PDA

View Full Version : tagasaurus, zedo, others



buckaroo
2007-07-08, 05:46
I have been getting popups and spybot is continually detecting tagasaurus and zedo, among others. I have been running spybot about once a day to no avail. I ran the on line etrust scan, but could not find the log (the results indicated no infection). Please help!

Here is my latest HJT scan:

Logfile of HijackThis v1.99.1
Scan saved at 8:07:13 PM, on 7/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\ftcneaqA.exe
C:\WINDOWS\lozxpbbA.exe
C:\Program Files\WinTouch\WinTouch.exe
C:\WINDOWS\ewshdt.exe
C:\WINDOWS\win320924-193504242007.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\hijack this\hjt.exe
C:\PROGRA~1\Yahoo!\YUM\yum.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\aedbbyyc.dll
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {862C405E-6895-4641-AA50-FA2CEFA0C147} - C:\WINDOWS\system32\pmkjk.dll
O2 - BHO: (no name) - {BDB1851A-D458-4501-854D-8A41D038C3AB} - C:\WINDOWS\system32\vtutu.dll (file missing)
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\ddcbxvv.dll
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\qommkhi.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ftcneaqA] C:\WINDOWS\ftcneaqA.exe
O4 - HKLM\..\Run: [lozxpbbA] C:\WINDOWS\lozxpbbA.exe
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [{99-98-88-88-ZN}] c:\windows\system32\mndsregr.exe CHD003
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [SfKg6w] C:\WINDOWS\ewshdt.exe
O4 - HKLM\..\Run: [win320924-193504242007] C:\WINDOWS\win320924-193504242007
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\fdkytmmf.dll",forkonce
O4 - HKCU\..\Run: [EPSON PictureMate PM 240] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE /FU "C:\WINDOWS\TEMP\E_SE3F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156695437250
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: ddcbxvv - C:\WINDOWS\SYSTEM32\ddcbxvv.dll
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll
O20 - Winlogon Notify: qommkhi - qommkhi.dll (file missing)
O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Angelfire777
2007-07-08, 06:33
Hi, Welcome to Safer Networking Forums!

Click start > run > copy and paste: appwiz.cpl

Uninstall the following:

OuterInfo or OIN or similar

Wintouch

Spywarebot
Please uninstall that program since it is considered as a Rogue Antispyware application as listed HERE (http://www.spywarewarrior.com/rogue_anti-spyware.htm).

Download combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

1. Save it to your desktop.
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HijackThis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

buckaroo
2007-07-09, 05:46
Outerinfo and Spyware bot were not in the list available to remove, but I did remove Wintouch. Below is my combofix log and new hijack this log. (I downloaded vundofix by mistake and did a scan but didn't remove anything) Thanks!




"LLL" - 2007-07-08 22:16:15 - ComboFix 07-07-09.3 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\aedbbyyc.dll
C:\WINDOWS\system32\krmqgiji.dll
C:\WINDOWS\system32\lwnowayb.dll
C:\WINDOWS\system32\qyjxyasu.dll
C:\WINDOWS\system32\sqhaeulf.dll
C:\WINDOWS\SYSTEM32\kjkmp.bak1
C:\WINDOWS\SYSTEM32\kjkmp.bak2
C:\WINDOWS\SYSTEM32\kjkmp.ini
C:\WINDOWS\SYSTEM32\kjkmp.ini2
C:\WINDOWS\SYSTEM32\kjkmp.tmp
C:\WINDOWS\SYSTEM32\ijigqmrk.ini
C:\WINDOWS\SYSTEM32\byawonwl.ini
C:\WINDOWS\SYSTEM32\usayxjyq.ini
C:\WINDOWS\SYSTEM32\ututv.bak1
C:\WINDOWS\SYSTEM32\ututv.bak2
C:\WINDOWS\SYSTEM32\ututv.ini
C:\WINDOWS\SYSTEM32\ututv.ini2
C:\WINDOWS\SYSTEM32\ututv.tmp
C:\WINDOWS\SYSTEM32\kjkmp.bak1
C:\WINDOWS\SYSTEM32\kjkmp.bak2
C:\WINDOWS\SYSTEM32\kjkmp.ini
C:\WINDOWS\SYSTEM32\kjkmp.ini2
C:\WINDOWS\SYSTEM32\kjkmp.tmp
C:\WINDOWS\SYSTEM32\ututv.bak1
C:\WINDOWS\SYSTEM32\ututv.bak2
C:\WINDOWS\SYSTEM32\ututv.ini
C:\WINDOWS\SYSTEM32\ututv.ini2
C:\WINDOWS\SYSTEM32\ututv.tmp
C:\WINDOWS\system32\pmkjk.dll
C:\WINDOWS\system32\ddcbxvv.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\TTC.dll
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\b136.exe
C:\WINDOWS\cfg32.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe
C:\WINDOWS\system32\win
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\wnscpsv.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 )))))))))))))))))))))))))))))))


2007-07-08 22:14 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-08 20:16 <DIR> d-------- C:\VundoFix Backups
2007-07-06 21:54 9,216 --a------ C:\WINDOWS\sys011935042424-2007.exe
2007-07-06 20:04 <DIR> d-------- C:\hijack this
2007-07-05 22:48 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-07-05 22:46 <DIR> d-------- C:\7e2de6cf585a5090a20a363d0d314c
2007-07-05 22:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-07-05 22:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-07-05 22:17 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-07-05 21:24 <DIR> d-------- C:\DOCUME~1\Tom\.housecall6.6
2007-07-03 17:06 192,512 --a------ C:\WINDOWS\win320924-193504242007.exe
2007-07-03 09:42 22,016 --a------ C:\WINDOWS\b138.exe
2007-06-29 11:10 32,418 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Partizan.sys
2007-06-29 11:10 22,528 --a------ C:\WINDOWS\SYSTEM32\Partizan.exe
2007-06-26 22:19 2,624 --a------ C:\WINDOWS\SYSTEM32\idlxxugv.exe
2007-06-25 20:13 1,881,708 --ahs---- C:\WINDOWS\SYSTEM32\qtvwa.bak2
2007-06-25 07:38 6,369 --ahs---- C:\WINDOWS\SYSTEM32\qtvwa.bak1
2007-06-21 20:51 7,601 --a------ C:\WINDOWS\extend.dat
2007-06-17 20:23 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-17 14:06 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-06-17 13:51 753,664 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-17 13:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-06-17 13:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-06-17 13:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
2007-06-17 10:56 <DIR> d-------- C:\Program Files\Verizon Online
2007-06-10 22:26 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-10 22:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-10 22:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-10 22:22 <DIR> d-------- C:\DOCUME~1\Tom\APPLIC~1\SpywareBot


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-05 13:14:08 630,200 ----a-w C:\WINDOWS\system32\drivers\VetEFile.sys
2007-07-05 13:14:07 108,392 ----a-w C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-06-23 19:35:22 -------- d-----w C:\Program Files\Disney Interactive
2007-06-23 19:35:20 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-11 03:38:21 -------- d-----w C:\Program Files\Common Files\qzmr
2007-06-11 02:04:04 -------- d-----w C:\Program Files\G-Zapper
2007-06-08 01:39:38 47 ----a-w C:\WINDOWS\popcinfo.dat
2007-06-06 21:37:54 192,512 ----a-w C:\WINDOWS\sosi42.exe
2007-06-06 21:25:02 53,248 ----a-w C:\WINDOWS\112uninst.exe
2007-06-06 03:29:42 -------- d-----w C:\Program Files\DivX
2007-06-04 20:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 20:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 20:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-04 01:09:33 -------- d-----w C:\Program Files\WordPerfect Office 12
2007-06-04 01:09:33 -------- d-----w C:\Program Files\PhotoDeluxe HE 3.0
2007-06-04 01:09:32 -------- d-----w C:\Program Files\PhoTags Express
2007-06-04 01:09:32 -------- d-----w C:\Program Files\Modem Helper
2007-06-04 01:09:31 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-03 19:01:31 220,349 ----a-w C:\WINDOWS\itpb_4.exe
2007-06-03 19:01:26 -------- d-----w C:\Program Files\Online Services
2007-06-03 19:01:25 49,152 ----a-w C:\WINDOWS\TISKY009.exe
2007-06-03 19:01:24 192,609 ----a-w C:\WINDOWS\system32\pwinondt.exe
2007-06-01 01:59:09 -------- d-----w C:\DOCUME~1\Tom\APPLIC~1\ESPN
2007-05-21 00:05:13 -------- d-----w C:\Program Files\Dell Games
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 04:18:11 278,016 ------w C:\WINDOWS\system32\vct3216.dll
2007-05-10 03:49:55 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 03:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 20:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
1989-12-12 15:10:10 286,352 --sh--r C:\WINDOWS\ftcneaqA.exe
1989-12-12 15:10:10 326,352 --sh--r C:\WINDOWS\lozxpbbA.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-04-17 18:37 438848 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 15:39 37808 --------- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F}]
C:\Program Files\Outerinfo\Outerinfo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2004-03-15 01:04 118836 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDB1851A-D458-4501-854D-8A41D038C3AB}]
C:\WINDOWS\system32\vtutu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-08-17 01:27]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 17:33]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2006-08-01 19:29]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2006-08-01 19:29]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2005-06-16 22:30]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-12 20:14]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [2006-02-10 14:06]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [2006-07-14 10:47]
"mmtask"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2006-01-17 13:03]
"SpywareBot"="C:\Program Files\SpywareBot\SpywareBot.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"EPSON PictureMate PM 240"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.exe" [2006-05-19 04:00]
"@"="" []
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 12:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qommkhi]
qommkhi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutu]
C:\WINDOWS\system32\vtutu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]


Contents of the 'Scheduled Tasks' folder
2007-06-13 00:20:01 C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
2007-07-08 23:29:00 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-08 22:26:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-08 22:29:01 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-08 22:28

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 10:34:30 PM, on 7/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tom\Desktop\hijack this\hjt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {BDB1851A-D458-4501-854D-8A41D038C3AB} - C:\WINDOWS\system32\vtutu.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [EPSON PictureMate PM 240] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE /FU "C:\WINDOWS\TEMP\E_SE3F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156695437250
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: qommkhi - qommkhi.dll (file missing)
O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Angelfire777
2007-07-09, 12:42
Are you using Any Norton products in your machine?

Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {BDB1851A-D458-4501-854D-8A41D038C3AB} - C:\WINDOWS\system32\vtutu.dll (file missing)
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemp...veSekurity.cab
O20 - Winlogon Notify: qommkhi - qommkhi.dll (file missing)
O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll (file missing)

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.
__________

Combofix Deletions

Right click on your desktop, select "new" then choose "New text Document"
Name it as "CFScript"
Copy and paste the text inside the code box below to CFScript.txt



File::
C:\WINDOWS\sys011935042424-2007.exe
C:\WINDOWS\win320924-193504242007.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\SYSTEM32\idlxxugv.exe
C:\WINDOWS\SYSTEM32\qtvwa.bak2
C:\WINDOWS\SYSTEM32\qtvwa.bak1
C:\WINDOWS\sosi42.exe
C:\WINDOWS\112uninst.exe
C:\WINDOWS\system32\pwinondt.exe
C:\WINDOWS\TISKY009.exe
C:\WINDOWS\itpb_4.exe
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
Folder::
C:\DOCUME~1\Tom\APPLIC~1\SpywareBot
C:\Program Files\Common Files\qzmr
C:\Program Files\Outerinfo
C:\Program Files\SpywareBot

Save it.
Drag and drop CFScript.txt to your copy of combofix.
You can take a look at the image below if you're unsure on how to do it.
http://img263.imageshack.us/img263/9894/cfscriptno0.gif
Combofix wil restart your machine then it will produce a log afterwards.
Please post the contents of that log along with a fresh HijackThis log.
___________
Remove MS Java
The Microsoft Java Virtual Machine, or MS Java VM, is used to run Java applets that can be found on web sites. When you visit a web site that has a Java applet, the MS JVM will compile and execute that applet on your machine. Microsoft no longer supports the MS JVM and it has become obsolete. There have also been known security issues with unpatched versions of the MS JVM and you should remove it and install the safer SUN JVM as an alternative (instructions follow).

Instructions on how to remove MS Java can be found >here< (http://www.bleepingcomputer.com/tutorials/tutorial97.html)

*Your Java is out of date....
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.
Click Start > Control Panel
Click Add/Remove Programs
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove button.
Repeat as many times as necessary to remove all versions of Java.
Reboot your computer once all Java components are removed.
Then download Java Runtime Environment 6u2 (http://java.sun.com/javase/downloads/index.jsp), and install it to your computer.
______________

Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT

Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases

Click OK
Now under select a target to scan:Select My Computer

This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

On your next reply, please include a fresh HijackThis log, combofix log and the kaspersky scan log.

buckaroo
2007-07-12, 01:10
I do not run any Norton products.
I had issues with the Java section of your instructions. First, the run command given to remove java said "could not locate inf file java.inf" and there were no java related programs to remove through control panel. I did download JRE 6u2, but have not installed it yet. should I install it?
Thanks

(Kaspersky log to follow, would not fit in this message)
here are the logs:

Logfile of HijackThis v1.99.1
Scan saved at 9:43:59 PM, on 7/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tom\Desktop\hijack this\hjt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKCU\..\Run: [EPSON PictureMate PM 240] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE /FU "C:\WINDOWS\TEMP\E_SE3F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156695437250
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE


"Tom" - 2007-07-10 20:12:28 - ComboFix 07-07-09.3 - Service Pack 2
Command switches used :: C:\Documents and Settings\Tom\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Tom\APPLIC~1\SpywareBot
C:\DOCUME~1\Tom\APPLIC~1\SpywareBot\Log\2007 Jun 10 - 10_22_59 PM.log
C:\DOCUME~1\Tom\APPLIC~1\SpywareBot\Log\2007 Jun 10 - 10_23_01 PM.log
C:\DOCUME~1\Tom\APPLIC~1\SpywareBot\Log\2007 Jun 10 - 10_43_30 PM.log
C:\DOCUME~1\Tom\APPLIC~1\SpywareBot\Log\2007 Jun 10 - 10_43_31 PM.log
C:\DOCUME~1\Tom\APPLIC~1\SpywareBot\Log\2007 Jun 10 - 10_45_37 PM.log
C:\DOCUME~1\Tom\APPLIC~1\SpywareBot\Log\2007 Jun 11 - 04_47_08 PM.log
C:\DOCUME~1\Tom\APPLIC~1\SpywareBot\Log\2007 Jun 11 - 04_47_09 PM.log
C:\DOCUME~1\Tom\APPLIC~1\SpywareBot\Log\2007 Jun 12 - 07_19_59 PM.log
C:\DOCUME~1\Tom\APPLIC~1\SpywareBot\Log\2007 Jun 12 - 07_20_00 PM.log
C:\DOCUME~1\Tom\APPLIC~1\SpywareBot\Settings\CustomScan.stg
C:\DOCUME~1\Tom\APPLIC~1\SpywareBot\Settings\IgnoreList.stg
C:\DOCUME~1\Tom\APPLIC~1\SpywareBot\Settings\ScanInfo.stg
C:\DOCUME~1\Tom\APPLIC~1\SpywareBot\Settings\ScanResults.stg
C:\DOCUME~1\Tom\APPLIC~1\SpywareBot\Settings\SelectedFolders.stg
C:\DOCUME~1\Tom\APPLIC~1\SpywareBot\Settings\Settings.stg
C:\Program Files\Common Files\qzmr
C:\Program Files\Common Files\qzmr\qzmrd\class-barrel
C:\Program Files\Common Files\qzmr\qzmrd\vocabulary
C:\WINDOWS\112uninst.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\itpb_4.exe
C:\WINDOWS\sosi42.exe
C:\WINDOWS\sys011935042424-2007.exe
C:\WINDOWS\SYSTEM32\idlxxugv.exe
C:\WINDOWS\system32\pwinondt.exe
C:\WINDOWS\SYSTEM32\qtvwa.bak1
C:\WINDOWS\SYSTEM32\qtvwa.bak2
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
C:\WINDOWS\TISKY009.exe
C:\WINDOWS\win320924-193504242007.exe


((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))


2007-07-10 20:00 <DIR> d-------- C:\WINDOWS\LastGood
2007-07-08 22:14 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-08 20:16 <DIR> d-------- C:\VundoFix Backups
2007-07-06 20:04 <DIR> d-------- C:\hijack this
2007-07-05 22:48 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-07-05 22:46 <DIR> d-------- C:\7e2de6cf585a5090a20a363d0d314c
2007-07-05 22:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-07-05 22:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-07-05 22:17 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-07-05 21:24 <DIR> d-------- C:\DOCUME~1\Tom\.housecall6.6
2007-06-29 11:10 32,418 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Partizan.sys
2007-06-29 11:10 22,528 --a------ C:\WINDOWS\SYSTEM32\Partizan.exe
2007-06-21 20:51 7,601 --a------ C:\WINDOWS\extend.dat
2007-06-17 20:23 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-17 14:06 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-06-17 13:51 753,664 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-17 13:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-06-17 13:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-06-17 13:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
2007-06-17 10:56 <DIR> d-------- C:\Program Files\Verizon Online
2007-06-10 22:26 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-10 22:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-10 22:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-05 13:14:08 630,200 ----a-w C:\WINDOWS\system32\drivers\VetEFile.sys
2007-07-05 13:14:07 108,392 ----a-w C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-06-23 19:35:22 -------- d-----w C:\Program Files\Disney Interactive
2007-06-23 19:35:20 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-11 02:04:04 -------- d-----w C:\Program Files\G-Zapper
2007-06-08 01:39:38 47 ----a-w C:\WINDOWS\popcinfo.dat
2007-06-06 03:29:42 -------- d-----w C:\Program Files\DivX
2007-06-04 20:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 20:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 20:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-04 01:09:33 -------- d-----w C:\Program Files\WordPerfect Office 12
2007-06-04 01:09:33 -------- d-----w C:\Program Files\PhotoDeluxe HE 3.0
2007-06-04 01:09:32 -------- d-----w C:\Program Files\PhoTags Express
2007-06-04 01:09:32 -------- d-----w C:\Program Files\Modem Helper
2007-06-04 01:09:31 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-03 19:01:26 -------- d-----w C:\Program Files\Online Services
2007-06-01 01:59:09 -------- d-----w C:\DOCUME~1\Tom\APPLIC~1\ESPN
2007-05-21 00:05:13 -------- d-----w C:\Program Files\Dell Games
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 04:18:11 278,016 ------w C:\WINDOWS\system32\vct3216.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 03:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 20:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
1989-12-12 15:10:10 286,352 --sh--r C:\WINDOWS\ftcneaqA.exe
1989-12-12 15:10:10 326,352 --sh--r C:\WINDOWS\lozxpbbA.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-04-17 18:37 438848 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 15:39 37808 --------- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2004-03-15 01:04 118836 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-08-17 01:27]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 17:33]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2006-08-01 19:29]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2006-08-01 19:29]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2005-06-16 22:30]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-12 20:14]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [2006-02-10 14:06]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [2006-07-14 10:47]
"mmtask"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2006-01-17 13:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"EPSON PictureMate PM 240"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.exe" [2006-05-19 04:00]
"@"="" []
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 12:00]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]


Contents of the 'Scheduled Tasks' folder
2007-07-10 15:29:14 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-10 20:15:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-10 20:16:34
C:\ComboFix-quarantined-files.txt ... 2007-07-10 20:16
C:\ComboFix2.txt ... 2007-07-08 22:29

--- E O F ---

buckaroo
2007-07-12, 01:17
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 10, 2007 9:40:49 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 11/07/2007
Kaspersky Anti-Virus database records: 360735
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 65524
Number of viruses found: 23
Number of infected objects: 79
Number of suspicious objects: 4
Duration of the scan process: 00:44:12

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt4.zip/retadpu2000219.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt7.zip/retadpu2000219.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt7.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-1108248-10cca9e0.zip/BaaaaBaa.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-1108248-10cca9e0.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-516dc209-69396f00.zip/BaaaaBaa.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-516dc209-69396f00.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Tom\Application Data\Verizon\VSP\client_gateway.log Object is locked skipped
C:\Documents and Settings\Tom\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Tom\Desktop\hijack this\backups\backup-20070710-200603-435.dll Infected: VirTool.Win32.Collector skipped
C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tom\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Tom\Local Settings\History\History.IE5\MSHist012007071020070711\index.dat Object is locked skipped
C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tom\My Documents\tomstuff\software downloads\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/1/EnigmaUpdater.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Documents and Settings\Tom\My Documents\tomstuff\software downloads\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/2/esgi_md5h.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Documents and Settings\Tom\My Documents\tomstuff\software downloads\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/7/SpyHunter.exe Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Documents and Settings\Tom\My Documents\tomstuff\software downloads\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/17/Esgiutl1.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Documents and Settings\Tom\My Documents\tomstuff\software downloads\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/18/SHSched.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Documents and Settings\Tom\My Documents\tomstuff\software downloads\Free-SpyHunter-Scanner-Install.exe/PRE Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\Documents and Settings\Tom\My Documents\tomstuff\software downloads\Free-SpyHunter-Scanner-Install.exe Ghost Installer: infected - 6 skipped
C:\Documents and Settings\Tom\My Documents\tomstuff\software downloads\Free-SpyHunter-Scanner-Install.exe UPX: infected - 6 skipped
C:\Documents and Settings\Tom\ntuser.dat Object is locked skipped
C:\Documents and Settings\Tom\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87.tmp Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDB5.tmp Infected: not-a-virus:AdWare.Win32.RK.k skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDB6.tmp Infected: not-a-virus:AdWare.Win32.RK.m skipped
C:\QooBox\Quarantine\C\Program Files\TTC.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.b skipped
C:\QooBox\Quarantine\C\WINDOWS\b136.exe.vir/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\QooBox\Quarantine\C\WINDOWS\b136.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\QooBox\Quarantine\C\WINDOWS\b136.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\QooBox\Quarantine\C\WINDOWS\b136.exe.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\WINDOWS\cfg32a.exe.vir Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\QooBox\Quarantine\C\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\QooBox\Quarantine\C\WINDOWS\itpb_4.exe.vir/data.rar/installfile2.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped
C:\QooBox\Quarantine\C\WINDOWS\itpb_4.exe.vir/data.rar/Compinst1.exe/data.rar/installfile1.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\QooBox\Quarantine\C\WINDOWS\itpb_4.exe.vir/data.rar/Compinst1.exe/data.rar Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\QooBox\Quarantine\C\WINDOWS\itpb_4.exe.vir/data.rar/Compinst1.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\QooBox\Quarantine\C\WINDOWS\itpb_4.exe.vir/data.rar Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\QooBox\Quarantine\C\WINDOWS\itpb_4.exe.vir RarSFX: infected - 5 skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\aedbbyyc.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ddcbxvv.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\idlxxugv.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\krmqgiji.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lwnowayb.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\o02PrEz\o02PrEz1065.exe.vir Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pmkjk.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pwinondt.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qyjxyasu.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\sqhaeulf.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\TISKY009.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000012.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000013.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0003219.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0003221.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0003221.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0003221.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0003223.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0003224.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0003225.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0003226.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0004247.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0004280.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP12\A0004281.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0004472.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0004500.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005500.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005503.dll Infected: not-a-virus:AdWare.Win32.TTC.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005504.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005506.exe/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005506.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005506.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005506.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005508.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005509.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005510.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005514.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005515.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005526.exe/data0004/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005526.exe/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005526.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005528.exe/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005528.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005529.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005535.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/1/EnigmaUpdater.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005535.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/2/esgi_md5h.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005535.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/7/SpyHunter.exe Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005535.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/17/Esgiutl1.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005535.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/18/SHSched.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005535.exe/PRE Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005535.exe Ghost Installer: infected - 6 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP17\A0005535.exe UPX: infected - 6 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP18\A0005635.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP18\A0005638.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP18\A0005639.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP18\A0005640.exe/data.rar/installfile2.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP18\A0005640.exe/data.rar/Compinst1.exe/data.rar/installfile1.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP18\A0005640.exe/data.rar/Compinst1.exe/data.rar Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP18\A0005640.exe/data.rar/Compinst1.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP18\A0005640.exe/data.rar Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP18\A0005640.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP18\change.log Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001025.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001033.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001035.sys Infected: Rootkit.Win32.Agent.eq skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001037.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003149.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003151.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\WINDOWS\b103.exe/stream/data0002 Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\WINDOWS\b103.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\WINDOWS\b103.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\WINDOWS\b103.exe NSIS: infected - 3 skipped
C:\WINDOWS\b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\WINDOWS\b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\WINDOWS\b104.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\WINDOWS\b104.exe NSIS: infected - 3 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Angelfire777
2007-07-12, 12:50
Hi,


I do not run any Norton products.

Maybe you did before..? There's evidence in your hijackthis log that a Norton product has been installed. Nevertheless, since you are not using it now, lets remove it completely..

Please run the tool HERE (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/pfdocs/2005033108162039) to clean all the leftovers of Norton Antivirus..


I had issues with the Java section of your instructions. First, the run command given to remove java said "could not locate inf file java.inf" and there were no java related programs to remove through control panel. I did download JRE 6u2, but have not installed it yet. should I install it?

There's also evidence in your log that an older version of Java is still running..

The following from your hijackthis log are what I mean:


C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe


Let's clear your java cache first as there are some exploit files on the cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
On the General tab, under Temporary Internet Files, click the Settings button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - Leave BOTH Checked
Applications and Applets
Trace and Log Files

Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.


Please check in your control panel > add/remove programs for that version of Java and uninstall it before installing 6u2..

Also, while you are doing that, please see the optional program below.

SpyHunter
That program was once listed in the Rogue Antispyware programs (http://spywarewarrior.com/rogue_anti-spyware.htm) list and even if it may be ok to use it now, it was once a program that tricks users to purchase their product. I recommend that you uninstall that program.
___________

Configure your machine to view hidden files:

Windows XP
Click Start.
Open My Computer..
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the "Hidden files and folders" heading select Show hidden files and folders.
Uncheck the Hide Protected Operating System Files Option.
Click Yes to confirm.
Click OK.


Please delete the following file if you uninstalled SpyHunter:

C:\Documents and Settings\Tom\My Documents\tomstuff\software downloads\Free-SpyHunter-Scanner-Install.exe

Delete the following folder if you uninstalled SpyHunter

C:\Program Files\Enigma Software Group

Delete the following folders:

C:\QooBox
C:\DOCUMEnts and settings\ADMINIstrator\APPLICation data\Symantec

Please empty the contents of this folder:

C:\Program Files\Yahoo!\YPSR\Quarantine

Delete the following files:

C:\WINDOWS\b103.exe
C:\WINDOWS\b104.exe

empty your recycle bin.

Reboot.

On your next reply, please post a fresh HijackThis log and tell me how is your machine running.

buckaroo
2007-07-15, 03:54
Hi,
Well, everything worked but the java instructions. I found the coffee cup and opened it. I don't see a "general" tab though. I have "basic, advanced, browser, proxies, cache, certificates, update, and about " tabs. Also there is no java in add/remove programs. How do I proceed?

My computer is running much better (thank you!!), no popups since probably your first/second set of instructions. Was that due to the removal of the wintouch program?

here is my latest hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:38:33 PM, on 7/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tom\Desktop\hijack this\hjt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKCU\..\Run: [EPSON PictureMate PM 240] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE /FU "C:\WINDOWS\TEMP\E_SE3F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156695437250
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Angelfire777
2007-07-16, 14:20
Hi,

Please hold on while I ask experts regarding your java issue:D:

Angelfire777
2007-07-17, 15:05
Hi,

Open notepad.
Copy and paste the text inside the Code Box below into Notepad
Choose File > Save As and under "Save as type", choose "All Files".
Type export.bat in the File name and save it to your desktop.


@echo off
regedit /e %systemdrive%\reg123.txt "HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL"
start notepad %systemdrive%\reg123.txt
del %systemdrive%\reg123.txt
del %0

Locate export.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the text here.

buckaroo
2007-07-18, 04:00
Hi again,

when I double clicked on export.bat, notepad opened up with a message "cannot find the C:\reg123.txt file...do you want to create a new file?" I clicked cancel...no text to post.

Angelfire777
2007-07-18, 12:00
Hi, sorry for that, I had an unnecessary line in the batch code.. :fear:

Let's try this again.

Open notepad.
Copy and paste the text inside the Code Box below into Notepad
Choose File > Save As and under "Save as type", choose "All Files".
Type export.bat in the File name and save it to your desktop.


@echo off
if exist %systemdrive%\reg123.txt del %systemdrive%\reg123.txt
regedit /e %systemdrive%\reg124.txt "HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL"
start notepad %systemdrive%\reg124.txt
del %0

Locate export.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the text here.

buckaroo
2007-07-19, 06:06
the text was 178,000+ characters (very large). When I replied, I was prompted to keep it to less than 20,000. Should I include 9 replies to fit it all in? What do you suggest?

Angelfire777
2007-07-19, 08:55
Hi,

I will need you to sort out the text file..

Can you please post the registry keys with CLSIDs and their data..?

Here's an example..

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{clsids}]
"Uninstall String"="(some data)"

{clsids} refer to these: {1234-567788453-567754}.. They are randomly arranged numbers.. Please ask if there's something you didn't understand.

buckaroo
2007-07-21, 16:41
I sorted the file and copied all "hkey_local_machine" entries for you that have the long clsid after them. Is this what you are looking for?



[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{04410044-9149-45C6-A806-F2BF9CFCE762}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{11F1920A-56A2-4642-B6E0-3B31A12C9288}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{18D10072035C4515918F7E37EAFAACFC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1D643CD7-4DD6-11D7-A4E0-000874180BB3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1EC4CE9D-EAEE-4DA1-AB8D-9E6B7FED6742}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2637C347-9DAD-11D6-9EA2-00055D0CA761}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2DBE41DD-2129-4C65-A3D3-5647236A60F3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{35BDEFF1-A610-4956-A00D-15453C116395}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37003C6E-DC86-4233-B5CE-665D82DFA7EB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3F92ABBB-6BBF-11D5-B229-002078017FBF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{62369F2F77534556AEF4C58152E3BDE5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{68D60342-7686-45C9-B8EB-40EF843D0460}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7148F0A8-6813-11D6-A77B-00B0D0142030}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7585478E9D9B42108671C12F8714CEFE}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7A3F0566-5E05-4919-9C98-456F6B5CF831}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7B63B2922B174135AFC0E1377DD81EC2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7D790DFB-C88F-4DE5-9845-F88DF2F3AC3E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7F142D56-3326-11D5-B229-002078017FBF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{81A34902-9D0B-4920-A25C-4CDC5D14B328}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{83d96ed0-98aa-4515-8ddc-816f3efdd104}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8ADFC4160D694100B5B8A22DE9DCABD9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8C64E145-54BA-11D6-91B1-00500462BE80}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{9541FED0-327F-4DF0-8B96-EF57EF622F19}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AF19F291-F22F-4798-9662-525305AE9E48}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B13A7C41581B411290FBC0395694E2A9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B4C418D9-832B-4D65-99B6-F3B3EF1F1DDF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B7050CBDB2504B34BC2A9CA0A692CC29}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\27181FC0-49AF-45E1-B5DC-37691E359A2D]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\30593F59-7DAF-4ECE-A898-07577E16A512]
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\989E4C3B-B2C9-4486-9A09-D5A8F953837C]

Angelfire777
2007-07-21, 17:24
Hi,

I would need their data too.. something like this one below:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{clsids}]
"Uninstall String"="(some data)"

buckaroo
2007-07-23, 03:55
Do you want to see all the lines of data if there are more than 2? Some of these entries have many lines of data below them. I will post more if you need it.
Thanks

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{04410044-9149-45C6-A806-F2BF9CFCE762}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{11F1920A-56A2-4642-B6E0-3B31A12C9288}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{18D10072035C4515918F7E37EAFAACFC}]
FinishedFlag=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1D643CD7-4DD6-11D7-A4E0-000874180BB3}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1EC4CE9D-EAEE-4DA1-AB8D-9E6B7FED6742}]
UninstallString="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{1EC4CE9D-EAEE-4DA1-AB8D-9E6B7FED6742}\\Setup.exe\" -l0x9 "
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2637C347-9DAD-11D6-9EA2-00055D0CA761}]
UninstallString="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\\setup.exe\" -uninstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2DBE41DD-2129-4C65-A3D3-5647236A60F3}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{35BDEFF1-A610-4956-A00D-15453C116395}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37003C6E-DC86-4233-B5CE-665D82DFA7EB}]
DisplayIcon="C:\\Program Files\\Atari\\Backyard Skateboarding\\BYSkateboarding.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3F92ABBB-6BBF-11D5-B229-002078017FBF}]
DisplayName="Modem On Hold"
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{62369F2F77534556AEF4C58152E3BDE5}]
FinishedFlag=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}]
UninstallString="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\\Setup.exe\" -uninstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{68D60342-7686-45C9-B8EB-40EF843D0460}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7148F0A8-6813-11D6-A77B-00B0D0142030}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7585478E9D9B42108671C12F8714CEFE}]
InstallLocation="C:\\Program Files\\DivX"
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}]
UninstallString="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\\setup.exe\" -l0x9 "
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7A3F0566-5E05-4919-9C98-456F6B5CF831}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7B63B2922B174135AFC0E1377DD81EC2}]
DisplayName="DivX Codec"
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7D790DFB-C88F-4DE5-9845-F88DF2F3AC3E}]
UninstallString="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{7D790DFB-C88F-4DE5-9845-F88DF2F3AC3E}\\Setup.exe\" -l0x9 "
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7F142D56-3326-11D5-B229-002078017FBF}]
DisplayIcon=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{81A34902-9D0B-4920-A25C-4CDC5D14B328}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{83d96ed0-98aa-4515-8ddc-816f3efdd104}]
UninstallString="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\PROFES~1\\RunTime\\0701\\Intel32\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\\Setup.exe\" -l0x9 "
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8ADFC4160D694100B5B8A22DE9DCABD9}]
FinishedFlag=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8C64E145-54BA-11D6-91B1-00500462BE80}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}]
UninstallString="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\PROFES~1\\RunTime\\09\\01\\Intel32\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\\setup.exe\" -l0x9 -uninst "
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{9541FED0-327F-4DF0-8B96-EF57EF622F19}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AF19F291-F22F-4798-9662-525305AE9E48}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B13A7C41581B411290FBC0395694E2A9}]
DisplayName="DivX Converter"
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B4C418D9-832B-4D65-99B6-F3B3EF1F1DDF}]
UninstallString="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\PROFES~1\\RunTime\\0701\\Intel32\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{B4C418D9-832B-4D65-99B6-F3B3EF1F1DDF}\\setup.exe\" -l0x9 Winnie the Pooh Kindergarten Deluxe"
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B7050CBDB2504B34BC2A9CA0A692CC29}]
DisplayName="DivX Web Player"
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
DisplayIcon="C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\ndpsetup.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}]
UninstallString="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\PROFES~1\\RunTime\\0701\\Intel32\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\\SETUP.EXE\" -l0x9 -eliminate"
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3]
DisplayName="Polar Bowler"
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\27181FC0-49AF-45E1-B5DC-37691E359A2D]
DisplayName="Overball"
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\30593F59-7DAF-4ECE-A898-07577E16A512]
DisplayName="Polar Golfer Pineapple Cup"
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\989E4C3B-B2C9-4486-9A09-D5A8F953837C]
DisplayName="Bejeweled 2 Deluxe"

Angelfire777
2007-07-23, 12:53
Yes please post all the data for each of those clsid keys.. :bigthumb:

buckaroo
2007-07-24, 03:57
There is alot here, I will split into 3 posts, here is 1 of 3:

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{04410044-9149-45C6-A806-F2BF9CFCE762}]
AuthorizedCDFPrefix=""
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}]
AuthorizedCDFPrefix=""
Comments=""
Contact=""
DisplayVersion="2.9"
HelpLink=""
HelpTelephone=""
InstallDate="20040817"
InstallLocation=""
ModifyPath=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,49,00,7b,00,30,00,39,00,44,00,41,00,34,00,46,00,39,00,\
31,00,2d,00,32,00,41,00,30,00,39,00,2d,00,34,00,32,00,33,00,32,00,2d,00,41,\
00,42,00,38,00,43,00,2d,00,36,00,42,00,43,00,37,00,34,00,30,00,30,00,39,00,\
36,00,44,00,45,00,33,00,7d,00,00,00
Publisher="Sonic Solutions"
Readme=""
Size=""
UninstallString=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,49,00,7b,00,30,00,39,00,44,00,41,00,34,00,46,00,39,\
00,31,00,2d,00,32,00,41,00,30,00,39,00,2d,00,34,00,32,00,33,00,32,00,2d,00,\
41,00,42,00,38,00,43,00,2d,00,36,00,42,00,43,00,37,00,34,00,30,00,30,00,39,\
00,36,00,44,00,45,00,33,00,7d,00,00,00
URLInfoAbout="http://www.sonic.com/"
URLUpdateInfo=""
VersionMajor=dword:00000002
VersionMinor=dword:00000009
WindowsInstaller=dword:00000001
Version=dword:02090000
Language=dword:00000409
DisplayName="Sonic Update Manager"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}]
AuthorizedCDFPrefix=""
Comments=""
Contact=""
DisplayVersion="7.0.1.2"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,6c,00,61,00,76,00,61,00,73,00,6f,00,66,00,74,00,73,00,75,00,70,00,70,\
00,6f,00,72,00,74,00,2e,00,63,00,6f,00,6d,00,00,00
HelpTelephone=""
InstallDate="20070610"
InstallLocation="C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\"
InstallSource="C:\\Program Files\\Common Files\\Wise Installation Wizard\\"
ModifyPath=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,58,00,7b,00,30,00,45,00,36,00,41,00,42,00,39,00,46,00,\
43,00,2d,00,37,00,36,00,43,00,32,00,2d,00,34,00,33,00,31,00,42,00,2d,00,39,\
00,43,00,30,00,36,00,2d,00,36,00,43,00,31,00,43,00,46,00,46,00,46,00,45,00,\
41,00,38,00,45,00,42,00,7d,00,00,00
NoModify=dword:00000001
Publisher="Lavasoft"
Readme=""
Size=""
EstimatedSize=dword:00004ba5
UninstallString=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,58,00,7b,00,30,00,45,00,36,00,41,00,42,00,39,00,46,\
00,43,00,2d,00,37,00,36,00,43,00,32,00,2d,00,34,00,33,00,31,00,42,00,2d,00,\
39,00,43,00,30,00,36,00,2d,00,36,00,43,00,31,00,43,00,46,00,46,00,46,00,45,\
00,41,00,38,00,45,00,42,00,7d,00,00,00
URLInfoAbout=""
URLUpdateInfo="http://www.lavasoft.com"
VersionMajor=dword:00000007
VersionMinor=dword:00000000
WindowsInstaller=dword:00000001
Version=dword:07000001
Language=dword:00000409
DisplayName="Ad-Aware 2007"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}]
AuthorizedCDFPrefix=""
Comments=""
Contact=""
DisplayVersion="2.1.0.2"
HelpLink=""
HelpTelephone=""
InstallDate="20070509"
InstallLocation=""
InstallSource="C:\\WINDOWS\\TEMP\\IXP000.TMP\\"
ModifyPath=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,49,00,7b,00,30,00,45,00,46,00,44,00,46,00,32,00,46,00,\
39,00,2d,00,38,00,33,00,36,00,44,00,2d,00,34,00,45,00,42,00,37,00,2d,00,41,\
00,33,00,32,00,44,00,2d,00,30,00,33,00,38,00,42,00,44,00,33,00,46,00,31,00,\
46,00,42,00,32,00,41,00,7d,00,00,00
Publisher="Microsoft Corporation"
Readme=""
Size=""
EstimatedSize=dword:00000302
SystemComponent=dword:00000001
UninstallString=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,49,00,7b,00,30,00,45,00,46,00,44,00,46,00,32,00,46,\
00,39,00,2d,00,38,00,33,00,36,00,44,00,2d,00,34,00,45,00,42,00,37,00,2d,00,\
41,00,33,00,32,00,44,00,2d,00,30,00,33,00,38,00,42,00,44,00,33,00,46,00,31,\
00,46,00,42,00,32,00,41,00,7d,00,00,00
URLInfoAbout=""
URLUpdateInfo=""
VersionMajor=dword:00000002
VersionMinor=dword:00000001
WindowsInstaller=dword:00000001
Version=dword:02010000
Language=dword:00000409
DisplayName="Security Update for CAPICOM (KB931906)"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{11F1920A-56A2-4642-B6E0-3B31A12C9288}]
AuthorizedCDFPrefix=""
Comments=""
Contact=""
DisplayVersion="1.00.0000"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,2e,00,64,00,65,00,6c,00,6c,\
00,2e,00,63,00,6f,00,6d,00,00,00
HelpTelephone="http://www.support.dell.com"
InstallDate="20040511"
InstallLocation=""
ModifyPath=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,58,00,7b,00,31,00,31,00,46,00,31,00,39,00,32,00,30,00,\
41,00,2d,00,35,00,36,00,41,00,32,00,2d,00,34,00,36,00,34,00,32,00,2d,00,42,\
00,36,00,45,00,30,00,2d,00,33,00,42,00,33,00,31,00,41,00,31,00,32,00,43,00,\
39,00,32,00,38,00,38,00,7d,00,00,00
NoModify=dword:00000001
NoRepair=dword:00000001
Publisher="Dell"
Readme=""
Size=""
UninstallString=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,58,00,7b,00,31,00,31,00,46,00,31,00,39,00,32,00,30,\
00,41,00,2d,00,35,00,36,00,41,00,32,00,2d,00,34,00,36,00,34,00,32,00,2d,00,\
42,00,36,00,45,00,30,00,2d,00,33,00,42,00,33,00,31,00,41,00,31,00,32,00,43,\
00,39,00,32,00,38,00,38,00,7d,00,00,00
URLInfoAbout="http://www.support.dell.com"
URLUpdateInfo="http://www.support.dell.com"
VersionMajor=dword:00000001
VersionMinor=dword:00000000
WindowsInstaller=dword:00000001
Version=dword:01000000
Language=dword:00000000
DisplayName="Dell Solution Center"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}]
AuthorizedCDFPrefix=""
Comments=""
Contact=""
DisplayVersion="4.90"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,73,00,75,00,70,00,\
70,00,6f,00,72,00,74,00,2e,00,73,00,6f,00,6e,00,69,00,63,00,2e,00,63,00,6f,\
00,6d,00,2f,00,00,00
HelpTelephone=""
InstallDate="20040817"
InstallLocation=""
ModifyPath=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,49,00,7b,00,31,00,32,00,30,00,36,00,45,00,46,00,39,00,\
32,00,2d,00,32,00,45,00,38,00,33,00,2d,00,34,00,38,00,35,00,39,00,2d,00,41,\
00,43,00,43,00,42,00,2d,00,32,00,30,00,34,00,38,00,43,00,33,00,43,00,42,00,\
37,00,44,00,41,00,36,00,7d,00,00,00
Publisher="Sonic Solutions"
Readme=""
Size=""
UninstallString=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,49,00,7b,00,31,00,32,00,30,00,36,00,45,00,46,00,39,\
00,32,00,2d,00,32,00,45,00,38,00,33,00,2d,00,34,00,38,00,35,00,39,00,2d,00,\
41,00,43,00,43,00,42,00,2d,00,32,00,30,00,34,00,38,00,43,00,33,00,43,00,42,\
00,37,00,44,00,41,00,36,00,7d,00,00,00
URLInfoAbout="http://www.sonic.com/"
URLUpdateInfo=""
VersionMajor=dword:00000004
VersionMinor=dword:0000005a
WindowsInstaller=dword:00000001
Version=dword:045a0000
Language=dword:00000409
DisplayName="Sonic DLA"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{18D10072035C4515918F7E37EAFAACFC}]
FinishedFlag=dword:00000000
DisplayName="AutoUpdate"
DisplayVersion="1.1"
Locale="en"
InstallLocation="C:\\Program Files\\DivX"
RebootFlag=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1D643CD7-4DD6-11D7-A4E0-000874180BB3}]
AuthorizedCDFPrefix=""
Comments="The Installation database contains the logic and data required to install Money 2004"
Contact=""
DisplayVersion="12.0.50"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,73,00,75,00,70,00,\
70,00,6f,00,72,00,74,00,2e,00,6d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,\
00,74,00,2e,00,63,00,6f,00,6d,00,00,00
HelpTelephone="(800) 936-5700"
InstallDate="20040817"
InstallLocation="C:\\Program Files\\Microsoft Money\\"
InstallSource="d:\\"
ModifyPath=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,49,00,7b,00,31,00,44,00,36,00,34,00,33,00,43,00,44,00,\
37,00,2d,00,34,00,44,00,44,00,36,00,2d,00,31,00,31,00,44,00,37,00,2d,00,41,\
00,34,00,45,00,30,00,2d,00,30,00,30,00,30,00,38,00,37,00,34,00,31,00,38,00,\
30,00,42,00,42,00,33,00,7d,00,00,00
Publisher="Microsoft"
Readme=""
Size=""
EstimatedSize=dword:00022cab
UninstallString=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,49,00,7b,00,31,00,44,00,36,00,34,00,33,00,43,00,44,\
00,37,00,2d,00,34,00,44,00,44,00,36,00,2d,00,31,00,31,00,44,00,37,00,2d,00,\
41,00,34,00,45,00,30,00,2d,00,30,00,30,00,30,00,38,00,37,00,34,00,31,00,38,\
00,30,00,42,00,42,00,33,00,7d,00,00,00
URLInfoAbout="http://support.microsoft.com"
URLUpdateInfo="http://www.microsoft.com/money"
VersionMajor=dword:0000000c
VersionMinor=dword:00000000
WindowsInstaller=dword:00000001
Version=dword:0c000032
Language=dword:00000409
DisplayName="Microsoft Money 2004"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1EC4CE9D-EAEE-4DA1-AB8D-9E6B7FED6742}]
UninstallString="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{1EC4CE9D-EAEE-4DA1-AB8D-9E6B7FED6742}\\Setup.exe\" -l0x9 "
DisplayName="Samsung Music Studio"
LogFile="C:\\Program Files\\InstallShield Installation Information\\{1EC4CE9D-EAEE-4DA1-AB8D-9E6B7FED6742}\\setup.ilg"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2637C347-9DAD-11D6-9EA2-00055D0CA761}]
UninstallString="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\\setup.exe\" -uninstall"
DisplayName="Dell Media Experience"
LogFile="C:\\Program Files\\InstallShield Installation Information\\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\\setup.ilg"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2DBE41DD-2129-4C65-A3D3-5647236A60F3}]
AuthorizedCDFPrefix=""
Comments="All URL's valid as of October 2001"
Contact="Customer Support Department"
DisplayVersion="14.00.0000"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,69,00,6e,00,74,00,75,00,69,00,74,00,2e,00,63,00,6f,00,6d,00,2f,00,73,\
00,75,00,70,00,70,00,6f,00,72,00,74,00,2f,00,71,00,75,00,69,00,63,00,6b,00,\
65,00,6e,00,00,00
HelpTelephone="1-900-555-4932"
InstallDate="20051230"
InstallLocation=""
InstallSource="E:\\disk1\\"
NoModify=dword:00000001
NoRemove=dword:00000001
NoRepair=dword:00000001
Publisher="Intuit"
Readme=hex(2):52,00,65,00,61,00,64,00,6d,00,65,00,2e,00,74,00,78,00,74,00,00,\
0
Size=""
EstimatedSize=dword:00012f29
SystemComponent=dword:00000001
URLInfoAbout="http://www.intuit.com"
URLUpdateInfo="http://www.intuit.com/support/quicken/updates"
VersionMajor=dword:0000000e
VersionMinor=dword:00000000
WindowsInstaller=dword:00000001
Version=dword:0e000000
Language=dword:00000409
DisplayName="Quicken 2005"
DisplayIcon="C:\\Program Files\\Quicken\\quicken.ico"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}]
AuthorizedCDFPrefix=""
Comments=""
Contact=""
DisplayVersion="9.05.0000"
HelpLink=""
HelpTelephone=""
InstallDate="20060220"
InstallLocation="C:\\Program Files\\ItsDeductible2005\\"
InstallSource="E:\\ID\\Setup\\"
ModifyPath=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,58,00,7b,00,32,00,45,00,37,00,35,00,39,00,35,00,45,00,\
43,00,2d,00,34,00,46,00,42,00,31,00,2d,00,34,00,45,00,32,00,39,00,2d,00,39,\
00,33,00,44,00,34,00,2d,00,39,00,30,00,38,00,33,00,43,00,38,00,41,00,39,00,\
42,00,31,00,30,00,37,00,7d,00,00,00
NoModify=dword:00000001
Publisher="Intuit"
Readme=""
Size=""
EstimatedSize=dword:00004bd6
UninstallString=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,58,00,7b,00,32,00,45,00,37,00,35,00,39,00,35,00,45,\
00,43,00,2d,00,34,00,46,00,42,00,31,00,2d,00,34,00,45,00,32,00,39,00,2d,00,\
39,00,33,00,44,00,34,00,2d,00,39,00,30,00,38,00,33,00,43,00,38,00,41,00,39,\
00,42,00,31,00,30,00,37,00,7d,00,00,00
URLInfoAbout="http://www.ItsDeductible.com"
URLUpdateInfo=""
VersionMajor=dword:00000009
VersionMinor=dword:00000005
WindowsInstaller=dword:00000001
Version=dword:09050000
Language=dword:00000409
DisplayName="TurboTax ItsDeductible 2005"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}]
AuthorizedCDFPrefix=""
Comments=""
Contact=""
DisplayVersion="9.50.6513"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,6d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2e,00,63,00,6f,\
00,6d,00,2f,00,77,00,69,00,6e,00,64,00,6f,00,77,00,73,00,00,00
HelpTelephone=""
InstallDate="20020903"
InstallLocation=""
InstallSource="C:\\WINDOWS\\System32\\"
NoModify=dword:00000001
NoRemove=dword:00000001
NoRepair=dword:00000001
Publisher="Microsoft Corporation"
Readme=""
Size=""
EstimatedSize=dword:000009cc
SystemComponent=dword:00000001
URLInfoAbout=""
URLUpdateInfo=""
VersionMajor=dword:00000009
VersionMinor=dword:00000032
WindowsInstaller=dword:00000001
Version=dword:09321971
Language=dword:00000409
DisplayName="WebFldrs XP"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{35BDEFF1-A610-4956-A00D-15453C116395}]
AuthorizedCDFPrefix=""
Comments="Your Comments"
Contact="Customer Support Department"
DisplayVersion="1.00.03"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,73,00,75,00,70,00,\
70,00,6f,00,72,00,74,00,2e,00,64,00,65,00,6c,00,6c,00,2e,00,63,00,6f,00,6d,\
00,00,00
HelpTelephone="0"
InstallDate="20040817"
InstallLocation=""
ModifyPath=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,49,00,7b,00,33,00,35,00,42,00,44,00,45,00,46,00,46,00,\
31,00,2d,00,41,00,36,00,31,00,30,00,2d,00,34,00,39,00,35,00,36,00,2d,00,41,\
00,30,00,30,00,44,00,2d,00,31,00,35,00,34,00,35,00,33,00,43,00,31,00,31,00,\
36,00,33,00,39,00,35,00,7d,00,00,00
Publisher="Dell Inc."
Readme=""
Size=""
SystemComponent=dword:00000001
UninstallString=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,49,00,7b,00,33,00,35,00,42,00,44,00,45,00,46,00,46,\
00,31,00,2d,00,41,00,36,00,31,00,30,00,2d,00,34,00,39,00,35,00,36,00,2d,00,\
41,00,30,00,30,00,44,00,2d,00,31,00,35,00,34,00,35,00,33,00,43,00,31,00,31,\
00,36,00,33,00,39,00,35,00,7d,00,00,00
URLInfoAbout="http://support.dell.com"
URLUpdateInfo="http://www.dell.com"
VersionMajor=dword:00000001
VersionMinor=dword:00000000
WindowsInstaller=dword:00000001
Version=dword:01000003
Language=dword:00000409
DisplayName="Internet Explorer Default Page"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37003C6E-DC86-4233-B5CE-665D82DFA7EB}]
DisplayIcon="C:\\Program Files\\Atari\\Backyard Skateboarding\\BYSkateboarding.exe"
InstallLanguage="9"
ShortcutLocation="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Atari\\Backyard Skateboarding"
ADMIN_RIGHTS="No administrator rights"
NO_DISC="Please insert the Backyard Skateboarding disc"
NO_DRIVE="No CD-ROM drive found"
TITLEBAR="Backyard Skateboarding"
WRONG_DISC="Please insert the Backyard Skateboarding disc"
GameVersion="GM_v1.0_2004-08-30"
CDKey="---"
UninstallString="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\PROFES~1\\RunTime\\0701\\Intel32\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{37003C6E-DC86-4233-B5CE-665D82DFA7EB}\\Setup.exe\" -l0x9 "
DisplayName="Backyard Skateboarding"
LogFile="C:\\Program Files\\InstallShield Installation Information\\{37003C6E-DC86-4233-B5CE-665D82DFA7EB}\\setup.ilg"
ProductGuid="{37003C6E-DC86-4233-B5CE-665D82DFA7EB}"
InstallLocation="C:\\Program Files\\Atari\\Backyard Skateboarding"
DisplayVersion="1.00.000"
Version=dword:01000000
MajorVersion=dword:00000001
MinorVersion=dword:00000000
LogMode=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}]
AuthorizedCDFPrefix=""
Comments=""
Contact=""
DisplayVersion="4.20.9841.0"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,73,00,75,00,70,00,\
70,00,6f,00,72,00,74,00,2e,00,6d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,\
00,74,00,2e,00,63,00,6f,00,6d,00,2f,00,6b,00,62,00,2f,00,39,00,32,00,37,00,\
39,00,37,00,38,00,00,00
HelpTelephone=""
InstallDate="20061117"
InstallLocation=""
InstallSource="c:\\1f9408b49c839895e1f706aa1bdc8247\\"
ModifyPath=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,49,00,7b,00,33,00,37,00,34,00,37,00,37,00,38,00,36,00,\
35,00,2d,00,41,00,33,00,46,00,31,00,2d,00,34,00,37,00,37,00,32,00,2d,00,41,\
00,44,00,34,00,33,00,2d,00,41,00,41,00,46,00,43,00,36,00,42,00,43,00,46,00,\
46,00,39,00,39,00,46,00,7d,00,00,00
Publisher="Microsoft Corporation"
Readme=""
Size=""
EstimatedSize=dword:00000a41
UninstallString=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,49,00,7b,00,33,00,37,00,34,00,37,00,37,00,38,00,36,\
00,35,00,2d,00,41,00,33,00,46,00,31,00,2d,00,34,00,37,00,37,00,32,00,2d,00,\
41,00,44,00,34,00,33,00,2d,00,41,00,41,00,46,00,43,00,36,00,42,00,43,00,46,\
00,46,00,39,00,39,00,46,00,7d,00,00,00
URLInfoAbout=""
URLUpdateInfo=""
VersionMajor=dword:00000004
VersionMinor=dword:00000014
WindowsInstaller=dword:00000001
Version=dword:04142671
Language=dword:00000409
DisplayName="MSXML 4.0 SP2 (KB927978)"

buckaroo
2007-07-24, 03:59
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3F92ABBB-6BBF-11D5-B229-002078017FBF}]
DisplayName="Modem On Hold"
DisplayIcon=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,4d,00,6f,00,64,00,65,00,6d,00,\
20,00,4f,00,6e,00,20,00,48,00,6f,00,6c,00,64,00,5c,00,4d,00,4f,00,48,00,2e,\
00,65,00,78,00,65,00,00,00
Publisher="BVRP Software, Inc"
DisplayVersion="1.12"
VersionMajor=dword:00000001
VersionMinor=dword:0000000c
InstallLocation="C:\\Program Files\\Modem On Hold"
Language=dword:00000009
UninstallString="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\\setup.exe\" -l0x9 ControlPanelAnyText"
LogFile="C:\\Program Files\\InstallShield Installation Information\\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\\setup.ilg"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}]
AuthorizedCDFPrefix=""
Comments="Go to http://support.dell.com."
Contact="Dell Support"
DisplayVersion="1.00.0005"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,73,00,75,00,70,00,\
70,00,6f,00,72,00,74,00,2e,00,64,00,65,00,6c,00,6c,00,2e,00,63,00,6f,00,6d,\
00,00,00
HelpTelephone="0"
InstallDate="20040817"
InstallLocation=""
NoModify=dword:00000001
NoRemove=dword:00000001
NoRepair=dword:00000001
Publisher="Dell"
Readme=""
Size=""
SystemComponent=dword:00000001
URLInfoAbout="http://www.dell.com"
URLUpdateInfo="http://support.dell.com"
VersionMajor=dword:00000001
VersionMinor=dword:00000000
WindowsInstaller=dword:00000001
Version=dword:01000005
Language=dword:00000409
DisplayName="Banctec Service Agreement"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{62369F2F77534556AEF4C58152E3BDE5}]
FinishedFlag=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}]
UninstallString="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\\Setup.exe\" -uninstall"
DisplayName="PowerDVD 5.1"
LogFile="C:\\Program Files\\InstallShield Installation Information\\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\\setup.ilg"
DisplayIcon="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe,0"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{68D60342-7686-45C9-B8EB-40EF843D0460}]
AuthorizedCDFPrefix=""
Comments="Go to http://support.dell.com."
Contact="Dell Support"
DisplayVersion="1.00.0001"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,73,00,75,00,70,00,\
70,00,6f,00,72,00,74,00,2e,00,64,00,65,00,6c,00,6c,00,2e,00,63,00,6f,00,6d,\
00,00,00
HelpTelephone="0"
InstallDate="20040817"
InstallLocation=""
NoModify=dword:00000001
NoRemove=dword:00000001
NoRepair=dword:00000001
Publisher="Dell"
Readme=hex(2):30,00,00,00
Size=""
SystemComponent=dword:00000001
URLInfoAbout="http://www.dell.com"
URLUpdateInfo="http://support.dell.com"
VersionMajor=dword:00000001
VersionMinor=dword:00000000
WindowsInstaller=dword:00000001
Version=dword:01000001
Language=dword:00000409
DisplayName="Dell Networking Guide"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7148F0A8-6813-11D6-A77B-00B0D0142030}]
AuthorizedCDFPrefix=""
Comments="http://www.java.com"
Contact="http://www.java.com"
DisplayVersion="1.4.2_03"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,6a,00,61,00,76,00,61,00,2e,00,63,00,6f,00,6d,00,00,00
HelpTelephone="http://www.java.com"
InstallDate="20040817"
InstallLocation=""
InstallSource="C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\{7148F0A6-6813-11D6-A77B-00B0D0142030}\\"
ModifyPath=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,49,00,7b,00,37,00,31,00,34,00,38,00,46,00,30,00,41,00,\
38,00,2d,00,36,00,38,00,31,00,33,00,2d,00,31,00,31,00,44,00,36,00,2d,00,41,\
00,37,00,37,00,42,00,2d,00,30,00,30,00,42,00,30,00,44,00,30,00,31,00,34,00,\
32,00,30,00,33,00,30,00,7d,00,00,00
NoRepair=dword:00000001
Publisher="Sun Microsystems, Inc."
Readme=hex(2):52,00,65,00,61,00,64,00,6d,00,65,00,2e,00,74,00,78,00,74,00,00,\
0
Size=""
EstimatedSize=dword:000222f4
UninstallString=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,49,00,7b,00,37,00,31,00,34,00,38,00,46,00,30,00,41,\
00,38,00,2d,00,36,00,38,00,31,00,33,00,2d,00,31,00,31,00,44,00,36,00,2d,00,\
41,00,37,00,37,00,42,00,2d,00,30,00,30,00,42,00,30,00,44,00,30,00,31,00,34,\
00,32,00,30,00,33,00,30,00,7d,00,00,00
URLInfoAbout="http://www.java.com"
URLUpdateInfo="http://java.sun.com"
VersionMajor=dword:00000001
VersionMinor=dword:00000004
WindowsInstaller=dword:00000001
Version=dword:81040000
Language=dword:00000000
DisplayName="Java 2 Runtime Environment, SE v1.4.2_03"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7585478E9D9B42108671C12F8714CEFE}]
InstallLocation="C:\\Program Files\\DivX"
DisplayIcon="C:\\Program Files\\DivX\\DivX Converter\\Converter.exe,0"
Publisher="DivX, Inc."
UninstallString="C:\\Program Files\\DivX\\ConverterUninstall.exe /CONVERTER"
DisplayVersion="6.2.1"
NoModify=dword:00000001
NoRepair=dword:00000001
Locale="en"
RebootFlag=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}]
UninstallString="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\\setup.exe\" -l0x9 "
DisplayName="Modem Event Monitor"
LogFile="C:\\Program Files\\InstallShield Installation Information\\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\\setup.ilg"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7A3F0566-5E05-4919-9C98-456F6B5CF831}]
AuthorizedCDFPrefix=""
Comments="Your Comments"
Contact="Customer Support Department"
DisplayVersion="1.00.0000"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,79,00,6f,00,75,00,72,00,63,00,6f,00,6d,00,70,00,61,00,6e,00,79,00,2e,\
00,63,00,6f,00,6d,00,2f,00,68,00,65,00,6c,00,70,00,00,00
HelpTelephone="http://support.dell.com/"
InstallDate="20040817"
InstallLocation=""
ModifyPath=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,49,00,7b,00,37,00,41,00,33,00,46,00,30,00,35,00,36,00,\
36,00,2d,00,35,00,45,00,30,00,35,00,2d,00,34,00,39,00,31,00,39,00,2d,00,39,\
00,43,00,39,00,38,00,2d,00,34,00,35,00,36,00,46,00,36,00,42,00,35,00,43,00,\
46,00,38,00,33,00,31,00,7d,00,00,00
Publisher="Dell"
Readme=""
Size=""
UninstallString=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,49,00,7b,00,37,00,41,00,33,00,46,00,30,00,35,00,36,\
00,36,00,2d,00,35,00,45,00,30,00,35,00,2d,00,34,00,39,00,31,00,39,00,2d,00,\
39,00,43,00,39,00,38,00,2d,00,34,00,35,00,36,00,46,00,36,00,42,00,35,00,43,\
00,46,00,38,00,33,00,31,00,7d,00,00,00
URLInfoAbout="http://support.dell.com/"
URLUpdateInfo="http://www.yourcompany.com/updateinfo"
VersionMajor=dword:00000001
VersionMinor=dword:00000000
WindowsInstaller=dword:00000001
Version=dword:01000000
Language=dword:00000409
DisplayName="Get High Speed Internet!"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7B63B2922B174135AFC0E1377DD81EC2}]
DisplayName="DivX Codec"
InstallLocation="C:\\Program Files\\DivX"
DisplayIcon="C:\\Program Files\\DivX\\DivX Codec\\config.exe,0"
Publisher="DivX, Inc."
UninstallString="C:\\Program Files\\DivX\\DivXCodecUninstall.exe /CODEC"
DisplayVersion="6.2.5"
NoModify=dword:00000001
NoRepair=dword:00000001
Locale="en"
Cart URL override="http://go.divx.com/divx/create/buy/en"
RebootFlag=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7D790DFB-C88F-4DE5-9845-F88DF2F3AC3E}]
UninstallString="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{7D790DFB-C88F-4DE5-9845-F88DF2F3AC3E}\\Setup.exe\" -l0x9 "
DisplayName="ArcSoft PhotoImpression 5"
LogFile="C:\\Program Files\\InstallShield Installation Information\\{7D790DFB-C88F-4DE5-9845-F88DF2F3AC3E}\\setup.ilg"
InstallLocation="C:\\Program Files\\ArcSoft\\PhotoImpression 5"
Publisher="ArcSoft"
VersionMajor=dword:00000005
VersionMinor=dword:00000000
DisplayIcon="C:\\Program Files\\ArcSoft\\PhotoImpression 5\\photoimpression.exe, 0"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}]
AuthorizedCDFPrefix=""
Comments="."
Contact="."
DisplayVersion="6.0.3062"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,73,00,75,00,70,00,\
70,00,6f,00,72,00,74,00,2e,00,64,00,65,00,6c,00,6c,00,2e,00,63,00,6f,00,6d,\
00,2f,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,2f,00,74,00,6f,00,70,00,\
69,00,63,00,73,00,2f,00,67,00,6c,00,6f,00,62,00,61,00,6c,00,2e,00,61,00,73,\
00,70,00,78,00,2f,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,2f,00,6b,00,\
62,00,2f,00,65,00,6e,00,2f,00,64,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,\
00,3f,00,64,00,6e,00,3d,00,31,00,30,00,39,00,31,00,39,00,38,00,39,00,00,00
HelpTelephone="."
InstallDate="20070408"
InstallLocation="C:\\Program Files\\DellSupport\\"
InstallSource="C:\\DOCUME~1\\Sarah\\LOCALS~1\\Temp\\gac12.tmp.dir\\Release_01_3062\\"
ModifyPath=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,58,00,7b,00,37,00,45,00,46,00,41,00,35,00,45,00,36,00,\
46,00,2d,00,37,00,34,00,46,00,37,00,2d,00,34,00,41,00,46,00,42,00,2d,00,38,\
00,41,00,45,00,41,00,2d,00,41,00,41,00,37,00,39,00,30,00,42,00,44,00,33,00,\
41,00,37,00,36,00,44,00,7d,00,00,00
NoModify=dword:00000001
NoRepair=dword:00000001
Publisher="Dell"
Readme=""
Size=""
EstimatedSize=dword:00003b29
UninstallString=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,58,00,7b,00,37,00,45,00,46,00,41,00,35,00,45,00,36,\
00,46,00,2d,00,37,00,34,00,46,00,37,00,2d,00,34,00,41,00,46,00,42,00,2d,00,\
38,00,41,00,45,00,41,00,2d,00,41,00,41,00,37,00,39,00,30,00,42,00,44,00,33,\
00,41,00,37,00,36,00,44,00,7d,00,00,00
URLInfoAbout="http://www.support.dell.com"
URLUpdateInfo="."
VersionMajor=dword:00000006
VersionMinor=dword:00000000
WindowsInstaller=dword:00000001
Version=dword:06000bf6
Language=dword:00000000
DisplayName="DellSupport"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7F142D56-3326-11D5-B229-002078017FBF}]
DisplayIcon=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,4d,00,6f,00,64,00,65,00,6d,00,\
20,00,48,00,65,00,6c,00,70,00,65,00,72,00,5c,00,4d,00,44,00,4d,00,5f,00,55,\
00,74,00,69,00,6c,00,2e,00,65,00,78,00,65,00,00,00
Publisher="BVRP Software"
DisplayVersion="2.25"
InstallLocation="C:\\Program Files\\Modem Helper"
Language=dword:00000009
UninstallString="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{7F142D56-3326-11D5-B229-002078017FBF}\\setup.exe\" -l0x9 ControlPanel"
DisplayName="Modem Helper"
LogFile="C:\\Program Files\\InstallShield Installation Information\\{7F142D56-3326-11D5-B229-002078017FBF}\\setup.ilg"
ModemHelperPath="C:\\Program Files\\Modem Helper"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{81A34902-9D0B-4920-A25C-4CDC5D14B328}]
AuthorizedCDFPrefix=""
Comments="Jasc Software Inc Paint Shop Pro 8"
Contact="Customer Support Department"
DisplayVersion="8.10.0000"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,6a,00,61,00,73,00,63,00,2e,00,63,00,6f,00,6d,00,2f,00,73,00,75,00,70,\
00,70,00,6f,00,72,00,74,00,32,00,2e,00,61,00,73,00,70,00,00,00
HelpTelephone="(952) 930-9171"
InstallDate="20040817"
InstallLocation=""
ModifyPath=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,49,00,7b,00,38,00,31,00,41,00,33,00,34,00,39,00,30,00,\
32,00,2d,00,39,00,44,00,30,00,42,00,2d,00,34,00,39,00,32,00,30,00,2d,00,41,\
00,32,00,35,00,43,00,2d,00,34,00,43,00,44,00,43,00,35,00,44,00,31,00,34,00,\
42,00,33,00,32,00,38,00,7d,00,00,00
Publisher="Jasc Software Inc"
Readme=""
Size=""
UninstallString=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,49,00,7b,00,38,00,31,00,41,00,33,00,34,00,39,00,30,\
00,32,00,2d,00,39,00,44,00,30,00,42,00,2d,00,34,00,39,00,32,00,30,00,2d,00,\
41,00,32,00,35,00,43,00,2d,00,34,00,43,00,44,00,43,00,35,00,44,00,31,00,34,\
00,42,00,33,00,32,00,38,00,7d,00,00,00
URLInfoAbout="http://www.jasc.com"
URLUpdateInfo="http://www.jasc.com/patches.asp"
VersionMajor=dword:00000008
VersionMinor=dword:0000000a
WindowsInstaller=dword:00000001
Version=dword:080a0000
Language=dword:00000409
DisplayName="Jasc Paint Shop Pro 8 Dell Edition"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{83d96ed0-98aa-4515-8ddc-816f3efdd104}]
UninstallString="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\PROFES~1\\RunTime\\0701\\Intel32\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\\Setup.exe\" -l0x9 "
LogFile="C:\\Program Files\\InstallShield Installation Information\\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\\setup.ilg"
DisplayIcon="C:\\WINDOWS\\Twain_32\\MyDSC2\\DSC.ico"
DisplayName="MyDSC2"
ProductGuid="{83D96ED0-98AA-4515-8DDC-816F3EFDD104}"
InstallLocation="C:\\WINDOWS\\Twain_32\\MyDSC2"
DisplayVersion="1.00.000"
Version=dword:01000000
MajorVersion=dword:00000001
MinorVersion=dword:00000000
LogMode=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8ADFC4160D694100B5B8A22DE9DCABD9}]
FinishedFlag=dword:00000000
DisplayName="DivX Player"
InstallLocation="C:\\Program Files\\DivX"
DisplayIcon="C:\\Program Files\\DivX\\DivX Player\\DivX Player.exe,0"
Publisher="DivXNetworks, Inc."
UninstallString="C:\\Program Files\\DivX\\DivXPlayerUninstall.exe /PLAYER"
DisplayVersion="6.3.2"
NoModify=dword:00000001
NoRepair=dword:00000001
Locale="en"
RebootFlag=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8C64E145-54BA-11D6-91B1-00500462BE80}]
AuthorizedCDFPrefix=""
Comments="Installs system components used by Microsoft Money 2004."
Contact=""
DisplayVersion="12.0.80"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,73,00,75,00,70,00,\
70,00,6f,00,72,00,74,00,2e,00,6d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,\
00,74,00,2e,00,63,00,6f,00,6d,00,00,00
HelpTelephone="(800) 936-5700"
InstallDate="20040817"
InstallLocation="C:\\WINDOWS\\System32\\"
InstallSource="d:\\"
ModifyPath=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,49,00,7b,00,38,00,43,00,36,00,34,00,45,00,31,00,34,00,\
35,00,2d,00,35,00,34,00,42,00,41,00,2d,00,31,00,31,00,44,00,36,00,2d,00,39,\
00,31,00,42,00,31,00,2d,00,30,00,30,00,35,00,30,00,30,00,34,00,36,00,32,00,\
42,00,45,00,38,00,30,00,7d,00,00,00
Publisher="Microsoft"
Readme=""
Size=""
EstimatedSize=dword:00000900
UninstallString=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,49,00,7b,00,38,00,43,00,36,00,34,00,45,00,31,00,34,\
00,35,00,2d,00,35,00,34,00,42,00,41,00,2d,00,31,00,31,00,44,00,36,00,2d,00,\
39,00,31,00,42,00,31,00,2d,00,30,00,30,00,35,00,30,00,30,00,34,00,36,00,32,\
00,42,00,45,00,38,00,30,00,7d,00,00,00
URLInfoAbout="http://support.microsoft.com"
URLUpdateInfo="http://www.microsoft.com/money"
VersionMajor=dword:0000000c
VersionMinor=dword:00000000
WindowsInstaller=dword:00000001
Version=dword:0c000050
Language=dword:00000409
DisplayName="Microsoft Money 2004 System Pack"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}]
UninstallString="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\PROFES~1\\RunTime\\09\\01\\Intel32\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\\setup.exe\" -l0x9 -uninst "
DisplayName="Musicmatch® Jukebox"
LogFile="C:\\Program Files\\InstallShield Installation Information\\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\\setup.ilg"
ProductGuid="{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}"
InstallLocation="C:\\Program Files\\MUSICMATCH\\Musicmatch Jukebox"
DisplayVersion="9.00.5100"
Version=dword:090013ec
MajorVersion=dword:00000009
MinorVersion=dword:00000000
LogMode=dword:00000001
DisplayIcon="C:\\Program Files\\MUSICMATCH\\Musicmatch Jukebox\\mmjb.exe,0"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}]
AuthorizedCDFPrefix=""
Comments=""
Contact="http://www.support.dell.com"
DisplayVersion="1.00.0000"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,2e,00,64,00,65,00,6c,00,6c,\
00,2e,00,63,00,6f,00,6d,00,00,00
HelpTelephone="http://www.support.dell.com"
InstallDate="20040511"
InstallLocation=""
NoModify=dword:00000001
NoRemove=dword:00000001
NoRepair=dword:00000001
Publisher="Dell"
Readme=hex(2):30,00,00,00
Size=""
SystemComponent=dword:00000001
URLInfoAbout="http://www.support.dell.com"
URLUpdateInfo="http://www.support.dell.com"
VersionMajor=dword:00000001
VersionMinor=dword:00000000
WindowsInstaller=dword:00000001
Version=dword:01000000
Language=dword:00000000
DisplayName="Help and Support Customization"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{9541FED0-327F-4DF0-8B96-EF57EF622F19}]
AuthorizedCDFPrefix=""
Comments=""
Contact=""
DisplayVersion="7.10"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,73,00,75,00,70,00,\
70,00,6f,00,72,00,74,00,2e,00,73,00,6f,00,6e,00,69,00,63,00,2e,00,63,00,6f,\
00,6d,00,2f,00,00,00
HelpTelephone=""
InstallDate="20040817"
InstallLocation=""
ModifyPath=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,49,00,7b,00,39,00,35,00,34,00,31,00,46,00,45,00,44,00,\
30,00,2d,00,33,00,32,00,37,00,46,00,2d,00,34,00,44,00,46,00,30,00,2d,00,38,\
00,42,00,39,00,36,00,2d,00,45,00,46,00,35,00,37,00,45,00,46,00,36,00,32,00,\
32,00,46,00,31,00,39,00,7d,00,00,00
Publisher="Sonic Solutions"
Readme=""
Size=""
UninstallString=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,49,00,7b,00,39,00,35,00,34,00,31,00,46,00,45,00,44,\
00,30,00,2d,00,33,00,32,00,37,00,46,00,2d,00,34,00,44,00,46,00,30,00,2d,00,\
38,00,42,00,39,00,36,00,2d,00,45,00,46,00,35,00,37,00,45,00,46,00,36,00,32,\
00,32,00,46,00,31,00,39,00,7d,00,00,00
URLInfoAbout="http://www.sonic.com/"
URLUpdateInfo=""
VersionMajor=dword:00000007
VersionMinor=dword:0000000a
WindowsInstaller=dword:00000001
Version=dword:070a0000
Language=dword:00000409
DisplayName="Sonic RecordNow!"

buckaroo
2007-07-24, 04:05
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}]
AuthorizedCDFPrefix=""
Comments="None"
Contact="Customer Support Department"
DisplayVersion="2003.3.84.0"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,73,00,75,00,70,00,\
70,00,6f,00,72,00,74,00,2e,00,65,00,61,00,72,00,74,00,68,00,6c,00,69,00,6e,\
00,6b,00,2e,00,6e,00,65,00,74,00,00,00
HelpTelephone="1-800-EARTHLINK"
InstallDate="20040817"
InstallLocation="C:\\Program Files\\EarthLink Setup\\"
ModifyPath=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,58,00,7b,00,39,00,42,00,32,00,43,00,46,00,45,00,33,00,\
42,00,2d,00,37,00,46,00,35,00,35,00,2d,00,34,00,37,00,38,00,36,00,2d,00,41,\
00,32,00,30,00,44,00,2d,00,42,00,42,00,32,00,34,00,34,00,39,00,31,00,34,00,\
46,00,36,00,44,00,38,00,7d,00,00,00
NoModify=dword:00000001
NoRepair=dword:00000001
Publisher="EarthLink, Inc."
Readme=""
Size=""
UninstallString=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,58,00,7b,00,39,00,42,00,32,00,43,00,46,00,45,00,33,\
00,42,00,2d,00,37,00,46,00,35,00,35,00,2d,00,34,00,37,00,38,00,36,00,2d,00,\
41,00,32,00,30,00,44,00,2d,00,42,00,42,00,32,00,34,00,34,00,39,00,31,00,34,\
00,46,00,36,00,44,00,38,00,7d,00,00,00
URLInfoAbout="http://www.earthlink.net"
URLUpdateInfo="http://www.earthlink.net/home/software/"
VersionMajor=dword:000007d3
VersionMinor=dword:00000003
WindowsInstaller=dword:00000001
Version=dword:d3030054
Language=dword:00000409
DisplayName="EarthLink Setup Files"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}]
AuthorizedCDFPrefix=""
Comments="Intel(R) PROSet installation package"
Contact="Intel Customer Support"
DisplayVersion="6.05.2001"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,73,00,75,00,70,00,\
70,00,6f,00,72,00,74,00,2e,00,69,00,6e,00,74,00,65,00,6c,00,2e,00,63,00,6f,\
00,6d,00,00,00
HelpTelephone=""
InstallDate="20040817"
InstallLocation=""
ModifyPath=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,49,00,7b,00,41,00,37,00,39,00,30,00,42,00,45,00,42,00,\
31,00,2d,00,42,00,43,00,43,00,46,00,2d,00,34,00,45,00,43,00,36,00,2d,00,38,\
00,30,00,37,00,42,00,2d,00,35,00,37,00,30,00,38,00,42,00,33,00,36,00,45,00,\
38,00,41,00,37,00,39,00,7d,00,00,00
Publisher="Intel"
Readme=""
Size=""
UninstallString=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,49,00,7b,00,41,00,37,00,39,00,30,00,42,00,45,00,42,\
00,31,00,2d,00,42,00,43,00,43,00,46,00,2d,00,34,00,45,00,43,00,36,00,2d,00,\
38,00,30,00,37,00,42,00,2d,00,35,00,37,00,30,00,38,00,42,00,33,00,36,00,45,\
00,38,00,41,00,37,00,39,00,7d,00,00,00
URLInfoAbout="http://www.intel.com"
URLUpdateInfo="http://downloadfinder.intel.com"
VersionMajor=dword:00000006
VersionMinor=dword:00000005
WindowsInstaller=dword:00000001
Version=dword:060507d1
Language=dword:00000000
DisplayName="Intel(R) PROSet"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AF19F291-F22F-4798-9662-525305AE9E48}]
AuthorizedCDFPrefix=""
Comments="Installs WordPerfect Office 12"
Contact="Corel Customer Service"
DisplayVersion="12.0.0.238"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,63,00,6f,00,72,00,65,00,6c,00,2e,00,63,00,6f,00,6d,00,2f,00,73,00,75,\
00,70,00,70,00,6f,00,72,00,74,00,00,00
HelpTelephone=""
InstallDate="20040817"
InstallLocation="C:\\Program Files\\WordPerfect Office 12\\"
ModifyPath=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,49,00,7b,00,41,00,46,00,31,00,39,00,46,00,32,00,39,00,\
31,00,2d,00,46,00,32,00,32,00,46,00,2d,00,34,00,37,00,39,00,38,00,2d,00,39,\
00,36,00,36,00,32,00,2d,00,35,00,32,00,35,00,33,00,30,00,35,00,41,00,45,00,\
39,00,45,00,34,00,38,00,7d,00,00,00
Publisher="Corel Corporation"
Readme=hex(2):66,00,69,00,6c,00,65,00,3a,00,2f,00,2f,00,2f,00,43,00,3a,00,5c,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,57,00,6f,00,72,00,64,00,50,00,65,00,72,00,66,00,65,00,63,00,74,\
00,20,00,4f,00,66,00,66,00,69,00,63,00,65,00,20,00,31,00,32,00,5c,00,50,00,\
72,00,6f,00,67,00,72,00,61,00,6d,00,73,00,5c,00,52,00,65,00,61,00,64,00,4d,\
00,65,00,2e,00,68,00,74,00,6d,00,00,00
Size=""
UninstallString=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,49,00,7b,00,41,00,46,00,31,00,39,00,46,00,32,00,39,\
00,31,00,2d,00,46,00,32,00,32,00,46,00,2d,00,34,00,37,00,39,00,38,00,2d,00,\
39,00,36,00,36,00,32,00,2d,00,35,00,32,00,35,00,33,00,30,00,35,00,41,00,45,\
00,39,00,45,00,34,00,38,00,7d,00,00,00
URLInfoAbout="http://www.corel.com"
URLUpdateInfo="http://www.corel.com"
VersionMajor=dword:0000000c
VersionMinor=dword:00000000
WindowsInstaller=dword:00000001
Version=dword:0c000000
Language=dword:00000409
DisplayName="WordPerfect Office 12"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}]
AuthorizedCDFPrefix=""
Comments=""
Contact=""
DisplayVersion="10.00.0000"
HelpLink=""
HelpTelephone=""
InstallDate="20070311"
InstallLocation="C:\\Program Files\\ItsDeductible2006\\"
InstallSource="E:\\ID\\Setup\\"
ModifyPath=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,58,00,7b,00,41,00,46,00,46,00,31,00,45,00,41,00,39,00,\
36,00,2d,00,39,00,43,00,32,00,33,00,2d,00,34,00,32,00,34,00,39,00,2d,00,42,\
00,37,00,44,00,34,00,2d,00,43,00,44,00,34,00,42,00,35,00,34,00,44,00,34,00,\
35,00,38,00,32,00,46,00,7d,00,00,00
NoModify=dword:00000001
Publisher="Intuit"
Readme=""
Size=""
EstimatedSize=dword:000049b6
UninstallString=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,58,00,7b,00,41,00,46,00,46,00,31,00,45,00,41,00,39,\
00,36,00,2d,00,39,00,43,00,32,00,33,00,2d,00,34,00,32,00,34,00,39,00,2d,00,\
42,00,37,00,44,00,34,00,2d,00,43,00,44,00,34,00,42,00,35,00,34,00,44,00,34,\
00,35,00,38,00,32,00,46,00,7d,00,00,00
URLInfoAbout="http://www.ItsDeductible.com"
URLUpdateInfo=""
VersionMajor=dword:0000000a
VersionMinor=dword:00000000
WindowsInstaller=dword:00000001
Version=dword:0a000000
Language=dword:00000409
DisplayName="TurboTax ItsDeductible 2006"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B13A7C41581B411290FBC0395694E2A9}]
DisplayName="DivX Converter"
InstallLocation="C:\\Program Files\\DivX"
DisplayIcon="C:\\Program Files\\DivX\\DivX Converter\\Converter.exe,0"
Publisher="DivX, Inc."
UninstallString="C:\\Program Files\\DivX\\ConverterUninstall.exe /CONVERTER"
DisplayVersion="6.2.1"
NoModify=dword:00000001
NoRepair=dword:00000001
Locale="en"
RebootFlag=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B4C418D9-832B-4D65-99B6-F3B3EF1F1DDF}]
UninstallString="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\PROFES~1\\RunTime\\0701\\Intel32\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{B4C418D9-832B-4D65-99B6-F3B3EF1F1DDF}\\setup.exe\" -l0x9 Winnie the Pooh Kindergarten Deluxe"
DisplayName="Winnie the Pooh Kindergarten Deluxe"
LogFile="C:\\Program Files\\InstallShield Installation Information\\{B4C418D9-832B-4D65-99B6-F3B3EF1F1DDF}\\setup.ilg"
ProductGuid="{B4C418D9-832B-4D65-99B6-F3B3EF1F1DDF}"
InstallLocation="C:\\WINDOWS\\"
DisplayVersion="1.0"
Version=dword:01000000
MajorVersion=dword:00000001
MinorVersion=dword:00000000
LogMode=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B7050CBDB2504B34BC2A9CA0A692CC29}]
DisplayName="DivX Web Player"
InstallLocation="C:\\Program Files\\DivX"
DisplayIcon="C:\\Program Files\\DivX\\DivX Web Player\\npdivx32.dll,0"
Publisher="DivX,Inc."
UninstallString="C:\\Program Files\\DivX\\DivXWebPlayerUninstall.exe /PLUGIN"
DisplayVersion="1.1.0"
NoModify=dword:00000001
NoRepair=dword:00000001
Locale="en"
RebootFlag=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
DisplayIcon="C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\ndpsetup.ico"
AuthorizedCDFPrefix=""
Comments=""
Contact=""
DisplayVersion="1.1.4322"
HelpLink=""
HelpTelephone=""
InstallDate="20040817"
InstallLocation=""
InstallSource="C:\\DELL\\6w650\\"
ModifyPath=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,58,00,7b,00,43,00,42,00,32,00,46,00,37,00,45,00,44,00,\
44,00,2d,00,39,00,44,00,31,00,46,00,2d,00,34,00,33,00,43,00,31,00,2d,00,39,\
00,30,00,46,00,43,00,2d,00,34,00,46,00,35,00,32,00,45,00,41,00,45,00,31,00,\
37,00,32,00,41,00,31,00,7d,00,00,00
NoModify=dword:00000001
NoRepair=dword:00000001
Publisher="Microsoft"
Readme=hex(2):66,00,69,00,6c,00,65,00,3a,00,2f,00,2f,00,43,00,3a,00,5c,00,57,\
00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,\
73,00,6f,00,66,00,74,00,2e,00,4e,00,45,00,54,00,5c,00,46,00,72,00,61,00,6d,\
00,65,00,77,00,6f,00,72,00,6b,00,5c,00,76,00,31,00,2e,00,31,00,2e,00,34,00,\
33,00,32,00,32,00,5c,00,31,00,30,00,33,00,33,00,5c,00,52,00,65,00,70,00,61,\
00,69,00,72,00,52,00,65,00,64,00,69,00,73,00,74,00,2e,00,68,00,74,00,6d,00,\
00,00
Size=""
EstimatedSize=dword:0000944b
UninstallString=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,58,00,7b,00,43,00,42,00,32,00,46,00,37,00,45,00,44,\
00,44,00,2d,00,39,00,44,00,31,00,46,00,2d,00,34,00,33,00,43,00,31,00,2d,00,\
39,00,30,00,46,00,43,00,2d,00,34,00,46,00,35,00,32,00,45,00,41,00,45,00,31,\
00,37,00,32,00,41,00,31,00,7d,00,00,00
URLInfoAbout=""
URLUpdateInfo=""
VersionMajor=dword:00000001
VersionMinor=dword:00000001
WindowsInstaller=dword:00000001
Version=dword:010110e2
Language=dword:00000409
DisplayName="Microsoft .NET Framework 1.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}]
AuthorizedCDFPrefix=""
Comments=" "
Contact="Customer Support Department"
DisplayVersion="4.0.3"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
2e,00,6a,00,61,00,73,00,63,00,2e,00,63,00,6f,00,6d,00,00,00
HelpTelephone="(952) 930 - 9171"
InstallDate="20040817"
InstallLocation=""
ModifyPath=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
00,65,00,20,00,2f,00,49,00,7b,00,43,00,43,00,30,00,30,00,30,00,31,00,32,00,\
37,00,2d,00,35,00,45,00,35,00,44,00,2d,00,34,00,41,00,31,00,43,00,2d,00,39,\
00,30,00,43,00,42,00,2d,00,45,00,45,00,41,00,41,00,41,00,43,00,31,00,45,00,\
33,00,41,00,43,00,30,00,7d,00,00,00
Publisher="Jasc Software, Inc."
Readme=hex(2):72,00,65,00,61,00,64,00,6d,00,65,00,2e,00,68,00,74,00,6d,00,6c,\
00,00,00
Size=""
UninstallString=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
78,00,65,00,20,00,2f,00,49,00,7b,00,43,00,43,00,30,00,30,00,30,00,31,00,32,\
00,37,00,2d,00,35,00,45,00,35,00,44,00,2d,00,34,00,41,00,31,00,43,00,2d,00,\
39,00,30,00,43,00,42,00,2d,00,45,00,45,00,41,00,41,00,41,00,43,00,31,00,45,\
00,33,00,41,00,43,00,30,00,7d,00,00,00
URLInfoAbout="http://www.jasc.com"
URLUpdateInfo="http://www.jasc.com"
VersionMajor=dword:00000004
VersionMinor=dword:00000000
WindowsInstaller=dword:00000001
Version=dword:04000003
Language=dword:00000409
DisplayName="Jasc Paint Shop Photo Album"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}]
UninstallString="RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\PROFES~1\\RunTime\\0701\\Intel32\\Ctor.dll,LaunchSetup \"C:\\Program Files\\InstallShield Installation Information\\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\\SETUP.EXE\" -l0x9 -eliminate"
DisplayName="WexTech AnswerWorks"
LogFile="C:\\Program Files\\InstallShield Installation Information\\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\\setup.ilg"
ProductGuid="{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}"
InstallLocation="C:\\Program Files\\WexTech \\WexTech AnswerWorks"
DisplayVersion="1.00.000"
Version=dword:01000000
MajorVersion=dword:00000001
MinorVersion=dword:00000000
LogMode=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}]
AuthorizedCDFPrefix=""
Comments="Go to http://support.dell.com."
Contact="Dell Support"
DisplayVersion="1.00.00"
HelpLink=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,73,00,75,00,70,00,\
70,00,6f,00,72,00,74,00,2e,00,64,00,65,00,6c,00,6c,00,2e,00,63,00,6f,00,6d,\
00,00,00
HelpTelephone="0"
InstallDate="20040511"
InstallLocation=""
NoModify=dword:00000001
NoRemove=dword:00000001
NoRepair=dword:00000001
Publisher="Dell"
Readme=""
Size=""
SystemComponent=dword:00000001
URLInfoAbout="http://www.dell.com"
URLUpdateInfo="http://support.dell.com"
VersionMajor=dword:00000001
VersionMinor=dword:00000000
WindowsInstaller=dword:00000001
Version=dword:01000000
Language=dword:00000409
DisplayName="Banctec Service Agreement"
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3]
DisplayName="Polar Bowler"
DisplayIcon="C:\\Program Files\\WildTangent\\Apps\\GameChannel\\Games\\26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3\\polar.exe"
UninstallString="\"C:\\Program Files\\WildTangent\\Apps\\GameChannel\\Games\\26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3\\Uninstall.exe\""
InstallLocation="C:\\Program Files\\WildTangent\\Apps\\GameChannel\\Games\\26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3"
Publisher="WildTangent"
URLInfoAbout="http://www.wildtangent.com"
HelpLink="http://support.wildgames.com"
DisplayVersion="09/21/2005 06:04 PM"
Comments="Distributed by WildTangent"
NoModify=dword:00000001
NoRepair=dword:00000001
WildTangentUninstallName="Polar Bowler"
WildTangentUninstallDisplayName="Polar Bowler"
WildTangentUninstallDisplayDescription=""
WildTangentUninstallShow="true"
WildTangentUninstallDoneCheck=dword:00000000
WTIntegratedUninstall="\"C:\\Program Files\\WildTangent\\Apps\\GameChannel\\Games\\26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3\\Uninstall.exe\" /silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\27181FC0-49AF-45E1-B5DC-37691E359A2D]
DisplayName="Overball"
DisplayIcon="C:\\Program Files\\WildTangent\\Apps\\GameChannel\\Games\\27181FC0-49AF-45E1-B5DC-37691E359A2D\\Overball.exe"
UninstallString="\"C:\\Program Files\\WildTangent\\Apps\\GameChannel\\Games\\27181FC0-49AF-45E1-B5DC-37691E359A2D\\Uninstall.exe\""
InstallLocation="C:\\Program Files\\WildTangent\\Apps\\GameChannel\\Games\\27181FC0-49AF-45E1-B5DC-37691E359A2D"
Publisher="WildTangent"
URLInfoAbout="http://www.wildtangent.com"
HelpLink="http://support.wildgames.com"
DisplayVersion="08/22/2005 09:13 AM"
Comments="Distributed by WildTangent"
NoModify=dword:00000001
NoRepair=dword:00000001
WildTangentUninstallName="Overball"
WildTangentUninstallDisplayName="Overball"
WildTangentUninstallDisplayDescription=""
WildTangentUninstallShow="true"
WildTangentUninstallDoneCheck=dword:00000000
WTIntegratedUninstall="\"C:\\Program Files\\WildTangent\\Apps\\GameChannel\\Games\\27181FC0-49AF-45E1-B5DC-37691E359A2D\\Uninstall.exe\" /silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\30593F59-7DAF-4ECE-A898-07577E16A512]
DisplayName="Polar Golfer Pineapple Cup"
DisplayIcon="C:\\Program Files\\WildTangent\\Apps\\GameChannel\\Games\\30593F59-7DAF-4ECE-A898-07577E16A512\\golfpine.ico"
UninstallString="\"C:\\Program Files\\WildTangent\\Apps\\GameChannel\\Games\\30593F59-7DAF-4ECE-A898-07577E16A512\\Uninstall.exe\""
InstallLocation="C:\\Program Files\\WildTangent\\Apps\\GameChannel\\Games\\30593F59-7DAF-4ECE-A898-07577E16A512"
Publisher="WildTangent"
URLInfoAbout="http://www.wildtangent.com"
HelpLink="http://support.wildgames.com"
DisplayVersion="08/22/2005 09:17 AM"
Comments="Distributed by WildTangent"
NoModify=dword:00000001
NoRepair=dword:00000001
WildTangentUninstallName="Polar Golfer Pineapple Cup"
WildTangentUninstallDisplayName="Polar Golfer Pineapple Cup"
WildTangentUninstallDisplayDescription=""
WildTangentUninstallShow="true"
WildTangentUninstallDoneCheck=dword:00000000
WTIntegratedUninstall="\"C:\\Program Files\\WildTangent\\Apps\\GameChannel\\Games\\30593F59-7DAF-4ECE-A898-07577E16A512\\Uninstall.exe\" /silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\989E4C3B-B2C9-4486-9A09-D5A8F953837C]
DisplayName="Bejeweled 2 Deluxe"
DisplayIcon="C:\\Program Files\\WildTangent\\Apps\\GameChannel\\Games\\989E4C3B-B2C9-4486-9A09-D5A8F953837C\\WinBej2.ico"
UninstallString="\"C:\\Program Files\\WildTangent\\Apps\\GameChannel\\Games\\989E4C3B-B2C9-4486-9A09-D5A8F953837C\\Uninstall.exe\""
InstallLocation="C:\\Program Files\\WildTangent\\Apps\\GameChannel\\Games\\989E4C3B-B2C9-4486-9A09-D5A8F953837C"
Publisher="WildTangent"
URLInfoAbout="http://www.wildtangent.com"
HelpLink="http://support.wildgames.com"
DisplayVersion="08/22/2005 08:39 AM"
Comments="Distributed by WildTangent"
NoModify=dword:00000001
NoRepair=dword:00000001
WildTangentUninstallName="Bejeweled 2 Deluxe"
WildTangentUninstallDisplayName="Bejeweled 2 Deluxe"
WildTangentUninstallDisplayDescription=""
WildTangentUninstallShow="true"
WildTangentUninstallDoneCheck=dword:00000000
WTIntegratedUninstall="\"C:\\Program Files\\WildTangent\\Apps\\GameChannel\\Games\\989E4C3B-B2C9-4486-9A09-D5A8F953837C\\Uninstall.exe\" /silent"

there, that's it...

Angelfire777
2007-07-24, 13:06
Hi,

I really appreciate what you have done, it helped me a lot and now we have the answer, hopefully we could uninstall java correctly through this..:bigthumb:

Please click start > run > copy and paste this:

MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}

Reboot then install the newer java then please post a fresh HijackThis log.

buckaroo
2007-07-26, 04:09
Thanks very much for all you have done so far. I uninstalled Java, and reinstalled the new. Here's the logfile:


Logfile of HijackThis v1.99.1
Scan saved at 8:56:42 PM, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\Tom\Desktop\hijack this\hjt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [EPSON PictureMate PM 240] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE /FU "C:\WINDOWS\TEMP\E_SE3F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156695437250
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Angelfire777
2007-07-26, 12:43
Hi,

Congratulations! Your log looks clean!

Configure Windows Xp to hide system files:

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading, select Do not show hidden files and folders.
Check the Hide protected operating system files option.
Click Yes to confirm.
Click OK.
_______________________
This is a good time to clear your existing system restore points and establish a new clean restore point:
Go to Start > All Programs > Accessories > System Tools > System Restore

Select Create a restore point, and Ok it.

Next, go to Start > Run and type in cleanmgr

Select the More options tab

Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.
______________________
Here are some free programs I recommend that could help you improve your pc's security.

Firewall Application - Although Windows Xp comes with a firewall, you should not rely on it because the Windows Firewall can only filter incoming data; outgoing traffic is not controlled, meaning that malware/viruses that are present in your computer can access the internet with no restrictions. There are several other Firewall that can protect you better by filtering incoming and outgoing data. Make sure you get only one of these.

» ZoneAlarm (http://www.zonelabs.com)
» Kerio (http//www.sunbelt-software.com/Kerio-Download.cfm)

Install SpyWare Blaster
~You can download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
~You can read the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

Install WinPatrol
~You can download it from here (http://www.winpatrol.com/download.html)
~You can get some information about how WinPatrol works here (http://www.winpatrol.com/features.html)

IESpyAds
~You can download it from here (http://www.spywarewarrior.com/uiuc/resource.htm#IESPYAD)
~If you want to know how IEspyads work you can take a look at it here (http://www.bleepingcomputer.com/tutorials/tutorial53.html)
~Please note that IESpyAds only works with Internet Explorer.

Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?" (http://castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html)

Happy safe surfing!

Angelfire777
2007-07-28, 13:36
Glad we could be of assistance :bigthumb:

Since the problem has been resolved, this topic is now closed and archived. If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.