Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Hijackthis Log file

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Hijackthis Log file

Unread postby C_Bass33 » July 1st, 2006, 3:48 am

My computer is infected with several by several i mean 5- 10 different items
including NeedEware, Coolwwwsearch, Cws.Search home assistant, Sgrunt, and i believe a few trojans its a complete mess but here is the Log
Oh, and i when the scan was done i was in safe mode
Thank you for you help!!


Logfile of HijackThis v1.99.1
Scan saved at 3:14:03 AM, on 7/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitLord\BitLord.exe
C:\Documents and Settings\Eric\Desktop\New Folder\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ats] C:\WINDOWS\system32\asd\loadqm.exe noshow
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AMonitor] C:\Program Files\Tiny Firewall Pro\amon.exe
O4 - HKCU\..\Run: [BPS Spyware Remover] C:\Program Files\BulletProofSoft.com\BPS Spyware Remover\SpyRem.exe
O4 - HKCU\..\Run: [2c9b5087.exe] C:\Documents and Settings\Eric\Local Settings\Application Data\2c9b5087.exe
O4 - HKCU\..\Run: [Bsoe] "C:\WINDOWS\system32\CROSOF~1\services.exe" -vt yazr
O4 - HKCU\..\Run: [Yvljcpa] C:\DOCUME~1\Eric\MYDOCU~1\WNSXS~1\NTEPAD~1.EXE
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O20 - AppInit_DLLs: UmxSbxExw.dll C:\WINDOWS\system32\userinit.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: FW Event Manager (UmxAgent) - Computer Associates International, Inc. - C:\Program Files\Tiny Firewall Pro\UmxAgent.exe
O23 - Service: FW Configuration Interpreter (UmxCfg) - Computer Associates International, Inc. - C:\Program Files\Common Files\PFShared\UmxCfg.exe
O23 - Service: FW User-Mode Helper (UmxFwHlp) - Computer Associates International, Inc. - C:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe
O23 - Service: FW Live Update (UmxLU) - Computer Associates International, Inc. - C:\Program Files\Common Files\PFShared\umxlu.exe
O23 - Service: FW Policy Manager (UmxPol) - Computer Associates International, Inc. - C:\Program Files\Common Files\PFShared\UmxPol.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C_Bass33
Active Member
 
Posts: 12
Joined: July 1st, 2006, 3:42 am
Top
Advertisement
Register to Remove

Unread postby Trogan » July 1st, 2006, 5:57 am

Hi C_Bass33,

Welcome to the MalWare Removal forums! I'll be glad to help you with your computer problems. As an Undergrad, my fixes will need to be checked by an expert first and it could take some time, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happens.

In order for me to help you, please observe the following while we work:

1. If you don't know something, stop and ask! Don't continue, we don't want to start all over again!

2. Understand that cleaning your computer can sometimes take multiple passes/posts, and it's important to follow the steps as listed including re-running scans as listed

3. Please reply to this thread, do not start another.

If you can do those three things, everything should go smoothly.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London
Top

Reply

Unread postby C_Bass33 » July 1st, 2006, 6:28 am

Im ready to fix this thing!
C_Bass33
Active Member
 
Posts: 12
Joined: July 1st, 2006, 3:42 am
Top

Unread postby C_Bass33 » July 1st, 2006, 10:36 am

Can anyone help me?
Im repairing this for a friend and i need to get it back by tommorow.
its either this or I wipe the drive and i dont wanna spend 5 hours reformating and installing an OS
C_Bass33
Active Member
 
Posts: 12
Joined: July 1st, 2006, 3:42 am
Top

Unread postby Trogan » July 1st, 2006, 12:45 pm

Sorry for the wait, C_Bass33! Lets begin!


I see you have three Anti-Virus programs (Norton, McAfee & Avast) and two software Firewall programs (Zone Alarm & Tiny Firewall Pro) running all at the same time. It is never a good idea to have more than one of each running at the same time.

Anti-Virus
You should one as your main AV. It's ok to have second AV as back up but if all three have real time protection this is where the conflict begins.
Go to add remove programs and uninstall one or two of them. As to which one I will leave that to you. Keep in mind.

* Which one seems to run best.?. Least amount of problems
* Which one are you able to get updates for? Have a subscription?
* Is one just a trial and going to stop working/updating soon?

Firewall
Please uninstall one of the Firewall programs. Let me know which Firewall you keep.

After doing this, please continue below

=====

Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if found:

BPS Spyware Remover


Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ats] C:\WINDOWS\system32\asd\loadqm.exe noshow
O4 - HKCU\..\Run: [BPS Spyware Remover] C:\Program Files\BulletProofSoft.com\BPS Spyware Remover\SpyRem.exe
O4 - HKCU\..\Run: [2c9b5087.exe] C:\Documents and Settings\Eric\Local Settings\Application Data\2c9b5087.exe
O4 - HKCU\..\Run: [Bsoe] "C:\WINDOWS\system32\CROSOF~1\services.exe" -vt yazr
O4 - HKCU\..\Run: [Yvljcpa] C:\DOCUME~1\Eric\MYDOCU~1\WNSXS~1\NTEPAD~1.EXE

- Close ALL open windows (especially Internet Explorer!)
Click Fix Checked

Still in HJT:
Click on Config at the bottom right corner
Click on the Misc Tools tab
Click on the Delete a file on reboot... button
Copy and paste the following in the File name box
C:\WINDOWS\system32\userinit.dll
Press YES at the confirmation box to reboot your computer

After rebooting, continue below.

We need to view hidden files and folders:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

Please find and delete the following, if found:

C:\WINDOWS\system32\asd << This folder
C:\WINDOWS\system32\CROSOF~1 <<This folder
C:\DOCUME~1\Eric\My Documents\WNSXS~1 << This folder
C:\Program Files\BulletProofSoft.com << This folder

C:\Documents and Settings\Eric\Local Settings\Application Data\2c9b5087.exe << This file
c:\windows\system32\2c9b5087.exe << This file

Note: If at any point you cannot delete a file in Normal Mode, please try in Safe Mode!

=====

Please reboot your computer and then run this online scan.

Panda ActiveScan

- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the Panda scan report, along with a new HijackThis Log. Also, please let me know which software Firewall you keep.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London
Top

Firewall

Unread postby C_Bass33 » July 1st, 2006, 6:32 pm

Whatever I have has INfected all of my protection software so i cant uninstall or install anything and i cant run my computer in normal mode because it wont start up so i have to use safemode

I did do the hijack this fix items thing but i couldnt uninstall any of the firewalls or virus programs
C_Bass33
Active Member
 
Posts: 12
Joined: July 1st, 2006, 3:42 am
Top

OK

Unread postby C_Bass33 » July 1st, 2006, 8:31 pm

Ok, i finished the scan and here are the results When i use spyware doctor and spybot they come up with different rusults, would you like me to post those logs too????


Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ptzg7mlg.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ptzg7mlg.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ptzg7mlg.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ptzg7mlg.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ptzg7mlg.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ptzg7mlg.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ptzg7mlg.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ptzg7mlg.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ptzg7mlg.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ptzg7mlg.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ptzg7mlg.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ptzg7mlg.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ptzg7mlg.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ptzg7mlg.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ptzg7mlg.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ptzg7mlg.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ptzg7mlg.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Donna\Application Data\Mozilla\Firefox\Profiles\ptzg7mlg.default\cookies.txt[.overture.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Eric\Cookies\eric@entrepreneur[1].txt
Adware:adware/securityerror Not disinfected C:\Documents and Settings\Eric\Favorites\Antivirus Test Online.url
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Eric\Local Settings\Temp\Cookies\eric@atwola[1].txt
Adware:Adware/PurityScan Not disinfected C:\Program Files\Cowabanga\Cowabanga.exe
Adware:Adware/SystemDoctor Not disinfected C:\RECYCLER\S-1-5-21-839522115-1708537768-854245398-1003\Dc258.exe
Dialer:dialer.avv Not disinfected C:\WINDOWS\Downloaded Program Files\gdnUS2339.exe
Adware:adware/spywarequake Not disinfected C:\WINDOWS\system32\1024\ld1975.tmp
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\hggfdab.dll
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\winkit32.dll
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\??crosoft\services.exe
C_Bass33
Active Member
 
Posts: 12
Joined: July 1st, 2006, 3:42 am
Top

Unread postby Trogan » July 2nd, 2006, 1:39 pm

Hi again C_Bass33! Could you do the following please:

=====

Go to Start > Control Panel > Internet Options.
Under the General tab click the Delete Files... button; check the Delete all offline content box and press OK. Next, click the Delete Cookies... button and press OK

Go to "Start" -> "Run" and type in the box: "cleanmgr" press OK. Select the drive where your Operating System is installed (Default is C:) and press OK. Let Disk Cleanup scan your system for files to remove (it takes a few minutes!). On the next screen make sure these 3 options are checked and then press "OK" to remove:
  • Temporary Files
  • Temporary Internet Files
  • Recycle Bin
=====

Find and Delete the following:

C:\Documents and Settings\Eric\Favorites\Antivirus Test Online.url << this file
C:\WINDOWS\Downloaded Program Files\gdnUS2339.exe << this file

=====

Go to Start > Run > type: appwiz.cpl. Check if the following are in the list:
  • PuritySCAN By OIN
  • OuterInfo
  • OIN or similar.

If so, click on it and click remove.
Reboot your computer and delete this folder if found:
C:\Program Files\PurityScan

If any of the above are not listed, download and run this uninstaller:
Uninstaller

Tutorial for the uninstaller if needed

Reboot when done and delete this folder if found:
C:\Program Files\PurityScan

=====

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • A log will be produced here >> C:\vundofix.txt. Please keep that safe.

=====

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

=====

I need to see two different logs by HJT:

Open HJT
Click on Open the Misc Tools Section
Check the two boxes next to Generate StartupList log, and then click on Generate StartupList log
Press Yes at the confirmation box
Save the Notepad file to your desktop for easy reference.

NEXT:

Click on the Open Uninstall Manager button
Click on Save List...
Again, save to the file to your desktop for easy reference.

=====

Please post the following in your next reply:

Contents of C:\vundofix.txt
Contents of C:\rapport.tx
StartupList log and Uninstall manager log
A new HiJackThis log.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London
Top

Ok

Unread postby C_Bass33 » July 2nd, 2006, 5:13 pm

Here is the startup list

StartupList report, 7/2/2006, 5:01:19 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Eric\Desktop\New Folder\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Eric\Desktop\New Folder\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Eric\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
BootSkin Startup Jobs = "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
NeroFilterCheck = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MPFExe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
TrojanScanner = C:\Program Files\Trojan Remover\Trjscan.exe
McRegWiz = C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe = C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
MSKDetectorExe = C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
AIM = C:\Program Files\AIM\aim.exe -cnetwait.odl
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
AMonitor = C:\Program Files\Tiny Firewall Pro\amon.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=UmxSbxExw.dll C:\WINDOWS\system32\userinit.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ssflwbox.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\system32\ssqqr.dll (file missing) - {81CF4B11-DDA3-4013-B6BB-B45DD159E7B7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\system32\mcinsctl.dll
CODEBASE = http://download.mcafee.com/molbin/share ... insctl.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoftware.com/activescan ... asinst.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\ZoneLabs\vetredir.dll
Protocol #2: C:\WINDOWS\system32\ZoneLabs\vetredir.dll
Protocol #3: C:\WINDOWS\system32\ZoneLabs\vetredir.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\mswsock.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\rsvpsp.dll
Protocol #8: C:\WINDOWS\system32\rsvpsp.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\ZoneLabs\vetredir.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD K7 Processor Driver: system32\DRIVERS\amdk7.sys (system)
ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter: system32\DRIVERS\AN983.sys (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
Automatic LiveUpdate Scheduler: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (autostart)
avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (manual start)
avast! Mail Scanner: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)
avast! Web Scanner: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
BootScreen: \SystemRoot\System32\drivers\vidstub.sys (system)
CA ISafe: C:\WINDOWS\system32\ZoneLabs\isafe.exe (manual start)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Internet Security Password Validation: "C:\Program Files\Norton Internet Security\ccPwdSvc.exe" (manual start)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start)
COM Host: "C:\Program Files\Norton Internet Security\comHost.exe" (manual start)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
cportclm: \??\C:\DOCUME~1\Eric\LOCALS~1\Temp\cportclm.sys (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Realtek EAPPkt Protocol: system32\DRIVERS\EAPPkt.sys (autostart)
Symantec Eraser Control driver: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (system)
Media Center Receiver Service: C:\WINDOWS\eHome\ehRecvr.exe (disabled)
Media Center Scheduler Service: C:\WINDOWS\eHome\ehSched.exe (disabled)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
VIA Rhine-Family Fast Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5bv.sys (manual start)
VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver: system32\DRIVERS\fetnd5.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (manual start)
File Security Kernel Anti-Spyware Driver: \??\C:\WINDOWS\system32\drivers\ikhfile.sys (system)
Kernel Anti-Spyware Driver: \??\C:\WINDOWS\system32\drivers\ikhlayer.sys (system)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
KmxAgent: System32\DRIVERS\kmxagent.sys (system)
KmxBiG: System32\DRIVERS\KmxBiG.sys (autostart)
KmxCfg: System32\DRIVERS\kmxcfg.sys (manual start)
KmxFile: System32\DRIVERS\KmxFile.sys (system)
KmxFw: System32\DRIVERS\kmxfw.sys (system)
KmxIds: System32\DRIVERS\kmxids.sys (system)
KmxNdis: System32\DRIVERS\kmxndis.sys (system)
KmxSbx: System32\DRIVERS\KmxSbx.sys (autostart)
LiveUpdate: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
McAfee WSC Integration: c:\program files\mcafee.com\agent\mcdetect.exe (manual start)
McAfee Task Scheduler: c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (manual start)
McAfee SecurityCenter Update Manager: C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (manual start)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
MHN: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
MHN driver: system32\DRIVERS\mhndrv.sys (manual start)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (disabled)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
MPFIREWL: System32\Drivers\MpFirewall.sys (system)
McAfee Personal Firewall Service: C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (manual start)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Norton AntiVirus Auto-Protect Service: "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" (autostart)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Norton Protection Center Service: "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE" (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start)
PDEngine: "C:\Program Files\Raxco\PerfectDisk\PDEngine.exe" (manual start)
PDScheduler: "C:\Program Files\Raxco\PerfectDisk\PDSched.exe" (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (disabled)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver: system32\DRIVERS\wg111v2.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
PC Tools Spyware Doctor: C:\Program Files\Spyware Doctor\sdhelp.exe (manual start)
Secdrv: system32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SjyPkt: \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys (manual start)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (manual start)
Sony Digital Imaging Video2: system32\DRIVERS\sonypvs1.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
srescan: system32\ZoneLabs\srescan.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
st3wolf: system32\DRIVERS\st3wolf.sys (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
stwlfbus: system32\DRIVERS\stwlfbus.sys (system)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{660DD964-167F-4E62-BDB3-95BA7417F1F9} (manual start)
Symantec Core LC: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" (autostart)
SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
SYMIDSCO: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20060505.083\symidsco.sys (manual start)
symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (manual start)
FW Event Manager: "C:\Program Files\Tiny Firewall Pro\UmxAgent.exe" (autostart)
FW Configuration Interpreter: "C:\Program Files\Common Files\PFShared\UmxCfg.exe" (autostart)
FW User-Mode Helper: "C:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe" (autostart)
FW Live Update: "C:\Program Files\Common Files\PFShared\umxlu.exe" (autostart)
FW Policy Manager: "C:\Program Files\Common Files\PFShared\UmxPol.exe" (autostart)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
SecuROM User Access Service (V7): C:\WINDOWS\system32\UAService7.exe (autostart)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: system32\DRIVERS\viaagp.sys (system)
VIA AGP Filter: system32\DRIVERS\viaagp1.sys (system)
ViaIde: system32\DRIVERS\viaide.sys (system)
videX32: system32\DRIVERS\videX32.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
WINIO: ˆý (system)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = PDBoot.exe

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 35,348 bytes
Report generated in 0.110 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only




___________________________________________________________

Ad-Aware SE Professional
Adobe Reader 7.0.7
AIMSong 1.1
Airport Tycoon 2
AOL Instant Messenger
AOL Toolbar 2.0
avast! Antivirus
Big Kahuna Reef
Big Kahuna Reef 2
BitLord 0.56
BootSkin
Brain Sound Studio
ccCommon
C-Media WDM Audio Driver
Corel Paint Shop Pro X
Cowabanga by OIN
Cubis Gold 2
DAEMON Tools
DivX Converter
DivX Player
First Step Guide
Foo Buddy 3.10
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 6
LimeWire 4.10.9
Macromedia Flash Player
Magic ISO Maker v5.2 (build 0191)
MailFrontier Desktop
McAfee Uninstall Wizard
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft Office Professional Edition 2003
Mozilla Firefox (1.5)
MSRedist
Nero 7 Demo
Norton AntiSpam
Norton AntiSpam
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
Pack Crystal XP 3.0
Panda ActiveScan
PC Surgeon
PerfectDisk
Power MP3 WMA Converter 2006, (ver 3.42)
Reason 3.0
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
SmartSound Quicktracks Plugin
Sony USB Driver
Spybot - Search & Destroy 1.4
Spyware Doctor 3.8
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 University
Tiny Desktop Firewall 2005 Pro
Train Conductor
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WG111v2 Configuration Utility
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Word Jong To Go
ZoneAlarm Security Suite


-----------------------------------------------------------------------------------

SmitFraudFix v2.65

Scan done at 16:57:53.01, Sun 07/02/2006
Run from C:\Documents and Settings\Eric\Desktop\SMITFRAID
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7916f057-223f-4612-ac84-e882cbe043d4}"="bals"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\Documents and Settings\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareQuake.com 2.1.lnk Deleted
C:\Program Files\SpywareQuake.com\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------------------------------


VundoFix V4.2.84

Checking Java version...

Java version is 1.5.0.6

Scan started at 3:49:58 PM 7/2/2006

Listing files found while scanning....


C:\WINDOWS\system32\rqqss.bak1
C:\WINDOWS\system32\rqqss.bak2
C:\WINDOWS\system32\rqqss.ini
C:\WINDOWS\system32\ssqqr.dll
Attempting to delete C:\WINDOWS\system32\rqqss.bak1
C:\WINDOWS\system32\rqqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqqss.bak2
C:\WINDOWS\system32\rqqss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqqss.ini
C:\WINDOWS\system32\rqqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqqr.dll
C:\WINDOWS\system32\ssqqr.dll Has been deleted!

Performing Repairs to the registry.
Done!

---------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 5:09:21 PM, on 7/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Eric\Desktop\New Folder\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: (no name) - {81CF4B11-DDA3-4013-B6BB-B45DD159E7B7} - C:\WINDOWS\system32\ssqqr.dll (file missing)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AMonitor] C:\Program Files\Tiny Firewall Pro\amon.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - AppInit_DLLs: UmxSbxExw.dll C:\WINDOWS\system32\userinit.dll
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: FW Event Manager (UmxAgent) - Computer Associates International, Inc. - C:\Program Files\Tiny Firewall Pro\UmxAgent.exe
O23 - Service: FW Configuration Interpreter (UmxCfg) - Computer Associates International, Inc. - C:\Program Files\Common Files\PFShared\UmxCfg.exe
O23 - Service: FW User-Mode Helper (UmxFwHlp) - Computer Associates International, Inc. - C:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe
O23 - Service: FW Live Update (UmxLU) - Computer Associates International, Inc. - C:\Program Files\Common Files\PFShared\umxlu.exe
O23 - Service: FW Policy Manager (UmxPol) - Computer Associates International, Inc. - C:\Program Files\Common Files\PFShared\UmxPol.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Well ther you go mate!



:D
C_Bass33
Active Member
 
Posts: 12
Joined: July 1st, 2006, 3:42 am
Top

Unread postby Trogan » July 2nd, 2006, 8:27 pm

Hi again, C_Bass33! Thanks for the logs!

Can you enter Normal Mode now? How about using the uninstall function?

If you can use the uninstall function, then please uninstall some of the Anti-Virus and Firewall programs, along with these.

BitLord 0.56
LimeWire 4.10.9
The above Peer2Peer maybe the reason of the current computer problems.
Viewpoint Manager (Remove Only)
Viewpoint Media Player

Again, please let me know which Firewall you keep as it is important for future fixes.

=====

Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

O2 - BHO: (no name) - {81CF4B11-DDA3-4013-B6BB-B45DD159E7B7} - C:\WINDOWS\system32\ssqqr.dll (file missing)

- Close ALL open windows (especially Internet Explorer!)
Click Fix Checked


Make sure you can view hidden files and folders, then find and delete the following:

C:\WINDOWS\system32\userinit.dll << this file

=====

Please print out this instructions as you should have all open windows and programs closed when running the scan.

Step 1.
==========
- Please download F-Secure's trial Blacklight from here
- Print out the help page for guidance. It will be found here
- Click the "I Accept" button at the the license agreement
- Click the "Download" button to start the download
- Save it to your Desktop

Step 2.
==========
- Double-click the blbeta.exe file on your Desktop
- Select the "I Accept the agreement" at the license agreement, then click "Next"
- Make sure all open programs and windows are closed (including this IE window) before clicking the "Scan" button
- Click "Scan
- When the animated graphics, in the bottom right-hand corner, disappears, click "Next"
- A text log file will appear on your Desktop when the scan is complete. It will start with fsbl-xxxxxx.txt (ie: fsbl-20051017165931.log)
- Paste the contents of that log back here.

Also, please let me know the state of computer now and what Firewall you kept. :)
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London
Top

grrr

Unread postby C_Bass33 » July 2nd, 2006, 10:31 pm

Ok, i did the Hijackthis scan and deleted the files
but my computer doesnt get internet when i use it in normal mode and it only stays workable for a minute or two and then it starts to run extremely slow and freezes

and Im using the zone labs security suite and im not using any antivirus at the moment because i honestly see no point and i lost my norton cd

I cant uninstall mcafee beacuse im in safe mode and i cant uninstall tiny fireawll also because im in safe mode
C_Bass33
Active Member
 
Posts: 12
Joined: July 1st, 2006, 3:42 am
Top

grrrrr

Unread postby C_Bass33 » July 2nd, 2006, 10:46 pm

I did the Hijack this scan and deleted those files
and i cant run black light becuz im in safemode
but everytime i goto normal mode it freezes and i cant get internet

i cant uninsatall my virus or firewall protectoin becuz im in safe mode

and im continuing to use zone labs and im not using any virus protection
C_Bass33
Active Member
 
Posts: 12
Joined: July 1st, 2006, 3:42 am
Top

CWS

Unread postby C_Bass33 » July 3rd, 2006, 8:32 am

I ran a Spybot SD search and the smitfraud still came up, and that coolwebsearch wont go away


--- Search result list ---
Sgrunt: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sgrunt.biz\*!=W=4

CoolWWWSearch: Domain settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwwwsearch.com\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.com\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmeup.com\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bestcounter.biz\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotchbar.com\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com\*!=W=4

CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com\*!=W=4

CoolWWWSearch.Googlems: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\teensguru.com\*!=W=4

CoolWWWSearch.Googlems: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com\*!=W=4

CoolWWWSearch.Leftovers: Trusted Site (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\greatplugin.com\*!=W=4

CoolWWWSearch.Mupdate: Trusted Site (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\masspass.com\*!=W=4

CoolWWWSearch.Toolband: Trusted Site (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isprime.com\*!=W=4

CoolWWWSearch.WinRes: Trusted Site (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\i-lookup.com\*!=W=4

CoolWWWSearch.WinRes: Trusted Site (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\offshoreclicks.com\*!=W=4

NeedEdware: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\neededware.com\*!=W=4

Smitfraud-C.: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\asdbiz.biz\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\20x2p.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\75tz.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ewizard.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fuck-fuck.org\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ga31.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rf104.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\solongas.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\super-spider.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\t34rulit.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\toprefsys.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\v-224.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\veryeasysearch.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\visitfriend.net\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-839522115-1708537768-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webpidor.biz\*!=W=4


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-06-26 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-06-23 Includes\Cookies.sbi (*)
2006-06-23 Includes\Dialer.sbi (*)
2006-06-23 Includes\Hijackers.sbi (*)
2006-06-23 Includes\Keyloggers.sbi (*)
2006-06-23 Includes\Malware.sbi (*)
2006-06-23 Includes\PUPS.sbi (*)
2006-06-23 Includes\Revision.sbi (*)
2006-06-23 Includes\Security.sbi (*)
2006-06-23 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-06-23 Includes\Trojans.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB887998)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Microsoft .NET Framework 1.0 Hotfix (KB887998)
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)


--- Startup entries list ---
Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file:

Located: HK_LM:Run, BootSkin Startup Jobs
command: "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
file: C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe
size: 270336
MD5: 998492d3c53eef257308c016ac9dd825

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file:

Located: HK_LM:Run, MCAgentExe
command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe
file:

Located: HK_LM:Run, McRegWiz
command: C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
file: C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
size: 368714
MD5: 997c69c3091ddd9ea281377bdadaa2cc

Located: HK_LM:Run, MCUpdateExe
command: C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
file:

Located: HK_LM:Run, MPFExe
command: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
file:

Located: HK_LM:Run, MSKDetectorExe
command: C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
file:

Located: HK_LM:Run, NeroFilterCheck
command: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
file:

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, TrojanScanner
command: C:\Program Files\Trojan Remover\Trjscan.exe
file:

Located: HK_LM:Run, Zone Labs Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 968696
MD5: 458f08186d9ff19a9b9d12d5f56004d0

Located: HK_CU:Run, AIM
command: C:\Program Files\AIM\aim.exe -cnetwait.odl
file:

Located: HK_CU:Run, AMonitor
command: C:\Program Files\Tiny Firewall Pro\amon.exe
file: C:\Program Files\Tiny Firewall Pro\amon.exe
size: 561152
MD5: 1b293f8fa432ed2f0b5011d012579d07

Located: HK_CU:Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
command: "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
file: C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
size: 90112
MD5: 666bf0245be370cfcf4b4057b8af6e17

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, PFW
command: UmxWnp.Dll
file: UmxWnp.Dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---


--- ActiveX list ---
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class)
DPF name:
CLSID name: McAfee.com Operating System Class
Installer: C:\WINDOWS\Downloaded Program Files\mcinsctl.inf
Codebase: http://download.mcafee.com/molbin/share ... insctl.cab
description:
classification: Open for discussion
known filename: mcinsctl.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: mcinsctl.dll
Short name:
Date (created): 6/14/2006 1:27:54 AM
Date (last access): 7/2/2006 10:47:52 PM
Date (last write): 8/23/2005 6:16:34 PM
Filesize: 349760
Attributes:
MD5: 2A3992E51864A40CF62F26D9EDE8C767
CRC32: CBA3CAC9
Version: 4.0.0.97

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/activescan ... asinst.cab
description:
classification: Open for discussion
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 4/11/2006 5:10:10 PM
Date (last access): 7/3/2006 8:09:20 AM
Date (last write): 4/11/2006 5:10:10 PM
Filesize: 135168
Attributes: archive
MD5: 7267AE9C8DF527C30885DC29687D2A9B
CRC32: 1B1733A3
Version: 58.5.0.0

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 1:52:58 PM
Date (last access): 7/2/2006 10:27:10 PM
Date (last write): 11/10/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 1:52:58 PM
Date (last access): 7/3/2006 8:30:24 AM
Date (last write): 11/10/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5



--- Process list ---
PID: 0 ( 0) [System]
PID: 336 ( 4) \SystemRoot\System32\smss.exe
PID: 408 ( 336) \??\C:\WINDOWS\system32\csrss.exe
PID: 432 ( 336) \??\C:\WINDOWS\system32\winlogon.exe
PID: 476 ( 432) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 488 ( 432) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 640 ( 476) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 704 ( 476) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 812 ( 476) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 880 ( 476) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 920 ( 476) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1408 ( 432) C:\WINDOWS\system32\WgaTray.exe
size: 186672
MD5: D8E0DE520F3823FF8B1819B4302AF288
PID: 1584 (1340) C:\Program Files\Mozilla Firefox\firefox.exe
size: 7177325
MD5: 635D94AB57D1B7EDB36B0C4F1A980A88
PID: 2040 (1340) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 968696
MD5: 458F08186D9FF19A9B9D12D5F56004D0
PID: 156 (2040) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
size: 75768
MD5: 2E2DFC286F5ECFCF6B9A473C87EEE77D
PID: 892 (2040) C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
size: 894544
MD5: 238BD8D1757F3763A29E77A606C60F2E
PID: 984 ( 780) C:\WINDOWS\explorer.exe
size: 2710528
MD5: 8A5CD5A66652EF0C3A1DA80E1BBD13AA
PID: 1952 ( 984) C:\Program Files\AIM\aim.exe
size: 67160
MD5: 043C0DE8412FCDB6B13AB8CCF4F8B72B
PID: 916 (1952) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 1528 ( 984) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 7/3/2006 8:30:25 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: CA ISafe LSP over [MSAFD Tcpip [TCP/IP]]
GUID: {EC6C6CE8-E516-4147-9985-F44EDB797F9C}
Filename: C:\WINDOWS\system32\ZoneLabs\vetredir.dll

Protocol 1: CA ISafe LSP over [MSAFD Tcpip [UDP/IP]]
GUID: {EC6C6CE8-E516-4147-9985-F44EDB797F9C}
Filename: C:\WINDOWS\system32\ZoneLabs\vetredir.dll

Protocol 2: CA ISafe LSP over [MSAFD Tcpip [RAW/IP]]
GUID: {EC6C6CE8-E516-4147-9985-F44EDB797F9C}
Filename: C:\WINDOWS\system32\ZoneLabs\vetredir.dll

Protocol 14: CA ISafe LSP
GUID: {AE2578B4-F478-4313-9A3E-1B83F7A643DF}
Filename: C:\WINDOWS\system32\ZoneLabs\vetredir.dll



--- Uninstall list ---
(1ny8btk7qn7qsjqm7kwns9kyu3rrbn6e)

Ad-Aware SE Professional (Ad-Aware SE Professional)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

(AddressBook)

AIMSong 1.1 1.1 (AIMSong)
uninstall cmd: C:\Program Files\AIMSong\uninst.exe
publisher: Kazoobi.com

AOL Instant Messenger (AOL Instant Messenger)
uninstall cmd: C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=

AOL Toolbar 2.0 (AOL Toolbar)
uninstall cmd: "C:\Program Files\AOL\AOL Toolbar 2.0\uninstall.exe"

avast! Antivirus 4.7 (avast!)
version (major): 4
version (minor): 7
install location: C:\PROGRA~1\ALWILS~1\Avast4
install source: C:\DOCUME~1\Eric\Desktop
uninstall cmd: rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
publisher: Alwil Software
help link: http://www.avast.com

BootSkin (BootSkin)
uninstall cmd: C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\UNWISE.EXE C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\INSTALL.LOG

Brain Sound Studio (Brain Sound Studio)
uninstall cmd: "C:\Program Files\Brain Sound Studio\BrainSoundStudio.exe" -uninstall

(Branding)

C-Media WDM Audio Driver (C-Media Audio Driver)
uninstall cmd: C:\WINDOWS\system32\cmirmdrv.exe

(Connection Manager)

Cowabanga by OIN (Cowabanga)
uninstall cmd: C:\Program Files\Cowabanga\uninstaller.exe

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

(Fontcore)

Foo Buddy 3.10 (Foo Buddy_is1)
install location: C:\Program Files\Foo Buddy\
uninstall cmd: "C:\Program Files\Foo Buddy\unins000.exe"
publisher: Play Buddy
help link: http://www.playbuddy.com

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\DOCUME~1\Eric\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

(InstallShield_{1F86581E-AD75-4EAD-9B8C-75DC27C66632})

SmartSound Quicktracks Plugin 3.0.2.7 (InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E})
version: 50331650
version (major): 3
estimated size: 16790
install date: 20060507
install location: C:\Program Files\SmartSound Software\Quicktracks\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
publisher: SmartSound Software Inc
comments: Built by SmartSound Software Inc.
contact: Customer Support Department
help link: http://www.smartsound.com/support
help telephone: 1-818-920-9122

Airport Tycoon 2 1.00.0000 (InstallShield_{A2B42840-4740-4F1D-BBE9-267297726C9D})
version: 16777216
version (major): 1
estimated size: 327680
install date: 20060527
install source: D:\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A2B42840-4740-4F1D-BBE9-267297726C9D}
publisher: Sunstorm Interactive
comments: Your Comments
contact: Customer Support Department
help link: http://www.yourcompany.com/help
help telephone: 555-5555

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

(KB884016)

Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Microsoft .NET Framework 1.0 Hotfix (KB887998) (KB887998)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Update for Windows XP (KB898461) 1 (KB898461)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Security Update for Windows XP (KB899589) 1 (KB899589)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899589

Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

Update for Windows XP (KB900485) 2 (KB900485)
install date: 20060427
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485

Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Security Update for Windows XP (KB904706) 2 (KB904706)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Security Update for Windows XP (KB908531) 1 (KB908531)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Update for Windows XP (KB910437) 1 (KB910437)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Security Update for Windows XP (KB911280) 1 (KB911280)
install date: 20060615
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280

Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Security Update for Windows Media Player 10 (KB911565) (KB911565)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911565

Security Update for Windows XP (KB911567) 1 (KB911567)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567

Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927

Security Update for Windows XP (KB912812) 1 (KB912812)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912812

Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919

Security Update for Windows XP (KB913446) 1 (KB913446)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913446

Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20060511
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580

Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20060615
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389

Security Update for Windows XP (KB916281) 1 (KB916281)
install date: 20060615
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916281

Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20060615
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344

Security Update for Windows Media Player 10 (KB917734) (KB917734_WMP10)
install date: 20060615
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734

Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20060615
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953

Security Update for Windows XP (KB918439) 1 (KB918439)
install date: 20060615
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439

Magic ISO Maker v5.2 (build 0191) (Magic ISO Maker v5.2 (build 0191))
uninstall cmd: C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG

MailFrontier Desktop 4.8.1.7217 (MailFrontier Desktop)
uninstall cmd: C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\UNWISE.EXE C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\INSTMLF.LOG
publisher: MailFrontier

(McAfee Personal Firewall Plus)
uninstall cmd: c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mpf /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\mpfrem.ui::uninstall.htm

(Mcafee SecurityCenter)
uninstall cmd: c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm

McAfee Uninstall Wizard (McAfee Uninstall Utility)
uninstall cmd: C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm

(MobileOptionPack)

Mozilla Firefox (1.5) 1.5 (en-US) (Mozilla Firefox (1.5))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5 (en-US)"
publisher: Mozilla

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

(NeroBackItUp!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

(NeroRecode!UninstallKey)
uninstall cmd: C:\WINDOWS\UNRecode.exe /UNINSTALL

(NeroShowTime!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

(NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL

(NetMeeting)

NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\WINDOWS\system32\nvudisp.exe UninstallGUI

(nxrr79drv29d8pp9zy3ee7hgezq5wnqv)

(OutlookExpress)

Pack Crystal XP 3.0 3.0 (Pack Crystal XP)
uninstall cmd: C:\WINDOWS\Packs\Crystal XP\Uninstall.exe
publisher: Bricomix

Panda ActiveScan (Panda ActiveScan)
uninstall cmd: C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
publisher: Panda Software S.L.

PC Surgeon (PC Surgeon)
uninstall cmd: C:\PROGRA~1\DEANSO~1\PCSURG~1\gduninst.exe /d:"C:\Program Files\Dean Software\PC Surgeon\pcsurgeon.ssi" /cpl

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Power MP3 WMA Converter 2006, (ver 3.42) 3.42a (Power MP3 WMA Converter_is1)
install location: C:\Program Files\Power MP3 WMA Converter\
uninstall cmd: "C:\Program Files\Power MP3 WMA Converter\unins000.exe"
publisher: CooolSoft, Inc.
help link: http://www.cooolsoft.com

Reason 3.0 3.0 (Reason_is1)
uninstall cmd: "C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
publisher: Propellerhead Software AB

(SchedulingAgent)

(Sevinst)

(ShockwaveFlash)

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Spyware Doctor 3.8 3.8 (Spyware Doctor_is1)
install location: C:\Program Files\Spyware Doctor\
uninstall cmd: "C:\Program Files\Spyware Doctor\unins000.exe"
publisher: PC Tools Research Pty. Ltd.
help link: http://www.pctools.com/spyware-doctor/support/

Norton Internet Security 2006 (Symantec Corporation) 9.0.0.73 (SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20})
install location: C:\Program Files\Norton Internet Security
install source: D:\WINNT
uninstall cmd: "C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe" /X
publisher: Symantec Corporation

VIA Rhine-Family Fast Ethernet Adapter (VN_VUIns_Rhine_VIA)
uninstall cmd: Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA

Windows Genuine Advantage Validation Tool (WGA)
install date: 20060417
publisher: Microsoft Corporation
help link: http://www.microsoft.com/genuine

Windows Genuine Advantage Notifications (KB905474) 1.5.0526.0 (WgaNotify)
install date: 20060507
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905474

Winamp (remove only) (Winamp)
uninstall cmd: "C:\Program Files\Winamp\UninstWA.exe"

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

ZoneAlarm Security Suite 6.5.722.000 (ZoneAlarm Security Suite)
uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
publisher: Zone Labs, Inc
help link: C:\Program Files\Zone Labs\ZoneAlarm\Help\zaclients.chm

Macromedia Flash Player 7.0.19.0 ({0456ebd7-5f67-4ab6-852e-63781e3f389c})
version: 117440531
version (major): 7
estimated size: 906
install date: 20060506
uninstall cmd: MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
publisher: Macromedia, Inc.

ccCommon 104.0.1.17 ({1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB})
version: 1744830465
version (major): 104
estimated size: 6095
install date: 20060417
install source: D:\WINNT\Support\ccCommon\
uninstall cmd: MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
publisher: Symantec

Norton Internet Security 9.0.0.73 ({12E2B9E9-05B1-407d-B0FD-B5F350535125})
version: 150994944
version (major): 9
estimated size: 20695
install date: 20060417
install source: D:\WINNT\Setup\
uninstall cmd: MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
publisher: Symantec Corporation

AutoUpdate 1.1 ({18D10072035C4515918F7E37EAFAACFC})
install location: C:\Program Files\DivX

Corel Paint Shop Pro X 10.0 ({1A15507A-8551-4626-915D-3D5FA095CC1B})
version: 167772160
version (major): 10
estimated size: 178740
install date: 20060612
install location: C:\Program Files\Corel\Corel Paint Shop Pro X\
install source: C:\Program Files\Corel\Corel Paint Shop Pro X - Installation Files\
uninstall cmd: MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
publisher: Corel Inc
comments: Installs Paint Shop Pro X
contact: Corel Customer Service
help link: http://www.corel.com/support
help telephone: U.S. 1-800-772-6735 Outside U.S. +441628 581601, UK: 0870 774 0202
readme: C:\Program Files\Corel\Corel Paint Shop Pro X\readme.html

Nero 7 Demo 7.00.7520 ({1B779CC7-5F25-29B3-5150-AF44A6201033})
version: 117448032
version (major): 7
estimated size: 250697
install date: 20060423
install location: C:\Program Files\Nero\Nero 7\
uninstall cmd: MsiExec.exe /I{1B779CC7-5F25-29B3-5150-AF44A6201033}
publisher: Nero AG
comments: Nero AG
contact: techsupport@nero.com
help link: http://www.nero.com/

Platform 1.13 ({20D4A895-748C-4D88-871C-FDB1695B0169})
version: 17629184
version (major): 1
version (minor): 13
install date: 20060416
install source: C:\Documents and Settings\Administrator\Desktop\VIA_HyperionPro_V508A\
publisher: VIA Technologies, Inc.
comments: VIA Hyperion Pro Setup Program
contact: http://forums.viaarena.com/
help link: http://www.viaarena.com/
help telephone: NULL
readme: NULL

J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 129701
install date: 20060423
install source: http://jdl.sun.com/webapps/download/Get ... ows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_06\README.txt

WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2456
install date: 20060416
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

Norton AntiSpam 2006.2.0.150 ({3B29A786-5803-4E9E-9B58-3014A5B4E519})
version (major): 2006
version (minor): 2
estimated size: 1589
install date: 20060417
install source: D:\WINNT\Setup\
uninstall cmd: MsiExec.exe /I{3B29A786-5803-4E9E-9B58-3014A5B4E519}
publisher: Symantec Corporation

Tiny Desktop Firewall 2005 Pro 6.5.126 ({3EBF4D6B-39FD-4EAA-B632-8221CE77F3AF})
version: 100991102
version (major): 6
version (minor): 5
estimated size: 14823
install date: 20060616
install source: C:\WINDOWS\Downloaded Installations\{BDEE1CEF-C500-466D-A39A-ED3F81C59FE9}\
uninstall cmd: MsiExec.exe /I{3EBF4D6B-39FD-4EAA-B632-8221CE77F3AF}
publisher: Tiny Software
comments: Tiny Firewall 2005 Pro
contact:
help link: http://www.tinysoftware.com
help telephone:

Norton Internet Security 9.0.0.73 ({48185814-A224-447a-81DA-71BD20580E1B})
version: 150994944
version (major): 9
estimated size: 4055
install date: 20060417
install source: D:\WINNT\Setup\
uninstall cmd: MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
publisher: Symantec Corporation

SmartSound Quicktracks Plugin 3.0.2.7 ({4A7FDA4D-F4D7-4A49-934A-066D59A43C7E})
version: 50331650
version (major): 3
estimated size: 16790
install date: 20060507
install location: C:\Program Files\SmartSound Software\Quicktracks\
publisher: SmartSound Software Inc
comments: Built by SmartSound Software Inc.
contact: Customer Support Department
help link: http://www.smartsound.com/support
help telephone: 1-818-920-9122

Norton AntiSpam 2006.2.0.153 ({5677563D-0CB1-485F-9E18-C5025306BB3F})
version (major): 2006
version (minor): 2
estimated size: 8956
install date: 20060417
install source: D:\WINNT\Setup\
uninstall cmd: MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
publisher: Symantec Corporation

Sony USB Driver ({5C29CB8B-AC1E-4114-8D68-9CD080140D4A})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL

({62369F2F77534556AEF4C58152E3BDE5})

The Sims 2 Family Fun Stuff ({6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0})
uninstall cmd: C:\Program Files\EA GAMES\The Sims 2 Family Fun Stuff\EAUninstall.exe

6.1.1 ({7585478E9D9B42108671C12F8714CEFE})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
publisher: DivX, Inc.

DAEMON Tools 3.33.0.0 ({7A27AE24-F5B8-4ABC-B3DA-AB57BC7309FB})
version: 52494336
version (major): 3
version (minor): 33
estimated size: 512
install date: 20060429
install source: C:\DOCUME~1\Eric\LOCALS~1\Temp\daemon\
uninstall cmd: MsiExec.exe /I{7A27AE24-F5B8-4ABC-B3DA-AB57BC7309FB}
publisher: DAEMON'S HOME
help link: support@daemon-tools.cc

The Sims 2 Open For Business ({7B3577F5-1D82-4C9B-008B-69D026FD8BCA})
uninstall cmd: C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe

Norton Protection Center 1.1.2 ({82A5BF38-8461-4A5C-B2C9-24F5256D92A6})
version: 16842754
version (major): 1
version (minor): 1
estimated size: 3870
install date: 20060417
install source: D:\WINNT\Support\NSC\
uninstall cmd: MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
publisher: Symantec Corp

Cubis Gold 2 ({82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11028247})
install date: 05/03/2006
install location: C:\Program Files\Oberon Media\Cubis Gold 2
install source: C:\Documents and Settings\Donna\Desktop
uninstall cmd: "C:\Program Files\Oberon Media\Cubis Gold 2\Uninstall.exe" "C:\Program Files\Oberon Media\Cubis Gold 2\install.log"
publisher: Oberon Media

Big Kahuna Reef ({82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783})
install date: 04/24/2006
install location: C:\Program Files\Oberon Media\Big Kahuna Reef
install source: C:\Documents and Settings\Donna\Desktop
uninstall cmd: "C:\Program Files\Oberon Media\Big Kahuna Reef\Uninstall.exe" "C:\Program Files\Oberon Media\Big Kahuna Reef\install.log"
publisher: Oberon Media

Word Jong To Go ({82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110536230})
install date: 05/03/2006
install location: C:\Program Files\Oberon Media\Word Jong To Go
install source: C:\Documents and Settings\Donna\Desktop
uninstall cmd: "C:\Program Files\Oberon Media\Word Jong To Go\Uninstall.exe" "C:\Program Files\Oberon Media\Word Jong To Go\install.log"
publisher: Oberon Media

Big Kahuna Reef 2 ({82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111310630})
install date: 06/07/2006
install location: C:\Program Files\Oberon Media\Big Kahuna Reef 2
install source: C:\Documents and Settings\Donna\Desktop
uninstall cmd: "C:\Program Files\Oberon Media\Big Kahuna Reef 2\Uninstall.exe" "C:\Program Files\Oberon Media\Big Kahuna Reef 2\install.log"
publisher: Oberon Media

The Sims 2 ({8AB8D458-939E-403F-0097-9BA1C1F013D5})
uninstall cmd: C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe

DivX Player 6.2.0 ({8ADFC4160D694100B5B8A22DE9DCABD9})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
publisher: DivXNetworks, Inc.

Microsoft Office Professional Edition 2003 11.0.7969.0 ({90110409-6000-11D3-8CFE-0150048383C9})
version: 184557345
version (major): 11
estimated size: 658872
install date: 20060423
install source: C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\
uninstall cmd: MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM

Airport Tycoon 2 1.00.0000 ({A2B42840-4740-4F1D-BBE9-267297726C9D})
version: 16777216
version (major): 1
estimated size: 327680
install date: 20060527
install source: D:\
publisher: Sunstorm Interactive
comments: Your Comments
contact: Customer Support Department
help link: http://www.yourcompany.com/help
help telephone: 555-5555

Norton Internet Security 9.0.0.73 ({A93C9E60-29B6-49da-BA21-F70AC6AADE20})
version: 150994944
version (major): 9
estimated size: 37374
install date: 20060417
install source: D:\WINNT\Setup\
uninstall cmd: MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
publisher: Symantec Corporation

Adobe Reader 7.0.7 7.0.7 ({AC76BA86-7AD7-1033-7B44-A70700000002})
version: 117440519
version (major): 7
estimated size: 66656
install date: 20060520
install location: C:\Program Files\Adobe\Acrobat 7.0\Reader\
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig707\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

DivX Converter 6.1.1 ({B13A7C41581B411290FBC0395694E2A9})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
publisher: DivX, Inc.

MSRedist 1.0.0.0 ({B7C61755-DB48-4003-948F-3D34DB8EAF69})
version: 16777216
version (major): 1
estimated size: 4507
install date: 20060417
install source: D:\WINNT\Support\Redist\
uninstall cmd: MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
publisher: Symantec Corporation

SymNet 6.0.2.211 ({B8B110FC-15A7-4D5B-B8EC-584199692AE3})
version: 100663298
version (major): 6
estimated size: 2726
install date: 20060417
publisher: Symantec Corporation

PerfectDisk 7.00.040 ({C190CB55-817E-4713-84F4-0BBB8961CED9})
version: 117440552
version (major): 7
estimated size: 5011
install date: 20060423
install source: C:\Program Files\Raxco\PD70Install\
uninstall cmd: MsiExec.exe /I{C190CB55-817E-4713-84F4-0BBB8961CED9}
publisher: Raxco
comments: PerfectDisk defragmentation utility
contact: http://www.raxco.com/support/nt_email.cfm
help link: http://www.raxco.com/support/windows/
help telephone: 1-301-527-0803
readme: 0

First Step Guide 1.00.000 ({C797EAF2-707A-4239-BDF3-F2672314A734})
version: 16777216
install location: C:\Program Files\Sony Corporation\Picture Package\First Step Guide
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C797EAF2-707A-4239-BDF3-F2672314A734}\setup.exe" -l0x9 UNINSTALL

The Sims 2 University ({E0990010-9FC0-47CB-0095-C4F40C9432A9})
uninstall cmd: C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe

WG111v2 Configuration Utility 1.00 ({E0F252A6-DE85-4E93-A93B-DFC3537B3965})
version: 16777216
install date: 20060604
install location: C:\Program Files\NETGEAR\WG111v2 Configuration Utility
install source: D:\Utility\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0F252A6-DE85-4E93-A93B-DFC3537B3965}\setup.exe" -l0x9 REMOVE -removeonly
publisher: REALTEK Semiconductor Corp.
comments: REALTEK USB Wireless Network Monitor Utility
contact: nicfae@realtek.com.tw
help link: http://www.realtek.com.tw

({F64306A5-4C32-41bb-B153-53986527FAB4})

The Sims 2 Nightlife ({F7529650-B9DB-481B-0089-A2AC3C2821C1})
uninstall cmd: C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe



--- System Services ---
Service (registry key): .NET CLR Data
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Start: 0
Type: 0
Error Control: 0

Service (registry key): Aavmker4
Display name: avast! Asynchronous Virus Monitor
Start: 1
Type: 1
Error Control: 1

Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: system32\DRIVERS\ACPI.sys
Image size: 187776
Image MD5: A10C7534F7223F4A73A948967D00E69B
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1

Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142464
Image MD5: 1EE7B434BA961EF845DE136224C30FEC
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Display name: AFD
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Aha154x
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: F1958FBF86D5C004CF19A5951A9514B7
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): AmdK7
Display name: AMD K7 Processor Driver
Image path: system32\DRIVERS\amdk7.sys
Image size: 37376
Image MD5: 680AD1C1BB16239E28D8F33A54A7A3C7
Start: 1
Type: 1
Error Control: 1

Service (registry key): amsint
Start: 4
Type: 1
Error Control: 1

Service (registry key): AN983
Display name: ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter
Image path: system32\DRIVERS\AN983.sys
Image size: 36224
Image MD5: 116BFF96077A4A724E0AAB800525CEB5
Start: 3
Type: 1
Error Control: 1

Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1

Service (registry key): asc
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Start: 4
Type: 1
Error Control: 1

Service (registry key): Aspi32
Start: 2
Type: 1
Error Control: 1

Service (registry key): aswMon2
Display name: avast! Standard Shield Support
Start: 2
Type: 2
Error Control: 1

Service (registry key): aswRdr
Display name: aswRdr
C_Bass33
Active Member
 
Posts: 12
Joined: July 1st, 2006, 3:42 am
Top

Unread postby Trogan » July 3rd, 2006, 2:06 pm

Hi C_Bass33!

We need to try and get the system to some kind of working state. Can you try the following suggestions. If the condition of the computer improves at any stage, please let us know.


1) Keep tapping F8 as the computer is booting and you should come to the bootmenu. From the list, please select "last known good configuration". Instructions available here.

2) Go to Start > All Programs > Accessories > System Tools > System Restore.

Select "Restore my computer to an earlier time" and press Next. Follow the wizard/guide to choose an earlier date, and then go back to it.

3) For this you will need your XP CD. Boot from the CD and select the option for Repair. This will replace any missing system files, but won't delete anything. Instructions available here.


Please let us know if any of those suggestions worked. :)
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London
Top

sry

Unread postby C_Bass33 » July 5th, 2006, 2:38 pm

Ok it will start in normal mode but no internet and i cant find my xp cd becuz we jsut recently moved, Should i just spend $200.00 on a new Operating system because this seems unfixable
C_Bass33
Active Member
 
Posts: 12
Joined: July 1st, 2006, 3:42 am
Top
Advertisement
Register to Remove
Next
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 114 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index