got a virus i cant see

Hello, i am new to this forum and i am going outta my mind trying to find out what virus i have. avast i use is 4.7

anyways i use windows xp service pack 2 with 512 mb of ram and its my laptop that is infected. i removed 4 trojans and then went to a computer repair guy across the street where i live and he said its probally a virus i cant remeber the name and its making my laptop slow. the usual avast scan is 4 hours last night it was 16 hours 42 min and the night before that it got thru 3/4s of it then found the 4th trojan asked me what to do so i hit quarintine and then it rebooted mys system. my windows boot time is usually 30 seconds not 7 minutes.

please help me find out what this virus is and how to go about removing it. i used the virus cleaner and didnt find anything.

also i had to reboot once just so i can use the wifi as it was disabled. please help me get my computer clean and running fast again

Warrior-Paine

P.S. the computer man i asked maybe to repair my pc told me to get norton witch i dont like or mcafee as he said spybot,adaware,spy sweeper are all bad as well as avast. in the past avast has protected my laptops and desktop without fail. i trust avast only.

Hi welcome to the forum. Let’s have a peek under the hood.

Click here to download HJTsetup.exe

[*]Save HJTsetup.exe to your desktop.
[*]Doubleclick on the HJTsetup.exe icon on your desktop.
[*]By default it will install to C:\Program Files\Hijack This.
[*]Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
[*]Put a check by Create a desktop icon then click Next again.
[*]Continue to follow the rest of the prompts from there.
[*]At the final dialogue box click Finish and it will launch Hijack This.
[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
[*]Click on “Edit > Select All” then click on “Edit > Copy” to copy the entire contents of the log.
[*]Come back here to this thread and Paste the log in your next reply.
[*]DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

here is the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:12:34 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [QPService] “C:\Program Files\HP\QuickPlay\QPService.exe”
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM..\Run: [TosGbWatcher] “C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [zzz_ImInstaller_IncrediMail] C:\Documents and Settings\Ritalee\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail
O4 - HKLM..\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU..\Run: [msnmsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/

CXTSEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra ‘Tools’ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download.games.yahoo.com/games/web_games/playtime/mahjongescape/PTGameLauncher.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Ritalee\Desktop\tipi inside.jpg


End of file - 11687 bytes

Hi Warrior-Paine,

Here is the online analysis of your hjt log: http://www.hijackthis.de/logfiles/9040b214d04b28d634928a6abd754913.html
And this is available for the next three consequent days.
And a prevx evaluation of your hjt log was attached by me.
Follow all the instructions oldman gives you meticulously,

polonus

may i ask what i do now?

There isn’t much to see in the log, just an old version of java and viewpoint, which some people and questionable. since you you AOL and some of it’s products, it will remain.

Can you go to C:\program files\alwil software\avast4\data\logs

In the right hand panel, locate the warning log. Open it with notepad and copy and paste the last part, relating to your problem. It may shed light on what we are looking for if we know the virus/trojan name. We have other scanners available.

We’ll use one now. You can attach the logs by using the additional options button on the reply page. scroll down if you can’t see the browse button.

First

Open Spybot and make sure teatimer is disabled, we will re-enable afterwards. To do so do the following

Click mode
click Advanced mode
if you get a warning answer “yes”
click tools
click resident
uncheck resident “teatimer”
click allow change

reboot

Please download Deckard’s System Scanner (DSS) and save it to your Desktop.
[*]Close all other windows before proceeding.
[*]Double-click on dss.exe and follow the prompts.
[*]When it has finished, dss will open two Notepads main.txt and extra.txt – please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

will this do?

9/3/2006 8:32:05 AM 1157297525 SYSTEM 1768 Sign of “Win32:SdBot-gen44 [trj]” has been found in “http://206.222.29.131/adrun/value.wmf” file.
9/6/2006 3:34:03 PM 1157582043 SYSTEM 1776 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.
9/6/2006 3:34:04 PM 1157582044 SYSTEM 1776 An error has occured while attempting to update. Please check the logs.
10/16/2006 2:49:22 AM 1160992162 SYSTEM 1768 Sign of “Win32:SdBot-gen44 [trj]” has been found in “http://206.222.12.99/rl/value.wmf” file.
11/2/2006 1:04:58 AM 1162458298 Ritalee 1760 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR V35\VIEWBAR.DLL” file.
11/2/2006 1:07:05 AM 1162458425 Ritalee 1760 Sign of “Win32:Adware-gen. [Adw]” has been found in “C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll” file.
5/1/2007 10:35:17 PM 1178084118 Ritalee 2916 Function setifaceUpdatePackages() has failed. Return code is 0x40010004, dwRes is 40010004.
7/2/2007 10:23:44 AM 1183397024 SYSTEM 1676 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.
7/2/2007 10:23:45 AM 1183397025 SYSTEM 1676 An error has occured while attempting to update. Please check the logs.
7/31/2007 5:52:34 PM 1185929554 SYSTEM 120 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
7/31/2007 5:52:36 PM 1185929556 SYSTEM 120 An error has occured while attempting to update. Please check the logs.
9/2/2007 3:46:23 PM 1188773183 SYSTEM 1884 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
9/2/2007 3:46:24 PM 1188773184 SYSTEM 1884 An error has occured while attempting to update. Please check the logs.
9/17/2007 11:51:37 AM 1190055097 Ritalee 496 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
9/21/2007 5:43:31 PM 1190421811 SYSTEM 156 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
9/21/2007 5:43:32 PM 1190421812 SYSTEM 156 An error has occured while attempting to update. Please check the logs.
9/21/2007 5:52:45 PM 1190422365 Ritalee 1232 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
10/1/2007 5:12:06 PM 1191283926 SYSTEM 1948 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/1/2007 5:12:07 PM 1191283927 SYSTEM 1948 An error has occured while attempting to update. Please check the logs.
10/10/2007 11:00:20 AM 1192039220 SYSTEM 2032 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/10/2007 11:00:20 AM 1192039220 SYSTEM 2032 An error has occured while attempting to update. Please check the logs.
10/11/2007 8:08:36 PM 1192158516 SYSTEM 1848 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
10/11/2007 8:08:37 PM 1192158517 SYSTEM 1848 An error has occured while attempting to update. Please check the logs.
10/28/2007 1:14:32 PM 1193602472 SYSTEM 2040 Function setifaceUpdatePackages() has failed. Return code is 0x20000011, dwRes is 20000011.
10/28/2007 1:14:34 PM 1193602474 SYSTEM 2040 An error has occured while attempting to update. Please check the logs.
12/15/2007 9:45:00 AM 1197740701 Ritalee 456 Sign of “Win32:StartPage-483 [trj]” has been found in “C:\Documents and Settings\Ritalee\Local Settings\Temp\WER2834.dir00\Ad-Aware.exe.hdmp” file.
12/15/2007 10:11:55 AM 1197742315 Ritalee 456 Sign of “Win32:StartPage-483 [trj]” has been found in “C:\Documents and Settings\Ritalee\Local Settings\Temp\WERfbee.dir00\Ad-Aware.exe.hdmp” file.
12/15/2007 10:12:20 AM 1197742340 Ritalee 456 Sign of “Win32:StartPage-483 [trj]” has been found in “C:\Documents and Settings\Ritalee\Local Settings\Temp\WERfe25.dir00\Ad-Aware.exe.hdmp” file.
12/15/2007 2:13:46 PM 1197756826 Ritalee 456 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
2/10/2008 10:58:40 PM 1202713120 Ritalee 720 Sign of “Win32:Neptunia-KH [trj]” has been found in “C:\Program Files\music_now\inetchk.exe” file.
2/11/2008 12:26:55 AM 1202718415 Ritalee 720 Sign of “Win32:Neptunia-KH [trj]” has been found in “C:\System Volume Information_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP494\A0203503.exe” file.
3/20/2008 12:03:31 PM 1206039811 Ritalee 3428 Sign of “Win32:Trojan-gen {VC}” has been found in “C:\Program Files\HPQ\Default Settings\CpqsetVer.exe” file.
3/20/2008 2:26:00 PM 1206048360 Ritalee 3428 Sign of “Win32:WebSearch-M [Adw]” has been found in “C:\Program Files\Netscape\Netscape Browser\plugins\NPMyWebS.dll” file.
3/20/2008 10:14:55 PM 1206076495 Ritalee 3428 Sign of “Win32:Trojan-gen {VC}” has been found in “C:\System Volume Information_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP509\A0210172.exe” file.
3/20/2008 10:26:47 PM 1206077207 Ritalee 3428 Sign of “Win32:WebSearch-M [Adw]” has been found in “C:\System Volume Information_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP509\A0210184.dll” file.
3/22/2008 12:08:06 AM 1206169686 Ritalee 1164 Sign of “Win32:WebSearch-M [Adw]” has been found in “C:\System Volume Information_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP509\A0210184.dll” file.

Yes, thank you. I was going to ask you about the desktop component,

O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Ritalee\Desktop\tipi inside.jpg

Did you put a picture on the desktop? If you did that’s fine.

Go ahead with the DSS scan, we’ll see what it shows.

Deckard’s System Scanner v20071014.68
Run by Ritalee on 2008-03-22 17:39:46
Computer is in Normal Mode.

– System Restore --------------------------------------------------------------

Successfully created a Deckard’s System Scanner Restore Point.

– Last 5 Restore Point(s) –
63: 2008-03-23 00:41:23 UTC - RP513 - Deckard’s System Scanner Restore Point
62: 2008-03-22 22:49:10 UTC - RP512 - Installed Java™ 6 Update 5
61: 2008-03-22 14:22:16 UTC - RP511 - System Checkpoint
60: 2008-03-21 04:37:12 UTC - RP510 - System Checkpoint
59: 2008-03-19 20:18:18 UTC - RP509 - System Checkpoint

– First Restore Point –
1: 2007-12-24 03:46:57 UTC - RP451 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 383 MiB (512 MiB recommended).

– HijackThis (run as Ritalee.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:46 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Ritalee\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ritalee.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [QPService] “C:\Program Files\HP\QuickPlay\QPService.exe”
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM..\Run: [TosGbWatcher] “C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [zzz_ImInstaller_IncrediMail] C:\Documents and Settings\Ritalee\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail
O4 - HKLM..\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU..\Run: [msnmsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra ‘Tools’ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download.games.yahoo.com/games/web_games/playtime/mahjongescape/PTGameLauncher.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Ritalee\Desktop\tipi inside.jpg


End of file - 11631 bytes

– File Associations -----------------------------------------------------------

All associations okay.

– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Spssys (Toshiba SPS Service) - c:\windows\system32\drivers\spssys.sys <Not Verified; Toshiba Corporation; spssys>

S3 BW2NDIS5 - c:\windows\system32\drivers\bw2ndis5.sys (file missing)
S3 SQTECH905C (DaulCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>

– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - “c:\program files\viewpoint\common\viewpointservice.exe” <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>

– Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

– Scheduled Tasks -------------------------------------------------------------

2008-03-22 17:44:11 258 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

– Files created between 2008-02-22 and 2008-03-22 -----------------------------

2008-03-22 16:10:54 0 d-------- C:\Program Files\Trend Micro

– Find3M Report ---------------------------------------------------------------

2008-03-22 16:18:27 0 d-------- C:\Program Files\ICQToolbar
2008-03-19 23:25:51 0 d-------- C:\Documents and Settings\Ritalee\Application Data\U3
2008-03-11 01:26:17 20030 --a----c- C:\Documents and Settings\Ritalee\Application Data\wklnhst.dat
2008-02-25 22:26:14 21840 --a----ct C:\WINDOWS\system32\SIntfNT.dll
2008-02-25 22:26:14 17212 --a----ct C:\WINDOWS\system32\SIntf32.dll
2008-02-25 22:26:14 12067 --a----ct C:\WINDOWS\system32\SIntf16.dll
2008-02-25 01:35:12 0 d-------- C:\Program Files\Diablo II
2008-02-12 21:49:29 3064 --a------ C:\WINDOWS\mozver.dat
2008-02-11 10:28:27 3446 --a------ C:\WINDOWS\unins000.dat
2008-02-11 10:24:08 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-11 00:12:17 0 d-------- C:\Program Files\music_now

– Registry Dump ---------------------------------------------------------------

Note empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
12/18/2007 09:10 AM 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}”= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [12/18/2007 09:10 AM 262144]

[-HKEY_CLASSES_ROOT\CLSID{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [02/02/2005 05:12 AM]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [06/08/2007 12:47 AM]
“hpWirelessAssistant”=“C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe” [11/16/2005 09:30 AM]
“HP Software Update”=“C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe” [02/17/2005 12:11 AM]
“QPService”=“C:\Program Files\HP\QuickPlay\QPService.exe” [12/12/2005 12:39 PM]
“eabconfg.cpl”=“C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe” [12/07/2005 11:56 AM]
“Cpqset”=“C:\Program Files\HPQ\Default Settings\cpqset.exe” [02/17/2005 03:01 PM]
“RecGuard”=“C:\Windows\SMINST\RecGuard.exe” [10/11/2005 11:23 AM]
“TosGbWatcher”=“C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe” [04/26/2005 02:02 AM]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [12/04/2007 06:00 AM]
“ISUSPM Startup”=“C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [07/27/2004 05:50 PM]
“ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [08/09/2004 07:03 AM]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [08/21/2006 10:39 PM]
“zzz_ImInstaller_IncrediMail”=“C:\Documents and Settings\Ritalee\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe”
“ZoneAlarm Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [11/14/2007 05:05 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [08/04/2004 01:00 AM]
“AIM”=“C:\Program Files\AIM\aim.exe” [08/05/2005 03:08 PM]
“msnmsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” [01/19/2007 12:54 PM]
“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [01/28/2008 12:43 PM]

C:\Documents and Settings\Ritalee\Start Menu\Programs\Startup
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [11/17/1996]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [11/17/1996]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [9/24/2005 2:39:30 AM]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\Ritalee\Desktop\tipi inside.jpg
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
“C:\Program Files\ICQLite\ICQLite.exe” -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
“C:\Program Files\MSN Messenger\msnmsgr.exe” /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
“C:\Program Files\QuickTime\qttask.exe” -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
“C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
“C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

– End of Deckard’s System Scanner: finished at 2008-03-22 17:48:17 ------------

here is the extra text.

Deckard’s System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

– System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile AMD Sempron™ Processor 3000+
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 382.48 MiB / 90.62 MiB
Pagefile Memory (total/avail): 919.41 MiB / 559.44 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.38 MiB

C: is Fixed (NTFS) - 48.32 GiB total, 24.09 GiB free.
D: is Fixed (FAT32) - 7.55 GiB total, 0.84 GiB free.
E: is CDROM (No Media)

\.\PHYSICALDRIVE0 - FUJITSU MHV2060AT PL - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 48.32 GiB - C:
\PARTITION1 - Unknown - 7.56 GiB - D:

– Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v7.0.462.000 (Check Point, LTD.)
AV: avast! antivirus 4.7.1098 [VPS 080322-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=“%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Common Files\AOL\1150163481\ee\AOLServiceHost.exe”="C:\Program Files\Common Files\AOL\1150163481\ee\AOLServiceHost.exe:
:Enabled:AOL Services”
“C:\Program Files\Common Files\AOL\Loader\aolload.exe”=“C:\Program Files\Common Files\AOL\Loader\aolload.exe::Enabled:AOL Loader"
“C:\Program Files\MSN Messenger\msncall.exe”="C:\Program Files\MSN Messenger\msncall.exe:
:Enabled:Windows Live Messenger 8.0 (Phone)”
“%windir%\Network Diagnostic\xpnetdiag.exe”=“%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\MSN Messenger\msnmsgr.exe”="C:\Program Files\MSN Messenger\msnmsgr.exe:
:Enabled:Windows Live Messenger 8.1”
“C:\Program Files\MSN Messenger\livecall.exe”=“C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)”

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=“%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\EarthLink TotalAccess\TaskPanl.exe”="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:
:Enabled:Earthlink”
“C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe”=“C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe::Enabled:Yahoo! Messenger"
“C:\Program Files\Yahoo!\Messenger\YServer.exe”="C:\Program Files\Yahoo!\Messenger\YServer.exe:
:Enabled:Yahoo! FT Server”
“C:\Program Files\Common Files\AOL\1150163481\ee\AOLServiceHost.exe”=“C:\Program Files\Common Files\AOL\1150163481\ee\AOLServiceHost.exe::Enabled:AOL Services"
“C:\Program Files\Common Files\AOL\Loader\aolload.exe”="C:\Program Files\Common Files\AOL\Loader\aolload.exe:
:Enabled:AOL Loader”
“C:\Program Files\MSN Messenger\msncall.exe”=“C:\Program Files\MSN Messenger\msncall.exe::Enabled:Windows Live Messenger 8.0 (Phone)"
“C:\Program Files\ICQLite\ICQLite.exe”="C:\Program Files\ICQLite\ICQLite.exe:
:Enabled:ICQ Lite”
“%windir%\Network Diagnostic\xpnetdiag.exe”=“%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\MSN Messenger\msnmsgr.exe”="C:\Program Files\MSN Messenger\msnmsgr.exe:
:Enabled:Windows Live Messenger 8.1”
“C:\Program Files\MSN Messenger\livecall.exe”=“C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)"
“C:\Documents and Settings\Ritalee\Desktop\downloads\incredimail_install.exe”="C:\Documents and Settings\Ritalee\Desktop\downloads\incredimail_install.exe:
:Enabled:IncrediMail Installer”
“C:\Documents and Settings\Ritalee\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe”=“C:\Documents and Settings\Ritalee\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe:*:Enabled:IncrediMail Installer”

– Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ritalee\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PIKACHU
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ritalee
LOGONSERVER=\PIKACHU
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\GTK\2.0\bin;“C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier”
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PRESARIO
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ritalee\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ritalee\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=PIKACHU
USERNAME=Ritalee
USERPROFILE=C:\Documents and Settings\Ritalee
windir=C:\WINDOWS

– User Profiles ---------------------------------------------------------------

user I[/I]
Ritalee I[/I]
Sara Hope I[/I]
Retta G
Pillar Of Winter
Grandma (new local)
Grandpa (new local)

– Add/Remove Programs ---------------------------------------------------------

→ C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
→ C:\WINDOWS\system32\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
→ C:\WINDOWS\system32\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
→ C:\WINDOWS\system32\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
→ rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
5 Card Slingo from Hewlett-Packard Laptops (remove only) → “C:\Program Files\WildTangent\Apps\GameChannel\Games\5DE4D54F-AA79-43A4-9C8A-C173E7E2B025\Uninstall.exe”
Ad-Aware SE Personal → MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Flash Player 9 ActiveX → C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin → C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 → MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AOL Instant Messenger → C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Athlon 64 Processor Driver → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe” -l0x9
ATI - Software Uninstall Utility → C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe”
ATI Display Driver → rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus → rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Balloon Kaboom → C:\PROGRA~1\eGames\BALLOO~2\UNWISE.EXE C:\PROGRA~1\eGames\BALLOO~2\INSTALL.LOG
Balloon Pop Special Edition → C:\PROGRA~1\eGames\BALLOO~1\UNWISE.EXE C:\PROGRA~1\eGames\BALLOO~1\INSTALL.LOG

Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only) → “C:\Program Files\WildTangent\Apps\GameChannel\Games\6E377D95-DF37-4E67-B64B-68C314600BCB\Uninstall.exe”
Big Kahuna Reef from Hewlett-Packard Laptops (remove only) → “C:\Program Files\WildTangent\Apps\GameChannel\Games\7948472C-423F-4134-B68F-48D660A05D71\Uninstall.exe”
Bingo Master Special Edition → C:\PROGRA~1\eGames\BINGOM~1\UNWISE.EXE C:\PROGRA~1\eGames\BINGOM~1\INSTALL.LOG
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only) → “C:\Program Files\WildTangent\Apps\GameChannel\Games\384E0BF4-1E1F-45A6-B60E-42144A3F15CD\Uninstall.exe”
Blasterball 2 from Hewlett-Packard Laptops (remove only) → “C:\Program Files\WildTangent\Apps\GameChannel\Games\9F3399B2-9ED6-4339-84A2-686432638B86\Uninstall.exe”
Block Rox → C:\PROGRA~1\eGames\BLOCKR~1\UNWISE.EXE C:\PROGRA~1\eGames\BLOCKR~1\INSTALL.LOG
Blood2 → C:\WINDOWS\uninst.exe -fC:\Games\Blood2\DeIsL1.isu
Boggle Supreme from Hewlett-Packard Laptops (remove only) → “C:\Program Files\WildTangent\Apps\GameChannel\Games\5658FB14-16A4-4DAE-946B-1457BE31572E\Uninstall.exe”
Bookworm Deluxe from Hewlett-Packard Laptops (remove only) → “C:\Program Files\WildTangent\Apps\GameChannel\Games\B0769D17-E72A-4E87-A83F-1F7A3F080008\Uninstall.exe”
Bounce Symphony from Hewlett-Packard Laptops (remove only) → “C:\Program Files\WildTangent\Apps\GameChannel\Games\7A940E33-6993-404B-ABA6-ED62E8FBE615\Uninstall.exe”
CDex extraction audio → “C:\Program Files\CDex_150\uninstall.exe”
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only) → “C:\Program Files\WildTangent\Apps\GameChannel\Games\382C11F0-1A18-4F76-B8E0-15CA7F209C22\Uninstall.exe”
Collector’s Edition 251 → C:\PROGRA~1\eGames\COLLEC~1\UNWISE.EXE C:\PROGRA~1\eGames\COLLEC~1\INSTALL.LOG
Conexant AC-Link Audio → C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta3091.inf
Crystal Maze from Hewlett-Packard Laptops (remove only) → “C:\Program Files\WildTangent\Apps\GameChannel\Games\E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2\Uninstall.exe”
Customer Experience Enhancement → C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Darts → MsiExec.exe /X{F91CB93C-E24C-4932-A3F9-C4A6403F90CF}
Data Fax SoftModem with SmartCP → C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C\HXFSETUP.EXE -U -IVEN_1002&DEV_4378&SUBSYS_3091103C
Deer Hunter 4 → C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Deer Hunter 4\Uninst.isu"
Deer Hunter 5 → C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Deer Hunter 5\Uninst.isu"
Diablo → C:\WINDOWS\DiabUnin.exe C:\WINDOWS\DiabUnin.dat
Diablo → C:\WINDOWS\DiabUnin.exe C:\WINDOWS\DiabUnin.dat
Diablo II → C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Easy Internet Sign-up → C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Easy To-Do → “C:\Program Files\Xanadu Tools\Easy To-Do\unins000.exe”
Elrond’s MM6 Editor [v3.6] → C:\PROGRA~1\ELROND~1\UNWISE.EXE C:\PROGRA~1\ELROND~1\INSTALL.LOG
FATE from Hewlett-Packard Laptops (remove only) → “C:\Program Files\WildTangent\Apps\GameChannel\Games\6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89\Uninstall.exe”
Final Drive Nitro from Hewlett-Packard Laptops (remove only) → “C:\Program Files\WildTangent\Apps\GameChannel\Games\320F055A-570F-4335-B026-16A836DB9549\Uninstall.exe”
Final Fantasy VII → C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Square Soft, Inc.\Final Fantasy VII\Uninst.isu"
Final Fantasy VII XP Patch → C:\Program Files\Square Soft, Inc\Final Fantasy VII\Patch\Uninstall XP Patch.EXE /u:“Final Fantasy VII XP Patch”
Flip Words from Hewlett-Packard Laptops (remove only) → “C:\Program Files\WildTangent\Apps\GameChannel\Games\F2566CC2-D4C4-44ED-A838-3F8288D8D3FE\Uninstall.exe”
gigabeat S Series Manual → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{7C5BCAA4-80F2-4092-BD22-F426453BCD17}\Setup.exe” -l0x9 -removeonly
Google Toolbar for Internet Explorer → regsvr32 /u /s “c:\program files\google\googletoolbar4.dll”
Great Pyramid → C:\PROGRA~1\eGames\GREATP~1\UNWISE.EXE C:\PROGRA~1\eGames\GREATP~1\INSTALL.LOG

Hellfire → C:\WINDOWS\IsUninst.exe -fC:\SIERRA\HELLFIRE\Uninst.isu
HijackThis 2.0.2 → “C:\Program Files\Trend Micro\HijackThis\HijackThis.exe” /uninstall
Hotfix for Windows Media Format SDK (KB902344) → “C:\WINDOWS$NtUninstallKB902344$\spuninst\spuninst.exe”
Hoyle Card Games 3 → C:\WINDOWS\IsUninst.exe -fC:\SIERRA\CARD3\Uninst.isu
HP DVD Play 2.0 → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe” -uninstall
HP Game Console and games → C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Help and Support → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe” -l0x9 -removeonly
HP Imaging Device Functions 6.0 → C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0 → C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Rhapsody → C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update → MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides–System Recovery → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{BC96BBA7-C634-460E-AD18-A0A994213F80}\setup.exe” -l0x9 -removeonly
HP User Guides 0024 → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{798E409B-F5CA-449E-9BE6-E18199E007C6}\Setup.exe” -l0x9 -removeonly
HP Wireless Assistant 2.00 B3 → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe” -l0x9 hpquninst
ICQ 5.1 → C:\Program Files\ICQLite\ICQLiteUninstall.EXE
ICQ Toolbar → regsvr32 /u /s “C:\Program Files\ICQToolbar\toolbaru.dll”
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only) → “C:\Program Files\WildTangent\Apps\GameChannel\Games\0E5266B4-9069-401A-93AE-5FF9F1712016\Uninstall.exe”
J2SE Runtime Environment 5.0 Update 10 → MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 → MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 → MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Jewel Quest from Hewlett-Packard Laptops (remove only) → “C:\Program Files\WildTangent\Apps\GameChannel\Games\4C061F83-EE92-445A-A03F-184B0BD59242\Uninstall.exe”
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only) → “C:\Program Files\WildTangent\Apps\GameChannel\Games\E90E3AE9-73E4-4E5C-BB0F-673989A808D0\Uninstall.exe”
Lexibox Deluxe from Hewlett-Packard Laptops (remove only) → “C:\Program Files\WildTangent\Apps\GameChannel\Games\5758A0E8-A112-4A1D-82EC-EC72F7F16B88\Uninstall.exe”
Lightening → C:\Program Files\Lightening\Uninst.exe /pid:{904FC6CC-B684-4549-BA5B-AB5A479C945C} /asd
Lotus SmartSuite 97 → C:\WINDOWS\lunin10.exe /T SmartSuite /V 97.0 /I “c:\lotus\suit.inf” /C “c:\lotus\cinstall.ini” /O /L EN
Macromedia Flash Player 8 → MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Mah Jong Quest from Hewlett-Packard Laptops (remove only) → “C:\Program Files\WildTangent\Apps\GameChannel\Games\E76A7EFF-7758-49EE-B3FA-9699830A2D6B\Uninstall.exe”
Mahjongg Master 5 → C:\PROGRA~1\eGames\MAHJON~1\UNWISE.EXE C:\PROGRA~1\eGames\MAHJON~1\INSTALL.LOG
Master of Dwarves → C:\PROGRA~1\eGames\MASTER~1\UNWISE.EXE C:\PROGRA~1\eGames\MASTER~1\INSTALL.LOG
Memorex 6136 U Scanner Driver → C:\PROGRA~1\Memorex\UNWISE.EXE C:\PROGRA~1\Memorex\INSTALL.LOG
Microsoft Money 2006 → “C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe” /s:120
Microsoft Office 97, Professional Edition → C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Train Simulator → “C:\Program Files\Microsoft Games\Train Simulator\UNINSTAL.EXE” /runtemp /addremove