Browser hijacked & Broadcaster.com popups

**Gcarp** · 2007-04-01, 00:57

Every time I go online, my browsergets hijacked. If I go to Google and do a search, When I click on a result, it gets hijacked to some other website other than the one I was trying to go to. If I cut & paste the URL into the address window, it goes where I want. I also have been getting popup windows for Broadcaster.com.

I have tried various spyware removal tools (don't even remember which ones now.) that have removed various things (sorry). Then I found this website. I have followed the "Before you post" thread. Tried to use "Bit Defender" and it runs to the end and I get an IE has performed an illegal action and will close message. (ran it twice with the same results). Then ran Trend Micro Online - didn't find anything and did not give me a choice to save a log/report.

I have run SpyBot and adaware and every time I reboot I get find the same stuff and cannot remove it. (TIBS C) I have done all the steps from the sticky thread and here is the HJT log:

--- Search result list ---
Smitfraud-C.Toolbar888: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1532886375-2966927733-1597234714-1006\Software\Microsoft\aldd

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-03-21 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-03-28 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-03-28 Includes\DialerC.sbi (*)
2007-03-21 Includes\Hijackers.sbi (*)
2007-03-28 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-03-28 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-03-21 Includes\Malware.sbi (*)
2007-03-28 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-03-28 Includes\PUPSC.sbi (*)
2007-03-28 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-03-28 Includes\SecurityC.sbi (*)
2007-03-21 Includes\Spybots.sbi (*)
2007-03-28 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-03-21 Includes\Trojans.sbi (*)
2007-03-28 Includes\TrojansC.sbi (*)

--- System information ---
Windows XP (Build: 2600)
/ Internet Explorer 6 / SP0: Windows XP Hotfix - KB834707
/ Windows XP / SP1: Windows XP Hotfix - KB823980
/ Windows XP / SP1: Windows XP Hotfix - KB824141
/ Windows XP / SP1: Windows XP Hotfix - KB828035
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q308402 for more information]
/ Windows XP / SP1 / Q308677: Windows XP Hotfix (SP1) [See Q308677 for more information]
/ Windows XP / SP1 / Q308678: Windows XP Hotfix (SP1) [See Q308678 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q311889 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q312368 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q315000 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q315403 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q317277 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q317326 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q319632 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q326830 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329048 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q329170
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329390 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329441 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329834 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q810577
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q810833
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q811630
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q815021
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q817606
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q819696
/ Windows XP / SP2: Windows XP Hotfix - KB823559
/ Windows XP / SP2: Windows XP Hotfix - KB828741
/ Windows XP / SP2: Windows XP Hotfix - KB833987
/ Windows XP / SP2: Windows XP Hotfix - KB835732
/ Windows XP / SP2: Windows XP Hotfix - KB839643
/ Windows XP / SP2: Windows XP Hotfix - KB840374
/ Windows XP / SP2: Windows XP Hotfix - KB840987
/ Windows XP / SP2: Windows XP Hotfix - KB841356
/ Windows XP / SP2: Windows XP Hotfix - KB841873
/ Windows XP / SP2: Windows XP Hotfix - KB842773
/ Windows XP / SP2: Windows XP Hotfix - KB873376
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q323255 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329115 for more information]
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)

--- Startup entries list ---
Located: HK_LM:Run, ATIModeChange
command: Ati2mdxx.exe
file: C:\WINDOWS\system32\Ati2mdxx.exe
size: 28672
MD5: fae95d6d7651b5629c4e19adbc9a3863

Located: HK_LM:Run, AtiPTA
command: atiptaxx.exe
file: C:\WINDOWS\system32\atiptaxx.exe
size: 286720
MD5: 4263458289fe421c014bed6ac1a2d1ed

Located: HK_LM:Run, CaAvTray
command: "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
file: C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
size: 230512
MD5: 080a83de3f10aade330268193b461e42

Located: HK_LM:Run, CAVRID
command: "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
file: C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
size: 185456
MD5: 3b0280a11e689315e3efb7c5675a99cb

Located: HK_LM:Run, Cpqset
command: c:\compaq\cpqsetup\cpqset.exe
file: c:\compaq\cpqsetup\cpqset.exe
size: 172101
MD5: 7b72c13e4b54444271bd20b8136e2e19

Located: HK_LM:Run, eabconfg.cpl
command: C:\Program Files\Compaq\EAB\EabServr.exe /Start
file:

Located: HK_LM:Run, Microsoft Works Portfolio
command: C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
file:

Located: HK_LM:Run, Microsoft Works Update Detection
command: C:\Program Files\Microsoft Works\WkDetect.exe
file: C:\Program Files\Microsoft Works\WkDetect.exe
size: 28739
MD5: 3141750fad211c6dadf7c2dc2ec74da8

Located: HK_LM:Run, Motive SmartBridge
command: C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
file: C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
size: 438359
MD5: 7d5393ba10deacb5a1ab7f05232eb600

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: f8dbb32041336a94c676e6b70f759993

Located: HK_LM:Run, srmclean
command: C:\Cpqs\Scom\srmclean.exe
file: C:\Cpqs\Scom\srmclean.exe
size: 36864
MD5: 787b8ad5fef1a68d3ed00e4e393b9d18

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
size: 36975
MD5: bd902d0d7ed7c2d5fc327567ce96b97c

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 540672
MD5: 6849cbabadfd708421fb1258b0b3d297

Located: HK_LM:Run, SynTPLpr
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 126976
MD5: f8b2b0d165a53f6435797e6e94833428

Located: HK_LM:Run, TkBellExe
command: C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
file:

Located: HK_LM:Run, VerizonServicepoint.exe
command: C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
file: C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
size: 1880064
MD5: a7f075d26df8127140e70840134675b7

Located: HK_LM:Run, YOP
command: C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
file: C:\PROGRA~1\Yahoo!\YOP\yop.exe
size: 401408
MD5: 5278f0d69b1c7d5f32bbc8da3bf2573b

Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 919280
MD5: f6d4d4068aec371df8f89cdf11fc321d

Located: HK_CU:Run, spc_w
command: "C:\Program Files\NZSearch\nzspc.exe" -w
file: C:\Program Files\NZSearch\nzspc.exe
size: 286786
MD5: 990800fd5aac6c08e1d3bc146997372b

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
size: 40048
MD5: 54c88bfbd055621e2306534f445c0c8d

Located: Startup (common), Adobe Reader Synchronizer.lnk
command: C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
file: C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
size: 734872
MD5: 169c293ce9460a05646d17dc6aa2fb2c

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: 1a80248ec5d290a391ce27326dd13e29

Located: Startup (common), Microsoft Works Calendar Reminders.lnk
command: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
size: 24633
MD5: 7084b58a098d2f83b304832251a8c6a8

Located: Startup (user), HotSync Manager.lnk
command: C:\Program Files\Palm\hotsync.exe
file: C:\Program Files\Palm\hotsync.exe
size: 265728
MD5: cde086e30ce7f9c5b890265ae8396ef8

Located: System.ini, !SASWinLogon
command: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
file: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
size: 282624
MD5: f6597f9f732453daf4d3a86170da63d5

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, __c0047460
command: C:\WINDOWS\System32\__c0047460.dat
file: C:\WINDOWS\System32\__c0047460.dat
size: 9546
MD5: 23e0d413c9748e2c036215e25a6eb07b

Located: System.ini, __c00B6700
command: C:\WINDOWS\System32\__c00B6700.dat
file: C:\WINDOWS\System32\__c00B6700.dat
size: 9546
MD5: 23e0d413c9748e2c036215e25a6eb07b

--- Browser helper object list ---
@A 3B846-8D59-4ffb-8758-209B6AD74ACC} ()
BHO name:
CLSID name:

{02478D38-C3F9-4EFB-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
BHO name:
CLSID name: &Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn0\
Long name: yt.dll
Short name:
Date (created): 2/13/2007 6:08:38 PM
Date (last access): 3/31/2007 12:30:38 PM
Date (last write): 2/13/2007 6:08:38 PM
Filesize: 807448
Attributes: archive
MD5: ED5A79CD89F920235E362B5F9A04739A
CRC32: 8B482521
Version: 2007.2.13.1

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 3/21/2007 2:56:24 PM
Date (last access): 3/31/2007 1:31:36 PM
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

À@ 49E9F-C8D7-4D59-B87D-784B7D6BE0B3} ()
BHO name:
CLSID name:

ð@ BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} ()
BHO name:
CLSID name:

--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control)
DPF name:
CLSID name: ewidoOnlineScan Control
Installer:
Codebase: http://downloads.ewido.net/ewidoOnlineScan.cab
description:
classification: Legitimate
known filename: EWIDOO~1.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: ewidoOnlineScan.dll
Short name: EWIDOO~1.DLL
Date (created): 7/11/2006 9:41:36 AM
Date (last access): 3/31/2007 12:49:36 PM
Date (last write): 7/11/2006 9:41:36 AM
Filesize: 345656
Attributes: archive
MD5: B284992540E0FA2B76DEA56F93D49A16
CRC32: FD2E709C
Version: 1.0.0.4

{33564D57-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf
Codebase: http://download.microsoft.com/downlo...0C/wmv9dmo.cab
description: Microsoft WMV Video Codec
classification: Legitimate
known filename: WMV9DMO.CAB
info link:
info source: Patrick M. Kolla

{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\vzbb.inf
Codebase: http://www2.verizon.net/micro/vol_toolbar/vzbb.cab
description:
classification: Legitimate
known filename: vzbb.dll
info link:
info source: Safer Networking Ltd.

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control)
DPF name:
CLSID name: BDSCANONLINE Control
Installer: C:\WINDOWS\Downloaded Program Files\oscan8.inf
Codebase: http://download.bitdefender.com/reso...an8/oscan8.cab
description:
classification: Legitimate
known filename: oscan8.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: oscan8.ocx
Short name:
Date (created): 6/1/2006 2:54:16 AM
Date (last access): 3/31/2007 11:57:26 AM
Date (last write): 6/1/2006 2:54:16 AM
Filesize: 471040
Attributes: archive
MD5: 9026F860148F0569BD92AEEFC4BDDFD7
CRC32: D1520CCE
Version: 1.0.0.1

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf
Codebase: http://security.symantec.com/sscv6/S.../bin/cabsa.cab
description:
classification: Legitimate
known filename: rufsi.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 5/17/2006 2:32:42 PM
Date (last access): 3/31/2007 12:49:38 PM
Date (last write): 5/17/2006 2:32:42 PM
Filesize: 161480
Attributes: archive
MD5: D9021B7C1D765851774FD9A753AEC435
CRC32: 6D65423F
Version: 2006.2.15.43

{7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class)
DPF name:
CLSID name: WScanCtl Class
Installer: C:\WINDOWS\Downloaded Program Files\webscan.inf
Codebase: http://www3.ca.com/securityadvisor/v...fo/webscan.cab
description:
classification: Legitimate
known filename: webscan.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: webscan.dll
Short name:
Date (created): 11/20/2006 12:02:34 PM
Date (last access): 3/31/2007 12:49:38 PM
Date (last write): 11/20/2006 12:02:34 PM
Filesize: 180282
Attributes: archive
MD5: 76EA3ABECE61FBA3C07F61E42BB0CA48
CRC32: AECD0E4D
Version: 1.1.0.1049

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_03
Installer: C:\WINDOWS\Downloaded Program Files\jinstall-1_5_0_03.inf
Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_03\bin\
Long name: NPJPI150_03.dll
Short name: NPJPI1~1.DLL
Date (created): 4/13/2005 3:48:56 AM
Date (last access): 3/31/2007 11:01:06 AM
Date (last write): 4/13/2005 4:06:32 AM
Filesize: 69746
Attributes: archive
MD5: 13FCA03EBCA6E1F8C6481166C516D1FE
CRC32: 868C298F
Version: 5.0.30.7

See next post...

**Gcarp** · 2007-04-01, 01:02

{90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player)
DPF name:
CLSID name: InstallShield International Setup Player
Installer: C:\WINDOWS\Downloaded Program Files\isetup.inf
Codebase: http://www.lizardtech.com/download/f...all/isetup.cab
description:
classification: Open for discussion
known filename: isetup.dll
info link:
info source: Safer Networking Ltd.
Path: c:\windows\DOWNLO~1\
Long name: iSetup.dll
Short name:
Date (created): 7/25/2002 12:21:56 PM
Date (last access): 3/31/2007 11:57:24 AM
Date (last write): 7/25/2002 12:21:56 PM
Filesize: 24576
Attributes: archive
MD5: 2812B7254C2080BE341E796548B54A4E
CRC32: 909869C6
Version: 6.31.100.1221

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupdate.microsoft.co...849.6604282407
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

{B1826A9F-4AA0-4510-BA77-9013E74E4B9B} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\SpyMD.inf
Codebase: http://www.trendmicro.com/spyware-scan/as4web.cab

{C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class)
DPF name:
CLSID name: PreQualifier Class
Installer: C:\WINDOWS\Downloaded Program Files\MotivePreQual.inf
Codebase: http://www.verizon.net/checkmypc/inc...ivePreQual.cab
description:
classification: Legitimate
known filename: MotivePreQual.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: MotivePreQual.dll
Short name: MOTIVE~1.DLL
Date (created): 12/14/2004 12:10:52 PM
Date (last access): 3/31/2007 11:37:42 AM
Date (last write): 12/14/2004 12:10:52 PM
Filesize: 205888
Attributes: archive
MD5: 766DAF2D55A52214B407FA956C7B2AAE
CRC32: A5BA1208
Version: 4.10.4.32742

{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_03
Installer:
Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_03.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_03\bin\
Long name: NPJPI150_03.dll
Short name: NPJPI1~1.DLL
Date (created): 4/13/2005 3:48:56 AM
Date (last access): 3/31/2007 1:32:18 PM
Date (last write): 4/13/2005 4:06:32 AM
Filesize: 69746
Attributes: archive
MD5: 13FCA03EBCA6E1F8C6481166C516D1FE
CRC32: 868C298F
Version: 5.0.30.7

--- Process list ---
PID: 0 ( 0) [System]
PID: 120 ( 4) \SystemRoot\System32\smss.exe
PID: 172 ( 120) \??\C:\WINDOWS\system32\csrss.exe
PID: 196 ( 120) \??\C:\WINDOWS\system32\winlogon.exe
PID: 240 ( 196) C:\WINDOWS\system32\services.exe
size: 101376
MD5: E3DF4A0252D287C44606EE55355E1623
PID: 252 ( 196) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: 8A590EA109B5E0C7629E022F8A6B17C5
PID: 416 ( 240) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 440 ( 240) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 700 ( 680) C:\WINDOWS\Explorer.EXE
size: 1000960
MD5: 5A26FC6010886D25B3E412493DD95ED8
PID: 804 ( 700) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/31/2007 1:32:16 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---
Protocol 0: CA ISafe LSP over [MSAFD Tcpip [TCP/IP]]
GUID: {CB949772-4E54-4D97-96DA-685DB44A1C46}
Filename: C:\WINDOWS\System32\VetRedir.dll

Protocol 1: CA ISafe LSP over [MSAFD Tcpip [UDP/IP]]
GUID: {CB949772-4E54-4D97-96DA-685DB44A1C46}
Filename: C:\WINDOWS\System32\VetRedir.dll

Protocol 2: CA ISafe LSP over [MSAFD Tcpip [RAW/IP]]
GUID: {CB949772-4E54-4D97-96DA-685DB44A1C46}
Filename: C:\WINDOWS\System32\VetRedir.dll

Protocol 3: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]

Protocol 4: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 5: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 6: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 7: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: MSAFD nwlnkipx [IPX]
GUID: {11058240-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware UPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkipx *

Protocol 10: MSAFD nwlnkspx [SPX]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 11: MSAFD nwlnkspx [SPX] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 12: MSAFD nwlnkspx [SPX II]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 13: MSAFD nwlnkspx [SPX II] [Pseudo Stream]
GUID: {11058241-BE47-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD nwlnkspx *

Protocol 14: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E512E008-9733-45D3-97DB-C4CB035DA487}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E512E008-9733-45D3-97DB-C4CB035DA487}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A5322A73-781B-4429-BC8D-ED42859E6DA7}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A5322A73-781B-4429-BC8D-ED42859E6DA7}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{02765DA6-1ABA-44AB-B52C-DBCCB8BA73F0}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{02765DA6-1ABA-44AB-B52C-DBCCB8BA73F0}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1FD9A9D4-C67A-4E8F-864D-97EEF91C86EE}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1FD9A9D4-C67A-4E8F-864D-97EEF91C86EE}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3F20512E-1F44-4DF8-ABA8-430D48255FED}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3F20512E-1F44-4DF8-ABA8-430D48255FED}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{30EF6FA1-F178-4B6A-ABA5-DA17206AE6F1}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip_{30EF6FA1-F178-4B6A-ABA5-DA17206AE6F1}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 28: CA ISafe LSP
GUID: {AE2578B4-F478-4313-9A3E-1B83F7A643DF}
Filename: C:\WINDOWS\System32\VetRedir.dll

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\nwprovau.dll
Description: Microsoft Windows NT/2k/XP Novell Netware name space provider
DB filename: %SystemRoot%\system32\nwprovau.dll
DB protocol: NWLink IPX/SPX/NetBIOS*

--- Uninstall list ---
(AddressBook)

Adobe Acrobat 5.0 5.0 (Adobe Acrobat 5.0)
version (major): 5
install location: C:\Program Files\Adobe\Acrobat 5.0
install source: C:\Documents and Settings\Betty\Local Settings\Temp\pft2~tmp\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/prodindex/acrobat/main.html

ATI Display Driver (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Audacity 1.2.1 (Audacity_is1)
uninstall cmd: "C:\Program Files\Audacity\unins000.exe"
help link: http://audacity.sourceforge.net

(Branding)

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

Compaq Easy Access Buttons 3.00 B3 (Easy Access Buttons)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Compaq\EAB\Uninst.isu" -c"C:\Program Files\Compaq\EAB\EABINST.DLL"

(Fontcore)

GoldWave v4.25 (GoldWave v4.25)
uninstall cmd: C:\WINDOWS\sxstall2.exe "GoldWave v4.25" "C:\Program Files\GoldWave\unstall.log"

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\Betty\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

InterActual Player (InterActual Player)
uninstall cmd: C:\Program Files\InterActual\InterActual Player\inuninst.exe

Windows XP Hotfix - KB823559 20030701.220428 (KB823559)
uninstall cmd: C:\WINDOWS\$NtUninstallKB823559$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=823559

Windows XP Hotfix - KB823980 20030705.121436 (KB823980)
uninstall cmd: C:\WINDOWS\$NtUninstallKB823980$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=823980

Windows XP Hotfix - KB824141 20030926.115120 (KB824141)
uninstall cmd: C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=824141

Windows XP Hotfix - KB828035 20031021.154251 (KB828035)
uninstall cmd: C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828035

See next post ...

**Gcarp** · 2007-04-01, 01:05

Windows XP Hotfix - KB828741 20040305.180454 (KB828741)
uninstall cmd: C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828741

Windows XP Hotfix - KB833987 20040308.175840 (KB833987)
uninstall cmd: C:\WINDOWS\$NtUninstallKB833987$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=833987

Windows XP Hotfix - KB834707 20040929.115007 (KB834707-IE6-20040929.115007)
uninstall cmd: C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=834707

Windows XP Hotfix - KB835732 20040329.172537 (KB835732)
uninstall cmd: C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=835732

Windows XP Hotfix - KB839643 20040512.132734 (KB839643)
uninstall cmd: C:\WINDOWS\$NtUninstallKB839643$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=839643

Windows XP Hotfix - KB840374 20040416.121729 (KB840374)
uninstall cmd: C:\WINDOWS\$NtUninstallKB840374$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=840374

Windows XP Hotfix - KB840987 20040927.095912 (KB840987)
uninstall cmd: C:\WINDOWS\$NtUninstallKB840987$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=840987

Windows XP Hotfix - KB841356 20040929.102221 (KB841356)
uninstall cmd: C:\WINDOWS\$NtUninstallKB841356$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=841356

Windows XP Hotfix - KB841873 20040608.144331 (KB841873)
uninstall cmd: C:\WINDOWS\$NtUninstallKB841873$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=841873

Windows XP Hotfix - KB842773 20040805.140010 (KB842773)
uninstall cmd: C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=842773

Windows XP Hotfix - KB873376 20040923.181029 (KB873376)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873376$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873376

(KB884016)

(KB893803)
Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

MailFrontier Desktop 4.9.1.8203 (MailFrontier Desktop)
uninstall cmd: C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\UNWISE.EXE C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\INSTMLF.LOG
publisher: MailFrontier

(Microsoft Interactive Training)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(MsJavaVM)

(NetMeeting)

Netscape 6 (6.1) (Netscape 6 (6.1))
uninstall cmd: C:\WINDOWS\N6Uninst.exe /ua "6.1 (en)"

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Punch! Professional Home Design (Punch! Professional Home Design)
uninstall cmd: C:\PROGRA~1\PUNCH!~1\UNWISE.EXE C:\PROGRA~1\PUNCH!~1\INSTALL.LOG

Windows XP Hotfix (SP1) [See Q308402 for more information] (Q308402)
uninstall cmd: C:\WINDOWS\$NtUninstallQ308402$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q308677 for more information] (Q308677)
uninstall cmd: C:\WINDOWS\$NtUninstallQ308677$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q308678 for more information] (Q308678)

Windows XP Hotfix (SP1) [See Q311889 for more information] (Q311889)
uninstall cmd: C:\WINDOWS\$NtUninstallQ311889$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q312368 for more information] (Q312368)

Windows XP Hotfix (SP1) [See Q315000 for more information] (Q315000)
uninstall cmd: C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q315403 for more information] (Q315403)
uninstall cmd: C:\WINDOWS\$NtUninstallQ315403$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q317277 for more information] (Q317277)
uninstall cmd: C:\WINDOWS\$NtUninstallQ317277$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q317326 for more information] (Q317326)
uninstall cmd: C:\WINDOWS\$NtUninstallQ317326$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q319632 for more information] (Q319632)
uninstall cmd: C:\WINDOWS\$NtUninstallQ319632$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q326830 for more information] (Q326830)
uninstall cmd: C:\WINDOWS\$NtUninstallQ326830$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q329048 for more information] (Q329048)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329048$\spuninst\spuninst.exe

Windows XP Hotfix (SP2) [See Q329115 for more information] (Q329115)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) Q329170 20030102.115458 (Q329170)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q329170 at http://support.microsoft.com

Windows XP Hotfix (SP1) [See Q329390 for more information] (Q329390)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329390$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) [See Q329441 for more information] (Q329441)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329441$\spuninst\spuninst.exe
publisher: Microsoft Corporation

Windows XP Hotfix (SP1) [See Q329834 for more information] (Q329834)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329834$\spuninst\spuninst.exe

Windows XP Hotfix (SP1) Q810577 20021118.133626 (Q810577)
uninstall cmd: C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q810577 at http://support.microsoft.com

Windows XP Hotfix (SP1) Q810833 20021203.200852 (Q810833)
uninstall cmd: C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q810833 at http://support.microsoft.com

Windows XP Hotfix (SP1) Q815021 20030502.110257 (Q815021)
uninstall cmd: C:\WINDOWS\$NtUninstallQ815021$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=815021

Windows XP Hotfix (SP1) Q817606 20030331.103325 (Q817606)
uninstall cmd: C:\WINDOWS\$NtUninstallQ817606$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=817606

Windows XP Hotfix (SP1) Q819696 20030513.122705 (Q819696)
uninstall cmd: C:\WINDOWS\$NtUninstallQ819696$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=819696

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log

Verizon Servicepoint 1.3.21 1.3.21 (RadialpointClientGateway_is1)
install location: C:\Program Files\Verizon\Servicepoint\
uninstall cmd: "C:\Program Files\Verizon\Servicepoint\unins000.exe"
publisher: Verizon
help link: http://www.verizon.freedom.net/vsp-support-page/

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

RealOne Player (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

Verizon PC Security Checkup 1.5.5 (Rp Scan and Clean {40ACEAF4-1EB2-45FC-90C3-6810700C0595})
version: 17104901
version (major): 1
version (minor): 5
estimated size: 20697
install date: 20070214
install location: C:\Program Files\Verizon\PC Security Checkup\
install source: C:\WINDOWS\Downloaded Installations\{E0651F12-2AC9-46B9-964D-A1A93A3736FE}\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{40ACEAF4-1EB2-45FC-90C3-6810700C0595}
publisher: Verizon
contact: Customer Support Department
help link: http://www.verizon.freedom.net/supportpage

(SchedulingAgent)

Setup Compaq Software (Setup Compaq Software)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\COMPAQ\Setup Compaq Software\Uninst.isu" -c"C:\Program Files\COMPAQ\Setup Compaq Software\CPQUNST.DLL"

Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
publisher: Adobe Systems Incorporated
help link: http://www.adobe.com/go/flashplayer_support/

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Synaptics TouchPad (SynTPDeinstKey)
uninstall cmd: rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

TurboTax Deluxe Deduction Maximizer 2006 (TurboTax Deluxe Deduction Maximizer 2006)
uninstall cmd: C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui

Verizon Online DSL (Verizon Online DSL_is1)
uninstall cmd: C:\Program Files\Common Files\SupportSoft\Verizon\vzuninstall.exe /starthidden

Verizon Online Help and Support (Verizon Online Help and Support)
uninstall cmd: C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG

Verizon Yahoo! Applications (Verizon Yahoo! Applications)
uninstall cmd: C:\PROGRA~1\Yahoo!\Common\uninstall.exe

Verizon Broadband Toolbar (VZBB)
uninstall cmd: C:\Program Files\VZBB Toolbar\Uninstall.exe

Windows Genuine Advantage Validation Tool (KB892130) 1.5.0530.0 (WGA)
install date: 20070217
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130

Yahoo! Toolbar (Yahoo! Toolbar)

ZoneAlarm 7.0.302.000 (ZoneAlarm)
uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
publisher: Check Point, Inc
help link: C:\Program Files\Zone Labs\ZoneAlarm\Help\zaclients.chm

Microsoft Office 2000 SR-1 Professional 9.00.3821 ({00010409-78E1-11D2-B60F-006097C998E7})
version: 150998765
version (major): 9
estimated size: 207769
install date: 20030112
install source: D:\
uninstall cmd: MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office\ofread9.txt

Compaq Diagnostics for Windows ({1881AE03-2BD4-11D4-86BF-00508B10AA88})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1881AE03-2BD4-11D4-86BF-00508B10AA88}\setup.exe"

J2SE Runtime Environment 5.0 Update 3 1.5.0.30 ({3248F0A8-6813-11D6-A77B-00B0D0150030})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 146909
install date: 20070325
install source: http://javadl.sun.com/webapps/downlo...windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_03\README.txt

WebFldrs XP 9.50.5318 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154277062
version (major): 9
version (minor): 50
estimated size: 2564
install date: 20010916
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

Verizon PC Security Checkup 1.5.5 ({40ACEAF4-1EB2-45FC-90C3-6810700C0595})
version: 17104901
version (major): 1
version (minor): 5
estimated size: 20697
install date: 20070214
install location: C:\Program Files\Verizon\PC Security Checkup\
install source: C:\WINDOWS\Downloaded Installations\{E0651F12-2AC9-46B9-964D-A1A93A3736FE}\
publisher: Verizon
contact: Customer Support Department
help link: http://www.verizon.freedom.net/supportpage

Lizardtech Express View Browser Plug-in ({4F8D44E7-3F47-4002-AE6A-BCB6A46A1788})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchiSetup -ether"C:\Program Files\InstallShield Installation Information\{4F8D44E7-3F47-4002-AE6A-BCB6A46A1788}" -l0x9

NetZero ({6C651250-2EB2-11D5-8E33-0050DAD72AC2})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C651250-2EB2-11D5-8E33-0050DAD72AC2}\setup.exe" UNINSTALL

Windows Backup Utility 5.1 ({76EFFC7C-17A6-479D-9E47-8E658C1695AE})
version: 83951616
version (major): 5
version (minor): 1
estimated size: 1281
install date: 20020910
install source: C:\appl.zip\NTBACKUP\US\
uninstall cmd: MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/management

Ad-Aware SE Personal 1.0.6 ({78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747})
version: 16777222
version (major): 1
estimated size: 3045
install date: 20070304
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
publisher: Lavasoft AB
help link: http://www.lavasoftsupport.com

Family Lawyer 2004 ({95C2FBF3-4462-41E3-89DC-0F784387BD53})
install location: C:\Program Files\Broderbund\Family Lawyer 2004\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{95C2FBF3-4462-41E3-89DC-0F784387BD53}\setup.exe" -l0x9
publisher: Broderbund

PlayLinc 2.0.8 ({9CCE527D-356F-41A8-9718-77A68AC065FB})
version: 33554440
version (major): 2
estimated size: 30206
install date: 20070314
install location: C:\Program Files\PlayLinc\
install source: C:\DOCUME~1\Betty\LOCALS~1\Temp\is-98QS1.tmp\
uninstall cmd: MsiExec.exe /I{9CCE527D-356F-41A8-9718-77A68AC065FB}
publisher: SCI
comments: PlayLinc
contact: Tom Evans
help link: www.playlinc.com
help telephone: 770-344-1100

Motorola i850-i760 USB - Handset Manager V9 9.0 ({A918DE8A-98C8-0900-0000-000000180033})
version: 150994944
version (major): 9
estimated size: 48698
install date: 20061004
install source: D:\fscommand\USBHmgr\V9\
uninstall cmd: MsiExec.exe /I{A918DE8A-98C8-0900-0000-000000180033}
publisher: Mobile Action
help link: http://www.mobileaction.com

Multimedia Samples 9.2 ({A918DE8A-98C8-0920-0001-000000000000})
version: 151126016
version (major): 9
version (minor): 2
estimated size: 125574
install date: 20061004
install source: D:\fscommand\Samples\
uninstall cmd: MsiExec.exe /I{A918DE8A-98C8-0920-0001-000000000000}
publisher: Mobile Action
help link: http://www.mobileaction.com

Adobe Reader 8 8.0.0 ({AC76BA86-7AD7-1033-7B44-A80000000002})
version: 134217728
version (major): 8
estimated size: 119925
install date: 20070216
install location: C:\Program Files\Adobe\Reader 8.0\Reader\
install source: C:\DOCUME~1\Betty\LOCALS~1\Temp\Adobe Reader 8.0\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
publisher: Adobe Systems Incorporated
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
readme: C:\Program Files\Adobe\Reader 8.0\Reader\Readme.htm

TurboTax ItsDeductible 2006 10.00.0000 ({AFF1EA96-9C23-4249-B7D4-CD4B54D4582F})
version: 167772160
version (major): 10
estimated size: 20298
install date: 20070114
install location: C:\Program Files\ItsDeductible2006\
install source: D:\ID\Setup\
uninstall cmd: MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
publisher: Intuit

Encarta Online ({C0A23442-6214-11D3-8CDF-0080C768385C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C0A23442-6214-11D3-8CDF-0080C768385C}\setup.exe" -l0x9 -uninst

InterVideo WinDVD ({C1939820-A945-11D4-86F6-0001031E5712})
version (major): 3
version (minor): 2
install location: C:\Program Files\InterVideo\WinDVD
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
publisher: InterVideo Inc.

Anti-Spyware 5.6.608 ({C2444FA0-04AA-4221-B652-73713947ED22})
version: 84279904
version (major): 5
version (minor): 6
estimated size: 7397
install date: 20070214
install location: C:\Program Files\Common Files\PestPatrol\
install source: C:\Program Files\Common Files\PestPatrol\
publisher: Zero-Knowledge Systems Inc.
comments: Your Comments
contact: Customer Support Department
help link: http://www.yourcompany.com/help
help telephone:

See next post...

**Gcarp** · 2007-04-01, 01:06

Compaq Advisor ({C4C1AFCD-2C72-48B4-AE2E-A7354A525E87})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4C1AFCD-2C72-48B4-AE2E-A7354A525E87}\Setup.exe" UNINSTALL

SUPERAntiSpyware Free Edition 3.6.0.1000 ({CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA})
version: 50724864
version (major): 3
version (minor): 6
estimated size: 10965
install date: 20070317
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
publisher: SUPERAntiSpyware.com
help link: http://www.superantispyware.com/support.html

Microsoft Money 2002 System Pack 10.0.80 ({CF5193F7-6B37-11D5-B7D2-00AA00A204F1})
version: 167772240
version (major): 10
estimated size: 6089
install date: 20020910
install source: c:\compaq\MSMoney\
uninstall cmd: MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
publisher: Microsoft
comments: Installs system components used by Microsoft Money 2002.
help link: http://support.microsoft.com
help telephone: (800) 936-5700

Authentium 4.93.7 ({D3386797-A836-4030-AB5D-4E89F2F15F33})
version: 73203719
version (major): 4
version (minor): 93
estimated size: 13625
install date: 20070214
install source: C:\Program Files\Common Files\Command Software\
publisher: Command Software Systems, Inc.

Microsoft Money 2002 10.0.50 ({E7298FD5-1386-11D5-8D6C-0050DAD32D95})
version: 167772210
version (major): 10
estimated size: 147633
install date: 20020910
install source: c:\compaq\MSMoney\
uninstall cmd: MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
publisher: Microsoft
comments: The Installation database contains the logic and data required to install Money 2002
help link: http://support.microsoft.com
help telephone: (800) 936-5700

SoundMAX ({F0A37341-D692-11D4-A984-009027EC0A9C})
install location: C:\Program Files\Analog Devices\SoundMAX
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"

Microsoft Works 6.0 06.00.1829 ({F8D0829C-9C6F-11D3-8080-00C04FA329AA})
version: 100665125
version (major): 6
estimated size: 97086
install date: 20020910
install source: C:\Program Files\COMPAQ\Works6.0\
uninstall cmd: MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
publisher: Microsoft Corporation
comments: Microsoft Works 6.0 installation.
help link: http://support.microsoft.com/support/works

Sorry this was sooooo long.

I am running out of options and hope you can help me...

Thanks in advance.

George

**Mr_JAk3** · 2007-04-02, 20:33

Hello Gcarp

Please post a HijackThis log to here:

Click here to download HijackThis.exe
Save HijackThis.exe to your desktop.
Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder.
Run HijackThis.exe
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

**Gcarp** · 2007-04-03, 23:37

Thank you for your prompt reply.

HijackThis log as requested.

George

Logfile of HijackThis v1.99.1
Scan saved at 5:33:50 PM, on 4/3/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Palm\hotsync.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Real\Update_OB\rndal.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Betty\Desktop\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - @A 3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - À@ 49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - ð@ BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\__c002423A.dat",setvm
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\hotsync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Advisor - {8EB0F793-55E3-400A-9A58-9493B5D1C04B} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - http://www2.verizon.net/micro/vol_toolbar/vzbb.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/f...all/isetup.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/inc...ivePreQual.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: __c0047460 - C:\WINDOWS\System32\__c0047460.dat
O20 - Winlogon Notify: __c00B6700 - C:\WINDOWS\System32\__c00B6700.dat
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

**Mr_JAk3** · 2007-04-04, 20:17

Hello

Before we can start the cleaning I need you to do something important.

Please download and install Windows XP Service Pack 1A -> Windows XP SP1a
NOTE! Do NOT install Service Pack 2 yet. We'll have to get you cleaned first

Post a fresh HijackThis log when you're ready

**Gcarp** · 2007-04-05, 04:35

Mr Jak,
I did the custom update because Microsoft wanted me to update to SP2 in express. I think I have all up to SP2 but not completely sure. It only shows SP1 not SP1A. Is this ok?

Thanks,
George

Latest HJT log...

Logfile of HijackThis v1.99.1
Scan saved at 10:27:25 PM, on 4/4/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Palm\hotsync.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Betty\Desktop\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - @A 3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - À@ 49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - ð@ BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\hotsync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Advisor - {8EB0F793-55E3-400A-9A58-9493B5D1C04B} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - http://www2.verizon.net/micro/vol_toolbar/vzbb.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1175720342404
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/f...all/isetup.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/inc...ivePreQual.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: __c0047460 - C:\WINDOWS\System32\__c0047460.dat
O20 - Winlogon Notify: __c00B6700 - C:\WINDOWS\System32\__c00B6700.dat
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

**Mr_JAk3** · 2007-04-05, 19:04

Ok good work

Now we'll begin.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

**Gcarp** · 2007-04-06, 03:01

Hi Mr Jak,
Next step as requested...
There was an error while running. It said "Search string too long" but kept running.

George

"Betty" - 07-04-05 20:35:27 Service Pack 1
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Betty\Desktop\hijack this"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\install.log

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\gb
-------\nm
-------\LEGACY_GB
-------\LEGACY_MCHINJDRV

((((((((((((((((((((((((((((((( Files Created from 2007-03-05 to 2007-04-05 ))))))))))))))))))))))))))))))))))

2007-04-05 20:32 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-04-05 20:32 <DIR> d-------- C:\WINDOWS\LastGood
2007-04-04 21:29 57,344 --a------ C:\WINDOWS\system32\wzcdlg.dll
2007-04-04 21:29 31,232 --a------ C:\WINDOWS\system32\wzcsapi.dll
2007-04-04 21:29 281,088 --a------ C:\WINDOWS\system32\wzcsvc.dll
2007-04-04 21:29 1,630,208 --a------ C:\WINDOWS\system32\netshell.dll
2007-04-04 21:19 <DIR> d-------- C:\WINDOWS\PeerNet
2007-04-04 21:11 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-04-04 21:10 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2007-04-04 21:10 316,040 --a------ C:\WINDOWS\system32\mp43dmod.dll
2007-04-04 21:10 241,664 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2007-04-04 20:17 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-04-04 20:17 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-04-04 20:17 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-04-04 20:17 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-04-04 20:17 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-04-04 20:17 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-04-04 20:17 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2007-04-04 20:17 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-04-04 20:17 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-04-04 20:17 68,096 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-04-04 20:17 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-04-04 20:17 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2007-04-04 20:17 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2007-04-04 20:17 590,336 --a------ C:\WINDOWS\system32\d3dramp.dll
2007-04-04 20:17 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-04-04 20:17 57,856 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-04-04 20:17 53,248 --a------ C:\WINDOWS\system32\devenum.dll
2007-04-04 20:17 524,800 --a------ C:\WINDOWS\system32\qedit.dll
2007-04-04 20:17 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-04-04 20:17 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-04-04 20:17 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-04-04 20:17 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-04-04 20:17 47,616 --a------ C:\WINDOWS\system32\d3dxof.dll
2007-04-04 20:17 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-04-04 20:17 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-04-04 20:17 44,032 --a------ C:\WINDOWS\system32\dimap.dll
2007-04-04 20:17 436,224 --a------ C:\WINDOWS\system32\d3dim.dll
2007-04-04 20:17 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-04-04 20:17 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-04 20:17 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-04-04 20:17 394,240 --a------ C:\WINDOWS\system32\diactfrm.dll
2007-04-04 20:17 382,976 --a------ C:\WINDOWS\system32\qdvd.dll
2007-04-04 20:17 377,856 --a------ C:\WINDOWS\system32\dpnet.dll
2007-04-04 20:17 363,520 --a------ C:\WINDOWS\system32\dsound.dll
2007-04-04 20:17 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-04-04 20:17 350,208 --a------ C:\WINDOWS\system32\d3drm.dll
2007-04-04 20:17 34,816 --a------ C:\WINDOWS\system32\d3dpmesh.dll
2007-04-04 20:17 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-04-04 20:17 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2007-04-04 20:17 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2007-04-04 20:17 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2007-04-04 20:17 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2007-04-04 20:17 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2007-04-04 20:17 276,480 --a------ C:\WINDOWS\system32\qdv.dll
2007-04-04 20:17 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2007-04-04 20:17 265,728 --a------ C:\WINDOWS\system32\ddraw.dll
2007-04-04 20:17 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-04-04 20:17 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2007-04-04 20:17 223,232 --a------ C:\WINDOWS\system32\gcdef.dll
2007-04-04 20:17 22,016 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-04-04 20:17 203,264 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-04-04 20:17 194,560 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-04-04 20:17 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2007-04-04 20:17 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2007-04-04 20:17 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2007-04-04 20:17 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2007-04-04 20:17 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-04-04 20:17 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2007-04-04 20:17 177,152 --a------ C:\WINDOWS\system32\qcap.dll
2007-04-04 20:17 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2007-04-04 20:17 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2007-04-04 20:17 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-04-04 20:17 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-04-04 20:17 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-04-04 20:17 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-04-04 20:17 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2007-04-04 20:17 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2007-04-04 20:17 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-04-04 20:17 104,448 --a------ C:\WINDOWS\system32\dmusic.dll
2007-04-04 20:17 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2007-04-04 20:17 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-04-04 20:17 10,496 --a------ C:\WINDOWS\system32\drivers\dxapi.sys
2007-04-04 20:17 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-04-04 20:17 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-04-04 20:17 1,689,600 --a------ C:\WINDOWS\system32\d3d9.dll
2007-04-04 20:17 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2007-04-04 20:17 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2007-04-04 20:17 1,227,776 --a------ C:\WINDOWS\system32\quartz.dll
2007-04-04 20:17 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2007-04-04 20:17 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll
2007-04-04 20:06 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2007-04-04 20:06 22,016 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2007-04-04 19:44 67,584 --a------ C:\WINDOWS\system32\magnify.exe
2007-04-04 19:44 53,760 --a------ C:\WINDOWS\system32\cryptsvc.dll
2007-04-04 19:44 51,200 --a------ C:\WINDOWS\system32\narrator.exe
2007-04-04 19:44 238,080 --a------ C:\WINDOWS\system32\newdev.dll
2007-04-04 19:44 212,480 --a------ C:\WINDOWS\system32\osk.exe
2007-04-04 19:44 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-04 19:09 831,519 --a------ C:\WINDOWS\system32\mswdat10.dll
2007-04-04 19:09 614,431 --a------ C:\WINDOWS\system32\mswstr10.dll
2007-04-04 19:09 552,989 --a------ C:\WINDOWS\system32\msrepl40.dll
2007-04-04 19:09 53,279 --a------ C:\WINDOWS\system32\msjter40.dll
2007-04-04 19:09 512,029 --a------ C:\WINDOWS\system32\msexch40.dll
2007-04-04 19:09 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
2007-04-04 19:09 380,957 --a------ C:\WINDOWS\system32\expsrv.dll
2007-04-04 19:09 358,976 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2007-04-04 19:09 348,189 --a------ C:\WINDOWS\system32\msxbde40.dll
2007-04-04 19:09 348,189 --a------ C:\WINDOWS\system32\mspbde40.dll
2007-04-04 19:09 319,517 --a------ C:\WINDOWS\system32\msexcl40.dll
2007-04-04 19:09 315,423 --a------ C:\WINDOWS\system32\msrd3x40.dll
2007-04-04 19:09 30,749 --a------ C:\WINDOWS\system32\vbajet32.dll
2007-04-04 19:09 258,077 --a------ C:\WINDOWS\system32\mstext40.dll
2007-04-04 19:09 241,693 --a------ C:\WINDOWS\system32\msjtes40.dll
2007-04-04 19:09 213,023 --a------ C:\WINDOWS\system32\msltus40.dll
2007-04-04 19:09 151,583 --a------ C:\WINDOWS\system32\msjint40.dll
2007-04-04 19:09 1,507,356 --a------ C:\WINDOWS\system32\msjet40.dll
2007-04-04 18:21 991,232 --a------ C:\WINDOWS\system32\esent.dll
2007-04-04 17:46 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-04 17:46 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-04 17:37 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-04 17:19 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-04-04 17:19 <DIR> d-------- C:\WINDOWS\ehome
2007-04-04 17:14 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-04 17:14 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-04 17:14 86,528 --a------ C:\WINDOWS\system32\wlnotify.dll
2007-04-04 17:14 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
2007-04-04 17:14 81,920 --a------ C:\WINDOWS\system32\trkwks.dll
2007-04-04 17:14 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2007-04-04 17:14 60,416 --a------ C:\WINDOWS\system32\wextract.exe
2007-04-04 17:14 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2007-04-04 17:14 48,640 --a------ C:\WINDOWS\system32\vdmredir.dll
2007-04-04 17:14 48,128 --a------ C:\WINDOWS\system32\winsta.dll
2007-04-04 17:14 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
2007-04-04 17:14 47,616 --a------ C:\WINDOWS\system32\utilman.exe
2007-04-04 17:14 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2007-04-04 17:14 409,088 --a------ C:\WINDOWS\system32\vssapi.dll
2007-04-04 17:14 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-04 17:14 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2007-04-04 17:14 339,456 --a------ C:\WINDOWS\system32\usp10.dll
2007-04-04 17:14 32,256 --a------ C:\WINDOWS\system32\umandlg.dll
2007-04-04 17:14 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-04-04 17:14 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
2007-04-04 17:14 266,752 --a------ C:\WINDOWS\winhlp32.exe
2007-04-04 17:14 231,424 --a------ C:\WINDOWS\system32\upnpui.dll
2007-04-04 17:14 22,016 --a------ C:\WINDOWS\system32\udhisapi.dll
2007-04-04 17:14 203,264 --a------ C:\WINDOWS\system32\uxtheme.dll
2007-04-04 17:14 172,664 --a------ C:\WINDOWS\system32\xenroll.dll
2007-04-04 17:14 171,520 --a------ C:\WINDOWS\system32\winmm.dll
2007-04-04 17:14 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
2007-04-04 17:14 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
2007-04-04 17:14 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
2007-04-04 17:14 165,376 --a------ C:\WINDOWS\system32\w32time.dll
2007-04-04 17:14 164,864 --a------ C:\WINDOWS\system32\upnphost.dll
2007-04-04 17:14 16,384 --a------ C:\WINDOWS\system32\watchdog.sys
2007-04-04 17:14 16,384 --a------ C:\WINDOWS\system32\ups.exe
2007-04-04 17:14 124,928 --a------ C:\WINDOWS\system32\webvw.dll
2007-04-04 17:14 120,320 --a------ C:\WINDOWS\system32\upnp.dll
2007-04-04 17:14 119,808 --a------ C:\WINDOWS\system32\wiadss.dll
2007-04-04 17:14 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2007-04-04 17:13 98,304 --a------ C:\WINDOWS\system32\oleprn.dll
2007-04-04 17:13 95,744 --a------ C:\WINDOWS\system32\nlhtml.dll
2007-04-04 17:13 91,136 --a------ C:\WINDOWS\system32\rastls.dll
2007-04-04 17:13 91,136 --a------ C:\WINDOWS\system32\MSOERT2.DLL
2007-04-04 17:13 891,711 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-04-04 17:13 87,304 --a------ C:\WINDOWS\system32\rdpdd.dll
2007-04-04 17:13 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
2007-04-04 17:13 82,944 --a------ C:\WINDOWS\system32\smlogsvc.exe
2007-04-04 17:13 82,944 --a------ C:\WINDOWS\system32\psbase.dll
2007-04-04 17:13 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2007-04-04 17:13 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-04 17:13 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
2007-04-04 17:13 72,192 --a------ C:\WINDOWS\system32\telnet.exe
2007-04-04 17:13 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-04 17:13 71,168 --a------ C:\WINDOWS\system32\sdbinst.exe
2007-04-04 17:13 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
2007-04-04 17:13 686,080 --------- C:\WINDOWS\system32\opengl32.dll
2007-04-04 17:13 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2007-04-04 17:13 66,560 --a------ C:\WINDOWS\system32\spoolss.dll
2007-04-04 17:13 66,048 --a------ C:\WINDOWS\system32\sigverif.exe
2007-04-04 17:13 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
2007-04-04 17:13 63,663 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-04-04 17:13 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-04 17:13 62,976 --a------ C:\WINDOWS\system32\shgina.dll
2007-04-04 17:13 61,952 --a------ C:\WINDOWS\system32\sti.dll
2007-04-04 17:13 61,440 --a------ C:\WINDOWS\system32\odbccu32.dll
2007-04-04 17:13 61,440 --a------ C:\WINDOWS\system32\odbccr32.dll
2007-04-04 17:13 60,416 --a------ C:\WINDOWS\system32\shimeng.dll
2007-04-04 17:13 6,912 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-04-04 17:13 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
2007-04-04 17:13 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-04 17:13 584,192 --a------ C:\WINDOWS\system32\netcfgx.dll
2007-04-04 17:13 58,880 --a------ C:\WINDOWS\system32\pautoenr.dll
2007-04-04 17:13 57,856 --a------ C:\WINDOWS\system32\raschap.dll
2007-04-04 17:13 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2007-04-04 17:13 56,591 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-04-04 17:13 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-04 17:13 56,320 --a------ C:\WINDOWS\system32\mshtmler.dll
2007-04-04 17:13 534,016 --a------ C:\WINDOWS\system32\spider.exe
2007-04-04 17:13 53,248 --a------ C:\WINDOWS\system32\packager.exe
2007-04-04 17:13 53,248 --a------ C:\WINDOWS\system32\odbcconf.exe
2007-04-04 17:13 52,224 --a------ C:\WINDOWS\system32\secur32.dll
2007-04-04 17:13 5,504 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-04-04 17:13 49,152 --a------ C:\WINDOWS\system32\npptools.dll
2007-04-04 17:13 48,128 --a------ C:\WINDOWS\system32\reg.exe
2007-04-04 17:13 44,032 --a------ C:\WINDOWS\system32\regapi.dll
2007-04-04 17:13 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-04 17:13 43,008 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2007-04-04 17:13 420,864 --a------ C:\WINDOWS\system32\shimgvw.dll
2007-04-04 17:13 42,496 --a------ C:\WINDOWS\system32\ncobjapi.dll
2007-04-04 17:13 403,456 --------- C:\WINDOWS\system32\winbrand.dll
2007-04-04 17:13 401,462 --a------ C:\WINDOWS\system32\msvcp60.dll
2007-04-04 17:13 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
2007-04-04 17:13 399,360 --a------ C:\WINDOWS\system32\netlogon.dll
2007-04-04 17:13 392,704 --a------ C:\WINDOWS\system32\ntmssvc.dll
2007-04-04 17:13 39,424 --a------ C:\WINDOWS\system32\net.exe
2007-04-04 17:13 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-04 17:13 384,000 --a------ C:\WINDOWS\system32\themeui.dll
2007-04-04 17:13 38,400 --a------ C:\WINDOWS\system32\ntmsapi.dll
2007-04-04 17:13 38,400 --a------ C:\WINDOWS\system32\ntlanman.dll
2007-04-04 17:13 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2007-04-04 17:13 368,710 --a------ C:\WINDOWS\system32\msisam11.dll
2007-04-04 17:13 364,544 --a------ C:\WINDOWS\system32\ssflwbox.scr
2007-04-04 17:13 36,463 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-04-04 17:13 36,352 --a------ C:\WINDOWS\system32\sens.dll
2007-04-04 17:13 34,735 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-04-04 17:13 34,304 --a------ C:\WINDOWS\system32\rcimlby.exe
2007-04-04 17:13 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-04 17:13 334,848 --a------ C:\WINDOWS\system32\smlogcfg.dll
2007-04-04 17:13 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-04-04 17:13 326,656 --a------ C:\WINDOWS\system32\netsetup.exe
2007-04-04 17:13 323,072 --a------ C:\WINDOWS\system32\msvcrt.dll
2007-04-04 17:13 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2007-04-04 17:13 319,760 --a------ C:\WINDOWS\system32\msnsspc.dll
2007-04-04 17:13 31,744 --a------ C:\WINDOWS\system32\pid.dll
2007-04-04 17:13 30,671 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-04-04 17:13 3,584 --------- C:\WINDOWS\system32\dsprpres.dll
2007-04-04 17:13 3,494,303 --------- C:\WINDOWS\system32\nv4_disp.dll
2007-04-04 17:13 3,338 --a------ C:\WINDOWS\system32\redir.exe
2007-04-04 17:13 297,984 --a------ C:\WINDOWS\system32\scesrv.dll
2007-04-04 17:13 29,696 --a------ C:\WINDOWS\system32\snmp.exe
2007-04-04 17:13 29,455 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-04-04 17:13 27,136 --a------ C:\WINDOWS\system32\ssdpapi.dll
2007-04-04 17:13 26,367 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-04-04 17:13 254,976 --a------ C:\WINDOWS\system32\pdh.dll
2007-04-04 17:13 251,904 --a------ C:\WINDOWS\system32\strmdll.dll
2007-04-04 17:13 25,216 --------- C:\WINDOWS\system32\drivers\usbehci.sys
2007-04-04 17:13 241,725 --a------ C:\WINDOWS\system32\msuni11.dll
2007-04-04 17:13 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-04 17:13 24,064 --a------ C:\WINDOWS\system32\skeys.exe
2007-04-04 17:13 230,400 --a------ C:\WINDOWS\system32\msieftp.dll
2007-04-04 17:13 229,376 --a------ C:\WINDOWS\system32\MSOEACCT.DLL
2007-04-04 17:13 22,528 --a------ C:\WINDOWS\system32\slayerxp.dll
2007-04-04 17:13 22,528 --a------ C:\WINDOWS\system32\shfolder.dll
2007-04-04 17:13 22,528 --a------ C:\WINDOWS\system32\mslbui.dll
2007-04-04 17:13 21,343 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-04-04 17:13 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-04 17:13 20,992 --a------ C:\WINDOWS\system32\setup.exe
2007-04-04 17:13 193,536 --a------ C:\WINDOWS\system32\rasppp.dll
2007-04-04 17:13 19,456 --a------ C:\WINDOWS\system32\ssmarque.scr
2007-04-04 17:13 187,904 --------- C:\WINDOWS\system32\xpsp1res.dll
2007-04-04 17:13 182,784 --a------ C:\WINDOWS\system32\msutb.dll
2007-04-04 17:13 18,944 --a------ C:\WINDOWS\system32\ssbezier.scr
2007-04-04 17:13 18,944 --------- C:\WINDOWS\system32\faxpatch.exe
2007-04-04 17:13 174,592 --a------ C:\WINDOWS\system32\scecli.dll
2007-04-04 17:13 172,032 --------- C:\WINDOWS\system32\mssap.dll
2007-04-04 17:13 17,408 --a------ C:\WINDOWS\system32\ssmyst.scr
2007-04-04 17:13 17,408 --a------ C:\WINDOWS\system32\psapi.dll
2007-04-04 17:13 165,888 --a------ C:\WINDOWS\system32\ntmsdba.dll
2007-04-04 17:13 165,376 --a------ C:\WINDOWS\system32\tapi32.dll
2007-04-04 17:13 16,896 --a------ C:\WINDOWS\system32\snmpapi.dll
2007-04-04 17:13 16,384 --a------ C:\WINDOWS\system32\ping.exe
2007-04-04 17:13 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2007-04-04 17:13 158,720 --a------ C:\WINDOWS\system32\srsvc.dll

Continued next post.

Thread: Browser hijacked & Broadcaster.com popups

Thread Tools

Display

Browser hijacked & Broadcaster.com popups

Part 2

Part 3

Part 4

Posting Permissions