Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help removing Virus

Started by hern7615 , Apr 06 2008 04:38 PM

  • Please log in to reply

#1
hern7615
Posted 06 April 2008 - 04:38 PM

hern7615

    New Member

  • Member
  • Pip
  • 1 posts
I am new to this forum and i hope to get some help removing this virus. I keep getting pop-up and i am not able to access my Task Manager. when i do try to open it, it tell me it has been disable by your administrator



Below is the Scan from Deckards systems
Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-06 17:01:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:01:57 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Documents and Settings\All Users\Application Data\dcjsvavk\nghqjerc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\JL2005A\cam_mon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1131656233\ee\aolsoftware.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Leapfrog\FlyWorld\bin\FlyMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\WINDOWS\system32\pgfodwjq.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\PROGRA~1\SBCSEL~1\ASSTCO~1\MOTIVE~1.EXE
C:\Program Files\SBC Self Support Tool\bin\mad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\DOCUME~1\Owner\Desktop\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRA~1\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O2 - BHO: GNX Bingo - {903AD98D-8A91-4FBB-B5E1-4FFCA9003E6A} - C:\WINDOWS\kdftlboeorn.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll (file missing)
O2 - BHO: (no name) - {B864AA4B-C734-469F-B627-09F38DE731F3} - C:\WINDOWS\system32\commdl.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131656233\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [CAMMON_JL2005A] C:\Program Files\JL2005A\cam_mon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [FlyMonitor] "C:\Program Files\Leapfrog\FlyWorld\bin\FlyMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [wscpqzpe] C:\WINDOWS\system32\pgfodwjq.exe
O4 - HKCU\..\Run: [e©ùýùÙûïÞóÎÃøøÈøôÄÊýíñûÉÞó] C:\Program Files\XP Antivirus\xpa.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKLM\..\Policies\Explorer\Run: [KtlzKRuvum] C:\Documents and Settings\All Users\Application Data\dcjsvavk\nghqjerc.exe
O4 - HKUS\S-1-5-21-4041844658-2059025278-2205248627-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-4041844658-2059025278-2205248627-1003\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 (User '?')
O4 - HKUS\S-1-5-21-4041844658-2059025278-2205248627-1003\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-4041844658-2059025278-2205248627-1003\..\Run: [DVDXGhost] (User '?')
O4 - HKUS\S-1-5-21-4041844658-2059025278-2205248627-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-4041844658-2059025278-2205248627-1003\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe (User '?')
O4 - HKUS\S-1-5-21-4041844658-2059025278-2205248627-1003\..\Run: [Aim6] (User '?')
O4 - HKUS\S-1-5-21-4041844658-2059025278-2205248627-1003\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" (User '?')
O4 - HKUS\S-1-5-21-4041844658-2059025278-2205248627-1003\..\Run: [wscpqzpe] C:\WINDOWS\system32\pgfodwjq.exe (User '?')
O4 - HKUS\S-1-5-21-4041844658-2059025278-2205248627-1003\..\Run: [e©ùýùÙûïÞóÎÃøøÈøôÄÊýíñûÉÞó] C:\Program Files\XP Antivirus\xpa.exe (User '?')
O4 - HKUS\S-1-5-21-4041844658-2059025278-2205248627-1003\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User '?')
O4 - S-1-5-21-4041844658-2059025278-2205248627-1003 Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{66FAD865-7055-4DFB-A25E-07CD8D5FF526}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe (User '?')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{66FAD865-7055-4DFB-A25E-07CD8D5FF526}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.co...ne_Inst_Win.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1173494459500
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensave.../sinstaller.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O21 - SSODL: sYLctD - {E41563D0-4EBF-C97A-1033-80A0BBA0B4BA} - C:\WINDOWS\system32\ubisf.dll
O21 - SSODL: dwnrpofk - {35913706-385A-48F5-A414-00E82CFFDA1D} - C:\WINDOWS\dwnrpofk.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 16183 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 Fadpu16E - c:\docume~1\owner\locals~1\temp\fadpu16e.sys (file missing)
3 JL2005 (JL2005A Toy Camera) - c:\windows\system32\drivers\toywdm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
3 StMp3Rec (Player Recovery Device Control Driver) - c:\windows\system32\drivers\stmp3rec.sys <Not Verified; Generic; Generic MP3 Player>
3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt92>
3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 Automatic LiveUpdate Scheduler - c:\program files\symantec\liveupdate\aluschedulersvc.exe (file missing)
3 hpqcxs08 - c:\windows\system32\svchost.exe
2 hpqddsvc (HP CUE DeviceDiscovery Service) - c:\windows\system32\svchost.exe
3 LiveUpdate - c:\progra~1\symantec\liveup~1\lucoms~1.exe (file missing)
2 SfCtlCom (Trend Micro Central Control Component) - c:\program files\trend micro\internet security\sfctlcom.exe
2 TMBMServer (Trend Micro Unauthorized Change Prevention Service) - c:\program files\trend micro\bm\tmbmsrv.exe
3 tmproxy (Trend Micro Proxy Service) - c:\program files\trend micro\internet security\tmproxy.exe
3 YPCService - c:\windows\system32\ypcservice.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2008-04-06 11:37:31 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-03-31 20:54:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-06 13:10:50 0 d-------- C:\WINDOWS\pss
2008-03-31 17:37:22 0 d-------- C:\Program Files\Support Tools
2008-03-30 19:44:10 0 d-------- C:\Program Files\Windows Defender
2008-03-30 18:20:38 88064 --a------ C:\WINDOWS\system32\commdl.dll
2008-03-30 18:20:21 84761 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-03-30 18:20:17 40713 --a------ C:\WINDOWS\system32\cpmsky-uninst.exe
2008-03-30 18:20:14 80121 --a------ C:\WINDOWS\system32\adzgalore-remove.exe
2008-03-30 12:49:57 0 d-------- C:\Program Files\Uniblue
2008-03-29 23:58:29 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-03-29 23:58:29 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-03-29 23:58:29 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-29 23:58:29 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-03-29 23:58:29 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-03-29 23:58:29 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-29 23:58:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-03-29 23:58:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-03-29 23:58:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-03-29 23:58:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-03-29 23:39:59 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-03-29 23:39:59 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-29 23:39:59 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-03-29 23:39:59 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-03-29 23:39:59 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-03-29 23:39:59 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-03-29 23:39:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-03-29 23:39:59 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-29 23:39:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-03-29 23:39:58 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-03-29 23:39:57 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-29 16:02:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-03-29 16:01:08 0 d-------- C:\Program Files\Trend Micro
2008-03-28 21:09:32 0 d-------- C:\Program Files\Security Stronghold
2008-03-28 20:14:29 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-03-28 20:01:16 0 d-------- C:\Program Files\RegistryFix
2008-03-26 13:55:11 0 d-------- C:\Program Files\PC-Cleaner
2008-03-25 19:23:26 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-25 19:11:50 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-03-25 19:11:50 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-03-25 19:11:50 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-03-25 19:11:50 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-03-25 19:11:50 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-03-25 19:11:50 4096 --a------ C:\WINDOWS\a.bat
2008-03-25 19:11:49 4096 --a------ C:\WINDOWS\system32taack.exe
2008-03-25 19:11:49 4096 --a------ C:\WINDOWS\system32taack.dat
2008-03-25 19:11:49 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-03-25 19:11:49 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-03-25 19:11:49 0 d-------- C:\WINDOWS\system32smp
2008-03-25 19:11:49 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-03-25 19:11:49 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-03-25 19:11:49 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-03-25 19:11:49 4096 --a------ C:\WINDOWS\system32netode.exe
2008-03-25 19:11:49 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-03-25 19:11:49 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-03-25 19:11:49 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-03-25 19:11:49 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-03-25 19:11:49 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-03-25 19:11:49 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-03-25 19:11:49 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-03-25 19:11:49 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-03-25 19:11:49 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\winsystem.exe
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32thun.dll
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32bdn.com
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\mssecu.exe
2008-03-25 19:11:48 4096 --a------ C:\WINDOWS\bdn.com
2008-03-25 19:11:16 0 d-------- C:\Documents and Settings\All Users\Application Data\dcjsvavk
2008-03-25 19:11:15 90112 --a------ C:\WINDOWS\system32\pgfodwjq.exe
2008-03-25 19:10:39 249856 --a------ C:\WINDOWS\kdftlboeorn.dll
2008-03-25 19:10:39 266240 --a------ C:\WINDOWS\dwnrpofk.dll
2008-03-25 19:10:36 1 --a------ C:\WINDOWS\system32\kr_done1


-- Find3M Report ---------------------------------------------------------------

2008-04-04 07:16:23 0 d-------- C:\Documents and Settings\Owner\Application Data\WeatherBug
2008-04-02 23:55:20 60416 --a------ C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-03-29 15:57:49 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-29 15:56:05 0 d-------- C:\Program Files\Symantec
2008-03-29 15:55:23 0 d-------- C:\Program Files\Common Files
2008-03-26 18:55:43 16 --a------ C:\WINDOWS\popcinfo.dat
2008-03-25 19:23:19 0 d-------- C:\Program Files\Common Files\Real
2008-03-22 13:21:47 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-03-01 00:39:26 0 d-------- C:\Program Files\cdmweb
2008-02-29 20:17:56 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-02-09 14:11:51 0 d-------- C:\Documents and Settings\Owner\Application Data\Intuit
2008-02-09 13:58:54 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-02-09 13:58:52 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-09 13:58:10 0 d-------- C:\Program Files\Quicken
2008-02-09 13:56:35 0 d-------- C:\Program Files\Common Files\Intuit
2008-02-09 13:49:13 0 d-------- C:\Program Files\TurboTax


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{903AD98D-8A91-4FBB-B5E1-4FFCA9003E6A}]
03/25/2008 11:53 AM 249856 --a------ C:\WINDOWS\kdftlboeorn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B864AA4B-C734-469F-B627-09F38DE731F3}]
08/04/2004 02:00 PM 88064 --a------ C:\WINDOWS\system32\commdl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [08/15/2003 09:34 AM C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/03/2004 07:29 PM]
"nwiz"="nwiz.exe" [03/03/2004 07:29 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [03/03/2004 07:29 PM]
"nForce Tray Options"="sstray.exe" [09/03/2003 03:25 AM C:\WINDOWS\system32\sstray.exe]
"CHotkey"="zHotkey.exe" [05/18/2004 03:30 AM C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [09/19/2003 06:09 PM C:\WINDOWS\ShowWnd.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/01/2003 04:42 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 08:50 PM]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [03/11/2004 06:18 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [06/07/2003 12:32 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [01/12/2005 03:54 PM]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 05:19 PM]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [06/11/2003 02:52 AM]
"IPInSightMonitor 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [06/11/2003 02:52 AM]
"ViewMgr"="C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" []
"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [07/14/2003 02:30 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [07/13/2003 02:49 AM]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [10/26/2007 04:42 PM]
"YPC"="C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe" [02/11/2005 06:14 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1131656233\ee\AOLSoftware.exe" [05/09/2006 07:24 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 10:34 PM]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [11/02/2006 05:53 PM]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 11:59 AM]
"CAMMON_JL2005A"="C:\Program Files\JL2005A\cam_mon" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/02/2007 04:24 PM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [10/21/2004 01:28 PM C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"FlyMonitor"="C:\Program Files\Leapfrog\FlyWorld\bin\FlyMonitor.exe" [11/15/2007 03:32 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/25/2008 07:22 PM]
"DisableTaskMgr"="0 (0x0)" []
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [02/26/2008 02:19 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [06/07/2005 01:58 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [08/15/2005 03:24 PM]
"DVDXGhost"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:00 PM]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [02/01/2005 04:43 PM]
"Aim6"="" []
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [06/18/2003 09:00 PM]
"wscpqzpe"="C:\WINDOWS\system32\pgfodwjq.exe" [03/25/2008 07:11 PM]
"e©ùýùÙûïÞóÎÃøøÈøôÄÊýíñûÉÞó"="C:\Program Files\XP Antivirus\xpa.exe" []
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"KtlzKRuvum"=C:\Documents and Settings\All Users\Application Data\dcjsvavk\nghqjerc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"sYLctD"= {E41563D0-4EBF-C97A-1033-80A0BBA0B4BA} - C:\WINDOWS\system32\ubisf.dll [04/16/2007 10:52 AM 32768]
"dwnrpofk"= {35913706-385A-48F5-A414-00E82CFFDA1D} - C:\WINDOWS\dwnrpofk.dll [03/25/2008 11:53 AM 266240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1e56980-8913-11dc-99f0-0040ca884e7d}]
AutoRun\command- J:\Autorun.exe /run
Shell00\Command- J:\Autorun.exe /run
Shell01\Command- J:\Autorun.exe /action
Shell02\Command- J:\Autorun.exe /uninstall




-- End of Deckard's System Scanner: finished at 2008-04-06 17:03:20 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 61%
Physical Memory (total/avail): 959.48 MiB / 369.22 MiB
Pagefile Memory (total/avail): 1549.96 MiB / 875.84 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.02 MiB

C: is Fixed (NTFS) - 149.05 GiB total, 123.59 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HERNANDEZ
ComSpec=C:\WINDOWS\system32\cmd.exe
DXSDK_DIR=C:\Program Files\Microsoft DirectX SDK (April 2007)\
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\HERNANDEZ
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Microsoft DirectX SDK (April 2007)\Utilities\Bin\x86;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Support Tools\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=HERNANDEZ
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\SBC Yahoo!\umuninst.exe" /S
--> C:\PROGRA~1\GlobalSCAPE\CuteFTP\UNWISE32.EXE C:\PROGRA~1\GLOBAL~1\CuteFTP\CuteHTML\INSTALL2.LOG
--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3-D Salt Water Fish Tank Demo 2 Screen Saver --> C:\WINDOWS\system32\3-D Salt Water Fish Tank Demo 2.scr /u
3D Groove Playback Engine --> RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop 7.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu"
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Ahead InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Ahead InCD EasyWrite Reader --> C:\WINDOWS\unmrw.exe /UNINSTALL
Ahead NeroMIX --> C:\WINDOWS\UNNMIX.exe /UNINSTALL
Ahead NeroVision Express --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIT screensaver --> C:\WINDOWS\system32\AIT screensaver.scr /u
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Toolbar 2.0 --> "C:\Program Files\AOL\AOL Toolbar 2.0\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
AT&T Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Bejeweled 2 Deluxe --> C:\WINDOWS\iun6002ev.exe "C:\Program Files\Bejeweled 2 Deluxe\irunin.ini"
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Browser Optimizer Adzgalore --> C:\WINDOWS\system32\adzgalore-remove.exe
BuddyList Ops 1.0.0.1 --> C:\PROGRA~1\BUDDYL~1\UNWISE.EXE C:\PROGRA~1\BUDDYL~1\INSTALL.LOG
Calc98 --> C:\Program Files\Calc98\setup.exe
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Clouds Screensaver --> C:\WINDOWS\ss3unstl.exe "Clouds Screensaver"
Creative Mass Storage Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
CuteFTP --> C:\PROGRA~1\GlobalSCAPE\CuteFTP\UNWISE32.EXE C:\PROGRA~1\GlobalSCAPE\CuteFTP\INSTALL.LOG
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
DivxToDVD 0.5.2b --> "C:\Program Files\vso\DivxToDVD\unins000.exe"
DreamStation DXi2 --> C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
DVD-CLONER V2.35 --> "C:\Program Files\Dvd-cloner\unins000.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
Elizabethtown Screen Saver --> C:\WINDOWS\system32\Elizabethtown.scr /u
Enhancement Browser Tools Cpmsky --> C:\WINDOWS\system32\cpmsky-uninst.exe
ESPN Java Check --> C:\WINDOWS\system32\javaws.exe -uninstall "http://espn.go.com/l.../jws-check.jar"
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
FLY Fusion Algebra --> MsiExec.exe /I{8D0578F6-5CF8-405F-A7C0-C1A0055589F0}
FLY World --> C:\WINDOWS\system32\msiexec.exe /i {5D946D0D-9437-4E15-AC1F-F9BCF0B32561}
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Hamtaro Wake Up Snoozer --> C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Hamtaro\Hamtaro Wake Up Snoozer\Uninstall.xml"
Higher Score on the SAT/PSAT --> "C:\Program Files\Kap.SATr\unins000.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Owner\Desktop\HijackThis.exe" /uninstall
HLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPSFO --> MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 9.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Cameras 9.0 --> C:\Program Files\HP\Digital Imaging\{99999999-9999-9999-9999-999999999999}\setup\hpzscr01.exe -datfile hpiscr06.dat
HP Photosmart Essential 2.01 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP PSC & OfficeJet 4.2 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center 9.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes --> MsiExec.exe /I{01B51908-02EF-453B-87A9-815182E8C2F2}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kid Pix Deluxe 3 --> C:\Program Files\Broderbund\Kid Pix Deluxe 3\uninstal.exe
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_10009_15c0b9c\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
lily screen saver --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.ntx86 132 C:\WINDOWS\INF\LILYSC~1.INF
LimeWire PRO 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9
meangirls Screen Saver --> C:\WINDOWS\system32\meangirls.scr /u
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft DirectX SDK (April 2007) --> MsiExec.exe /I{5BDAEFB5-1FF6-45DA-AD07-910CD7F4B5EF}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Photo Premium 9 --> c:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
Move Networks Player for Internet Explorer --> "C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\unins000.exe"
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9
MySidesearch Search Assistant Adzgalore --> C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
Myst for Windows 95 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Myst\DeIsL1.isu"
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuaudio.exe UninstallGUI
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
overland --> MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Paws and Claws Pet School (remove only) --> C:\Program Files\Paws and Claws Pet School\Uninstall.exe
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PCFriendly --> C:\Program Files\PCFriendly\inuninst.exe
PhotoShow Deluxe 3 --> "C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\Uninstall.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Prentice Hall Realidades Texas Level 2 Interactive Textbook CD-ROM --> MsiExec.exe /X{605264DF-6152-4BF3-846F-249116116E2A}
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RollerCoaster Tycoon® 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
SBC Yahoo! DSL Activation --> C:\PROGRA~1\Yahoo!\Common\undsldlk.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SelectRebates --> C:\WINDOWS\53rcp32v.exe
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
sos_screensaver_2 --> C:\WINDOWS\system32\sos_screensaver_2.scr /u
The Notebook Screensaver --> C:\WINDOWS\The Notebook Screensaver.scr /u
The Sims Deluxe Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l0009
Trend Micro AntiVirus --> C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro AntiVirus --> MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
TurboTax Basic 2007 --> C:\Program Files\TurboTax\Basic 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2007\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Uninstall JL2005A Toy Camera --> "C:\Program Files\JL2005A\unins000.exe"
USB MassStorage CardReader --> C:\Program Files\Kodak\040a_5005\Remove.exe

Edited by hern7615, 06 April 2008 - 05:28 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP