PDA

View Full Version : VirusBurst:[Smitfraud] (help!)



rewindcaz
2006-09-24, 12:06
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:55:21 AM 9/24/2006

+ Scan result:



HKU\S-1-5-21-1757981266-796845957-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\ja.exe -> Heuristic.Win32.AVKiller : Ignored.
:mozilla.111:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.113:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.115:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.116:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.186:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.122:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.123:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.106:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.215:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.216:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.63:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.64:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.65:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.66:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.67:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.68:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.41:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.225:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.142:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.226:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.15:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.16:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.17:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.18:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.19:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.20:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.21:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.25:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.144:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.145:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.126:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.127:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.128:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.105:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.229:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.230:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.231:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.97:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.99:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.180:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.181:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.182:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.206:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.129:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.130:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.131:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.132:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.92:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.93:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.94:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.95:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.157:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.158:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.237:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.238:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.239:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.189:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.190:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.191:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.192:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.70:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.71:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.72:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.73:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.74:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.75:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.76:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.77:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.86:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.87:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.88:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.89:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.90:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.91:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.30:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.31:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.32:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.33:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\Zac\Application Data\Mozilla\Firefox\Profiles\mkoqw8uh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

rewindcaz
2006-09-24, 12:07
--- Search result list ---
Win23.PE: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pe386

Win23.PE: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pe386


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-09-23 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-09-22 Includes\Cookies.sbi (*)
2006-09-22 Includes\Dialer.sbi (*)
2006-09-22 Includes\Hijackers.sbi (*)
2006-09-22 Includes\Keyloggers.sbi (*)
2006-09-22 Includes\Malware.sbi (*)
2006-09-22 Includes\PUPS.sbi (*)
2006-09-22 Includes\Revision.sbi (*)
2006-09-22 Includes\Security.sbi (*)
2006-09-22 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-09-22 Includes\Trojans.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB898461)


--- Startup entries list ---
Located: HK_LM:Run, !ewido
command: "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
file: C:\Program Files\ewido anti-spyware 4.0\ewido.exe
size: 6283264
MD5: 10c40f37ac87a18f624143d4fe6e8dec

Located: HK_LM:Run, ATICCC
command: "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
file: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
size: 45056
MD5: 64c4c17bf6a40ff1cd21205e6fd415b8

Located: HK_LM:Run, CTSysVol
command: C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
file:

Located: HK_LM:Run, P17Helper
command: Rundll32 P17.dll,P17Helper
file:

Located: HK_LM:Run, WinampAgent
command: C:\Program Files\Winamp\winampa.exe
file: C:\Program Files\Winamp\winampa.exe
size: 35328
MD5: ea7b08147c0cb85eeb4e48dc3444208e

Located: HK_LM:Run, Zone Labs Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 968696
MD5: 71514e2c74d554f5902dc184046eca3b

Located: HK_CU:Run, AIM
command: C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
file: C:\PROGRA~1\AIM\aim.exe
size: 67112
MD5: 92be69a36a9504edba2cab34a32b97b3

Located: Startup (common), Adobe Gamma Loader.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: System.ini, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 9/23/2006 8:48:02 PM
Date (last access): 9/24/2006 2:25:18 AM
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0



--- ActiveX list ---
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158861802092
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: wuweb.dll
Short name:
Date (created): 5/26/2005 4:19:32 AM
Date (last access): 9/24/2006 3:00:18 AM
Date (last write): 5/26/2005 4:19:32 AM
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 5.8.0.2469

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158861797921
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: muweb.dll
Short name:
Date (created): 5/26/2005 4:19:32 AM
Date (last access): 9/24/2006 3:00:18 AM
Date (last write): 5/26/2005 4:19:32 AM
Filesize: 178408
Attributes: archive
MD5: EE37AA2C0700221CD8B02FADCD4C7FB5
CRC32: F5494B06
Version: 5.8.0.2469



--- Process list ---
PID: 0 ( 0) [System]
PID: 144 ( 4) \SystemRoot\System32\smss.exe
PID: 192 ( 144) \??\C:\WINDOWS\system32\csrss.exe
PID: 216 ( 144) \??\C:\WINDOWS\system32\winlogon.exe
PID: 260 ( 216) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 272 ( 216) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 424 ( 260) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 468 ( 260) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 524 ( 260) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 352 (1084) C:\WINDOWS\explorer.exe
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1160 ( 352) C:\Program Files\ewido anti-spyware 4.0\ewido.exe
size: 6283264
MD5: 10C40F37AC87A18F624143D4FE6E8DEC
PID: 1756 ( 352) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 9/24/2006 3:00:47 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: CA ISafe LSP over [MSAFD Tcpip [TCP/IP]]
GUID: {75F879A9-24AA-4198-87EB-9317FD9DDDCC}
Filename: C:\WINDOWS\system32\ZoneLabs\vetredir.dll

Protocol 1: CA ISafe LSP over [MSAFD Tcpip [UDP/IP]]
GUID: {75F879A9-24AA-4198-87EB-9317FD9DDDCC}
Filename: C:\WINDOWS\system32\ZoneLabs\vetredir.dll

Protocol 2: CA ISafe LSP over [MSAFD Tcpip [RAW/IP]]
GUID: {75F879A9-24AA-4198-87EB-9317FD9DDDCC}
Filename: C:\WINDOWS\system32\ZoneLabs\vetredir.dll

Protocol 3: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 4: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 5: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 6: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1B3C7A0F-610B-4BF5-82B0-7C2D02102477}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1B3C7A0F-610B-4BF5-82B0-7C2D02102477}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B30B20A7-2C0F-49E0-9B96-45719B1419C8}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B30B20A7-2C0F-49E0-9B96-45719B1419C8}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{98FA6922-32CF-4169-BA76-6B65D179F45C}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{98FA6922-32CF-4169-BA76-6B65D179F45C}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0E5F8EB7-DF4E-4B96-8AD4-D39D10F01CC1}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0E5F8EB7-DF4E-4B96-8AD4-D39D10F01CC1}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: CA ISafe LSP
GUID: {AE2578B4-F478-4313-9A3E-1B83F7A643DF}
Filename: C:\WINDOWS\system32\ZoneLabs\vetredir.dll

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace



--- Uninstall list ---
(AddressBook)

ATI - Software Uninstall Utility 6.14.10.1014 (All ATI Software)
install location: C:\Program Files\ATI Technologies\UninstallAll
uninstall cmd: C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

AOL Instant Messenger (AOL Instant Messenger)
uninstall cmd: C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=

ATI Display Driver 8.223-060207a3-031101C-ATI (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

(Branding)

(CADI)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove

(Connection Manager)

(Creative Restore Defaults)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove

(Creative WaveStudio)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove

(Device Control)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove

(Diagnostics 4_5)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

(EAX)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove

(Equalizer)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove

ewido anti-spyware 4.0 (ewidoantispyware4)
install location: C:\Program Files\ewido anti-spyware 4.0
uninstall cmd: C:\Program Files\ewido anti-spyware 4.0\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

(Fontcore)

Fraps (remove only) (Fraps)
uninstall cmd: "C:\Fraps\uninstall.exe"

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Program Files\Hijackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

Hijackthis 1.99.1 (Hijackthis_is1)
install location: C:\Program Files\Hijackthis\
uninstall cmd: "C:\Program Files\Hijackthis\unins000.exe"
publisher: Soeperman Enterprises Ltd
help link: http://www.merijn.org

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

SmartSound Quicktracks Plugin 3.0.2.7 (InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E})
version: 50331650
version (major): 3
estimated size: 17903
install date: 20060923
install location: C:\Program Files\SmartSound Software\Quicktracks\
install source: C:\DOCUME~1\Zac\LOCALS~1\Temp\_is138\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
publisher: SmartSound Software Inc
comments: Built by SmartSound Software Inc.
contact: Customer Support Department
help link: http://www.smartsound.com/support
help telephone: 1-818-920-9122

(KB884016)

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB898461) 1 (KB898461)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

rewindcaz
2006-09-24, 12:08
Macromedia Director MX 2004 (Macromedia Director MX 2004)
version (major): 10
version (minor): 1
install location: C:\Program Files\Macromedia\Director MX 2004
uninstall cmd: C:\PROGRA~1\MACROM~1\DIRECT~1\UNWISE.EXE C:\PROGRA~1\MACROM~1\DIRECT~1\install.log
publisher: Macromedia, Inc.

4.8.2.7565 (MailFrontier Desktop)
publisher: MailFrontier

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

Mozilla Firefox (1.5) 1.5 (en-US) (Mozilla Firefox (1.5))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5 (en-US)"
publisher: Mozilla

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

Nero Suite (NeroMultiInstaller!UninstallKey)
uninstall cmd: C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""

(NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL

(NetMeeting)

(NMPUninstallKey)
uninstall cmd: C:\WINDOWS\UNNMP.exe /UNINSTALL

NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\WINDOWS\System32\nvuide.exe UninstallGUI

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

(SchedulingAgent)

(SFBM)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove

(Smart Recorder)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove

(Sound Blaster Audigy)

(Sound Blaster Audigy Windows Drivers)
uninstall cmd: "C:\Program Files\Creative\SBAudigy\Program\Setup.exe" /S /U /W

(SPEAKER)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

(SURMIXER)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove

(Viewpoint Manager)

(ViewpointMediaPlayer)

Windows Genuine Advantage Validation Tool (KB892130) 1.5.0530.0 (WGA)
install date: 20060921
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130

Winamp (remove only) (Winamp)
uninstall cmd: "C:\Program Files\Winamp\UninstWA.exe"

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows XP Service Pack 2 20040803.231319 (Windows XP Service Pack)
uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811113

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

World of Warcraft (World of Warcraft)
uninstall cmd: C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

XoftSpy (XoftSpy)
uninstall cmd: C:\Program Files\XoftSpy\uninstall.exe

ZoneAlarm Security Suite 6.5.737.000 (ZoneAlarm Security Suite)
uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
publisher: Zone Labs, Inc
help link: C:\Program Files\Zone Labs\ZoneAlarm\Help\zaclients.chm

ATI Catalyst Control Center 1.2.2231.38897 ({09875CD6-80EB-4467-81FC-E28FC8402116})
version: 16910519
version (major): 1
version (minor): 2
estimated size: 211763
install date: 20060921
install source: D:\INSTALL\ACE\
uninstall cmd: MsiExec.exe /I{09875CD6-80EB-4467-81FC-E28FC8402116}
comments: Free technical support for ATI products, available 24 hours a day through our customer care webform.
contact: Customer Support Department
help link: http://www.ati.com/support/
help telephone: 1-877-284-1564

Sound Blaster Audigy 1.0 ({1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5})
version: 16777216
install location: C:\Program Files\Creative\SBAudigy
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\SETUP.EXE" -l0x9 /remove
help link: http://www.creative.com/support

2.00 ({32B4B536-4443-42F0-9676-98373BE9114F})
version: 33554432
install location: C:\Program Files\Creative\SBAudigy\Speaker Settings
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9

2.00 ({34EBD418-B8E6-4E86-89C4-33B72CF5663F})
version: 33554432
install location: C:\Program Files\Creative\SBAudigy\Program
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9

WebFldrs XP 9.50.5318 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154277062
version (major): 9
version (minor): 50
estimated size: 2508
install date: 20060921
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

ATI HYDRAVISION 3.25.0006 ({3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"

SmartSound Quicktracks Plugin 3.0.2.7 ({4A7FDA4D-F4D7-4A49-934A-066D59A43C7E})
version: 50331650
version (major): 3
estimated size: 17903
install date: 20060923
install location: C:\Program Files\SmartSound Software\Quicktracks\
install source: C:\DOCUME~1\Zac\LOCALS~1\Temp\_is138\
publisher: SmartSound Software Inc
comments: Built by SmartSound Software Inc.
contact: Customer Support Department
help link: http://www.smartsound.com/support
help telephone: 1-818-920-9122

1.00 ({52338F65-A1C3-4CDC-B733-50051682B297})
version: 16777216
install location: C:\Program Files\Creative\SBAudigy\Equalizer
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9

6.00 ({569A9538-86EC-44C3-8EE4-C68B165F2A75})
version: 100663296
install location: C:\Program Files\Creative\SBAudigy\WaveStudio
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9

2.00 ({5B17E626-7885-4FC3-A66A-73548A4F01FD})
version: 33554432
install location: C:\Program Files\Creative\SBAudigy\EAX
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9

({5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977})

1.03 ({700932B3-A964-4878-82A2-96054622A1F7})
version: 16973824
install location: C:\Program Files\Creative\ShareDLL\CADI
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9

3.00 ({73919E2B-725C-4FAA-8473-45E063A3575F})
version: 50331648
install location: C:\Program Files\Creative\SBAudigy\SFBM
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9

Ventrilo Client 2.3.0 ({789289CA-F73A-4A16-A331-54D498CE069F})
version: 33751040
version (major): 2
version (minor): 3
estimated size: 2392
install date: 20060921
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
publisher: Flagship Industries, Inc.
help link: http://www.ventrilo.com

4.00 ({84F573D3-0F71-4768-978A-D35310E3FBA6})
version: 67108864
install location: C:\Program Files\Creative\SBAudigy\Diagnostics
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9

1.00 ({9194237B-7B58-40B4-A739-184AD59531A2})
version: 16777216
install location: C:\Program Files\Creative\SBAudigy\Device Control
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9

DiscAPI (Studio 10) 2.10.0057 ({A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2})
version: 34209849
version (major): 2
version (minor): 10
estimated size: 12924
install date: 20060923
install location: C:\Program Files\Pinnacle\Studio 10\programs\
install source: C:\WINDOWS\Downloaded Installations\{E099E533-71D1-4B59-A2BB-92990A879171}\
uninstall cmd: MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
publisher: Pinnacle Systems

2.00 ({A82F10CB-18B5-4EAC-AEF2-FA49CD565626})
version: 33554432
install location: C:\Program Files\Creative\Shared Files
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9

2.20 ({BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE})
version: 34865152
install location: C:\Program Files\Creative\SBAudigy\Smart Recorder
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9

Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 37963
install date: 20060921
install source: C:\DOCUME~1\Zac\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

3.00 ({DE4A4C48-2232-4CCB-AD61-490ACD29BA85})
version: 50331648
install location: C:\Program Files\Creative\SBAudigy\Surround Mixer
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9

RAPID 1.00.0002 ({EEECE229-49F6-4851-A73A-99B058221F8C})
version: 16777218
version (major): 1
estimated size: 4399
install date: 20060923
install location: C:\Program Files\Pinnacle\Studio 10\programs\
install source: C:\WINDOWS\Downloaded Installations\{48F86F78-F8A8-47AA-B325-193CE925BE23}\
uninstall cmd: MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}
publisher: Pinnacle Systems

Adobe Photoshop CS CS ({EFB21DE7-8C19-4A88-BB28-A766E16493BC})
version: 134217728
version (major): 8
install location: C:\Program Files\Adobe\Photoshop CS
install source: C:\Documents and Settings\Zac\My Documents\New Folder\Adobe Photoshop CS v8.0.Final + Crack\adbpht80\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
publisher: Adobe Systems, Inc.

Studio 10 10.5 ({FDFE8A65-3DDD-4309-8194-559F41BF61F3})
version: 168099840
version (major): 1
install location: C:\Program Files\Pinnacle\Studio 10
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FDFE8A65-3DDD-4309-8194-559F41BF61F3}\setup.exe" -l0x9 UNINSTALL
publisher: Pinnacle Systems

rewindcaz
2006-09-24, 12:08
Logfile of HijackThis v1.99.1
Scan saved at 3:03:52 AM, on 9/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\update\update.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158861802092
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158861797921
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

LonnyRJones
2006-09-28, 08:22
Welcome

Since you mentioned VirusBurst, Smitfraud, have you ran smithfraudfix ?

Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.

tashi
2006-10-04, 20:18
This topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.