Free Malware Removal Forum

by **william stroomer** » March 14th, 2008, 4:08 pm

how do i attach noadware to this blog

by **Simon V.** » March 18th, 2008, 11:56 am

Hello, and welcome to the forum.

My name is Simon V., and I'll be glad to help you with your computer problems.

Download HJTInstall.exe to your desktop.

Doubleclick HJTInstall.exe to install HijackThis.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad. Copy the contents of that log and paste them in your next reply.

Don't use the AnalyseThis button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

by **william stroomer** » March 18th, 2008, 3:14 pm

Thank You Simon

by **Simon V.** » March 19th, 2008, 5:49 am

Hi

When posting your logs please post them directly into the reply. Do not attach them.

Step 1

Please download and install CCleaner.

Open CCleaner. On the Windows tab, leave the default options alone.

On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
Click on the Run Cleaner button at the bottom right hand corner.
When the cleaner has completed, click Tools in the Left Pane.
Verify that Uninstall is highlighted in color, or click on it.
In the lower right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt.
Click Save, then exit Ccleaner.

Step 2

Print these instructions or copy them to Notepad and save it to your desktop, as you won't be able to access internet in Safe Mode.

Please download SDFix and save it to your desktop.

Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows directory, typically C:\SDFix)

Please reboot into Safe Mode. To do this, go to Start > Turn off Computer, and select Restart. Rapidly tap F8 just before Windows starts to load. In the menu that appears, select Safe Mode (Without Networking)

Log in to your usual account.

Once in Safe Mode, do the following:

Open the extracted SDFix folder and double-click RunThis.bat to start the script.

Type Y to begin the cleanup process.
It will remove any trojan services and registry entries that it finds, then prompt you to press any key to reboot; press any key and it will restart the PC.
When the PC restarts SDFix will run again and complete the removal process then display Finished. Press any key to end the script and load your desktop icons.
Once the desktop icons load, the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to clipboard ready for posting back on the forum).

Step 3

In your next reply, please post:

the CCleaner Uninstall List (install.txt)
the SDFix log (C:\SDFix\Report.txt)
a new HijackThis log

by **william stroomer** » March 20th, 2008, 4:00 pm

how do i post cccleaner, sdfixlog, and new hijack to the reply section? It will not cut paste, drag over, tried to put in file and add it on. I'm stuck.

by **Simon V.** » March 20th, 2008, 4:31 pm

william stroomer wrote:how do i post cccleaner, sdfixlog, and new hijack to the reply section? It will not cut paste, drag over, tried to put in file and add it on. I'm stuck.

Select the contents of the log by going to Edit > Select all. Go to Edit > Copy. Then come back here and right-click in the reply window, then select Paste.

by **william stroomer** » March 20th, 2008, 5:02 pm

Edit:

by **william stroomer** » March 20th, 2008, 5:04 pm

Edit:

by **Simon V.** » March 20th, 2008, 5:08 pm

<Edit>

by **william stroomer** » March 20th, 2008, 5:15 pm

Edit:

5 Dice
8 Away
Active Models for Foster
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
All Jackpots Casino
America Online
American Grand Casino
AOL Coach Version 1.0(Build:20030807.3)
Backgammon
BCM V.92 56K Modem
Bingo Master Special Edition
Card And Board Deluxe Suite
CCleaner (remove only)
Checkers
Classic PhoneTools
Craps Special Edition
Crazy 8
Cribbage
Crosword Fill Ins
Cryptic
Date Manager
DDA 97
Dell Modem-On-Hold
Dell Picture Studio - Dell Image Expert
Dell Solution Center
DellSupport
Digital Line Detect
DVDSentry
DX-Ball 2
Easy CD Creator 5 Basic
eGames Toolbar
ERNAP
Excel Quality
FinePixViewer Ver.4.3
FUJIFILM USB Driver
GameShadow
Gamevance
Go Fish
Google Earth
Google Toolbar for Internet Explorer
Half-Life
Half-Life(R) 2
Hearts
Help and Support Customization
Hex
High Low
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
HyperLoad
HyperLoad - Golf Course
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
Internet Service
iolo technologies' System Mechanic
Jackpot Kings Casino
Java 2 Runtime Environment Standard Edition v1.3.1_10
Java 2 Runtime Environment, SE v1.4.2_15
Keno Special Edition
Lexmark Supplies Monitor
Lexmark Z25-Z35
Ludo
Magic Square
Mahjongg Master 3 Special Edition
Maize Quest
Masque Slots II
McAfee Personal Firewall Plus
McAfee SecurityCenter
McAfee.com VirusScan Online
Memory Match
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Office Excel Viewer 2003
Microsoft Picture It! Photo 2002
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Monopoly by Parker Brothers
MUSICMATCH Jukebox
MVP Word Search
My Web Search (My Fun Cards)
NoAdware v5.0
NVIDIA Display Driver
NVIDIA Drivers
Paint Shop Pro 7
PartyPoker
PowerDVD
PrecisionTime
Puzzle Master 3 Special Edition
Pyramid
QuickTime
RealPlayer
Reversi
Rhapsody Player Engine
Rings of the Magi
Risk (remove only)
Roulette Fever Special Edition
Savings Bond Wizard
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Seekmo Browser and Wowpapers Tools
SeeMePlayMe Client
Shark Dominoes
Shockwave
ShopperReports
Sierra Utilities
Silent Hunter 4 Wolves of the Pacific
Snakes And Ladders
Solitaire Master 3 Special Edition 1
Sound Blaster Live!
Spades
The Weather Channel Desktop
Tiger Woods PGA TOUR 2004
U.S. Video Poker Special Edition
Ultimate Mahjongg
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Viewpoint Media Player (Remove Only)
Weather Services
Web Application
WebFldrs XP
WebSearch Toolbar
WebSearch Tools
WildTangent GameChannel (remove only)
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinTools Easy Installer
Win-Tools Easy Installer (by WebSearch)
WinTools for Internet Explorer
SDFix: Version 1.159

Run by JR STROOMER on Wed 03/19/2008 at 04:52 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\Program Files\Helper\1205096259.dll - Deleted
C:\Program Files\NetProject\ot.ico - Deleted
C:\Program Files\NetProject\sbsm.exe - Deleted
C:\Program Files\NetProject\scm.exe - Deleted
C:\Program Files\NetProject\scu.exe - Deleted
C:\Program Files\NetProject\ts.ico - Deleted
C:\Program Files\NetProject\waun.exe - Deleted

Folder C:\Program Files\Helper - Removed
Folder C:\Program Files\NetProject - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 16:58:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"="C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE:*:Disabled:LEXPPS"
"C:\\Program Files\\America Online 7.0\\waol.exe"="C:\\Program Files\\America Online 7.0\\waol.exe:*:Disabled:AOL"
"C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"="C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE:*:Enabled:UPDATE"
"C:\\Program Files\\Savings Bond Wizard\\SBWizard.exe"="C:\\Program Files\\Savings Bond Wizard\\SBWizard.exe:*:Enabled:Savings Bond Wizard"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Program Files\\SeeMePlayMe\\Client.exe"="C:\\Program Files\\SeeMePlayMe\\Client.exe:*:Enabled: "
"C:\\Program Files\\Valve\\Steam\\SteamApps\\scoonj\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\scoonj\\counter-strike source\\hl2.exe:*:Disabled:hl2"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\scoonj\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\scoonj\\half-life 2 deathmatch\\hl2.exe:*:Disabled:hl2"
"C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\DFBHDLC.EXE"="C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\DFBHDLC.EXE:*:Enabled:DFBHDLC"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Toolbar\\TBPS.exe"="C:\\Program Files\\Toolbar\\TBPS.exe:*:Enabled:WebSearch Toolbar"
"C:\\Program Files\\Toolbar\\PIB.exe"="C:\\Program Files\\Toolbar\\PIB.exe:*:Enabled:WebSearch Toolbar"
"C:\\Program Files\\Toolbar\\TBPSSvc.exe"="C:\\Program Files\\Toolbar\\TBPSSvc.exe:*:Enabled:WebSearch Toolbar Service"
"C:\\Program Files\\Toolbar\\CT5Upd.exe"="C:\\Program Files\\Toolbar\\CT5Upd.exe:*:Enabled:WebSearch Toolbar Plugin"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 14 Mar 2002 36,947 A..H. --- "C:\Program Files\America Online 7.0\aolphx.exe"
Mon 26 Nov 2001 32,839 A..H. --- "C:\Program Files\America Online 7.0\aoltray.exe"
Mon 26 Nov 2001 40,960 A..H. --- "C:\Program Files\America Online 7.0\RBM.exe"
Mon 26 Nov 2001 180,287 A..H. --- "C:\Program Files\America Online 7.0\waol.exe"
Mon 26 Jun 2006 790,016 A..H. --- "C:\Program Files\Toolbar\PIB.exe"
Fri 29 Aug 2003 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 17 Oct 2004 81,408 ..SHR --- "C:\Documents and Settings\JR STROOMER\Application Data\ttuh.exe"
Fri 14 Feb 2003 22 A..H. --- "C:\Documents and Settings\JR STROOMER\Desktop\New Compressed (zipped) Folder.zip"
Mon 26 Nov 2001 49,221 A..H. --- "C:\Program Files\America Online 7.0\COMIT\cswitch.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\Program Files\Common Files\WinTools\WSup.exe"
Wed 1 Dec 1999 4,893,667 A..H. --- "C:\Program Files\eGames\Bingo Master Special Edition\WCSUP.DLL"
Mon 1 May 2000 9,497,088 A..H. --- "C:\Program Files\eGames\Keno Special Edition\WCSUP.DLL"
Thu 18 May 2000 237,568 A..H. --- "C:\Program Files\eGames\Roulette Fever Special Edition\WCSUP.DLL"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP379\A0112795.exe"
Mon 26 Jun 2006 790,016 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP379\A0112800.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP379\A0112853.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP379\A0112890.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP379\A0112918.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP379\A0112987.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0113018.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0113048.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP381\A0114046.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0115045.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0116043.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0116063.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0117063.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0117082.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0117104.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0117124.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0118123.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0118146.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0118564.exe"
Thu 15 May 2003 43,008 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Tue 18 Mar 2008 444 ...HR --- "C:\Documents and Settings\JR STROOMER\Application Data\SecuROM\UserData\securom_v7_01.bak"
Fri 29 Aug 2003 4,348 ...H. --- "C:\Documents and Settings\JR STROOMER\My Documents\My Music\License Backup\drmv1key.bak"
Fri 28 Jul 2006 20 A..H. --- "C:\Documents and Settings\JR STROOMER\My Documents\My Music\License Backup\drmv1lic.bak"
Fri 29 Aug 2003 400 A.SH. --- "C:\Documents and Settings\JR STROOMER\My Documents\My Music\License Backup\drmv2key.bak"
Thu 25 Oct 2001 106,496 A..H. --- "C:\Program Files\Common Files\aolshare\shell\us\shellext.dll"
Sat 4 Oct 2003 0 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

Finished!5 Dice
8 Away
Active Models for Foster
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
All Jackpots Casino
America Online
American Grand Casino
AOL Coach Version 1.0(Build:20030807.3)
Backgammon
BCM V.92 56K Modem
Bingo Master Special Edition
Card And Board Deluxe Suite
CCleaner (remove only)
Checkers
Classic PhoneTools
Craps Special Edition
Crazy 8
Cribbage
Crosword Fill Ins
Cryptic
Date Manager
DDA 97
Dell Modem-On-Hold
Dell Picture Studio - Dell Image Expert
Dell Solution Center
DellSupport
Digital Line Detect
DVDSentry
DX-Ball 2
Easy CD Creator 5 Basic
eGames Toolbar
ERNAP
Excel Quality
FinePixViewer Ver.4.3
FUJIFILM USB Driver
GameShadow
Gamevance
Go Fish
Google Earth
Google Toolbar for Internet Explorer
Half-Life
Half-Life(R) 2
Hearts
Help and Support Customization
Hex
High Low
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
HyperLoad
HyperLoad - Golf Course
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
Internet Service
iolo technologies' System Mechanic
Jackpot Kings Casino
Java 2 Runtime Environment Standard Edition v1.3.1_10
Java 2 Runtime Environment, SE v1.4.2_15
Keno Special Edition
Lexmark Supplies Monitor
Lexmark Z25-Z35
Ludo
Magic Square
Mahjongg Master 3 Special Edition
Maize Quest
Masque Slots II
McAfee Personal Firewall Plus
McAfee SecurityCenter
McAfee.com VirusScan Online
Memory Match
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Office Excel Viewer 2003
Microsoft Picture It! Photo 2002
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Monopoly by Parker Brothers
MUSICMATCH Jukebox
MVP Word Search
My Web Search (My Fun Cards)
NoAdware v5.0
NVIDIA Display Driver
NVIDIA Drivers
Paint Shop Pro 7
PartyPoker
PowerDVD
PrecisionTime
Puzzle Master 3 Special Edition
Pyramid
QuickTime
RealPlayer
Reversi
Rhapsody Player Engine
Rings of the Magi
Risk (remove only)
Roulette Fever Special Edition
Savings Bond Wizard
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Seekmo Browser and Wowpapers Tools
SeeMePlayMe Client
Shark Dominoes
Shockwave
ShopperReports
Sierra Utilities
Silent Hunter 4 Wolves of the Pacific
Snakes And Ladders
Solitaire Master 3 Special Edition 1
Sound Blaster Live!
Spades
The Weather Channel Desktop
Tiger Woods PGA TOUR 2004
U.S. Video Poker Special Edition
Ultimate Mahjongg
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Viewpoint Media Player (Remove Only)
Weather Services
Web Application
WebFldrs XP
WebSearch Toolbar
WebSearch Tools
WildTangent GameChannel (remove only)
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinTools Easy Installer
Win-Tools Easy Installer (by WebSearch)
WinTools for Internet Explorer
Word Scramble
Word Search
Works Suite OS Pack5 Dice
8 Away
Active Models for Foster
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
All Jackpots Casino
America Online
American Grand Casino
AOL Coach Version 1.0(Build:20030807.3)
Backgammon
BCM V.92 56K Modem
Bingo Master Special Edition
Card And Board Deluxe Suite
CCleaner (remove only)
Checkers
Classic PhoneTools
Craps Special Edition
Crazy 8
Cribbage
Crosword Fill Ins
Cryptic
Date Manager
DDA 97
Dell Modem-On-Hold
Dell Picture Studio - Dell Image Expert
Dell Solution Center
DellSupport
Digital Line Detect
DVDSentry
DX-Ball 2
Easy CD Creator 5 Basic
eGames Toolbar
ERNAP
Excel Quality
FinePixViewer Ver.4.3
FUJIFILM USB Driver
GameShadow
Gamevance
Go Fish
Google Earth
Google Toolbar for Internet Explorer
Half-Life
Half-Life(R) 2
Hearts
Help and Support Customization
Hex
High Low
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
HyperLoad
HyperLoad - Golf Course
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
Internet Service
iolo technologies' System Mechanic
Jackpot Kings Casino
Java 2 Runtime Environment Standard Edition v1.3.1_10
Java 2 Runtime Environment, SE v1.4.2_15
Keno Special Edition
Lexmark Supplies Monitor
Lexmark Z25-Z35
Ludo
Magic Square
Mahjongg Master 3 Special Edition
Maize Quest
Masque Slots II
McAfee Personal Firewall Plus
McAfee SecurityCenter
McAfee.com VirusScan Online
Memory Match
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Office Excel Viewer 2003
Microsoft Picture It! Photo 2002
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Monopoly by Parker Brothers
MUSICMATCH Jukebox
MVP Word Search
My Web Search (My Fun Cards)
NoAdware v5.0
NVIDIA Display Driver
NVIDIA Drivers
Paint Shop Pro 7
PartyPoker
PowerDVD
PrecisionTime
Puzzle Master 3 Special Edition
Pyramid
QuickTime
RealPlayer
Reversi
Rhapsody Player Engine
Rings of the Magi
Risk (remove only)
Roulette Fever Special Edition
Savings Bond Wizard
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Seekmo Browser and Wowpapers Tools
SeeMePlayMe Client
Shark Dominoes
Shockwave
ShopperReports
Sierra Utilities
Silent Hunter 4 Wolves of the Pacific
Snakes And Ladders
Solitaire Master 3 Special Edition 1
Sound Blaster Live!
Spades
The Weather Channel Desktop
Tiger Woods PGA TOUR 2004
U.S. Video Poker Special Edition
Ultimate Mahjongg
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Viewpoint Media Player (Remove Only)
Weather Services
Web Application
WebFldrs XP
WebSearch Toolbar
WebSearch Tools
WildTangent GameChannel (remove only)
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinTools Easy Installer
Win-Tools Easy Installer (by WebSearch)
WinTools for Internet Explorer
Word Scramble5 Dice
8 Away
Active Models for Foster
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
All Jackpots Casino
America Online
American Grand Casino
AOL Coach Version 1.0(Build:20030807.3)
Backgammon
BCM V.92 56K Modem
Bingo Master Special Edition
Card And Board Deluxe Suite
CCleaner (remove only)
Checkers
Classic PhoneTools
Craps Special Edition
Crazy 8
Cribbage
Crosword Fill Ins
Cryptic
Date Manager
DDA 97
Dell Modem-On-Hold
Dell Picture Studio - Dell Image Expert
Dell Solution Center
DellSupport
Digital Line Detect
DVDSentry
DX-Ball 2
Easy CD Creator 5 Basic
eGames Toolbar
ERNAP
Excel Quality
FinePixViewer Ver.4.3
FUJIFILM USB Driver
GameShadow
Gamevance
Go Fish
Google Earth
Google Toolbar for Internet Explorer
Half-Life
Half-Life(R) 2
Hearts
Help and Support Customization
Hex
High Low
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
HyperLoad
HyperLoad - Golf Course
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
Internet Service
iolo technologies' System Mechanic
Jackpot Kings Casino
Java 2 Runtime Environment Standard Edition v1.3.1_10
Java 2 Runtime Environment, SE v1.4.2_15
Keno Special Edition
Lexmark Supplies Monitor
Lexmark Z25-Z35
Ludo
Magic Square
Mahjongg Master 3 Special Edition
Maize Quest
Masque Slots II
McAfee Personal Firewall Plus
McAfee SecurityCenter
McAfee.com VirusScan Online
Memory Match
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Office Excel Viewer 2003
Microsoft Picture It! Photo 2002
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Monopoly by Parker Brothers
MUSICMATCH Jukebox
MVP Word Search
My Web Search (My Fun Cards)
NoAdware v5.0
NVIDIA Display Driver
NVIDIA Drivers
Paint Shop Pro 7
PartyPoker
PowerDVD
PrecisionTime
Puzzle Master 3 Special Edition
Pyramid
QuickTime
RealPlayer
Reversi
Rhapsody Player Engine
Rings of the Magi
Risk (remove only)
Roulette Fever Special Edition
Savings Bond Wizard
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Seekmo Browser and Wowpapers Tools
SeeMePlayMe Client
Shark Dominoes
Shockwave
ShopperReports
Sierra Utilities
Silent Hunter 4 Wolves of the Pacific
Snakes And Ladders
Solitaire Master 3 Special Edition 1
Sound Blaster Live!
Spades
The Weather Channel Desktop
Tiger Woods PGA TOUR 2004
U.S. Video Poker Special Edition
Ultimate Mahjongg
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Viewpoint Media Player (Remove Only)
Weather Services
Web Application
WebFldrs XP
WebSearch Toolbar
WebSearch Tools
WildTangent GameChannel (remove only)
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinTools Easy Installer
Win-Tools Easy Installer (by WebSearch)
WinTools for Internet Explorer
Word Scramble
Word Search
Works Suite OS Pack
Works Synchronization
Yahoo! Toolbar

Word Search
Works Suite OS Pack
Works Synchronization
Yahoo! Toolbar

Works Synchronization
Yahoo! Toolbar

Word Scramble
Word Search
Works Suite OS Pack
Works Synchronization
Yahoo! Toolbar

by **william stroomer** » March 20th, 2008, 5:17 pm

SDFix: Version 1.159

Run by JR STROOMER on Wed 03/19/2008 at 04:52 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\Program Files\Helper\1205096259.dll - Deleted
C:\Program Files\NetProject\ot.ico - Deleted
C:\Program Files\NetProject\sbsm.exe - Deleted
C:\Program Files\NetProject\scm.exe - Deleted
C:\Program Files\NetProject\scu.exe - Deleted
C:\Program Files\NetProject\ts.ico - Deleted
C:\Program Files\NetProject\waun.exe - Deleted

Folder C:\Program Files\Helper - Removed
Folder C:\Program Files\NetProject - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 16:58:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"="C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE:*:Disabled:LEXPPS"
"C:\\Program Files\\America Online 7.0\\waol.exe"="C:\\Program Files\\America Online 7.0\\waol.exe:*:Disabled:AOL"
"C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"="C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE:*:Enabled:UPDATE"
"C:\\Program Files\\Savings Bond Wizard\\SBWizard.exe"="C:\\Program Files\\Savings Bond Wizard\\SBWizard.exe:*:Enabled:Savings Bond Wizard"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Program Files\\SeeMePlayMe\\Client.exe"="C:\\Program Files\\SeeMePlayMe\\Client.exe:*:Enabled: "
"C:\\Program Files\\Valve\\Steam\\SteamApps\\scoonj\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\scoonj\\counter-strike source\\hl2.exe:*:Disabled:hl2"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\scoonj\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\scoonj\\half-life 2 deathmatch\\hl2.exe:*:Disabled:hl2"
"C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\DFBHDLC.EXE"="C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\DFBHDLC.EXE:*:Enabled:DFBHDLC"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Toolbar\\TBPS.exe"="C:\\Program Files\\Toolbar\\TBPS.exe:*:Enabled:WebSearch Toolbar"
"C:\\Program Files\\Toolbar\\PIB.exe"="C:\\Program Files\\Toolbar\\PIB.exe:*:Enabled:WebSearch Toolbar"
"C:\\Program Files\\Toolbar\\TBPSSvc.exe"="C:\\Program Files\\Toolbar\\TBPSSvc.exe:*:Enabled:WebSearch Toolbar Service"
"C:\\Program Files\\Toolbar\\CT5Upd.exe"="C:\\Program Files\\Toolbar\\CT5Upd.exe:*:Enabled:WebSearch Toolbar Plugin"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 14 Mar 2002 36,947 A..H. --- "C:\Program Files\America Online 7.0\aolphx.exe"
Mon 26 Nov 2001 32,839 A..H. --- "C:\Program Files\America Online 7.0\aoltray.exe"
Mon 26 Nov 2001 40,960 A..H. --- "C:\Program Files\America Online 7.0\RBM.exe"
Mon 26 Nov 2001 180,287 A..H. --- "C:\Program Files\America Online 7.0\waol.exe"
Mon 26 Jun 2006 790,016 A..H. --- "C:\Program Files\Toolbar\PIB.exe"
Fri 29 Aug 2003 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 17 Oct 2004 81,408 ..SHR --- "C:\Documents and Settings\JR STROOMER\Application Data\ttuh.exe"
Fri 14 Feb 2003 22 A..H. --- "C:\Documents and Settings\JR STROOMER\Desktop\New Compressed (zipped) Folder.zip"
Mon 26 Nov 2001 49,221 A..H. --- "C:\Program Files\America Online 7.0\COMIT\cswitch.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\Program Files\Common Files\WinTools\WSup.exe"
Wed 1 Dec 1999 4,893,667 A..H. --- "C:\Program Files\eGames\Bingo Master Special Edition\WCSUP.DLL"
Mon 1 May 2000 9,497,088 A..H. --- "C:\Program Files\eGames\Keno Special Edition\WCSUP.DLL"
Thu 18 May 2000 237,568 A..H. --- "C:\Program Files\eGames\Roulette Fever Special Edition\WCSUP.DLL"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP379\A0112795.exe"
Mon 26 Jun 2006 790,016 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP379\A0112800.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP379\A0112853.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP379\A0112890.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP379\A0112918.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP379\A0112987.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0113018.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0113048.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP381\A0114046.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0115045.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0116043.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0116063.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0117063.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0117082.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0117104.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0117124.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0118123.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0118146.exe"
Tue 14 Jun 2005 526,336 A..H. --- "C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0118564.exe"
Thu 15 May 2003 43,008 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Tue 18 Mar 2008 444 ...HR --- "C:\Documents and Settings\JR STROOMER\Application Data\SecuROM\UserData\securom_v7_01.bak"
Fri 29 Aug 2003 4,348 ...H. --- "C:\Documents and Settings\JR STROOMER\My Documents\My Music\License Backup\drmv1key.bak"
Fri 28 Jul 2006 20 A..H. --- "C:\Documents and Settings\JR STROOMER\My Documents\My Music\License Backup\drmv1lic.bak"
Fri 29 Aug 2003 400 A.SH. --- "C:\Documents and Settings\JR STROOMER\My Documents\My Music\License Backup\drmv2key.bak"
Thu 25 Oct 2001 106,496 A..H. --- "C:\Program Files\Common Files\aolshare\shell\us\shellext.dll"
Sat 4 Oct 2003 0 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

Finished!

by **Simon V.** » March 20th, 2008, 5:34 pm

Can I see a new HijackThis log too, please?

by **william stroomer** » March 21st, 2008, 3:38 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:16 PM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Seekmo\bin\10.0.345.0\SeekmoSA.exe
C:\Program Files\Seekmo\bin\10.0.345.0\OEAddOn.exe
C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 7.0\aoltray.exe
C:\Program Files\Date Manager\DateManager.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\PrecisionTime\PrecisionTime.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\COMMON~1\WinTools\WSup.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Seekmo\bin\10.0.345.0\Srv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50038
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.supret.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Seekmo /fleok=1D8A83A5C7E3137899A475760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O2 - BHO: eGames Toolbar - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\PROGRA~1\EGAMES~1\EGAMES~1.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\PROGRA~1\COMMON~1\WinTools\btiein.dll
O2 - BHO: Gamevance Text - {7370F91F-6994-4595-9949-601FA2261C8D} - C:\Program Files\Gamevance\gvtl.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: eGames Toolbar - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\PROGRA~1\EGAMES~1\EGAMES~1.DLL
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.345.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.345.0\OEAddOn.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe"
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Uxrka] C:\WINDOWS\system32\TTRIB~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm486YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://cdn.ll.neoedge.com/webgames/Myst ... .0.0.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - http://javadl-esd.sun.com/update/1.4.2/ ... s-i586.cab
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/pornstarsxtra/B ... Plugin.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/237/w ... lashAX.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://games.pogo.com/online2/pogo/dine ... 0.0.80.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejew ... er_v10.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WinFi ... nstall.cab
O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O20 - AppInit_DLLs: explorer.dll
O22 - SharedTaskScheduler: dikage - {d4c51fa4-9192-4a9a-8d2a-a0690c92f171} - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe

--
End of file - 15425 bytes

by **Simon V.** » March 22nd, 2008, 5:59 am

Hi

C:\Program Files\Date Manager\DateManager.exe

Do you know what this is for?

Step 1

From your log I can see you've installed poker programs. A lot of poker programs are infected/can infect you with malware.

I recommend that you remove the following Poker program(s):

(Click on Start, then Control Panel. Double click on Add or Remove Programs)

All Jackpots Casino
American Grand Casino
Jackpot Kings Casino
PartyPoker

Here are links to some poker sites regarded as safe for your reference.

* http://www.pokerstars.net/ - This is a simple play money version.
* http://www.pokerstars.com/ - This is a bigger play money and real money version.

Also remove the following programs -

eGames Toolbar
Java 2 Runtime Environment Standard Edition v1.3.1_10
Java 2 Runtime Environment, SE v1.4.2_15
Gamevance <-- Optional
My Web Search (My Fun Cards)
NoAdware v5.0
PrecisionTime
Seekmo Browser and Wowpapers Tools
WebSearch Toolbar
WebSearch Tools
WinTools Easy Installer
Win-Tools Easy Installer (by WebSearch)
WinTools for Internet Explorer

Then download and install Java Runtime Environment (JRE) 6 Update 5.

Step 2

The Microsoft Java Virtual Machine, or MS Java VM, is used to run Java applets that can be found on web sites. When you visit a web site that has a Java applet, the MS JVM will compile and execute that applet on your machine. Microsoft no longer supports the MS JVM and it has become obsolete. There have also been known security issues with unpatched versions of the MS JVM and you should remove it and install the safer Sun JVM as an alternative.

Instructions on how to remove MS Java can be found here.

If you have a problem following the above instructions you can use this tool to remove MS Java.

Step 3

Open HijackThis, perform a scan and put a check next to the following items (if present):

Optional entries are in red. If you want to keep them, don't put a check next to them (I recommend you remove them).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50038
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.supret.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Seekmo /fleok=1D8A83A5C7E3137899A475760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O2 - BHO: eGames Toolbar - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\PROGRA~1\EGAMES~1\EGAMES~1.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\PROGRA~1\COMMON~1\WinTools\btiein.dll
O2 - BHO: Gamevance Text - {7370F91F-6994-4595-9949-601FA2261C8D} - C:\Program Files\Gamevance\gvtl.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.345.0\HostIE.dll
O3 - Toolbar: eGames Toolbar - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\PROGRA~1\EGAMES~1\EGAMES~1.DLL
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.345.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.345.0\OEAddOn.exe
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Uxrka] C:\WINDOWS\system32\TTRIB~1.EXE
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm486YYUS
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://cdn.ll.neoedge.com/webgames/Myst ... .0.0.8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - http://javadl-esd.sun.com/update/1.4.2/ ... s-i586.cab
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/pornstarsxtra/B ... Plugin.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/237/w ... lashAX.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://games.pogo.com/online2/pogo/dine ... 0.0.80.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejew ... er_v10.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WinFi ... nstall.cab
O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O20 - AppInit_DLLs: explorer.dll
O22 - SharedTaskScheduler: dikage - {d4c51fa4-9192-4a9a-8d2a-a0690c92f171} - (no file)

Close all programs except HijackThis and click on Fix checked.

Step 4

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofi ... e-combofix

Post the log from ComboFix (C:\Combofix.txt) when you've accomplished that, along with a new HijackThis log.

by **Simon V.** » March 28th, 2008, 5:16 pm

Do you still need help?

Free Malware Removal Forum

virus

virus

Re: virus

Re: virus

Re: virus

Re: virus

Re: virus

Re: virus

Re: virus

Re: virus

Re: virus

Re: virus

Re: virus

Re: virus

Re: virus

Re: virus

Who is online