SpywareNo/SpySherriff/Antispylab malware [Smitfraud] [Archive]

View Full Version : SpywareNo/SpySherriff/Antispylab malware [Smitfraud]

mooneyjuney

2006-05-07, 00:06

Running Windows XP. Was infected with SpywareNo/SpySherriff/Antispylab malware. It was recognized by AdAware SE, but could not be removed. I followed the instructions in the selfhelp thread "Smitfraud:SpyAxe, SpywareFalcon, and other desktop hijacks" and it appears to have been removed, thanks. But just in case, hear are the logs:
rapport.txt
SmitFraudFix v2.40

Scan done at 17:10:41.70, Sat 05/06/2006
Run from C:\Documents and Settings\SiwikMuller\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\adware-sheriff-box.gif Deleted
C:\WINDOWS\adware-sheriff-header.gif Deleted
C:\WINDOWS\alexaie.dll Deleted
C:\WINDOWS\alxie328.dll Deleted
C:\WINDOWS\alxtb1.dll Deleted
C:\WINDOWS\antispylab-logo.gif Deleted
C:\WINDOWS\blue-bg.gif Deleted
C:\WINDOWS\buy-now-btn.gif Deleted
C:\WINDOWS\close-bar.gif Deleted
C:\WINDOWS\corner-left.gif Deleted
C:\WINDOWS\corner-right.gif Deleted
C:\WINDOWS\dlmax.dll Deleted
C:\WINDOWS\facts.gif Deleted
C:\WINDOWS\footer.gif Deleted
C:\WINDOWS\free-scan-btn.gif Deleted
C:\WINDOWS\h-line-gradient.gif Deleted
C:\WINDOWS\header-bg.gif Deleted
C:\WINDOWS\infected.gif Deleted
C:\WINDOWS\info.gif Deleted
C:\WINDOWS\no-icon.gif Deleted
C:\WINDOWS\reg-freeze-box.gif Deleted
C:\WINDOWS\reg-freeze-header.gif Deleted
C:\WINDOWS\remove-spyware-btn.gif Deleted
C:\WINDOWS\spyware-sheriff-header.gif Deleted
C:\WINDOWS\spyware-sheriff-box.gif Deleted
C:\WINDOWS\star.gif Deleted
C:\WINDOWS\star-grey.gif Deleted
C:\WINDOWS\true-stories.gif Deleted
C:\WINDOWS\warning-bar-ico.gif Deleted
C:\WINDOWS\win-sec-center-logo.gif Deleted
C:\WINDOWS\windows-compatible.gif Deleted
C:\WINDOWS\yes-icon.gif Deleted
C:\WINDOWS\system32\CWS_iestart.exe Deleted
C:\WINDOWS\system32\mirarsearch_toolbar.exe Deleted
C:\WINDOWS\system32\mswinf32.dll Deleted
C:\WINDOWS\system32\mswinf32.exe Deleted
C:\WINDOWS\system32\mswinup32.dll Deleted
C:\WINDOWS\system32\mswinxml.dll Deleted
C:\WINDOWS\system32\questmod.dll Deleted
C:\WINDOWS\system32\runsrv32.dll Deleted
C:\WINDOWS\system32\runsrv32.exe Deleted
C:\WINDOWS\system32\shellgui32.dll Deleted
C:\WINDOWS\system32\txfdb32.dll Deleted
C:\WINDOWS\system32\udpmod.dll Deleted
C:\WINDOWS\system32\winlfl32.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» Reboot

C:\WINDOWS\system32\winsrv32.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» End

mooneyjuney

2006-05-07, 00:07

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:49:10 PM, 5/6/2006
+ Report-Checksum: 542A77CC

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e52dedbb-d168-4bdb-b229-c48160800e81} -> Hijacker.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup
HKU\S-1-5-21-3818900820-2077995646-4232387374-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@7search[2].txt -> TrackingCookie.7search : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.12:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.13:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.14:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.15:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.16:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.17:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.18:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.19:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.20:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.21:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.22:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.23:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.24:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.25:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.26:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.27:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.28:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.29:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.30:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.52:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.87:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.104:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.106:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.148:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.156:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Counted : Cleaned with backup
:mozilla.157:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Counted : Cleaned with backup
:mozilla.162:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.171:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.172:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Xxxcounter : Cleaned with backup
:mozilla.173:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Xxxcounter : Cleaned with backup
:mozilla.174:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.181:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.182:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.184:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.188:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.189:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.204:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.208:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.209:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.210:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.211:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.226:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.227:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.229:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.230:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.231:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.232:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.233:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.234:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.235:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.236:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.237:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.238:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.239:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.240:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.241:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.242:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.243:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.244:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.245:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.246:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.252:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.253:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.254:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.270:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.285:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.286:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.287:C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\SiwikMuller\Local Settings\Temp\Cookies\siwikmuller@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\SiwikMuller\Local Settings\Temp\temp.fr5DED -> Adware.CashDeluxe : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup
C:\WINDOWS\$NtServicePackUninstall$\notepad.exe -> Hijacker.StartPage.gq : Cleaned with backup
C:\WINDOWS\svchost.exe -> Hijacker.StartPage.gq : Cleaned with backup
C:\WINDOWS\SYSTEM32\exuc32.tmp -> Backdoor.Agent.zb : Cleaned with backup
C:\WINDOWS\SYSTEM32\inst.exe -> Downloader.VB.aan : Cleaned with backup
C:\WINDOWS\SYSTEM32\intxt.exe -> Adware.CashDeluxe : Cleaned with backup
C:\WINDOWS\SYSTEM32\mswinb32.dll -> Adware.CashDeluxe : Cleaned with backup
C:\WINDOWS\SYSTEM32\mswinb32.exe -> Adware.CashDeluxe : Cleaned with backup
C:\WINDOWS\SYSTEM32\tneznhze.exe -> Downloader.VB.aan : Cleaned with backup

::Report End

mooneyjuney

2006-05-07, 00:10

--- Search result list ---
Smitfraud-C.: Settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-3818900820-2077995646-4232387374-1006\WindowsSubVersion

Smitfraud-C.: Web page (File, fixed)
C:\WINDOWS\SYSTEM32\winsub.xml

Spy Sheriff: Text file (File, fixed)
C:\WINDOWS\SYSTEM32\svcp.csv

SpyHunter: Program group (Directory, fixed)
C:\Program Files\Enigma Software Group\

Windows Security Center.AntiVirusOverride: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

HangUpTeam.TechnicRat: Global settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger

Tibs.vq: Settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-3818900820-2077995646-4232387374-1006\ColorTable19

Tibs.vq: Settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-3818900820-2077995646-4232387374-1006\ColorTable20

CoolWWWSearch: Tracking cookie (Mozilla: default) (Cookie, fixed)

CoolWWWSearch: Tracking cookie (Mozilla: default) (Cookie, fixed)

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-05-06 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-05-05 Includes\Cookies.sbi (*)
2006-05-05 Includes\Dialer.sbi (*)
2006-05-05 Includes\Hijackers.sbi (*)
2006-05-05 Includes\Keyloggers.sbi (*)
2006-05-05 Includes\Malware.sbi (*)
2006-05-05 Includes\PUPS.sbi (*)
2006-05-05 Includes\Revision.sbi (*)
2006-05-05 Includes\Security.sbi (*)
2006-05-05 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-05-05 Includes\Trojans.sbi (*)

--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB886906)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player: Windows Media Update 828026
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)

mooneyjuney

2006-05-07, 00:11

--- Startup entries list ---
Located: HK_LM:Run, AdaptecDirectCD
command: "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
file: C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
size: 684032
MD5: be3238a165afb321f1696cc1ff9ef271

Located: HK_LM:Run, BCMSMMSG
command: BCMSMMSG.exe
file: C:\WINDOWS\BCMSMMSG.exe
size: 122880
MD5: 2d99607f21ff368c0e335a2d91a052a1

Located: HK_LM:Run, Disk Monitor
command: C:\Program Files\Lexar Media\USB Card Reader Driver v2.1g\Disk_Monitor.exe
file: C:\Program Files\Lexar Media\USB Card Reader Driver v2.1g\Disk_Monitor.exe
size: 438784
MD5: 03fd3b26e8e61a7ce8f934cf83f4219c

Located: HK_LM:Run, DwlClient
command: C:\Program Files\Common Files\Dell\EUSW\Support.exe
file: C:\Program Files\Common Files\Dell\EUSW\Support.exe
size: 245760
MD5: 58cd30203ddb67fad6a34aa624fa0141

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 126976
MD5: e4cf942a4aea9d27c87f190f65e7d0f6

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 155648
MD5: 093d3ee722542ba2e7ad929aa3ca6abc

Located: HK_LM:Run, iTunesHelper
command: C:\Program Files\iTunes\iTunesHelper.exe
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: 2e0e2be7bd6614ea4c86b9ece793e31e

Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 13922eb54890c77005268882629a31fe

Located: HK_LM:Run, MMTray
command: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
file: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
size: 90112
MD5: cbbf60e054a7840c61513565377a8558

Located: HK_LM:Run, MSConfig
command: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
file: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
size: 158208
MD5: 4fd22142f54692463a7b98b7de175573

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76a3a30b58405c2c6d833895253a51a9

Located: HK_LM:Run, SpywareBot
command: C:\Program Files\SpywareBot\SpywareBot.exe -boot
file:

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 151597
MD5: a05da809ac0d86d916d09e3a908d3a06

Located: HK_LM:Run, Transponder
command: C:\WINDOWS\system32\susp.exe
file:

Located: HK_LM:Run, VerizonServicepoint.exe
command: C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
file: C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
size: 1880064
MD5: a7f075d26df8127140e70840134675b7

Located: HK_LM:Run, vptray
command: C:\Program Files\NavNT\vptray.exe
file: C:\Program Files\NavNT\vptray.exe
size: 53248
MD5: 58cc953bd7351dd671b8ab9891f90a6e

Located: HK_LM:Run, WinampAgent
command: "C:\Program Files\Winamp\Winampa.exe"
file: C:\Program Files\Winamp\Winampa.exe
size: 12288
MD5: 3184895910411ac3e34599c44dbc5964

Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 777424
MD5: 3207bba7a51043ff2c5d64df4c3b6310

Located: HK_LM:Run, YBrowser
command: C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
file: C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
size: 57344
MD5: 842c7b3e4bb7b7ebf0db9f60ab08ce3e

Located: HK_LM:Run, ymetray
command: "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
file: C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe
size: 5537792
MD5: 12dc6cf547a109369b8eb543235be7f6

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: HK_CU:Run, Yahoo! Pager
command: "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
file: C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
size: 3092480
MD5: 5191b3ae89a93f815704ccc76b8467de

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: 3979bb2d12d6f2e82c6b320de92cd757

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll

Located: System.ini, NavLogon
command: C:\WINDOWS\System32\NavLogon.dll
file: C:\WINDOWS\System32\NavLogon.dll
size: 28672
MD5: baa32c690df1702455ddb185bb9705a6

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

mooneyjuney

2006-05-07, 00:13

--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 9/23/2005 9:12:08 PM
Date (last access): 5/6/2006 4:59:16 PM
Date (last write): 9/23/2005 9:12:08 PM
Filesize: 63136
Attributes: archive
MD5: B61D5D651ECC6055C29BF826CA7B1141
CRC32: FEF15799
Version: 7.0.5.172

{12872A48-35BA-4A13-A5A5-B8047717564C} (winapi32.MyBHO)
BHO name:
CLSID name: winapi32.MyBHO
Path: C:\WINDOWS\system32\
Long name: winapi32.dll

{4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (Netscape)
BHO name:
CLSID name: Netscape
description: Netscape toolbar
classification: Legitimate
known filename: Netscape.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\DOWNLO~1\
Long name: netscape.dll
Short name:
Date (created): 2/5/2004 3:17:38 PM
Date (last access): 5/6/2006 4:59:16 PM
Date (last write): 2/5/2004 3:17:38 PM
Filesize: 858112
Attributes: archive
MD5: 56ADC690A58D94E5C37951922A901142
CRC32: BEAC3C76
Version: 2.0.0.4

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 5/6/2006 3:50:46 PM
Date (last access): 5/6/2006 4:59:16 PM
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{77701e16-9bfe-4b63-a5b4-7bd156758a37} ()
BHO name:
CLSID name:

{AF79D4A2-725D-4627-9E34-08C04833D798} (winapi32.MyBHO)
BHO name:
CLSID name: winapi32.MyBHO
Path: C:\WINDOWS\system32\
Long name: winapi32.dll

--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{10000000-1000-0000-1000-000000000000} ()
DPF name:
CLSID name:
Installer:
Codebase: file://C:\Program Files\Internet Explorer\vfkotgjd.exe
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 4/10/2006 1:00:34 PM
Date (last access): 5/6/2006 3:45:32 PM
Date (last write): 4/10/2006 1:00:34 PM
Filesize: 555824
Attributes: archive
MD5: 593F9787C3161CC77FA9B4BEBE823582
CRC32: B36241BF
Version: 1.5.526.0

{4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (Netscape)
DPF name:
CLSID name: Netscape
Installer:
Codebase: http://downloads.netscape.com/search/toolbar/netscape.cab
description: Netscape toolbar
classification: Legitimate
known filename: Netscape.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\DOWNLO~1\
Long name: netscape.dll
Short name:
Date (created): 2/5/2004 3:17:38 PM
Date (last access): 5/6/2006 4:59:16 PM
Date (last write): 2/5/2004 3:17:38 PM
Filesize: 858112
Attributes: archive
MD5: 56ADC690A58D94E5C37951922A901142
CRC32: BEAC3C76
Version: 2.0.0.4

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02)
DPF name: Java Runtime Environment 1.4.1_02
CLSID name: Java Plug-in 1.4.1_02
Installer:
Codebase: http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.1_02\bin\
Long name: NPJPI141_02.dll
Short name: NPJPI1~1.DLL
Date (created): 8/1/2004 5:22:40 PM
Date (last access): 5/6/2006 3:45:32 PM
Date (last write): 2/20/2003 4:42:34 PM
Filesize: 61553
Attributes: archive
MD5: E4EFF4ADF1367AA79815A9061E64C0D9
CRC32: A0446F8E
Version: 1.4.1.20

{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02)
DPF name: Java Runtime Environment 1.4.1_02
CLSID name: Java Plug-in 1.4.1_02
Installer:
Codebase: http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
description:
classification: Legitimate
known filename: NPJPI141_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.1_02\bin\
Long name: NPJPI141_02.dll
Short name: NPJPI1~1.DLL
Date (created): 8/1/2004 5:22:40 PM
Date (last access): 5/6/2006 5:07:58 PM
Date (last write): 2/20/2003 4:42:34 PM
Filesize: 61553
Attributes: archive
MD5: E4EFF4ADF1367AA79815A9061E64C0D9
CRC32: A0446F8E
Version: 1.4.1.20

--- Process list ---
PID: 0 ( 0) [System]
PID: 504 ( 4) \SystemRoot\System32\smss.exe
PID: 556 ( 504) \??\C:\WINDOWS\system32\csrss.exe
PID: 580 ( 504) \??\C:\WINDOWS\system32\winlogon.exe
PID: 632 ( 580) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 644 ( 580) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 792 ( 632) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 860 ( 632) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 956 ( 632) C:\Program Files\Windows Defender\MsMpEng.exe
size: 14032
MD5: E7E81C6BCD697F5921DF6D6781D2673D
PID: 1052 ( 632) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1108 ( 632) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1240 ( 632) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1512 (1492) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 220 ( 204) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 5/6/2006 5:07:56 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL
http://ie.search.msn.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.dellnet.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://bestsearch.cc/2484/search.php?qq=
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.msn.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{757F593B-DB24-4625-A8A6-3B65070ABECA}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{757F593B-DB24-4625-A8A6-3B65070ABECA}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AF2ECDD-5001-4378-B281-339EDF97BCBB}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AF2ECDD-5001-4378-B281-339EDF97BCBB}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F4F7522A-4968-457E-B62D-85C1878FB75C}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F4F7522A-4968-457E-B62D-85C1878FB75C}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

mooneyjuney

2006-05-07, 00:16

--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

1.0 (Adobe PhotoDeluxe Business Edition 1.0)
install location: C:\Program Files\PhotoDeluxe BE 1.0
install source: D:\ENGLISH\INSTALL\
uninstall cmd: C:\WINDOWS\UNINST.EXE -f"C:\Program Files\PhotoDeluxe BE 1.0\DeIsL1.isu"
publisher: Adobe Systems, Inc.

Adobe Type Manager 4.0 (Adobe Type Manager 4.0)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"

AOL Instant Messenger (AOL Instant Messenger)
uninstall cmd: C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=

BCM V.92 56K Modem (BCM V.92 56K Modem)
uninstall cmd: C:\WINDOWS\BCMSMU.exe quiet

BitTornado 0.3.7 0.3.7 (BitTornado)
uninstall cmd: C:\Program Files\BitTornado\uninst.exe
publisher: John Hoffman

(Branding)

(Britannica Ready Reference)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45893FEB-30FD-4034-8661-3BA4238FE67A}\SETUP.EXE" -l0x9 -uninst -y -a -f"b2003ce.isu"

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

ewido anti-malware (ewidoantimalware)
install location: C:\Program Files\ewido anti-malware
uninstall cmd: C:\Program Files\ewido anti-malware\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

(expinst)

(Fontcore)

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Program Files\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

iTunes 4.7.1.30 (InstallShield_{3CB41017-F5CA-4C56-934C-ED02156251E6})
version: 67567617
version (major): 4
version (minor): 7
estimated size: 13451
install date: 20050430
install location: C:\Program Files\iTunes\
install source: C:\WINDOWS\Downloaded Installations\{628E8630-7947-49EA-BE90-7F8BFF77A79C}\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3CB41017-F5CA-4C56-934C-ED02156251E6}
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

Broadcom Advanced Control Suite 3.26.0000 (InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939})
version: 52035584
version (major): 3
version (minor): 26
estimated size: 1660
install date: 20030701
install source: C:\DELL\6w936\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
publisher: Broadcom
comments: Broadcom Advanced Control Suite(BACS)
contact: Dell Customer Support
help link: http://www.support.dell.com

iPod for Windows 2005-02-07 3.1.0 (InstallShield_{78B50D1D-642C-4B89-BCC7-352EAE3614D7})
version: 50397184
version (major): 3
version (minor): 1
estimated size: 40814
install date: 20050430
install location: C:\Program Files\iPod\
install source: C:\WINDOWS\Downloaded Installations\{27CA2C5D-95E6-467E-898C-AE509746C4BE}\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{78B50D1D-642C-4B89-BCC7-352EAE3614D7} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare
help link: http://www.info.apple.com

iPod for Windows 2005-10-12 4.3.0 (InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A})
version: 67305472
version (major): 4
version (minor): 3
estimated size: 66860
install date: 20051111
install location: C:\Program Files\iPod\
install source: C:\WINDOWS\Downloaded Installations\{C32B8844-F60D-430F-8B25-FDE3F90944C5}\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare
help link: http://www.info.apple.com
readme: http://www.info.apple.com/support/downloads.html

Java Web Start (Java Web Start)
uninstall cmd: "C:\Program Files\Java Web Start\uninst-javaws.exe"

Windows XP Hotfix - KB834707 20040929.110854 (KB834707)
uninstall cmd: C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=834707

Windows XP Hotfix - KB867282 20050127.090417 (KB867282)
uninstall cmd: C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=867282

Microsoft Data Access Components KB870669 (KB870669)
uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB870669

Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

Security Update for Windows XP (KB883939) 1 (KB883939)
install date: 20050623
uninstall cmd: "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883939

(KB884016)

Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20050623
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890047 20041221.124506 (KB890047)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890047

Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20050414
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Windows XP Hotfix - KB890923 1 (KB890923)
install date: 20050414
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890923

Windows Media Format SDK Hotfix - KB891122 (KB891122)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891122

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Windows XP Hotfix - KB893066 1 (KB893066)
install date: 20050414
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066

Windows XP Hotfix - KB893086 1 (KB893086)
install date: 20050414
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086

Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20050814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

Windows Installer 3.1 (KB893803) 3.1 (KB893803)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
install date: 20050814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20050623
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20050623
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20050814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20051108
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20050623
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Security Update for Windows XP (KB896688) 1 (KB896688)
install date: 20051020
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896688

Update for Windows XP (KB896727) 1 (KB896727)
install date: 20050814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896727

Security Update for Step By Step Interactive Training (KB898458) 20050502.101010 (KB898458)
install date: 20050623
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/898458

Update for Windows XP (KB898461) 1 (KB898461)
install date: 20050629
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20050814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Security Update for Windows XP (KB899588) 1 (KB899588)
install date: 20050814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899588

Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20050814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

Update for Windows XP (KB900485) 2 (KB900485)
install date: 20060428
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485

Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20051020
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20051020
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20050715
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Hotfix for Windows Media Format SDK (KB902344) (KB902344)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902344

Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20051020
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Security Update for Windows XP (KB903235) 1 (KB903235)
install date: 20050714
uninstall cmd: "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903235

Security Update for Windows XP (KB904706) 1 (KB904706)
install date: 20051020
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20051020
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20051020
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

Security Update for Windows XP (KB905915) 1 (KB905915)
install date: 20051219
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915

Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Security Update for Windows XP (KB908531) 1 (KB908531)
install date: 20060415
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Update for Windows XP (KB910437) 1 (KB910437)
install date: 20051219
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20060415
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20060214
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564

Security Update for Windows Media Player 9 (KB911565) (KB911565)
install date: 20060215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911565

Security Update for Windows XP (KB911567) 1 (KB911567)
install date: 20060415
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567

Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20060214
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927

Security Update for Windows XP (KB912812) 1 (KB912812)
install date: 20060415
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912812

Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060107
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919

mooneyjuney

2006-05-07, 00:17

Security Update for Windows XP (KB913446) 1 (KB913446)
install date: 20060215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913446

KODAK DC265 Software (KODAK DC265)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Kodak\DC265\Uninst.isu"

Lexar Media USB Card Reader Driver v2.1g (Lexar Media USB Card Reader Driver)
uninstall cmd: C:\WINDOWS\iun6002.exe "C:\Program Files\Lexar Media\USB Card Reader Driver v2.1g\irunin.ini"

LiveUpdate (LiveUpdate)
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\Uninst.exe -u

Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"

Microsoft .NET Framework 1.0 Hotfix (KB886906) (M886906)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M886906\M886906Uninstall.msp"

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Microsoft .NET Framework (English) v1.0.3705 (Microsoft .NET Framework Full v1.0.3705 (1033))
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\repair.htm

(Microsoft Interactive Training)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(MsJavaVM)

MUSICMATCH Jukebox (MUSICMATCH Jukebox)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll

(NetMeeting)

Netscape (NETSCAPE)
uninstall cmd: regsvr32.exe -u -s C:\WINDOWS\DOWNLO~1\netscape.dll

Netscape (7.1) (Netscape (7.1))
uninstall cmd: C:\WINDOWS\NSUninst.exe /ua "7.1b1 (en)"

Netscape Browser (remove only) (Netscape Browser)
uninstall cmd: "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Quicken 2002 New User Edition (Quicken 2002 New User Edition)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\QUICKENW\Uninst.isu" -c"C:\Program Files\QUICKENW\uninst.dll"

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

Verizon Servicepoint 1.3.21 1.3.21 (RadialpointClientGateway_is1)
install location: C:\Program Files\Verizon\Servicepoint\
uninstall cmd: "C:\Program Files\Verizon\Servicepoint\unins000.exe"
publisher: Verizon
help link: http://www.verizon.freedom.net/vsp-support-page/

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

RealOne Player (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

Verizon PC Security Checkup 1.5.5 (Rp Scan and Clean {40ACEAF4-1EB2-45FC-90C3-6810700C0595})
version: 17104901
version (major): 1
version (minor): 5
estimated size: 20657
install date: 20060506
install location: C:\Program Files\Verizon\PC Security Checkup\
install source: C:\WINDOWS\Downloaded Installations\{E0651F12-2AC9-46B9-964D-A1A93A3736FE}\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{40ACEAF4-1EB2-45FC-90C3-6810700C0595}
publisher: Verizon
contact: Customer Support Department
help link: http://www.verizon.freedom.net/supportpage

(SchedulingAgent)

(ShockwaveFlash)

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Verizon Online DSL (Verizon Online DSL_is1)
uninstall cmd: C:\Program Files\Common Files\SupportSoft\Verizon\vzuninstall.exe /starthidden

Verizon Yahoo! Applications (Verizon Yahoo! Applications)
uninstall cmd: C:\PROGRA~1\Yahoo!\Common\uninstall.exe

Viewpoint Media Player (Remove Only) (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u

Winamp (remove only) (Winamp)
uninstall cmd: "C:\Program Files\Winamp\UninstWA.exe"

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows XP Service Pack 2 20040803.231319 (Windows XP Service Pack)
uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811113

Microsoft Office 2000 Professional 9.00.2720 ({00010409-78E1-11D2-B60F-006097C998E7})
version: 150997664
version (major): 9
estimated size: 162638
install date: 20030708
install source: D:\
uninstall cmd: MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office\ofread9.txt

Dell Solution Center 1.00.0000 ({11F1920A-56A2-4642-B6E0-3B31A12C9288})
version: 16777216
version (major): 1
install date: 20030701
uninstall cmd: MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
publisher: Dell
help link: http://www.support.dell.com
help telephone: http://www.support.dell.com

Dell Picture Studio - Dell Image Expert 3.4.1 ({151C555A-A9E7-4A2E-B6D7-165D04A3C956})
version: 50593793
version (major): 3
version (minor): 4
install date: 20030701
uninstall cmd: MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
publisher: Jasc Software Inc
comments:
contact: Customer Support Department
help link: http://dell.shutterfly.com/help
help telephone: 1-952-294-2692
readme: -

({25EF00BE-F17B-11D6-88EA-000476CD2443})

WebFldrs XP 9.50.6513 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2492
install date: 20020903
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

iTunes 4.7.1.30 ({3CB41017-F5CA-4C56-934C-ED02156251E6})
version: 67567617
version (major): 4
version (minor): 7
estimated size: 13451
install date: 20050430
install location: C:\Program Files\iTunes\
install source: C:\WINDOWS\Downloaded Installations\{628E8630-7947-49EA-BE90-7F8BFF77A79C}\
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

Verizon PC Security Checkup 1.5.5 ({40ACEAF4-1EB2-45FC-90C3-6810700C0595})
version: 17104901
version (major): 1
version (minor): 5
estimated size: 20657
install date: 20060506
install location: C:\Program Files\Verizon\PC Security Checkup\
install source: C:\WINDOWS\Downloaded Installations\{E0651F12-2AC9-46B9-964D-A1A93A3736FE}\
publisher: Verizon
contact: Customer Support Department
help link: http://www.verizon.freedom.net/supportpage

Dell Support 2.00.0000 ({43FCA273-9534-40DB-B7C5-D7758875616A})
version: 33554432
version (major): 2
install date: 20030701
uninstall cmd: MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
publisher: Dell
comments: Go to http://support.dell.com
contact: http://support.dell.com
help link: http://support.dell.com
help telephone: 1-800-BUY-DELL
readme: 0

Britannica Ready Reference ({45893FEB-30FD-4034-8661-3BA4238FE67A})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45893FEB-30FD-4034-8661-3BA4238FE67A}\SETUP.EXE" -l0x9 -uninst

BACS 3.26.0000 ({468190DA-FB4C-45BA-8E40-4B165FF1A939})
version: 52035584
version (major): 3
version (minor): 26
estimated size: 1660
install date: 20030701
install source: C:\DELL\6w936\
publisher: Broadcom
comments: Broadcom Advanced Control Suite(BACS)
contact: Dell Customer Support
help link: http://www.support.dell.com

Banctec Service Agreement 1.00.0004 ({4B9F45E8-E3CE-40B4-9463-80A9B3481DEF})
version: 16777220
version (major): 1
install date: 20030701
publisher: Dell
comments: Go to http://support.dell.com.
contact: Dell Support
help link: http://support.dell.com
help telephone: 0

Easy CD Creator 5 Basic 5.3.4.21 ({609F7AC8-C510-11D4-A788-009027ABA5D0})
version: 83951616
version (major): 5
version (minor): 1
install date: 20030701
uninstall cmd: MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
publisher: Roxio Inc
help link: http://www.roxio.com/en/support
help telephone:

DAO 3.50 ({64116298-93C5-401D-B06C-39D8E3338508})
version: 53608448
version (major): 3
version (minor): 50
install date: 20030701
uninstall cmd: MsiExec.exe /I{64116298-93C5-401D-B06C-39D8E3338508}
publisher: Jasc Software Inc
comments: Your Comments
contact: Customer Support Department
help link: http://www.yourcompany.com/help
help telephone: 1-555-555-4505

MSXML 4.0 SP2 Parser and SDK 4.20.9818.0 ({716E0306-8318-4364-8B8F-0CC4E9376BAC})
version: 68429402
version (major): 4
version (minor): 20
estimated size: 1259
install date: 20060430
install source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\buvs\mbsa\
uninstall cmd: MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
publisher: Microsoft Corporation
help link: http://www.msdn.microsoft.com/xml

iPod for Windows 2005-02-07 3.1.0 ({78B50D1D-642C-4B89-BCC7-352EAE3614D7})
version: 50397184
version (major): 3
version (minor): 1
estimated size: 40814
install date: 20050430
install location: C:\Program Files\iPod\
install source: C:\WINDOWS\Downloaded Installations\{27CA2C5D-95E6-467E-898C-AE509746C4BE}\
publisher: Apple Computer, Inc.
contact: AppleCare
help link: http://www.info.apple.com

Modem Helper ({7F142D56-3326-11D5-B229-002078017FBF})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel

({8851E12C-0EF9-11D4-A788-009027ABA5D0})

Intel(R) Extreme Graphics Driver ({8A708DD8-A5E6-11D4-A706-000629E95E20})
uninstall cmd: RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562

Help and Support Customization 1.00.0000 ({90D55A3F-1D99-4C94-A77E-46DC14F0BF08})
version: 16777216
version (major): 1
install date: 20030701
publisher: Dell
contact: http://www.support.dell.com
help link: http://www.support.dell.com
help telephone: http://www.support.dell.com
readme: 0

Windows Defender Signatures 1.20.1436.4 ({A5CC2A09-E9D3-49EC-923D-03874BBD4C2C})
version: 18089372
version (major): 1
version (minor): 20
estimated size: 7244
install date: 20060506
install source: C:\Program Files\Windows Defender\
uninstall cmd: MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
publisher: Microsoft Corporation

Adobe Reader 7.0.5 7.0.5 ({AC76BA86-7AD7-1033-7B44-A70500000002})
version: 117440517
version (major): 7
estimated size: 65620
install date: 20051111
install location: C:\Program Files\Adobe\Acrobat 7.0\Reader\
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig705\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

Windows Defender 1.1.1347.6 ({B2D7CE29-614A-4ACC-8BFE-009EB3A244C9})
version: 16844099
version (major): 1
version (minor): 1
estimated size: 10644
install date: 20060430
install source: C:\Documents and Settings\SiwikMuller\Desktop\
uninstall cmd: MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=55273

Microsoft .NET Framework (English) 1.0.3705 ({B43357AA-3A6D-4D94-B56E-43C44D09E548})
version: 16780921
version (major): 1
estimated size: 58018
install date: 20060501
install source: C:\DELL\6w650\
uninstall cmd: MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
publisher: Microsoft

Norton AntiVirus Corporate Edition 7.5.0.0000 ({BD12EB47-DBDF-11D3-BEEA-00A0CC272509})
version: 117768192
version (major): 7
version (minor): 5
estimated size: 19911
install date: 20030708
install source: D:\NAV75\
uninstall cmd: MsiExec.exe /I{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}
publisher: Symantec Corporation
contact:
help link: http://www.symantec.com
help telephone:

Anti-Spyware 5.6.608 ({C2444FA0-04AA-4221-B652-73713947ED22})
version: 84279904
version (major): 5
version (minor): 6
estimated size: 14273
install date: 20060506
install source: C:\Program Files\Common Files\PestPatrol\
publisher: Zero-Knowledge Systems Inc.
comments: Your Comments
contact: Customer Support Department
help link: http://www.yourcompany.com/help
help telephone:

Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 60751
install date: 20060501
install source: C:\WINDOWS\TEMP\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Authentium 4.93.7 ({D3386797-A836-4030-AB5D-4E89F2F15F33})
version: 73203719
version (major): 4
version (minor): 93
estimated size: 13081
install date: 20060506
install source: C:\Program Files\Common Files\Command Software\
publisher: Command Software Systems, Inc.

Paint Shop Pro 7 7.05.0000 ({D6DE02C7-1F47-11D4-9515-00105AE4B89A})
version: 117768192
version (major): 7
version (minor): 5
install date: 20030701
uninstall cmd: MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
publisher: Jasc Software Inc
comments: Jasc Software Inc
contact: Customer Support Department
help link: http://www.jasc.com/support2.asp
help telephone: 1-952-930-9171
readme: Readme.doc

iPod for Windows 2005-10-12 4.3.0 ({D9F4A9F8-92C5-4289-9D04-F0F8F02D580A})
version: 67305472
version (major): 4
version (minor): 3
estimated size: 66860
install date: 20051111
install location: C:\Program Files\iPod\
install source: C:\WINDOWS\Downloaded Installations\{C32B8844-F60D-430F-8B25-FDE3F90944C5}\
publisher: Apple Computer, Inc.
contact: AppleCare
help link: http://www.info.apple.com
readme: http://www.info.apple.com/support/downloads.html

Java 2 Runtime Environment, SE v1.4.1_02 ({EFCE5837-FC21-11D6-9D24-00010240CE95})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext

mooneyjuney

2006-05-07, 00:17

Logfile of HijackThis v1.99.1
Scan saved at 5:37:07 PM, on 5/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexar Media\USB Card Reader Driver v2.1g\Disk_Monitor.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NavNT\rtvscan.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.netscape.com/index2.psp"); (C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: winapi32.MyBHO - {12872A48-35BA-4A13-A5A5-B8047717564C} - C:\WINDOWS\system32\winapi32.dll (file missing)
O2 - BHO: Netscape - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: winapi32.MyBHO - {AF79D4A2-725D-4627-9E34-08C04833D798} - C:\WINDOWS\system32\winapi32.dll (file missing)
O3 - Toolbar: Netscape - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Lexar Media\USB Card Reader Driver v2.1g\Disk_Monitor.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\vfkotgjd.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (Netscape) - http://downloads.netscape.com/search/toolbar/netscape.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Windows Service Manager (WSCM) - Unknown owner - C:\WINDOWS\System32\service.exe (file missing)

LonnyRJones

2006-05-07, 10:06

Welcome

Start Hijackthis and place a check next to these items If there.
O2 - BHO: winapi32.MyBHO - {12872A48-35BA-4A13-A5A5-B8047717564C} - C:\WINDOWS\system32\winapi32.dll (file missing)
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: winapi32.MyBHO - {AF79D4A2-725D-4627-9E34-08C04833D798} - C:\WINDOWS\system32\winapi32.dll (file missing)
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O23 - Service: Windows Service Manager (WSCM) - Unknown owner - C:\WINDOWS\System32\service.exe (file missing)

====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post back with another hijackthis log. be sure to mention any current problems.

mooneyjuney

2006-05-08, 02:42

The only problem I've had since I originally used the posted self-help fix is that it's a little slow booting up. Otherwise I've seen no evidence of any of these spyware programs. Thanks again.

I deleted the 5 lines and here's the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:36:42 PM, on 5/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexar Media\USB Card Reader Driver v2.1g\Disk_Monitor.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.netscape.com/index2.psp"); (C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Netscape - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Netscape - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Lexar Media\USB Card Reader Driver v2.1g\Disk_Monitor.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\vfkotgjd.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (Netscape) - http://downloads.netscape.com/search/toolbar/netscape.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Windows Service Manager (WSCM) - Unknown owner - C:\WINDOWS\System32\service.exe (file missing)

LonnyRJones

2006-05-08, 03:12

Open a command prompt (start run type cmd press enter) type
sc delete "WSCM"
press enter, type exit and press enter to exit the command prompt

I see nav and command software, how many antivirus and firewalls programs are installed ?

mooneyjuney

2006-05-09, 03:48

nav, windows defender, windows firewall and the antimalware programs ad-aware, spybot s&d, ewido. I know, too many.

LonnyRJones

2006-05-09, 04:06

Thats not to many however never have more that one antivirus and firewall programs installed..

I missed one, Fix this using Hijackthis >
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\vfkotgjd.exe
===========
close hijackthis
===========
What program does this belong to if not an antivirus program
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
I see
DvpApi L dvpapi.exe Command Software Systems, Inc. - anti Virus

mooneyjuney

2006-05-10, 04:29

It is an antivirus, but I've never seen it before. I don't see uninstall, and it doesn't show up on add/remove programs. The date on the files is 1/20/06 so it's recent. Suggestions on how to remove?

Thanks.

LonnyRJones

2006-05-10, 06:08

Lets check an unistall list
Start HiJackThis
Press 'Config'
Press 'Misc Tools'
Press 'Open Uninstall Manager'
Press 'Save List'
Save the log to a convenient location
Copy the log and post its contents in this thread

mooneyjuney

2006-05-11, 02:47

Ad-Aware SE Personal
Adobe Reader 7.0.5
Adobe Type Manager 4.0
AOL Instant Messenger
BCM V.92 56K Modem
BitTornado 0.3.7
Britannica Ready Reference
Broadcom Advanced Control Suite
DAO
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support
Easy CD Creator 5 Basic
ewido anti-malware
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Intel(R) Extreme Graphics Driver
iPod for Windows 2005-02-07
iPod for Windows 2005-10-12
iTunes
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
KODAK DC265 Software
Lexar Media USB Card Reader Driver v2.1g
LiveUpdate
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Office 2000 Professional
Modem Helper
MSXML 4.0 SP2 Parser and SDK
MUSICMATCH Jukebox
Netscape
Netscape (7.1)
Netscape Browser (remove only)
Norton AntiVirus Corporate Edition
Paint Shop Pro 7
Quicken 2002 New User Edition
QuickTime
RealOne Player
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Spybot - Search & Destroy 1.4
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Verizon Online DSL
Verizon PC Security Checkup
Verizon Servicepoint 1.3.21
Verizon Yahoo! Applications
Viewpoint Media Player (Remove Only)
Winamp (remove only)
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2

LonnyRJones

2006-05-11, 03:54

I dont see it either

Click Start-> Settings -> Control Panel
Click Administrative Tools
Click Services
Double-click Services
Scroll down and highlight "dvpapi" Command Software Systems
Right-click the highlighted line and choose Properties
Click the STOP button
Select Disable or Manual in the Startup Type scroll bar
Click OK

Update suns java manualy
Sun Java V1.5.0_06 is Available: http://java.com/en/index.jsp
Afterwards Turn off it's auto-updater,(Its buggy) , in control panel java >
update tab uncheck its option to update automatically.
After you install the newer version its important to uninstall the old versions, via addremove programs.
http://forums.spybot.info/showthread.php?t=2559

mooneyjuney

2006-05-12, 03:13

Here's the new log. Everything's running much quicker now. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 9:10:06 PM, on 5/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexar Media\USB Card Reader Driver v2.1g\Disk_Monitor.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.netscape.com/index2.psp"); (C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\SiwikMuller\Application Data\Mozilla\Profiles\default\oxa42qqy.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Netscape - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Netscape - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Lexar Media\USB Card Reader Driver v2.1g\Disk_Monitor.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (Netscape) - http://downloads.netscape.com/search/toolbar/netscape.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

LonnyRJones

2006-05-12, 09:47

Looks fine :bigthumb:

Think Prevention:
Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Replace it about once monthly to keep it updated

To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279