USB Device - 243.17 MiB - 1 partition
\PARTITION0 - 16-bit FAT - 247.48 MiB - K:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntivirusOverride is set.
FirewallOverride is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: VCOM NetDefense Firewall 7 v7001 (Avanquest Publishing USA, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Compaq_Administrator\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DEN
ComSpec=C:\WINDOWS\system32\cmd.exe
DEVMGR_SHOW_DETAILS=
DEVMGR_SHOW_NONPRESENT_DEVICES=
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Compaq_Administrator
LOGONSERVER=\\DEN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 3.5 Suite;C:\PROGRA~1\COMMON~1\MGISHA~1\Video;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\Program Files\VCOM\SystemSuite
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
USERDOMAIN=DEN
USERNAME=Compaq_Administrator
USERPROFILE=C:\Documents and Settings\Compaq_Administrator
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

Compaq_Administrator (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative\SBAudigy\Program\Setup.exe" /S /U /W
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
--> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
--> msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
--> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
--> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
--> MsiExec.exe /I{BB89B3A4-298B-4C9D-9E5A-F42D1D23AB5B}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ivx D4 4.5.1 (remove only) --> "C:\Program Files\3ivx\3ivx D4 4.5.1\uninstall.exe"
5 Card Slingo from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3B3B73D1-DC4A-4780-B0E4-E823D08B3397\Uninstall.exe"
A4Desk BlueSquad v6.0 (Demo) --> "C:\Program Files\A4Desk\unins000.exe"
ABBYY PDF Transformer 2.0 --> MsiExec.exe /I{FA200000-0001-0000-0000-074957833700}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2 --> C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=f:\adobe creative suite 2.0/lang=0409
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe GoLive CS2 CoAuthor --> msiexec /i {46548E80-0409-0000-C6A8-846700F85501}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{8A7AC18E-2249-4BCB-81BE-CB2F7F7E6EFE}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Ahead InCD EasyWrite Reader --> C:\WINDOWS\unmrw.exe /UNINSTALL
Alt-Tab Task Switcher Powertoy for Windows XP --> MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
American Greetings CreataCard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B58AA53-6EB9-405E-AB6B-6B83C16235F1}\setup.exe" -l0x9 anything
AnalogX Vocal Remover --> C:\Program Files\AnalogX\VocalRemover\vremu.exe
AnalogX Vocal Remover (WinAmp) --> C:\Program Files\Plugins\wavremu.exe
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Connectivity Services --> "C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c
AOL Instant Messenger (SM) --> C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
AOL Uninstaller --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Applet Effects Factory --> C:\PROGRA~1\APPLET~1\UNWISE.EXE C:\PROGRA~1\APPLET~1\INSTALL.LOG
Applet Headline Factory --> C:\PROGRA~1\APPLET~2\UNWISE.EXE C:\PROGRA~1\APPLET~2\INSTALL.LOG
Applet Marquee Wizard --> C:\PROGRA~1\APPLET~3\UNWISE.EXE C:\PROGRA~1\APPLET~3\INSTALL.LOG
Applet Navigation Factory --> C:\PROGRA~1\APPLET~1.0\UNWISE.EXE C:\PROGRA~1\APPLET~1.0\INSTALL.LOG
Ashampoo Burning Studio 6 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 6\Uninstall\BS6_Uninstall.EXE"
Ashampoo Burning Studio 7 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 7\unins000.exe"
Ashampoo Internet Accelerator 2.00 --> "C:\Program Files\Ashampoo\Ashampoo Internet Accelerator 2\unins000.exe"
Ashampoo Magical Snap 2.00 --> "C:\Program Files\Ashampoo\Ashampoo Magical Snap 2\unins001.exe"
Ashampoo Magical Snap 2.00 BETA --> "C:\Program Files\Ashampoo\Ashampoo Magical Snap 2\unins000.exe"
Ashampoo Movie Shrink & Burn 2 --> "C:\Program Files\Ashampoo\Ashampoo Movie Shrink & Burn 2\Uninstall\MSB2_Uninstall.EXE"
Ashampoo WinOptimizer 4.40 --> "C:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\unins000.exe"
AstroPop Deluxe from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\997DD523-B925-4C73-970B-C201E8F781AD\Uninstall.exe"
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoSave --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\VCOM\AutoSave\Uninst\Setup.exe" -l0x9 -XYZ
AVerMedia M780 Driver 2.5.0.14 --> C:\Program Files\AVerMedia\AVerMedia M780 Driver\uninst.exe
AVI & MPEG Splitter 1.48 --> "C:\Program Files\AVI MPEG Splitter\unins000.exe"
AVI/MPEG/RM/WMV Joiner 4.11 --> "C:\Program Files\AVI MPEG RM WMV Joiner\unins000.exe"
AVS Video Converter 4.3.1.371 --> "C:\Program Files\AVSMedia\VideoConverter4\unins000.exe"
Barnyard Invasion from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\53474592-01BC-4338-8647-FE350957D912\Uninstall.exe"
Bejeweled 2 Deluxe from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D84AC71A-75E8-4709-8BA5-4B46EAC00C5E\Uninstall.exe"
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
BitPim 0.9.10 --> "C:\Program Files\BitPim\unins000.exe"
Blackhawk Striker 2 from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF\Uninstall.exe"
Blasterball 2 from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\75528D5F-DD82-402E-BA7C-045B7DC6A712\Uninstall.exe"
Blasterball 2 Remix from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9\Uninstall.exe"
Boggle Supreme from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C6D35CCA-3F9E-4B6E-A17F-409EE7379D6B\Uninstall.exe"
Boilosft AVI to VCD SVCD DVD Converter 1.48 --> "C:\Program Files\Boilsoft AVI Converter\unins000.exe"
Bonjour --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D} /l1033
Bookworm Deluxe from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E618FC78-EE4F-4243-8409-078EB5E0B1F6\Uninstall.exe"
Bounce Symphony from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6\Uninstall.exe"
Calculator Powertoy for Windows XP --> MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Chuzzle Deluxe from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\9448DE42-C017-4A3E-A0BB-C50BF673E9E0\Uninstall.exe"
ClearType Tuning Control Panel Applet --> MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
Click'N Design 3D (V5) --> C:\PROGRA~1\CLICK'~1\UNWISE.EXE C:\PROGRA~1\CLICK'~1\INSTALL.LOG
CoffeeCup Button Factory --> C:\PROGRA~1\COFFEE~1\COEC31~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COEC31~1\INSTALL.LOG
CoffeeCup Direct FTP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC90EAE9-0E03-44A1-BF36-0B670B8B8E19}\Setup.exe" -l0x9
CoffeeCup Firestarter --> C:\PROGRA~1\FIREST~1\UNWISE.EXE C:\PROGRA~1\FIREST~1\INSTALL.LOG
CoffeeCup Flash Blogger - Registered --> C:\PROGRA~1\COFFEE~1\CO997E~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\CO997E~1\INSTALL.LOG
CoffeeCup Flash Firestarter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB4AF7DA-CE59-41A9-93A6-DA921F809361}\Setup.exe" -l0x9
CoffeeCup Flash Form Builder - Registered --> C:\PROGRA~1\COFFEE~1\CO0D53~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\CO0D53~1\INSTALL.LOG
CoffeeCup Flash Menu Builder --> C:\PROGRA~1\COFFEE~1\COFFEE~2\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~2\INSTALL.LOG
CoffeeCup Flash Photo Gallery - Registered --> C:\PROGRA~1\COFFEE~1\COFFEE~4\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~4\INSTALL.LOG
CoffeeCup Flash Photo Gallery - Trial --> C:\PROGRA~1\COFFEE~1\COFFEE~4\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~4\INSTALL.LOG
CoffeeCup GIF Animator --> C:\PROGRA~1\COFFEE~1\GIFANI~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\GIFANI~1\GAinst.LOG
CoffeeCup Google SiteMapper --> C:\PROGRA~1\COFFEE~1\COF6DF~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COF6DF~1\sitemapper.log
CoffeeCup HTML Editor --> C:\PROGRA~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\INSTALL.LOG
CoffeeCup HTML Editor 2006 --> C:\PROGRA~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\INSTALL.LOG
CoffeeCup Live Chat - Registered --> C:\PROGRA~1\COFFEE~1\CO630E~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\CO630E~1\INSTALL.LOG
CoffeeCup MP3 Rip & Burn --> C:\PROGRA~1\COFFEE~1\CO14E3~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\CO14E3~1\CoffeeCupMP3Rip&Burn.log
CoffeeCup PixConverter --> C:\PROGRA~1\COFFEE~1\COB628~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COB628~1\pixinst.log
CoffeeCup RSS News Flash - Registered --> C:\PROGRA~1\COFFEE~1\CO970F~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\CO970F~1\INSTALL.LOG
CoffeeCup StyleSheet Maker --> C:\PROGRA~1\COFFEE~1\STYLES~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\STYLES~1\styleinst.log
CoffeeCup Visual Site Designer --> C:\WINDOWS\CoffeeCup Visual Site Designer Uninstaller.exe
CoffeeCup Web Calendar --> C:\PROGRA~1\COFFEE~1\CO7336~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\CO7336~1\INSTALL.LOG
CoffeeCup Web JukeBox - Registered --> C:\PROGRA~1\COFFEE~1\COD64E~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COD64E~1\INSTALL.LOG
CoffeeCup Web Video Player - Registered --> C:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~1\INSTALL.LOG
CoffeeCup Website Color Schemer --> C:\PROGRA~1\COFFEE~1\CO3E71~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\CO3E71~1\Schemer.log
Compaq Connections (remove only) --> C:\WINDOWS\HPCPCUninstall-5577497\HPBWSetup.exe -appid 5577497 -uninstall
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Crystal Maze from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C43D84CD-EBFC-48D3-A330-7868C8AD415A\Uninstall.exe"
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Cypress USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
DISCover --> "C:\Program Files\DISC\uninstall.exe"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVC80 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99B98440-4A0D-11D5-8310-0050DABBB21D}\Setup.exe"
Dwyco Video Conferencing --> "c:\program files\dwyco2\unins000.exe"
EarMaster Pro 5 --> "C:\Program Files\EarMaster Pro 5\unins000.exe"
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
EditPlus 2 --> C:\Program Files\EditPlus 2\remove.exe
EmEditor --> C:\Program Files\EmEditor\UNINSTAL.EXE
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
EPSON C68 User's Guide --> C:\Program Files\epson\guide\c68_e\uninstall.exe
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\setup.exe" -l0x9 -anything
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Eudora --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{063FE91B-1603-4AF9-9558-DC206395440A}\setup.exe" -l0x9
Extension Changer --> C:\Program Files\Extension Changer\extuninstall.exe
Family Feud --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BBE9E0F3-11F7-4424-9905-8E0153E872C1\Uninstall.exe"
FATE from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\85CF9BF3-1057-468C-962D-31BAABC6AC72\Uninstall.exe"
Flash2X Flash Player version 1.0.0 --> "C:\Program Files\Flash2X\Flash Player\unins000.exe"
Flash4D Bonus Intro --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-Flash4D Bonus Intro.dat
Flash4D Version 2-4 --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-Flash4D Version 2-4.dat
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
Funspot --> MsiExec.exe /I{A51033BE-61EA-4600-BD2A-EE49329C5A1E}
FW LiveUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2411E985-5BE2-4E8F-BBE0-22715F2F76FA}\setup.exe" -l0x9 -removeonly
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
GraphicCorp's Electronic Card Maker --> C:\SIERRA\PA4PLAT\Ecm\UNWISE.EXE C:\SIERRA\PA4PLAT\Ecm\INSTALL.LOG
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Boot Optimizer --> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall
HP Deskjet 5400 series --> C:\Program Files\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP DigitalMedia Archive --> MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP DVD Play 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Game Console and games --> C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Product Detection --> MsiExec.exe /I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Rhapsody --> C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Support Overview --> "C:\WINDOWS\unins000.exe"
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP Web Helper --> regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll"
HTML Slideshow Powertoy for Windows XP --> MsiExec.exe /I{4E475FD4-4513-4B1D-8DDA-43912B068C99}
ICQ 5.1 --> C:\Program Files\ICQLite\ICQLiteUninstall.EXE
Image Grabber II --> "C:\Program Files\Image Grabber II\uninstall.exe"
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
iMesh 5 --> C:\PROGRA~1\iMesh\iMesh5\UNWISE.EXE C:\PROGRA~1\iMesh\iMesh5\INSTALL.LOG
Incomedia WebSite X5 --> C:\WINDOWS\system32\iwpsetup.exe /Uninst:C:\WebSite X5
Insaniquarium Deluxe from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5AF1DD17-7B06-45EF-8592-2E524E458BAB\Uninstall.exe"
Intel A/V Codecs V2.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\CDUninst.isu
InterVideo WinDVR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC9D60B8-B270-4AE0-8208-CCB01C42CD6A}\setup.exe" REMOVEALL
iolo technologies' System Mechanic 5 Professional --> C:\PROGRA~1\iolo\SYSTEM~1\UninstallSMPro.exe
Ipswitch WS_FTP Professional 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9 -removeonly
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KeyRipper 3.0 --> C:\PROGRA~1\DSSEVO~1.COM\KEYRIP~1\Setup.exe /remove /q0
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0002_2cf95d\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LaunchOnFly 1.32 --> "C:\Program Files\LaunchOnFly\unins000.exe"
Lemonade Tycoon 2 from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\63E4EC24-7173-4E1F-9C77-B4403CBCF91F\Uninstall.exe"
Lexibox Deluxe from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F05A08BF-E600-4FBD-A53A-3D47296B1275\Uninstall.exe"
LG Internetkit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67ECDB7E-24E0-4A80-81EE-ED2DF1352D27}\setup.exe" -l0x9 -removeonly
LG PhoneManager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EE65592-88FD-48AA-98CA-EE9BDB1FF518}\setup.exe" -l0x9 -removeonly
LG SyncManager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92636B62-9423-4246-82FE-69E2F4158350}\setup.exe" -l0x9 -removeonly
LightScribe System Software 1.10.16.1 --> MsiExec.exe /X{E6CFBFB5-9232-410C-B353-AF6E614B2681}
Live365 for Media Center --> MsiExec.exe /I{64D0E1EA-875C-44CA-816F-0D0F1E02BF9B}
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Captivate --> MsiExec.exe /X{A7651FB4-AC2E-4020-90E2-B71C8C379F48}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Macromedia FreeHand MXa --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
Magical Jellybean Dictionary --> C:\WINDOWS\system32\GKSUI18.EXE C:\Program Files\Magical Jellybean Dictionary Vv1.1\UNINSTAL.DAT
Magnifier Powertoy for Windows XP --> MsiExec.exe /I{2FBF04DC-404C-4FA4-BA28-99903080D2B9}
Mah Jong Quest from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\422C7575-C10D-4795-87FA-9972765379E6\Uninstall.exe"
MailWasher Pro --> "C:\Program Files\VCOM\VCOM Anti-Spam\MailWasher Pro\unins000.exe"
mceWeather 3.2 --> "C:\Program Files\mceWeather\unins000.exe"
Media Center Karaoke Plug-in --> MsiExec.exe /I{348054A0-6F9A-4EF9-BBB0-827C14C20D86}
Media Center Playlist Editor --> MsiExec.exe /I{47E0D551-C96E-403C-A230-982A78C9D48C}
MGI VideoWave 4 --> MsiExec.exe /I{1CB63C5C-DA69-4793-BD35-43BDE2A86D43}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Dictation --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\MSDApp.inf, Uninstall
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Publishing 2001 --> MsiExec.exe /I{15D9EB74-998E-4A04-B468-51C2E7B32182}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Speech Recognition Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mscsr.inf, Uninstall.NT
Microsoft Speech SDK 4.0 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\SpchSDK.inf, Uninstall.NT
Microsoft Speech SDK 4.0 ActiveX Components --> C:\WINDOWS\ST5UNST.EXE -n "C:\WINDOWS\speech\ST5UNST.LOG"
Microsoft Speech SDK 4.0 Suite --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\spchall.inf, Uninstall.NT
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Voice --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\MSVApp.inf, Uninstall
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Microsoft® Winter Fun Pack 2004 for Windows® XP --> MsiExec.exe /X{038A524F-58DB-438A-8391-8F7F0CA14B9E}
MotionArtist 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AABE82F8-A134-4D6F-A655-873F68E38671}\Setup.exe" -l0x9
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MUSTEK 1200 UB v2.1 --> C:\WINDOWS\TWAIN_32\1200UB\UNINST.EXE
muvee autoProducer 3.5 - SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{37E31FCE-A048-4D8C-B167-31891BCF6585}\setup.exe" -l0x9
muvee autoProducer 6.1 --> C:\Program Files\InstallShield Installation Information\{7B312BFD-6C04-4409-AB6F-DD41CCD67463}\setup.exe -runfromtemp -l0x0009 -removeonly
muvee corePack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B0BD0D6-D7D1-4D49-9815-5A85081ECC45}\Setup.exe" -l0x9
My Privacy Online v 3.2 --> "C:\Program Files\My Privacy Online\unins000.exe"
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\Setup.exe" -l0x9 AddRemoveCPRun
NCR Label Formats for MS Word Setup --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NCR Media Formats\Uninst.isu"
Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Norton Spyware Scan provided by Yahoo! --> C:\PROGRA~1\Yahoo!\Common\unynss.exe
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EC003A3-51E9-4019-BEC0-DF99B0DF5CCF}\Setup.exe" -uninstall
NVRemote --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42C59DE7-38BB-4039-A341-EF5ED6C0AA72}\Setup.exe"
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
OutlookTools 2 --> MsiExec.exe /I{F539210E-8474-44E3-9035-01CB6444DB46}
Paessler Site Inspector 4 --> "C:\Program Files\Paessler Site Inspector 4\unins000.exe"
Paltalk Messenger --> "C:\WINDOWS\Paltalk Messenger\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PhoneTray Free --> C:\Program Files\TraySoft\PhoneTray\Uninstall.exe
Photo Story 3 for Windows --> MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
****Fish --> "C:\Program Files\****Fish\Uninstall.exe" "C:\Program Files\****Fish\install.log"
Polar Bowler from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\05E21449-3BA3-42BF-BBDA-95205F4EA40A\Uninstall.exe"
Polar Golfer from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3330A279-CC39-4A17-AE19-DA464B26AD9A\Uninstall.exe"
PowerDesk 5.0 --> C:\Program Files\VCOM\PowerDesk\uninstal.exe C:\Program Files\VCOM\PowerDesk
PQ DVD to 3GP Video Suite (remove only) --> "C:\Program Files\PQDVD\PQ DVD to 3GP Video Suite\bt-uninst.exe"
Pure Networks Port Magic --> C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
PureVoice --> "C:\PROGRA~1\Qualcomm\Eudora\Plugins\uninstall.exe"
Puzzle Express from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E1A0F769-A43A-4DDB-9F73-12791E453557\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QDictionary (remove only) --> "C:\Program Files\QDictionary\uninstall.exe"
Quick File Rename Personal Edition 2.0 --> MsiExec.exe /I{C9DAC628-3B92-49D9-B619-C75F53B0CC2C}
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
QuickTime Alternative 1.80 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
Real Alternative 1.52 --> "C:\Program Files\Real Alternative\unins000.exe"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Remove WeatherBug Installer --> c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c c:\hp\bin\wbug\clean.bat
Ricochet Lost Worlds from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\52AEBC18-F252-4B0C-B3E1-724537D9F873\Uninstall.exe"
Roxio Burn Engine --> MsiExec.exe /X{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}
Roxio Easy Media Creator 7 --> MsiExec.exe /I{CB4544EA-C189-41FE-9E3A-76591DDB852B}
Satellite Finder 4.0 --> "C:\Program Files\SatFinder\unins000.exe"
Satellite TV for PC Elite 4.8.8.0 --> C:\WINDOWS\uninstall\Satellite TV for PC Elite\setup.exe
SCRABBLE from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\FA6A73EB-40AB-4B58-851D-3892B3C10EF6\Uninstall.exe"
SEAGULL FTP --> C:\Program Files\SEAGULL\FTP\Unins.Exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG
Shooting Stars Pool from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\045C89A0-CA37-443C-8826-F750227DE69C\Uninstall.exe"
Shrek 2 Ogre Bowler from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9\Uninstall.exe"
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Slideshow Generator Powertoy for Windows XP --> MsiExec.exe /I{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}
Slingo Deluxe from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F19E8CDF-5EFD-45E0-9FAF-66CBAE84B1D9\Uninstall.exe"
Smart Explorer 6.1 --> "C:\Program Files\Smart Explorer\unins000.exe"
Snowboard SuperJam from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8D11F98B-4931-44F6-8FC6-971CCBBBB131\Uninstall.exe"
SongReader v4.0.299 --> "C:\Program Files\SongReader\unins000.exe"
Sonic Express Labeler --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Vegas 5.0a --> MsiExec.exe /I{784DF107-2945-4B65-ADE3-A58ECD6C37A9}
Sound Blaster Audigy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\SETUP.EXE" -l0x9 /remove
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
StuffFTP v0.11 --> C:\Program Files\StuffFTP\Uninstal.exe
Suite Specific --> MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
SUPER © Version 2007.bld.22 (Mar 14, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Super Granny from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DE87FA96-7840-420C-86F9-33F3B7B3CED1\Uninstall.exe"
SureThing Decal Maker --> C:\WINDOWS\mvuninst\App1\unwise.exe C:\WINDOWS\MVUNINST\APP1\INSTALL.LOG "SureThing Decal Maker Uninstall"
SurfSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D81771D0-EEC3-11D3-A870-18FFEE000000}\setup.exe" AnyText
SWF Opener --> "C:\Program Files\UnH Solutions\SWF Opener\unins000.exe"
SWiSHpix --> C:\WINDOWS\unvise32.exe C:\Program Files\SWiSHpix\uninstal.log
SyncToy --> MsiExec.exe /I{B5688129-7595-4E5B-9990-CEF981A31264}
SystemSuite 7 Professional --> MsiExec.exe /I{6A615007-721D-4063-B226-EA41EB6604B9}
TalkShoe Live! 2.0 --> C:\Program Files\TalkShoe\uninstall.exe
The Logo Creator v4 --> C:\WINDOWS\unvise32.exe C:\Program Files\The Logo Creator v4\uninstal.log
The Logo Creator v5 --> C:\WINDOWS\unvise32.exe C:\Program Files\The Logo Creator v5\uninstal.log
Timershot Powertoy for Windows XP --> MsiExec.exe /I{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Total Recorder 6.1 --> "C:\Program Files\HighCriteria\TotalRecorder\setup.exe" U
Tradewinds from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\66195170-D19D-46C5-8FB7-8A4630071ADC\Uninstall.exe"
Trendyflash Site Builder --> MsiExec.exe /I{A143CD52-E5F2-4D22-BE0C-705CAFEDA780}
TVAnts 1.0 --> C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
TweakMCE --> MsiExec.exe /I{8D5AC6EF-B91C-4E03-99DE-C72536BB381F}
Ulead Data-Add 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD8E6D29-95EC-494E-8AF5-566E784819A6}\setup.exe" -l0x9
Ulead DVD MovieFactory 2 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88F93347-0F9B-4FED-BA71-6C2A4CDFE61D}\setup.exe" -l0x9
Ulead DVD MovieFactory 3.5 Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7D89BBE-D4B3-49E8-B185-7966B5345866}\setup.exe" -l0x9
Ulead VideoStudio 7 SE DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\setup.exe" -l0x9
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
Update for Outlook 2007 Junk Email Filter (kb942575) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0FC27B9D-5BCD-45C1-B9ED-9F0273F7A18D}
Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
USB Storage Adapter FX (SM1) --> SM1UN.EXE SM1FX_AT
vanBasco's Karaoke Player --> C:\Program Files\vanBasco's Karaoke Player\uninst.exe
VCOM Anti-Spam --> "C:\Program Files\VCOM\VCOM Anti-Spam\unins000.exe"
Veo Advanced Connect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C44CB060-2AD1-11D6-BC84-00D0B7E10CD1}\SETUP.EXE"
Veo Digital Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45AEEA61-04F8-11D6-8B35-0080C8F5C4AA}\setup.exe"
VideoLAN VLC media player 0.8.2 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Web CEO 5.6 --> "C:\Program Files\Web CEO\Uninstall\unins000.exe"
Web Easy Professional 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB46AB60-F603-4FEA-8A0C-590EA4982C0B}\Setup.exe" -l0x9 -removeonly
Web Page Maker V2.5 --> "C:\Program Files\Web Page Maker V2\unins000.exe"
Web Site Downloader --> "C:\Program Files\Web Site Downloader\unins000.exe"
Websites...in-a-Flash - Full Update 1.00 --> "C:\Program Files\Universis\...in-a-Flash!\unins001.exe"
Websites...in-a-Flash! 1.01 --> "C:\Program Files\Universis\...in-a-Flash!\unins000.exe"
What's Running 2.2 --> "C:\Program Files\WhatsRunning\unins000.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Vista Upgrade Advisor --> MsiExec.exe /I{86BB059D-1231-457B-B88F-F9B315A18F90}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
X10 Hardware(TM) --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
XP Repair Pro 2006 --> MsiExec.exe /I{80682344-770B-46CB-B0FF-6A7620B37CBA}
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Mail Quick Select Tool (PhotoMail) --> C:\PROGRA~1\Yahoo!\Common\unymb.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Music Jukebox --> "C:\Program Files\Yahoo!\Yahoo! Music Engine\Uninstall.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zuma Deluxe from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0BD36D37-C5D7-4B96-B64A-CB2C3A82EC4D\Uninstall.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type22945 / Error
Event Submitted/Written: 10/26/2007 00:42:23 PM
Event ID/Source: 1512 / Userenv
Event Description:
Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator.

DETAIL - Insufficient system resources exist to complete the requested service.

Event Record #/Type22931 / Error
Event Submitted/Written: 10/26/2007 00:05:22 PM
Event ID/Source: 2 / SystemSuite
Event Description:
Virus Scanner:

POP3 unable to connect to port monitor.

.

Event Record #/Type22924 / Error
Event Submitted/Written: 10/26/2007 11:57:38 AM
Event ID/Source: 1512 / Userenv
Event Description:
Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator.

DETAIL - Insufficient system resources exist to complete the requested service.

Event Record #/Type22922 / Warning
Event Submitted/Written: 10/26/2007 09:56:18 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90120000-0030-0000-0000-0000000FF1CE}', feature 'OUTLOOKFiles' failed during request for component '{0638C49D-BB8B-4CD1-B191-055E8F325736}'

Event Record #/Type22921 / Warning
Event Submitted/Written: 10/26/2007 09:56:18 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90120000-0030-0000-0000-0000000FF1CE}', feature 'OUTLOOKFiles', component '{FD7878D4-39CC-4BE5-91F6-330ED22AC5FD}' failed. The resource 'HKEY_CLASSES_ROOT\.pst\' does not exist.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type54459 / Error
Event Submitted/Written: 10/26/2007 00:46:00 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Bonjour Service service hung on starting.

Event Record #/Type54456 / Error
Event Submitted/Written: 10/26/2007 00:44:12 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The ClipBook service depends on the Network DDE service which failed to start because of the following error:
%%1058

Event Record #/Type54435 / Error
Event Submitted/Written: 10/26/2007 00:07:18 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Bonjour Service service hung on starting.

Event Record #/Type54434 / Error
Event Submitted/Written: 10/26/2007 00:05:46 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The ClipBook service depends on the Network DDE service which failed to start because of the following error:
%%1058

Event Record #/Type54426 / Warning
Event Submitted/Written: 10/26/2007 10:32:27 AM
Event ID/Source: 3 / Print
Event Description:
Printer EPSON Stylus C68 Series on DEN (from BEDROOM) was deleted.

-- End of Deckard's System Scanner: finished at 2007-10-26 13:00:27 ------------

MoralTerror · 10-26-2007, 04:06 PM

Hi mikeyb9

P2P - I see you have P2P software Napster installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

---------------------------------------

From Control Panel > Add/Remove Programs uninstall the following programs (if they still exist)

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1

Scan with HijackThis and check the following entries (If they still exist) (make sure not to miss any)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - - (no file)
O2 - BHO: (no name) - 0CÁ07962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - CÁJ - (no file)
O2 - BHO: (no name) - °BÁ78D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - àBÁ49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab

Remember to close all other windows and click Fix Checked

---------------------------------------

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Quote:

File::
C:\Documents and Settings\All Users\Application Data\ÝÙÃÄ3113›.sys

Folder::
C:\Program Files\Paltalk Messenger

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------

Then Download and install the newest version of Java from here:
http://www.java.com/en/download/manual.jsp

---------------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

---------------------------------------
Required Logs

c:\combofix.txt
Kaspersky report
new HijackThis log <<< taken after the online scan

Please also provide an update on system behaviour and details of any problems you may have encountered while carrying out these instructions

mikeyb9 · 10-28-2007, 12:21 AM

Ok, I got rid of napster never used it. I uninstalled programs as instructed. Ran Hijack this scan and fixed items as instructed. Ran script for combo fix. Downloaded new java. Completed Kaspersky online scan, and ran hijack this again, all results below. Everything went smoothly no exceptional behavior.

ComboFix 07-10-26.4 - Compaq_Administrator 2007-10-27 17:46:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1270 [GMT -4:00]
Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\Documents and Settings\All Users\Application Data\ÝÙÃÄ3113›.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\ÝÙÃÄ3113›.sys
C:\Program Files\Paltalk Messenger
C:\Program Files\Paltalk Messenger\AviFileCtrl.dll
C:\Program Files\Paltalk Messenger\cloudmark.ico
C:\Program Files\Paltalk Messenger\ctrlkey.dll
C:\Program Files\Paltalk Messenger\CustomScrollRT.dll
C:\Program Files\Paltalk Messenger\eFax3.ico
C:\Program Files\Paltalk Messenger\ELVideoCapture.dll
C:\Program Files\Paltalk Messenger\ftpclient.dll
C:\Program Files\Paltalk Messenger\GoogleDesktopSetup_en_release_s_r4intl_sign_c2699338_062106_102132.exe
C:\Program Files\Paltalk Messenger\GoogleToolbarInstaller_PALx_en_signed.exe
C:\Program Files\Paltalk Messenger\gsmproj.dll
C:\Program Files\Paltalk Messenger\ijl11.dll
C:\Program Files\Paltalk Messenger\IRIMG1.JPG
C:\Program Files\Paltalk Messenger\IRIMG2.JPG
C:\Program Files\Paltalk Messenger\IRIMG3.JPG
C:\Program Files\Paltalk Messenger\IRIMG4.JPG
C:\Program Files\Paltalk Messenger\irunin.dat
C:\Program Files\Paltalk Messenger\irunin.xml
C:\Program Files\Paltalk Messenger\License.doc
C:\Program Files\Paltalk Messenger\License.txt
C:\Program Files\Paltalk Messenger\pallauncher.dll
C:\Program Files\Paltalk Messenger\palsound.dll
C:\Program Files\Paltalk Messenger\palstart.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Paltalk Messenger\PalTextCtl.dll
C:\Program Files\Paltalk Messenger\ReceivedFiles\brq.txt
C:\Program Files\Paltalk Messenger\shfolder.dll
C:\Program Files\Paltalk Messenger\spexproj.dll
C:\Program Files\Paltalk Messenger\Thumbs.db
C:\Program Files\Paltalk Messenger\upgrade.ico
C:\Program Files\Paltalk Messenger\vonage.ico
C:\Program Files\Paltalk Messenger\WebVideo.dll
C:\Program Files\Paltalk Messenger\welcome.avi

.
((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.

2007-10-26 12:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-24 12:22 <DIR> d-------- C:\Program Files\HowTo-Outlook
2007-10-18 10:47 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Windows Desktop Search
2007-10-18 10:20 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-10-18 09:33 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-10-18 09:27 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-18 09:22 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-10-18 09:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-18 09:18 <DIR> dr-h----- C:\MSOCache
2007-10-18 08:38 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-10-18 08:34 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-16 13:04 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-16 02:27 <DIR> d-------- C:\Deckard
2007-10-16 02:17 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-15 09:36 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-14 19:08 <DIR> d-------- C:\Program Files\Common Files\Kodak
2007-10-08 09:52 1,048,576 --a------ C:\Temp\autorun.bin
2007-10-08 09:52 769,024 --a------ C:\Temp\SFDNWIN.exe
2007-10-08 07:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2007-10-08 06:11 <DIR> d-------- C:\Program Files\SAMSUNG
2007-10-08 05:08 <DIR> d-------- C:\Program Files\EVEREST Home Edition

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-27 22:16 --------- d-----w C:\Program Files\My Privacy Online
2007-10-27 21:28 --------- d-----w C:\Program Files\Java
2007-10-27 21:27 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\VCOMAntiSpam
2007-10-27 21:20 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-10-27 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-10-26 12:19 --------- d-----w C:\Program Files\Magical Jellybean Dictionary Vv1.1
2007-10-26 12:19 --------- d-----w C:\Program Files\CoffeeCup Software
2007-10-26 12:19 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\LaunchOnFly
2007-10-24 21:23 --------- d-----w C:\Program Files\UnH Solutions
2007-10-23 18:10 --------- d-----w C:\Program Files\Microsoft Picture It! PhotoPub
2007-10-18 13:29 --------- d-----w C:\Program Files\Microsoft Works
2007-10-16 20:01 --------- d-----w C:\Program Files\****Fish
2007-10-16 19:46 --------- d-----w C:\Program Files\LaunchOnFly
2007-10-16 19:38 --------- d-----w C:\Program Files\Google
2007-10-16 19:30 --------- d---a-w C:\Program Files\Common Files\LightScribe
2007-10-16 19:30 --------- d-----w C:\Program Files\Common Files\aolshare
2007-10-16 19:25 --------- d-----w C:\Program Files\Bonjour
2007-10-16 09:14 --------- d-----w C:\Program Files\ICQLite
2007-10-16 09:11 --------- d-----w C:\Program Files\Extension Changer
2007-10-16 09:11 --------- d-----w C:\Program Files\EmEditor
2007-10-16 09:11 --------- d-----w C:\Program Files\EditPlus 2
2007-10-16 08:47 --------- d-----w C:\Program Files\ABBYY PDF Transformer 2.0
2007-10-15 16:42 --------- d-----w C:\Program Files\Smart Explorer
2007-10-15 13:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-14 23:09 --------- d-----w C:\Program Files\Kodak
2007-10-12 14:34 --------- d-----w C:\Program Files\dwyco2
2007-10-08 10:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-04 05:38 --------- d-----w C:\Program Files\Media Player Classic
2007-10-01 06:50 --------- d-----w C:\Program Files\The Logo Creator v5
2007-09-20 17:18 --------- d-----w C:\Program Files\The Logo Creator v4
2007-09-20 17:18 --------- d-----w C:\Program Files\SatFinder
2007-09-20 17:18 --------- d-----w C:\Program Files\mceWeather
2007-09-20 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterVideo
2007-09-20 16:01 --------- d-----w C:\Program Files\InterVideo
2007-09-20 12:12 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Media Player Classic
2007-09-18 17:32 --------- d-----w C:\Program Files\Funspot
2007-09-18 17:30 --------- d-----w C:\Program Files\Media Center Karaoke Plug-in
2007-09-12 00:01 --------- d-----w C:\Program Files\Key-Grabber-ddfg
2007-09-07 18:15 --------- d-----w C:\Program Files\DVDlabPro
2007-09-04 16:50 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-04 16:49 --------- d-----w C:\Program Files\MSBuild
2007-09-04 16:45 --------- d-----w C:\Program Files\Reference Assemblies
2007-09-04 16:15 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-30 16:50 --------- d-----w C:\Program Files\Web Page Maker V2
2007-08-30 16:50 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Web Page Maker V2
2007-08-30 15:51 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Smart Recorder
2007-08-28 16:34 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Creative
2007-08-28 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2007-08-28 16:18 --------- d-----w C:\Program Files\Creative
2007-08-28 16:16 --------- d--h--w C:\Program Files\Creative Installation Information
2007-08-28 16:16 --------- d-----w C:\Program Files\Common Files\Creative
2007-08-28 15:38 --------- d-----w C:\Program Files\Realtek AC97
2007-04-23 18:43 254,440 -c--a-w C:\Documents and Settings\Compaq_Administrator\Application Data\GDIPFONTCACHEV1.DAT
2006-07-06 19:02 0 -c----w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2003-08-27 18:19 36,963 -c----w C:\Program Files\Common Files\SM1updtr.dll
2006-06-03 23:02:25 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
2006-05-03 10

54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16 31,744 -csh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 03:19 C:\WINDOWS\arpwrmsg.exe]
"DMAScheduler"="c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 13:01]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 02:14]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 11:29]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
"Fix-It AV"="C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe" [2006-09-07 13:32]
"PhoneTray"="C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe" [2006-05-24 13:16]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"VirusScannerPro"="C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe" [2006-09-07 13:32]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-11-17 13:21]
"PCDrProfiler"="C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" [2005-10-31 15:47]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51]
"P17Helper"="P17.dll" [2005-05-03 07:38 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"EPSON Stylus C68 Series on MIKEYS (from DORIS)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.exe" [2005-01-25 04:00]
"EPSON Stylus C68 Series on DEN (from BEDROOM)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.exe" [2005-01-25 04:00]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 03:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-06-04 18:36]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 00:00]
"MyPrivacyTask"="C:\Program Files\My Privacy Online\MyPrivacyTask.exe" [2006-02-28 11:27]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 08:38]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 06:29]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-02-22 00:18:32]

C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\
LaunchOnFly.lnk - C:\Program Files\LaunchOnFly\lf.exe [2007-03-22 12:50:24]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EmEditor.lnk - C:\Program Files\EmEditor\emedtray.exe [2004-09-06 10:29:52]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=01000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [2006-08-17 15:57 86016]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

R1 AutoSave;AutoSave;C:\WINDOWS\system32\drivers\AutoSave.sys
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys
R2 LxrSII1d;Secure II Driver;\??\C:\WINDOWS\system32\Drivers\LxrSII1d.sys
R3 AVMNgBasM780;AVerMedia M780 Base Driver;C:\WINDOWS\system32\DRIVERS\AVerBas.sys
R3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver;C:\WINDOWS\system32\DRIVERS\AVerCap.sys
R3 AVMNgTunM780;AVerMedia M780 TVTuner Driver;C:\WINDOWS\system32\DRIVERS\AVerTun.sys
R3 KFilter;KFilter;\??\C:\PROGRA~1\VCOM\SYSTEM~1\KFilter.sys
R3 P17;SB Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys
S3 NUVision;NUVision II Video Service;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys
S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys
S3 XIRLINK;Veo PC Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command -

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2007-10-14 23

53 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exe
"2007-10-27 22:14:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{44F941E4-56D1-4E8B-9252-6B279C4F57EF}.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 18:16:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-27 18:19:19 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-26 12:48
.
--- E O F ---

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 28, 2007 1:44:19 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/10/2007
Kaspersky Anti-Virus database records: 447233
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan Statistics:
Total number of scanned objects: 421310
Number of viruses found: 5
Number of infected objects: 25
Number of suspicious objects: 0
Duration of the scan process: 06:28:56

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.10.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.10.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.ci Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.wsb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl67.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy7.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf3.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_8f8.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-10-27_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_1015801043_1852899328_34968 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_1015801043_262144_34971 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE4.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE5.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{3F238206-0302-4072-B64D-54D5277EBE9C}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{BF99DFF6-C6EA-49FD-BAE5-F09436FB59AD}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\Nero BackItUp\Info Files\20070503_122111_03-05-07\C\WINDOWS\cpbrkpie.ocx.nco/20070503_122111_03-05-07/C/WINDOWS/cpbrkpie.ocx Infected: not-a-virus:AdWare.Win32.Coupons.h skipped
C:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\Nero BackItUp\Info Files\20070503_122111_03-05-07\C\WINDOWS\cpbrkpie.ocx.nco ZIP: infected - 1 skipped
C:\Documents and Settings\Compaq_Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Desktop Search\Logs\OTFSMonLog.txt Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Perflib_Perfdata_b3c.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DF60E8.tmp Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DFEB65.tmp Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~ROMFN_0000080C Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Desktop Search\Logs\UNCFATPHLog.txt Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\AntiPhishing\6729BBF9-D54C-48CB-A4D7-AD400339D808.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\wbug\CompaqPresario_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\hp\bin\wbug\CompaqPresario_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\hp\bin\wbug\CompaqPresario_Spring06.exe WiseSFX: infected - 2 skipped
C:\hp\bin\wbug\CompaqPresario_Spring06.exe WiseSFX Dropper: infected - 2 skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20071027-175711.log Object is locked skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071027-174115-976.dll Infected: not-a-virus:AdWare.Win32.Coupons.h skipped
C:\Program Files\VCOM\SystemSuite\checksum.dat Object is locked skipped
C:\Program Files\VCOM\SystemSuite\MXFwIMMF.dat Object is locked skipped
C:\Program Files\VCOM\SystemSuite\MXFwTMMF.dat Object is locked skipped
C:\Program Files\VCOM\SystemSuite\rawpacket.log Object is locked skipped
C:\Program Files\VCOM\SystemSuite\security.log Object is locked skipped
C:\Program Files\VCOM\SystemSuite\traffic.log Object is locked skipped
C:\Program Files\VCOM\SystemSuite\xacl.cfg Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP327\A0072005.exe/Adobe.exe Infected: Trojan-Spy.Win32.Delf.wh skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP327\A0072005.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP354\A0080344.exe/WISE0152.BIN/stream/data0006 Infected: not-a-virus:AdWare.Win32.SearchIt.f skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP354\A0080344.exe/WISE0152.BIN/stream Infected: not-a-virus:AdWare.Win32.SearchIt.f skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP354\A0080344.exe/WISE0152.BIN Infected: not-a-virus:AdWare.Win32.SearchIt.f skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP354\A0080344.exe WiseSFX: infected - 3 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP398\A0094996.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP398\A0094996.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP398\A0094996.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP427\A0104355.ocx Infected: not-a-virus:AdWare.Win32.Coupons.h skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP429\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Data Fax SoftModem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{CA2F88E0-D2B4-4722-A7F3-E291393B1867}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{283398CA-C37A-4211-AFAA-28A58D22BDD7}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\I386\APPS\APP16911\src\CompaqPresario_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP16911\src\CompaqPresario_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP16911\src\CompaqPresario_Spring06.exe WiseSFX: infected - 2 skipped
D:\I386\APPS\APP16911\src\CompaqPresario_Spring06.exe WiseSFX Dropper: infected - 2 skipped
D:\I386\APPS\APP16911\src\HPPavillion_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP16911\src\HPPavillion_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP16911\src\HPPavillion_Spring06.exe WiseSFX: infected - 2 skipped
D:\I386\APPS\APP16911\src\HPPavillion_Spring06.exe WiseSFX Dropper: infected - 2 skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:33 AM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\EmEditor\emedtray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\LaunchOnFly\lf.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTBSDK.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\logon.scr
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: ****Fish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\****Fish\****Fish.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\****Fish\FloatBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Paessler Site Inspector 4 Toolbar - {EC3A37EF-F4CF-447A-B0FD-206073E2DAE9} - C:\PROGRA~1\PAESSL~1\PSITOO~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ****Fish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\****Fish\****Fish.dll
O3 - Toolbar: (no name) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [PhoneTray] C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [EPSON Stylus C68 Series on MIKEYS (from DORIS)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.EXE /P46 "EPSON Stylus C68 Series on MIKEYS (from DORIS)" /O5 "TS002" /M "Stylus C68"
O4 - HKLM\..\Run: [EPSON Stylus C68 Series on DEN (from BEDROOM)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.EXE /P45 "EPSON Stylus C68 Series on DEN (from BEDROOM)" /O5 "TS003" /M "Stylus C68"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyPrivacyTask] C:\Program Files\My Privacy Online\MyPrivacyTask.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: LaunchOnFly.lnk = C:\Program Files\LaunchOnFly\lf.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: EmEditor.lnk = C:\Program Files\EmEditor\emedtray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Lookup Word - C:\Program Files\QDictionary\dict.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: ****Fish Grab movies on this page - C:\Program Files\****Fish\GRABPAGEMOVIES.HTM
O8 - Extra context menu item: ****Fish Grab pictures on this page - C:\Program Files\****Fish\GRABPAGEPICS.HTM
O8 - Extra context menu item: ****Fish Grab pictures this page links to - C:\Program Files\****Fish\GRABPAGELINKS.HTM
O8 - Extra context menu item: ****Fish Grab Target File - C:\Program Files\****Fish\GRABLINK.HTM
O8 - Extra context menu item: ****Fish Grab This Picture - C:\Program Files\****Fish\GRABPIC.HTM
O8 - Extra context menu item: PSI: Copy Image as HTML Tag - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-img-tag
O8 - Extra context menu item: PSI: Copy Image URL - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-img-src
O8 - Extra context menu item: PSI: Copy Link as HTML Tag - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-a-tag
O8 - Extra context menu item: PSI: Copy Meister - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copymeister
O8 - Extra context menu item: PSI: Open Frame In New Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-new-window
O8 - Extra context menu item: PSI: Open Frame In This Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-this-window
O8 - Extra context menu item: PSI: Open Selected Text as URL in New Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-selection
O8 - Extra context menu item: PSI: Show All Forms - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/forms
O8 - Extra context menu item: PSI: Show All Images - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/images
O8 - Extra context menu item: PSI: Show All Links - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/links
O8 - Extra context menu item: PSI: Show All Scripts - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/scripts
O8 - Extra context menu item: PSI: Show All Stylesheets - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/styles
O8 - Extra context menu item: PSI: Show HTTP Header - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/headers
O8 - Extra context menu item: PSI: Show Source - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/source
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: SurfSaver &QuickSave - C:\Program Files\askSam\SurfSaver\QuickSave.htm
O8 - Extra context menu item: SurfSaver Sav&e... - C:\Program Files\askSam\SurfSaver\Add.htm
O8 - Extra context menu item: SurfSaver Searc&h... - C:\Program Files\askSam\SurfSaver\Search.htm
O8 - Extra context menu item: T&hesaurus - C:\Program Files\QDictionary\thes.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra button: SurfSaver - {A6418A39-8884-11D3-A846-00104B8825B9} - C:\Program Files\askSam\SurfSaver\SurfBar.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188921401078
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} - http://www.kodakgallery.com/download...2/axofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27C876C4-3D2E-4156-8F0C-2776892E285D}: NameServer = 207.69.188.185,207.69.188.186
O18 - Protocol: asksam - {F9FF9EDA-4916-11D1-B6C1-002018305A61} - C:\Program Files\askSam\SurfSaver\AS_AIPP.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 20661 bytes

MoralTerror · 10-28-2007, 12:35 PM

Hi mikeyb9

You have infected files in backups, please delete the following backups

C:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\Nero BackItUp\Info Files\ 20070503_122111_03-05-07
C:\Program Files\Trend Micro\HijackThis\backups\ backup-20071027-174115-976.dll

Other than that your logs appear clean. If there are no more issues you should be good to go.

Kindly follow these simple steps in order to keep your computer clean and secure:

UNINSTALL COMBOFIX
This process will also perform some final cleanup steps
Click Start > Run and type ComboFix /u
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
FIREWALL
Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here.
Microsoft Windows Update
Visit windowsupdate.com regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
SPYBOT - SEARCH & DESTROY
Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
AD-AWARE
Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.

Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
Google Toolbar - Get the free google toolbar to help stop pop up windows.
CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.
Winpatrol - Download and install the free version of Winpatrol.
A tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.

mikeyb9 · 10-29-2007, 05:27 AM

Thank you MoralTerror you have been a tremendous help! Thank you! Thank you! Thank You! I appreciate all of your fine efforts and hard work.
Mikey

MoralTerror · 10-29-2007, 06:22 AM

your very welcome mikeyb9 glad we could help

safe surfing

10-22-2007, 10:46 PM	#2 (permalink)
mikeyb9 Registered User Join Date: Oct 2007 Location: Florida Posts: 8 OS: Windows MCE 2005 w/rollup 2	Re: Re-install Operating System on Compaq Presario Bump..

10-25-2007, 07:12 PM	#3 (permalink)
MoralTerror Analyst, Security Team Join Date: Nov 2005 Location: UK Posts: 1,968 OS: xp	Re: Re-install Operating System on Compaq Presario Hi mikeyb9 and welcome to TSF Sorry for the delay in getting to you, the forum has been really busy lately and all our helpers are volunteers. I see no evidence of an Anti-virus program on board. Please install update and run an Anti-virus. Do not continue until the Antivirus problem has been resolved. Here are some links for anti-virus software. AVG Avast BitDefender Free Edition v7.2 ----------------------- Please clear your firefox cookies Click Tools > Options select the Cookies tab and press Clear Cookies now Delete the contents of the following Folder (DO NOT delete the folder) C:\Documents and Settings\Compaq_Administrator\ Cookies ----------------------- 1. Download combofix to your desktop 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ----------------------- Run a new scan with dss.exe using the following procedure (this procedure presumes dss.exe is located on the desktop and has not been renamed): Click Start>Select 'Run' - then copy/paste the following text into the run box & click OK "%userprofile%\desktop\dss.exe" /config Click on "Check All" Click Scan! When finished, it shall produce main.txt and extra.txt for you. Post those here in your next reply. ----------------------- Required Logs c:\combofix.txt main.txt extra.txt (attached) __________________ Proud member of ASAP since 2007 Proud member of UNITE since 2008 Our help is completely free but please consider donating to the site to help keep it running

10-26-2007, 12:46 PM	#5 (permalink)
mikeyb9 Registered User Join Date: Oct 2007 Location: Florida Posts: 8 OS: Windows MCE 2005 w/rollup 2	Re: Re-install Operating System on Compaq Presario Here is the extra.txt log Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon(tm) 64 Processor 3500+ Percentage of Memory in Use: 34% Physical Memory (total/avail): 1982.48 MiB / 1303.14 MiB Pagefile Memory (total/avail): 3268.45 MiB / 2773.11 MiB Virtual Memory (total/avail): 2047.88 MiB / 1852.96 MiB C: is Fixed (NTFS) - 224.95 GiB total, 160.16 GiB free. D: is Fixed (FAT32) - 7.91 GiB total, 0.54 GiB free. E: is CDROM (No Media) F: is CDROM (No Media) G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) J: is Removable (No Media) K: is Removable (FAT) L: is CDROM (No Media) \\.\PHYSICALDRIVE0 - WDC WD2500JS-60NCB1 - 232.88 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 224.95 GiB - C: \PARTITION1 - Unknown - 7.93 GiB - D: \\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device \\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device \\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device \\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device \\.\PHYSICALDRIVE1 - LEXAR JUMPDRIVE SECURE USB Device - 243.17 MiB - 1 partition \PARTITION0 - 16-bit FAT - 247.48 MiB - K: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. AntivirusOverride is set. FirewallOverride is set. FW: Norton Internet Worm Protection v2006 (Symantec) Disabled FW: VCOM NetDefense Firewall 7 v7001 (Avanquest Publishing USA, Inc.) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Compaq_Administrator\Application Data CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=DEN ComSpec=C:\WINDOWS\system32\cmd.exe DEVMGR_SHOW_DETAILS= DEVMGR_SHOW_NONPRESENT_DEVICES= FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Compaq_Administrator LOGONSERVER=\\DEN NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 3.5 Suite;C:\PROGRA~1\COMMON~1\MGISHA~1\Video;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\Program Files\VCOM\SystemSuite PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=2f02 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\ SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp TMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp USERDOMAIN=DEN USERNAME=Compaq_Administrator USERPROFILE=C:\Documents and Settings\Compaq_Administrator windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- Compaq_Administrator (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009 --> "C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009 --> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009 --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009 --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0009 --> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009 --> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009 --> "C:\Program Files\Creative\SBAudigy\Program\Setup.exe" /S /U /W --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920} --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} --> msiexec /i {46548E80-0409-0000-7E8A-45000F855001} --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601} --> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC} --> MsiExec.exe /I{BB89B3A4-298B-4C9D-9E5A-F42D1D23AB5B} --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 3ivx D4 4.5.1 (remove only) --> "C:\Program Files\3ivx\3ivx D4 4.5.1\uninstall.exe" 5 Card Slingo from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3B3B73D1-DC4A-4780-B0E4-E823D08B3397\Uninstall.exe" A4Desk BlueSquad v6.0 (Demo) --> "C:\Program Files\A4Desk\unins000.exe" ABBYY PDF Transformer 2.0 --> MsiExec.exe /I{FA200000-0001-0000-0000-074957833700} Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Creative Suite 2 --> C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=f:\adobe creative suite 2.0/lang=0409 Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe GoLive CS2 CoAuthor --> msiexec /i {46548E80-0409-0000-C6A8-846700F85501} Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log Adobe Stock Photos 1.0 --> MsiExec.exe /I{8A7AC18E-2249-4BCB-81BE-CB2F7F7E6EFE} Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log Ahead InCD EasyWrite Reader --> C:\WINDOWS\unmrw.exe /UNINSTALL Alt-Tab Task Switcher Powertoy for Windows XP --> MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147} American Greetings CreataCard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B58AA53-6EB9-405E-AB6B-6B83C16235F1}\setup.exe" -l0x9 anything AnalogX Vocal Remover --> C:\Program Files\AnalogX\VocalRemover\vremu.exe AnalogX Vocal Remover (WinAmp) --> C:\Program Files\Plugins\wavremu.exe AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD" AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP AOL Connectivity Services --> "C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c AOL Instant Messenger (SM) --> C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM= AOL Uninstaller --> C:\Program Files\Common Files\AOL\uninstaller.exe AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe Applet Effects Factory --> C:\PROGRA~1\APPLET~1\UNWISE.EXE C:\PROGRA~1\APPLET~1\INSTALL.LOG Applet Headline Factory --> C:\PROGRA~1\APPLET~2\UNWISE.EXE C:\PROGRA~1\APPLET~2\INSTALL.LOG Applet Marquee Wizard --> C:\PROGRA~1\APPLET~3\UNWISE.EXE C:\PROGRA~1\APPLET~3\INSTALL.LOG Applet Navigation Factory --> C:\PROGRA~1\APPLET~1.0\UNWISE.EXE C:\PROGRA~1\APPLET~1.0\INSTALL.LOG Ashampoo Burning Studio 6 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 6\Uninstall\BS6_Uninstall.EXE" Ashampoo Burning Studio 7 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 7\unins000.exe" Ashampoo Internet Accelerator 2.00 --> "C:\Program Files\Ashampoo\Ashampoo Internet Accelerator 2\unins000.exe" Ashampoo Magical Snap 2.00 --> "C:\Program Files\Ashampoo\Ashampoo Magical Snap 2\unins001.exe" Ashampoo Magical Snap 2.00 BETA --> "C:\Program Files\Ashampoo\Ashampoo Magical Snap 2\unins000.exe" Ashampoo Movie Shrink & Burn 2 --> "C:\Program Files\Ashampoo\Ashampoo Movie Shrink & Burn 2\Uninstall\MSB2_Uninstall.EXE" Ashampoo WinOptimizer 4.40 --> "C:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\unins000.exe" AstroPop Deluxe from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\997DD523-B925-4C73-970B-C201E8F781AD\Uninstall.exe" ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean AutoSave --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\VCOM\AutoSave\Uninst\Setup.exe" -l0x9 -XYZ AVerMedia M780 Driver 2.5.0.14 --> C:\Program Files\AVerMedia\AVerMedia M780 Driver\uninst.exe AVI & MPEG Splitter 1.48 --> "C:\Program Files\AVI MPEG Splitter\unins000.exe" AVI/MPEG/RM/WMV Joiner 4.11 --> "C:\Program Files\AVI MPEG RM WMV Joiner\unins000.exe" AVS Video Converter 4.3.1.371 --> "C:\Program Files\AVSMedia\VideoConverter4\unins000.exe" Barnyard Invasion from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\53474592-01BC-4338-8647-FE350957D912\Uninstall.exe" Bejeweled 2 Deluxe from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D84AC71A-75E8-4709-8BA5-4B46EAC00C5E\Uninstall.exe" Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll" BitPim 0.9.10 --> "C:\Program Files\BitPim\unins000.exe" Blackhawk Striker 2 from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF\Uninstall.exe" Blasterball 2 from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\75528D5F-DD82-402E-BA7C-045B7DC6A712\Uninstall.exe" Blasterball 2 Remix from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9\Uninstall.exe" Boggle Supreme from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C6D35CCA-3F9E-4B6E-A17F-409EE7379D6B\Uninstall.exe" Boilosft AVI to VCD SVCD DVD Converter 1.48 --> "C:\Program Files\Boilsoft AVI Converter\unins000.exe" Bonjour --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D} /l1033 Bookworm Deluxe from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E618FC78-EE4F-4243-8409-078EB5E0B1F6\Uninstall.exe" Bounce Symphony from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6\Uninstall.exe" Calculator Powertoy for Windows XP --> MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A} CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6} CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} Chuzzle Deluxe from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\9448DE42-C017-4A3E-A0BB-C50BF673E9E0\Uninstall.exe" ClearType Tuning Control Panel Applet --> MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D} Click'N Design 3D (V5) --> C:\PROGRA~1\CLICK'~1\UNWISE.EXE C:\PROGRA~1\CLICK'~1\INSTALL.LOG CoffeeCup Button Factory --> C:\PROGRA~1\COFFEE~1\COEC31~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COEC31~1\INSTALL.LOG CoffeeCup Direct FTP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC90EAE9-0E03-44A1-BF36-0B670B8B8E19}\Setup.exe" -l0x9 CoffeeCup Firestarter --> C:\PROGRA~1\FIREST~1\UNWISE.EXE C:\PROGRA~1\FIREST~1\INSTALL.LOG CoffeeCup Flash Blogger - Registered --> C:\PROGRA~1\COFFEE~1\CO997E~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\CO997E~1\INSTALL.LOG CoffeeCup Flash Firestarter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB4AF7DA-CE59-41A9-93A6-DA921F809361}\Setup.exe" -l0x9 CoffeeCup Flash Form Builder - Registered --> C:\PROGRA~1\COFFEE~1\CO0D53~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\CO0D53~1\INSTALL.LOG CoffeeCup Flash Menu Builder --> C:\PROGRA~1\COFFEE~1\COFFEE~2\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~2\INSTALL.LOG CoffeeCup Flash Photo Gallery - Registered --> C:\PROGRA~1\COFFEE~1\COFFEE~4\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~4\INSTALL.LOG CoffeeCup Flash Photo Gallery - Trial --> C:\PROGRA~1\COFFEE~1\COFFEE~4\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~4\INSTALL.LOG CoffeeCup GIF Animator --> C:\PROGRA~1\COFFEE~1\GIFANI~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\GIFANI~1\GAinst.LOG CoffeeCup Google SiteMapper --> C:\PROGRA~1\COFFEE~1\COF6DF~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COF6DF~1\sitemapper.log CoffeeCup HTML Editor --> C:\PROGRA~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\INSTALL.LOG CoffeeCup HTML Editor 2006 --> C:\PROGRA~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\INSTALL.LOG CoffeeCup Live Chat - Registered --> C:\PROGRA~1\COFFEE~1\CO630E~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\CO630E~1\INSTALL.LOG CoffeeCup MP3 Rip & Burn --> C:\PROGRA~1\COFFEE~1\CO14E3~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\CO14E3~1\CoffeeCupMP3Rip&Burn.log CoffeeCup PixConverter --> C:\PROGRA~1\COFFEE~1\COB628~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COB628~1\pixinst.log CoffeeCup RSS News Flash - Registered --> C:\PROGRA~1\COFFEE~1\CO970F~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\CO970F~1\INSTALL.LOG CoffeeCup StyleSheet Maker --> C:\PROGRA~1\COFFEE~1\STYLES~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\STYLES~1\styleinst.log CoffeeCup Visual Site Designer --> C:\WINDOWS\CoffeeCup Visual Site Designer Uninstaller.exe CoffeeCup Web Calendar --> C:\PROGRA~1\COFFEE~1\CO7336~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\CO7336~1\INSTALL.LOG CoffeeCup Web JukeBox - Registered --> C:\PROGRA~1\COFFEE~1\COD64E~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COD64E~1\INSTALL.LOG CoffeeCup Web Video Player - Registered --> C:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~1\INSTALL.LOG CoffeeCup Website Color Schemer --> C:\PROGRA~1\COFFEE~1\CO3E71~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\CO3E71~1\Schemer.log Compaq Connections (remove only) --> C:\WINDOWS\HPCPCUninstall-5577497\HPBWSetup.exe -appid 5577497 -uninstall CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0} Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove Crystal Maze from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C43D84CD-EBFC-48D3-A330-7868C8AD415A\Uninstall.exe" Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033 Cypress USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf DISCover --> "C:\Program Files\DISC\uninstall.exe" DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DVC80 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99B98440-4A0D-11D5-8310-0050DABBB21D}\Setup.exe" Dwyco Video Conferencing --> "c:\program files\dwyco2\unins000.exe" EarMaster Pro 5 --> "C:\Program Files\EarMaster Pro 5\unins000.exe" Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033 EditPlus 2 --> C:\Program Files\EditPlus 2\remove.exe EmEditor --> C:\Program Files\EmEditor\UNINSTAL.EXE Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u EPSON C68 User's Guide --> C:\Program Files\epson\guide\c68_e\uninstall.exe EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\setup.exe" -l0x9 -anything ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6} ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD} ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A} ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A} ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765} ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5} ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091} ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34} ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589} essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F} Eudora --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{063FE91B-1603-4AF9-9558-DC206395440A}\setup.exe" -l0x9 Extension Changer --> C:\Program Files\Extension Changer\extuninstall.exe Family Feud --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BBE9E0F3-11F7-4424-9905-8E0153E872C1\Uninstall.exe" FATE from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\85CF9BF3-1057-468C-962D-31BAABC6AC72\Uninstall.exe" Flash2X Flash Player version 1.0.0 --> "C:\Program Files\Flash2X\Flash Player\unins000.exe" Flash4D Bonus Intro --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-Flash4D Bonus Intro.dat Flash4D Version 2-4 --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-Flash4D Version 2-4.dat FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe" Funspot --> MsiExec.exe /I{A51033BE-61EA-4600-BD2A-EE49329C5A1E} FW LiveUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2411E985-5BE2-4E8F-BBE0-22715F2F76FA}\setup.exe" -l0x9 -removeonly GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe" GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe" Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll" Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe" GraphicCorp's Electronic Card Maker --> C:\SIERRA\PA4PLAT\Ecm\UNWISE.EXE C:\SIERRA\PA4PLAT\Ecm\INSTALL.LOG High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP Boot Optimizer --> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall HP Deskjet 5400 series --> C:\Program Files\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup\hpzscr01.exe -datfile hpfscr05.dat HP DigitalMedia Archive --> MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920} HP DVD Play 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall HP Game Console and games --> C:\Program Files\WildTangent\Apps\hpuninstall.exe HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70} HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Product Detection --> MsiExec.exe /I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE} HP Rhapsody --> C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D} HP Solution Center & Imaging Support Tools 5.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Support Overview --> "C:\WINDOWS\unins000.exe" HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134} HP Web Helper --> regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll" HTML Slideshow Powertoy for Windows XP --> MsiExec.exe /I{4E475FD4-4513-4B1D-8DDA-43912B068C99} ICQ 5.1 --> C:\Program Files\ICQLite\ICQLiteUninstall.EXE Image Grabber II --> "C:\Program Files\Image Grabber II\uninstall.exe" Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29} iMesh 5 --> C:\PROGRA~1\iMesh\iMesh5\UNWISE.EXE C:\PROGRA~1\iMesh\iMesh5\INSTALL.LOG Incomedia WebSite X5 --> C:\WINDOWS\system32\iwpsetup.exe /Uninst:C:\WebSite X5 Insaniquarium Deluxe from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5AF1DD17-7B06-45EF-8592-2E524E458BAB\Uninstall.exe" Intel A/V Codecs V2.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\CDUninst.isu InterVideo WinDVR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC9D60B8-B270-4AE0-8208-CCB01C42CD6A}\setup.exe" REMOVEALL iolo technologies' System Mechanic 5 Professional --> C:\PROGRA~1\iolo\SYSTEM~1\UninstallSMPro.exe Ipswitch WS_FTP Professional 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9 -removeonly IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080} J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} KeyRipper 3.0 --> C:\PROGRA~1\DSSEVO~1.COM\KEYRIP~1\Setup.exe /remove /q0 kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344} kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE} kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E} kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1} kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B} kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4} kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC} kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549} Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0002_2cf95d\Setup.exe /APR-REMOVE KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267} LaunchOnFly 1.32 --> "C:\Program Files\LaunchOnFly\unins000.exe" Lemonade Tycoon 2 from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\63E4EC24-7173-4E1F-9C77-B4403CBCF91F\Uninstall.exe" Lexibox Deluxe from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F05A08BF-E600-4FBD-A53A-3D47296B1275\Uninstall.exe" LG Internetkit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67ECDB7E-24E0-4A80-81EE-ED2DF1352D27}\setup.exe" -l0x9 -removeonly LG PhoneManager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EE65592-88FD-48AA-98CA-EE9BDB1FF518}\setup.exe" -l0x9 -removeonly LG SyncManager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92636B62-9423-4246-82FE-69E2F4158350}\setup.exe" -l0x9 -removeonly LightScribe System Software 1.10.16.1 --> MsiExec.exe /X{E6CFBFB5-9232-410C-B353-AF6E614B2681} Live365 for Media Center --> MsiExec.exe /I{64D0E1EA-875C-44CA-816F-0D0F1E02BF9B} LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9 Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT Macromedia Captivate --> MsiExec.exe /X{A7651FB4-AC2E-4020-90E2-B71C8C379F48} Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9} Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F} Macromedia Fireworks MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x9 UNINSTALL Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB} Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6} Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6} Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B} Macromedia FreeHand MXa --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL Magical Jellybean Dictionary --> C:\WINDOWS\system32\GKSUI18.EXE C:\Program Files\Magical Jellybean Dictionary Vv1.1\UNINSTAL.DAT Magnifier Powertoy for Windows XP --> MsiExec.exe /I{2FBF04DC-404C-4FA4-BA28-99903080D2B9} Mah Jong Quest from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\422C7575-C10D-4795-87FA-9972765379E6\Uninstall.exe" MailWasher Pro --> "C:\Program Files\VCOM\VCOM Anti-Spam\MailWasher Pro\unins000.exe" mceWeather 3.2 --> "C:\Program Files\mceWeather\unins000.exe" Media Center Karaoke Plug-in --> MsiExec.exe /I{348054A0-6F9A-4EF9-BBB0-827C14C20D86} Media Center Playlist Editor --> MsiExec.exe /I{47E0D551-C96E-403C-A230-982A78C9D48C} MGI VideoWave 4 --> MsiExec.exe /I{1CB63C5C-DA69-4793-BD35-43BDE2A86D43} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Dictation --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\MSDApp.inf, Uninstall Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120 Microsoft Office 2003 Edition 60 Days Trial Welcome Tour --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708} Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9} Microsoft Picture It! Publishing 2001 --> MsiExec.exe /I{15D9EB74-998E-4A04-B468-51C2E7B32182} Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8} Microsoft Speech Recognition Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mscsr.inf, Uninstall.NT Microsoft Speech SDK 4.0 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\SpchSDK.inf, Uninstall.NT Microsoft Speech SDK 4.0 ActiveX Components --> C:\WINDOWS\ST5UNST.EXE -n "C:\WINDOWS\speech\ST5UNST.LOG" Microsoft Speech SDK 4.0 Suite --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\spchall.inf, Uninstall.NT Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Voice --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\MSVApp.inf, Uninstall Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} Microsoft® Winter Fun Pack 2004 for Windows® XP --> MsiExec.exe /X{038A524F-58DB-438A-8391-8F7F0CA14B9E} MotionArtist 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AABE82F8-A134-4D6F-A655-873F68E38671}\Setup.exe" -l0x9 MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} MUSTEK 1200 UB v2.1 --> C:\WINDOWS\TWAIN_32\1200UB\UNINST.EXE muvee autoProducer 3.5 - SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{37E31FCE-A048-4D8C-B167-31891BCF6585}\setup.exe" -l0x9 muvee autoProducer 6.1 --> C:\Program Files\InstallShield Installation Information\{7B312BFD-6C04-4409-AB6F-DD41CCD67463}\setup.exe -runfromtemp -l0x0009 -removeonly muvee corePack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B0BD0D6-D7D1-4D49-9815-5A85081ECC45}\Setup.exe" -l0x9 My Privacy Online v 3.2 --> "C:\Program Files\My Privacy Online\unins000.exe" MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\Setup.exe" -l0x9 AddRemoveCPRun NCR Label Formats for MS Word Setup --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NCR Media Formats\Uninst.isu" Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1} Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe" Norton Spyware Scan provided by Yahoo! --> C:\PROGRA~1\Yahoo!\Common\unynss.exe Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2} NVDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EC003A3-51E9-4019-BEC0-DF99B0DF5CCF}\Setup.exe" -uninstall NVRemote --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42C59DE7-38BB-4039-A341-EF5ED6C0AA72}\Setup.exe" OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45} Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe" OutlookTools 2 --> MsiExec.exe /I{F539210E-8474-44E3-9035-01CB6444DB46} Paessler Site Inspector 4 --> "C:\Program Files\Paessler Site Inspector 4\unins000.exe" Paltalk Messenger --> "C:\WINDOWS\Paltalk Messenger\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml" Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe PhoneTray Free --> C:\Program Files\TraySoft\PhoneTray\Uninstall.exe Photo Story 3 for Windows --> MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E} Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" **Fish --> "C:\Program Files\Fish\Uninstall.exe" "C:\Program Files\**Fish\install.log" Polar Bowler from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\05E21449-3BA3-42BF-BBDA-95205F4EA40A\Uninstall.exe" Polar Golfer from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3330A279-CC39-4A17-AE19-DA464B26AD9A\Uninstall.exe" PowerDesk 5.0 --> C:\Program Files\VCOM\PowerDesk\uninstal.exe C:\Program Files\VCOM\PowerDesk PQ DVD to 3GP Video Suite (remove only) --> "C:\Program Files\PQDVD\PQ DVD to 3GP Video Suite\bt-uninst.exe" Pure Networks Port Magic --> C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI PureVoice --> "C:\PROGRA~1\Qualcomm\Eudora\Plugins\uninstall.exe" Puzzle Express from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E1A0F769-A43A-4DDB-9F73-12791E453557\Uninstall.exe" Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log" Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG QDictionary (remove only) --> "C:\Program Files\QDictionary\uninstall.exe" Quick File Rename Personal Edition 2.0 --> MsiExec.exe /I{C9DAC628-3B92-49D9-B619-C75F53B0CC2C} Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5} QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log QuickTime Alternative 1.80 --> "C:\Program Files\QuickTime Alternative\unins000.exe" Real Alternative 1.52 --> "C:\Program Files\Real Alternative\unins000.exe" Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly Remove WeatherBug Installer --> c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c c:\hp\bin\wbug\clean.bat Ricochet Lost Worlds from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\52AEBC18-F252-4B0C-B3E1-724537D9F873\Uninstall.exe" Roxio Burn Engine --> MsiExec.exe /X{9860A9CF-7E71-43AC-888F-0B4D3EA212D1} Roxio Easy Media Creator 7 --> MsiExec.exe /I{CB4544EA-C189-41FE-9E3A-76591DDB852B} Satellite Finder 4.0 --> "C:\Program Files\SatFinder\unins000.exe" Satellite TV for PC Elite 4.8.8.0 --> C:\WINDOWS\uninstall\Satellite TV for PC Elite\setup.exe SCRABBLE from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\FA6A73EB-40AB-4B58-851D-3892B3C10EF6\Uninstall.exe" SEAGULL FTP --> C:\Program Files\SEAGULL\FTP\Unins.Exe Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471} Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33} Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF} Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF} Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86} SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B} SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0} SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237} Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG Shooting Stars Pool from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\045C89A0-CA37-443C-8826-F750227DE69C\Uninstall.exe" Shrek 2 Ogre Bowler from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9\Uninstall.exe" skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210} SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F} Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe" Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} Slideshow Generator Powertoy for Windows XP --> MsiExec.exe /I{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD} Slingo Deluxe from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F19E8CDF-5EFD-45E0-9FAF-66CBAE84B1D9\Uninstall.exe" Smart Explorer 6.1 --> "C:\Program Files\Smart Explorer\unins000.exe" Snowboard SuperJam from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8D11F98B-4931-44F6-8FC6-971CCBBBB131\Uninstall.exe" SongReader v4.0.299 --> "C:\Program Files\SongReader\unins000.exe" Sonic Express Labeler --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic MyDVD Plus --> MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic RecordNow Audio --> MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic RecordNow Copy --> MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic RecordNow Data --> MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205} Sonic Update Manager --> MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Sony Vegas 5.0a --> MsiExec.exe /I{784DF107-2945-4B65-ADE3-A58ECD6C37A9} Sound Blaster Audigy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\SETUP.EXE" -l0x9 /remove Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2} StuffFTP v0.11 --> C:\Program Files\StuffFTP\Uninstal.exe Suite Specific --> MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04} SUPER © Version 2007.bld.22 (Mar 14, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0 Super Granny from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DE87FA96-7840-420C-86F9-33F3B7B3CED1\Uninstall.exe" SureThing Decal Maker --> C:\WINDOWS\mvuninst\App1\unwise.exe C:\WINDOWS\MVUNINST\APP1\INSTALL.LOG "SureThing Decal Maker Uninstall" SurfSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D81771D0-EEC3-11D3-A870-18FFEE000000}\setup.exe" AnyText SWF Opener --> "C:\Program Files\UnH Solutions\SWF Opener\unins000.exe" SWiSHpix --> C:\WINDOWS\unvise32.exe C:\Program Files\SWiSHpix\uninstal.log SyncToy --> MsiExec.exe /I{B5688129-7595-4E5B-9990-CEF981A31264} SystemSuite 7 Professional --> MsiExec.exe /I{6A615007-721D-4063-B226-EA41EB6604B9} TalkShoe Live! 2.0 --> C:\Program Files\TalkShoe\uninstall.exe The Logo Creator v4 --> C:\WINDOWS\unvise32.exe C:\Program Files\The Logo Creator v4\uninstal.log The Logo Creator v5 --> C:\WINDOWS\unvise32.exe C:\Program Files\The Logo Creator v5\uninstal.log Timershot Powertoy for Windows XP --> MsiExec.exe /I{A743BBCC-3438-4BB3-8397-6C9D9AC125A6} tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A} Total Recorder 6.1 --> "C:\Program Files\HighCriteria\TotalRecorder\setup.exe" U Tradewinds from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\66195170-D19D-46C5-8FB7-8A4630071ADC\Uninstall.exe" Trendyflash Site Builder --> MsiExec.exe /I{A143CD52-E5F2-4D22-BE0C-705CAFEDA780} TVAnts 1.0 --> C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta" TweakMCE --> MsiExec.exe /I{8D5AC6EF-B91C-4E03-99DE-C72536BB381F} Ulead Data-Add 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD8E6D29-95EC-494E-8AF5-566E784819A6}\setup.exe" -l0x9 Ulead DVD MovieFactory 2 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88F93347-0F9B-4FED-BA71-6C2A4CDFE61D}\setup.exe" -l0x9 Ulead DVD MovieFactory 3.5 Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7D89BBE-D4B3-49E8-B185-7966B5345866}\setup.exe" -l0x9 Ulead VideoStudio 7 SE DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\setup.exe" -l0x9 Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7} Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5} Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15} Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E} Update for Outlook 2007 Junk Email Filter (kb942575) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0FC27B9D-5BCD-45C1-B9ED-9F0273F7A18D} Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475} USB Storage Adapter FX (SM1) --> SM1UN.EXE SM1FX_AT vanBasco's Karaoke Player --> C:\Program Files\vanBasco's Karaoke Player\uninst.exe VCOM Anti-Spam --> "C:\Program Files\VCOM\VCOM Anti-Spam\unins000.exe" Veo Advanced Connect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C44CB060-2AD1-11D6-BC84-00D0B7E10CD1}\SETUP.EXE" Veo Digital Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45AEEA61-04F8-11D6-8B35-0080C8F5C4AA}\setup.exe" VideoLAN VLC media player 0.8.2 --> C:\Program Files\VideoLAN\VLC\uninstall.exe VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370} Web CEO 5.6 --> "C:\Program Files\Web CEO\Uninstall\unins000.exe" Web Easy Professional 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB46AB60-F603-4FEA-8A0C-590EA4982C0B}\Setup.exe" -l0x9 -removeonly Web Page Maker V2.5 --> "C:\Program Files\Web Page Maker V2\unins000.exe" Web Site Downloader --> "C:\Program Files\Web Site Downloader\unins000.exe" Websites...in-a-Flash - Full Update 1.00 --> "C:\Program Files\Universis\...in-a-Flash!\unins001.exe" Websites...in-a-Flash! 1.01 --> "C:\Program Files\Universis\...in-a-Flash!\unins000.exe" What's Running 2.2 --> "C:\Program Files\WhatsRunning\unins000.exe" Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe" Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Vista Upgrade Advisor --> MsiExec.exe /I{86BB059D-1231-457B-B88F-F9B315A18F90} Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F} X10 Hardware(TM) --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log XP Repair Pro 2006 --> MsiExec.exe /I{80682344-770B-46CB-B0FF-6A7620B37CBA} Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe Yahoo! Mail Quick Select Tool (PhotoMail) --> C:\PROGRA~1\Yahoo!\Common\unymb.exe Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Music Jukebox --> "C:\Program Files\Yahoo!\Yahoo! Music Engine\Uninstall.exe" Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe Zuma Deluxe from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0BD36D37-C5D7-4B96-B64A-CB2C3A82EC4D\Uninstall.exe" -- Application Event Log ------------------------------------------------------- Event Record #/Type22945 / Error Event Submitted/Written: 10/26/2007 00:42:23 PM Event ID/Source: 1512 / Userenv Event Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator. DETAIL - Insufficient system resources exist to complete the requested service. Event Record #/Type22931 / Error Event Submitted/Written: 10/26/2007 00:05:22 PM Event ID/Source: 2 / SystemSuite Event Description: Virus Scanner: POP3 unable to connect to port monitor. . Event Record #/Type22924 / Error Event Submitted/Written: 10/26/2007 11:57:38 AM Event ID/Source: 1512 / Userenv Event Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator. DETAIL - Insufficient system resources exist to complete the requested service. Event Record #/Type22922 / Warning Event Submitted/Written: 10/26/2007 09:56:18 AM Event ID/Source: 1001 / MsiInstaller Event Description: Detection of product '{90120000-0030-0000-0000-0000000FF1CE}', feature 'OUTLOOKFiles' failed during request for component '{0638C49D-BB8B-4CD1-B191-055E8F325736}' Event Record #/Type22921 / Warning Event Submitted/Written: 10/26/2007 09:56:18 AM Event ID/Source: 1004 / MsiInstaller Event Description: Detection of product '{90120000-0030-0000-0000-0000000FF1CE}', feature 'OUTLOOKFiles', component '{FD7878D4-39CC-4BE5-91F6-330ED22AC5FD}' failed. The resource 'HKEY_CLASSES_ROOT\.pst\' does not exist. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type54459 / Error Event Submitted/Written: 10/26/2007 00:46:00 PM Event ID/Source: 7022 / Service Control Manager Event Description: The Bonjour Service service hung on starting. Event Record #/Type54456 / Error Event Submitted/Written: 10/26/2007 00:44:12 PM Event ID/Source: 7001 / Service Control Manager Event Description: The ClipBook service depends on the Network DDE service which failed to start because of the following error: %%1058 Event Record #/Type54435 / Error Event Submitted/Written: 10/26/2007 00:07:18 PM Event ID/Source: 7022 / Service Control Manager Event Description: The Bonjour Service service hung on starting. Event Record #/Type54434 / Error Event Submitted/Written: 10/26/2007 00:05:46 PM Event ID/Source: 7001 / Service Control Manager Event Description: The ClipBook service depends on the Network DDE service which failed to start because of the following error: %%1058 Event Record #/Type54426 / Warning Event Submitted/Written: 10/26/2007 10:32:27 AM Event ID/Source: 3 / Print Event Description: Printer EPSON Stylus C68 Series on DEN (from BEDROOM) was deleted. -- End of Deckard's System Scanner: finished at 2007-10-26 13:00:27 ------------

10-28-2007, 12:21 AM	#7 (permalink)
mikeyb9 Registered User Join Date: Oct 2007 Location: Florida Posts: 8 OS: Windows MCE 2005 w/rollup 2	Re: Re-install Operating System on Compaq Presario Ok, I got rid of napster never used it. I uninstalled programs as instructed. Ran Hijack this scan and fixed items as instructed. Ran script for combo fix. Downloaded new java. Completed Kaspersky online scan, and ran hijack this again, all results below. Everything went smoothly no exceptional behavior. ComboFix 07-10-26.4 - Compaq_Administrator 2007-10-27 17:46:12.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1270 [GMT -4:00] Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Compaq_Administrator\Desktop\CFScript.txt * Created a new restore point FILE:: C:\Documents and Settings\All Users\Application Data\ÝÙÃÄ3113›.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\ÝÙÃÄ3113›.sys C:\Program Files\Paltalk Messenger C:\Program Files\Paltalk Messenger\AviFileCtrl.dll C:\Program Files\Paltalk Messenger\cloudmark.ico C:\Program Files\Paltalk Messenger\ctrlkey.dll C:\Program Files\Paltalk Messenger\CustomScrollRT.dll C:\Program Files\Paltalk Messenger\eFax3.ico C:\Program Files\Paltalk Messenger\ELVideoCapture.dll C:\Program Files\Paltalk Messenger\ftpclient.dll C:\Program Files\Paltalk Messenger\GoogleDesktopSetup_en_release_s_r4intl_sign_c2699338_062106_102132.exe C:\Program Files\Paltalk Messenger\GoogleToolbarInstaller_PALx_en_signed.exe C:\Program Files\Paltalk Messenger\gsmproj.dll C:\Program Files\Paltalk Messenger\ijl11.dll C:\Program Files\Paltalk Messenger\IRIMG1.JPG C:\Program Files\Paltalk Messenger\IRIMG2.JPG C:\Program Files\Paltalk Messenger\IRIMG3.JPG C:\Program Files\Paltalk Messenger\IRIMG4.JPG C:\Program Files\Paltalk Messenger\irunin.dat C:\Program Files\Paltalk Messenger\irunin.xml C:\Program Files\Paltalk Messenger\License.doc C:\Program Files\Paltalk Messenger\License.txt C:\Program Files\Paltalk Messenger\pallauncher.dll C:\Program Files\Paltalk Messenger\palsound.dll C:\Program Files\Paltalk Messenger\palstart.exe C:\Program Files\Paltalk Messenger\paltalk.exe C:\Program Files\Paltalk Messenger\PalTextCtl.dll C:\Program Files\Paltalk Messenger\ReceivedFiles\brq.txt C:\Program Files\Paltalk Messenger\shfolder.dll C:\Program Files\Paltalk Messenger\spexproj.dll C:\Program Files\Paltalk Messenger\Thumbs.db C:\Program Files\Paltalk Messenger\upgrade.ico C:\Program Files\Paltalk Messenger\vonage.ico C:\Program Files\Paltalk Messenger\WebVideo.dll C:\Program Files\Paltalk Messenger\welcome.avi . ((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 ))))))))))))))))))))))))))))))) . 2007-10-26 12:27 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-24 12:22 <DIR> d-------- C:\Program Files\HowTo-Outlook 2007-10-18 10:47 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Windows Desktop Search 2007-10-18 10:20 <DIR> d-------- C:\Program Files\Windows Desktop Search 2007-10-18 09:33 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2007-10-18 09:27 <DIR> d-------- C:\Program Files\Microsoft.NET 2007-10-18 09:22 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2007-10-18 09:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-10-18 09:18 <DIR> dr-h----- C:\MSOCache 2007-10-18 08:38 <DIR> d-------- C:\Program Files\Alcohol Soft 2007-10-18 08:34 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-10-16 13:04 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-16 02:27 <DIR> d-------- C:\Deckard 2007-10-16 02:17 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-15 09:36 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-14 19:08 <DIR> d-------- C:\Program Files\Common Files\Kodak 2007-10-08 09:52 1,048,576 --a------ C:\Temp\autorun.bin 2007-10-08 09:52 769,024 --a------ C:\Temp\SFDNWIN.exe 2007-10-08 07:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe 2007-10-08 06:11 <DIR> d-------- C:\Program Files\SAMSUNG 2007-10-08 05:08 <DIR> d-------- C:\Program Files\EVEREST Home Edition . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-27 22:16 --------- d-----w C:\Program Files\My Privacy Online 2007-10-27 21:28 --------- d-----w C:\Program Files\Java 2007-10-27 21:27 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\VCOMAntiSpam 2007-10-27 21:20 --------- d-----w C:\Program Files\Common Files\Roxio Shared 2007-10-27 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster 2007-10-26 12:19 --------- d-----w C:\Program Files\Magical Jellybean Dictionary Vv1.1 2007-10-26 12:19 --------- d-----w C:\Program Files\CoffeeCup Software 2007-10-26 12:19 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\LaunchOnFly 2007-10-24 21:23 --------- d-----w C:\Program Files\UnH Solutions 2007-10-23 18:10 --------- d-----w C:\Program Files\Microsoft Picture It! PhotoPub 2007-10-18 13:29 --------- d-----w C:\Program Files\Microsoft Works 2007-10-16 20:01 --------- d-----w C:\Program Files\***Fish 2007-10-16 19:46 --------- d-----w C:\Program Files\LaunchOnFly 2007-10-16 19:38 --------- d-----w C:\Program Files\Google 2007-10-16 19:30 --------- d---a-w C:\Program Files\Common Files\LightScribe 2007-10-16 19:30 --------- d-----w C:\Program Files\Common Files\aolshare 2007-10-16 19:25 --------- d-----w C:\Program Files\Bonjour 2007-10-16 09:14 --------- d-----w C:\Program Files\ICQLite 2007-10-16 09:11 --------- d-----w C:\Program Files\Extension Changer 2007-10-16 09:11 --------- d-----w C:\Program Files\EmEditor 2007-10-16 09:11 --------- d-----w C:\Program Files\EditPlus 2 2007-10-16 08:47 --------- d-----w C:\Program Files\ABBYY PDF Transformer 2.0 2007-10-15 16:42 --------- d-----w C:\Program Files\Smart Explorer 2007-10-15 13:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-10-14 23:09 --------- d-----w C:\Program Files\Kodak 2007-10-12 14:34 --------- d-----w C:\Program Files\dwyco2 2007-10-08 10:11 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-04 05:38 --------- d-----w C:\Program Files\Media Player Classic 2007-10-01 06:50 --------- d-----w C:\Program Files\The Logo Creator v5 2007-09-20 17:18 --------- d-----w C:\Program Files\The Logo Creator v4 2007-09-20 17:18 --------- d-----w C:\Program Files\SatFinder 2007-09-20 17:18 --------- d-----w C:\Program Files\mceWeather 2007-09-20 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterVideo 2007-09-20 16:01 --------- d-----w C:\Program Files\InterVideo 2007-09-20 12:12 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Media Player Classic 2007-09-18 17:32 --------- d-----w C:\Program Files\Funspot 2007-09-18 17:30 --------- d-----w C:\Program Files\Media Center Karaoke Plug-in 2007-09-12 00:01 --------- d-----w C:\Program Files\Key-Grabber-ddfg 2007-09-07 18:15 --------- d-----w C:\Program Files\DVDlabPro 2007-09-04 16:50 --------- d-----w C:\Program Files\MSXML 6.0 2007-09-04 16:49 --------- d-----w C:\Program Files\MSBuild 2007-09-04 16:45 --------- d-----w C:\Program Files\Reference Assemblies 2007-09-04 16:15 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-08-30 16:50 --------- d-----w C:\Program Files\Web Page Maker V2 2007-08-30 16:50 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Web Page Maker V2 2007-08-30 15:51 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Smart Recorder 2007-08-28 16:34 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Creative 2007-08-28 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative 2007-08-28 16:18 --------- d-----w C:\Program Files\Creative 2007-08-28 16:16 --------- d--h--w C:\Program Files\Creative Installation Information 2007-08-28 16:16 --------- d-----w C:\Program Files\Common Files\Creative 2007-08-28 15:38 --------- d-----w C:\Program Files\Realtek AC97 2007-04-23 18:43 254,440 -c--a-w C:\Documents and Settings\Compaq_Administrator\Application Data\GDIPFONTCACHEV1.DAT 2006-07-06 19:02 0 -c----w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat 2003-08-27 18:19 36,963 -c----w C:\Program Files\Common Files\SM1updtr.dll 2006-06-03 23:02:25 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys 2006-05-03 1054 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 11:47:16 31,744 -csh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 03:19 C:\WINDOWS\arpwrmsg.exe] "DMAScheduler"="c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 13:01] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 02:14] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 11:29] "SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20] "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44] "Fix-It AV"="C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe" [2006-09-07 13:32] "PhoneTray"="C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe" [2006-05-24 13:16] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "VirusScannerPro"="C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe" [2006-09-07 13:32] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-11-17 13:21] "PCDrProfiler"="C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" [2005-10-31 15:47] "CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51] "P17Helper"="P17.dll" [2005-05-03 07:38 C:\WINDOWS\system32\P17.dll] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00] "EPSON Stylus C68 Series on MIKEYS (from DORIS)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.exe" [2005-01-25 04:00] "EPSON Stylus C68 Series on DEN (from BEDROOM)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.exe" [2005-01-25 04:00] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 03:50] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-06-04 18:36] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 00:00] "MyPrivacyTask"="C:\Program Files\My Privacy Online\MyPrivacyTask.exe" [2006-02-28 11:27] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 08:38] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 06:29] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-02-22 00:18:32] C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\ LaunchOnFly.lnk - C:\Program Files\LaunchOnFly\lf.exe [2007-03-22 12:50:24] OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ EmEditor.lnk - C:\Program Files\EmEditor\emedtray.exe [2004-09-06 10:29:52] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsHistory"=01000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [2006-08-17 15:57 86016] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot R1 AutoSave;AutoSave;C:\WINDOWS\system32\drivers\AutoSave.sys R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys R2 LxrSII1d;Secure II Driver;\??\C:\WINDOWS\system32\Drivers\LxrSII1d.sys R3 AVMNgBasM780;AVerMedia M780 Base Driver;C:\WINDOWS\system32\DRIVERS\AVerBas.sys R3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver;C:\WINDOWS\system32\DRIVERS\AVerCap.sys R3 AVMNgTunM780;AVerMedia M780 TVTuner Driver;C:\WINDOWS\system32\DRIVERS\AVerTun.sys R3 KFilter;KFilter;\??\C:\PROGRA~1\VCOM\SYSTEM~1\KFilter.sys R3 P17;SB Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys S3 NUVision;NUVision II Video Service;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys S3 XIRLINK;Veo PC Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command - [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder "2007-10-14 2353 C:\WINDOWS\Tasks\EasyShare Registration Task.job" - C:\WINDOWS\system32\rundll32.exe "2007-10-27 22:14:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{44F941E4-56D1-4E8B-9252-6B279C4F57EF}.job" . ************************************************************************ catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-27 18:16:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ********************************************************************** . Completion time: 2007-10-27 18:19:19 - machine was rebooted C:\ComboFix2.txt ... 2007-10-26 12:48 . --- E O F --- ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, October 28, 2007 1:44:19 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 28/10/2007 Kaspersky Anti-Virus database records: 447233 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ Scan Statistics: Total number of scanned objects: 421310 Number of viruses found: 5 Number of infected objects: 25 Number of suspicious objects: 0 Duration of the scan process: 06:28:56 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.10.Crwl Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.10.gthr Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.ci Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.wid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.wsb Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl67.gthr Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy7.gthr Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf3.tmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_8f8.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-10-27_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_1015801043_1852899328_34968 Object is locked skipped C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_1015801043_262144_34971 Object is locked skipped C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE4.tmp Object is locked skipped C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE5.tmp Object is locked skipped C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{3F238206-0302-4072-B64D-54D5277EBE9C}.TmpSBE Object is locked skipped C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{BF99DFF6-C6EA-49FD-BAE5-F09436FB59AD}.TmpSBE Object is locked skipped C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\Nero BackItUp\Info Files\20070503_122111_03-05-07\C\WINDOWS\cpbrkpie.ocx.nco/20070503_122111_03-05-07/C/WINDOWS/cpbrkpie.ocx Infected: not-a-virus:AdWare.Win32.Coupons.h skipped C:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\Nero BackItUp\Info Files\20070503_122111_03-05-07\C\WINDOWS\cpbrkpie.ocx.nco ZIP: infected - 1 skipped C:\Documents and Settings\Compaq_Administrator\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Desktop Search\Logs\OTFSMonLog.txt Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Perflib_Perfdata_b3c.dat Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DF60E8.tmp Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~DFEB65.tmp Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~ROMFN_0000080C Object is locked skipped C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Compaq_Administrator\ntuser.dat Object is locked skipped C:\Documents and Settings\Compaq_Administrator\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Desktop Search\Logs\UNCFATPHLog.txt Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\AntiPhishing\6729BBF9-D54C-48CB-A4D7-AD400339D808.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\hp\bin\wbug\CompaqPresario_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped C:\hp\bin\wbug\CompaqPresario_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped C:\hp\bin\wbug\CompaqPresario_Spring06.exe WiseSFX: infected - 2 skipped C:\hp\bin\wbug\CompaqPresario_Spring06.exe WiseSFX Dropper: infected - 2 skipped C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20071027-175711.log Object is locked skipped C:\Program Files\Trend Micro\HijackThis\backups\backup-20071027-174115-976.dll Infected: not-a-virus:AdWare.Win32.Coupons.h skipped C:\Program Files\VCOM\SystemSuite\checksum.dat Object is locked skipped C:\Program Files\VCOM\SystemSuite\MXFwIMMF.dat Object is locked skipped C:\Program Files\VCOM\SystemSuite\MXFwTMMF.dat Object is locked skipped C:\Program Files\VCOM\SystemSuite\rawpacket.log Object is locked skipped C:\Program Files\VCOM\SystemSuite\security.log Object is locked skipped C:\Program Files\VCOM\SystemSuite\traffic.log Object is locked skipped C:\Program Files\VCOM\SystemSuite\xacl.cfg Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP327\A0072005.exe/Adobe.exe Infected: Trojan-Spy.Win32.Delf.wh skipped C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP327\A0072005.exe CAB: infected - 1 skipped C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP354\A0080344.exe/WISE0152.BIN/stream/data0006 Infected: not-a-virus:AdWare.Win32.SearchIt.f skipped C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP354\A0080344.exe/WISE0152.BIN/stream Infected: not-a-virus:AdWare.Win32.SearchIt.f skipped C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP354\A0080344.exe/WISE0152.BIN Infected: not-a-virus:AdWare.Win32.SearchIt.f skipped C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP354\A0080344.exe WiseSFX: infected - 3 skipped C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP398\A0094996.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP398\A0094996.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP398\A0094996.exe RarSFX: infected - 2 skipped C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP427\A0104355.ocx Infected: not-a-virus:AdWare.Win32.Coupons.h skipped C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP429\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\ModemLog_Data Fax SoftModem with SmartCP.txt Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{CA2F88E0-D2B4-4722-A7F3-E291393B1867}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{283398CA-C37A-4211-AFAA-28A58D22BDD7}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\I386\APPS\APP16911\src\CompaqPresario_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped D:\I386\APPS\APP16911\src\CompaqPresario_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped D:\I386\APPS\APP16911\src\CompaqPresario_Spring06.exe WiseSFX: infected - 2 skipped D:\I386\APPS\APP16911\src\CompaqPresario_Spring06.exe WiseSFX Dropper: infected - 2 skipped D:\I386\APPS\APP16911\src\HPPavillion_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped D:\I386\APPS\APP16911\src\HPPavillion_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped D:\I386\APPS\APP16911\src\HPPavillion_Spring06.exe WiseSFX: infected - 2 skipped D:\I386\APPS\APP16911\src\HPPavillion_Spring06.exe WiseSFX Dropper: infected - 2 skipped Scan process completed. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:55:33 AM, on 10/28/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\WINDOWS\arservice.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\LxrSII1s.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ARPWRMSG.EXE C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\SM1BG.EXE C:\WINDOWS\system32\ctfmon.exe C:\HP\KBD\KBD.EXE C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\WINDOWS\system32\taskswitch.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\EmEditor\emedtray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\LaunchOnFly\lf.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTBSDK.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\logonui.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\rdpclip.exe C:\WINDOWS\system32\logon.scr C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll O2 - BHO: Fish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\Fish\Fish.dll O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\Fish\FloatBar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn4\yt.dll O3 - Toolbar: &Paessler Site Inspector 4 Toolbar - {EC3A37EF-F4CF-447A-B0FD-206073E2DAE9} - C:\PROGRA~1\PAESSL~1\PSITOO~1.DLL O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Fish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\Fish\Fish.dll O3 - Toolbar: (no name) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - (no file) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe O4 - HKLM\..\Run: [PhoneTray] C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [EPSON Stylus C68 Series on MIKEYS (from DORIS)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.EXE /P46 "EPSON Stylus C68 Series on MIKEYS (from DORIS)" /O5 "TS002" /M "Stylus C68" O4 - HKLM\..\Run: [EPSON Stylus C68 Series on DEN (from BEDROOM)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.EXE /P45 "EPSON Stylus C68 Series on DEN (from BEDROOM)" /O5 "TS003" /M "Stylus C68" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MyPrivacyTask] C:\Program Files\My Privacy Online\MyPrivacyTask.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Startup: LaunchOnFly.lnk = C:\Program Files\LaunchOnFly\lf.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: EmEditor.lnk = C:\Program Files\EmEditor\emedtray.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Lookup Word - C:\Program Files\QDictionary\dict.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fish Grab movies on this page - C:\Program Files\Fish\GRABPAGEMOVIES.HTM O8 - Extra context menu item: Fish Grab pictures on this page - C:\Program Files\Fish\GRABPAGEPICS.HTM O8 - Extra context menu item: Fish Grab pictures this page links to - C:\Program Files\Fish\GRABPAGELINKS.HTM O8 - Extra context menu item: Fish Grab Target File - C:\Program Files\Fish\GRABLINK.HTM O8 - Extra context menu item: Fish Grab This Picture - C:\Program Files\**Fish\GRABPIC.HTM O8 - Extra context menu item: PSI: Copy Image as HTML Tag - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-img-tag O8 - Extra context menu item: PSI: Copy Image URL - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-img-src O8 - Extra context menu item: PSI: Copy Link as HTML Tag - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copy-a-tag O8 - Extra context menu item: PSI: Copy Meister - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/copymeister O8 - Extra context menu item: PSI: Open Frame In New Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-new-window O8 - Extra context menu item: PSI: Open Frame In This Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-this-window O8 - Extra context menu item: PSI: Open Selected Text as URL in New Window - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/open-selection O8 - Extra context menu item: PSI: Show All Forms - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/forms O8 - Extra context menu item: PSI: Show All Images - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/images O8 - Extra context menu item: PSI: Show All Links - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/links O8 - Extra context menu item: PSI: Show All Scripts - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/scripts O8 - Extra context menu item: PSI: Show All Stylesheets - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/styles O8 - Extra context menu item: PSI: Show HTTP Header - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/headers O8 - Extra context menu item: PSI: Show Source - res://C:\Program Files\Paessler Site Inspector 4\PSIToolbar.dll/source O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O8 - Extra context menu item: SurfSaver &QuickSave - C:\Program Files\askSam\SurfSaver\QuickSave.htm O8 - Extra context menu item: SurfSaver Sav&e... - C:\Program Files\askSam\SurfSaver\Add.htm O8 - Extra context menu item: SurfSaver Searc&h... - C:\Program Files\askSam\SurfSaver\Search.htm O8 - Extra context menu item: T&hesaurus - C:\Program Files\QDictionary\thes.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O9 - Extra button: SurfSaver - {A6418A39-8884-11D3-A846-00104B8825B9} - C:\Program Files\askSam\SurfSaver\SurfBar.dll (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188921401078 O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} - http://www.kodakgallery.com/download...2/axofupld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5030/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{27C876C4-3D2E-4156-8F0C-2776892E285D}: NameServer = 207.69.188.185,207.69.188.186 O18 - Protocol: asksam - {F9FF9EDA-4916-11D1-B6C1-002018305A61} - C:\Program Files\askSam\SurfSaver\AS_AIPP.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 20661 bytes

10-28-2007, 12:35 PM	#8 (permalink)
MoralTerror Analyst, Security Team Join Date: Nov 2005 Location: UK Posts: 1,968 OS: xp	Re: Re-install Operating System on Compaq Presario Hi mikeyb9 You have infected files in backups, please delete the following backups C:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\Nero BackItUp\Info Files\ 20070503_122111_03-05-07 C:\Program Files\Trend Micro\HijackThis\backups\ backup-20071027-174115-976.dll Other than that your logs appear clean. If there are no more issues you should be good to go. Kindly follow these simple steps in order to keep your computer clean and secure: UNINSTALL COMBOFIX This process will also perform some final cleanup steps Click Start > Run and type ComboFix /u ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. FIREWALL Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here. Microsoft Windows Update Visit windowsupdate.com regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. SPYBOT - SEARCH & DESTROY Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here AD-AWARE Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness. Sun's Java - It's much more secure than Microsoft's Java Virtual Machine. Google Toolbar - Get the free google toolbar to help stop pop up windows. CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT. ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry. NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster. Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein After doing all these, your system will be optimised against future threats. It's okay to delete the Hijack This folder in a couple weeks if everything is working okay. Have a safe & happy computing day. Please respond to this thread one more time so we can mark this thread as resolved. __________________ Proud member of ASAP since 2007 Proud member of UNITE since 2008 Our help is completely free but please consider donating to the site to help keep it running

10-29-2007, 05:27 AM	#9 (permalink)
mikeyb9 Registered User Join Date: Oct 2007 Location: Florida Posts: 8 OS: Windows MCE 2005 w/rollup 2	Re: Re-install Operating System on Compaq Presario Thank you MoralTerror you have been a tremendous help! Thank you! Thank you! Thank You! I appreciate all of your fine efforts and hard work. Mikey

10-29-2007, 06:22 AM	#10 (permalink)
MoralTerror Analyst, Security Team Join Date: Nov 2005 Location: UK Posts: 1,968 OS: xp	Re: Re-install Operating System on Compaq Presario your very welcome mikeyb9 glad we could help safe surfing __________________ Proud member of ASAP since 2007 Proud member of UNITE since 2008 Our help is completely free but please consider donating to the site to help keep it running