Adware Sheriff [LOGS]

SBLars · Mar 19, 2006

Need to get rid of this stupid thing.

Here is my HiJackThis! log...

Logfile of HijackThis v1.99.1
Scan saved at 7:51:13 PM, on 3/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1140490597\ee\aolsoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1140490597\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\wupdmgr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1140490597\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1140490597\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\America Online 9.0\shellmon.exe
c:\program files\common files\aol\1140490597\ee\aolssc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Brenda\My Documents\HiJackThis Spyware Tool\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140490597\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1140490597\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1140490597\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1140490597\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe

pskelley · Mar 20, 2006

Hello and welcome to the forum. You sure did not supply us with much information? Without having a lot to go on, I see this trojan: C:\WINDOWS\wupdmgr.exe
BleepingComputer says it is probably this: http://www.bleepingcomputer.com/startups/wupdmgr.exe-5518.html but here is the Google on it if you wish to look:
http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLD,GGLD:2004-26,GGLD:en&q=wupdmgr.exe

Let's do this in the posted order:

1) Enable hidden files&folders..reverse the process when finished.
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

2) ewido scan:
Please download Ewido Security Suite it is a trial version of the program.

Install ewido security suite
Launch ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update
Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Restart the computer in safe mode: http://www.bleepingcomputer.com/tutorials/tutorial61.html
Now run a complete system scan with ewido

Once the updates are installed do the following:

Click on scanner
Click on Complete System Scan and the scan will begin.
NOTE: During some scans with ewido it is finding cases of false positives.**
- You will need to step through the process of cleaning files one-by-one.
- If ewido detects a file you KNOW to be legitimate, select none as the action.
- DO NOT select "Perform action on all infections"
- If you are unsure of any entry found select none for now.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.

Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\WINDOWS\wupdmgr.exe >>> file

C:\Windows\Prefetch\ >>> delete the contents (NOT THE FOLDER)
Prefetch info: http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html

Restart the computer and follow the cleaning instructions if you don't have your own cleaner.

If you don't have a good cleaner, use this free one with these instuctions:
Download CCleaner from this link: http://www.ccleaner.com/ Review the instructions http://www.ccleaner.com/help/tour1.asp
Run CCleaner, Windows & Applications when you run the registry cleaner (Issues) you will be prompted to backup before you can remove stuff, make sure you do.

Post the ewido scan results, a new HJT log and tell me how the computer is running now.

Thanks...pskelley
Safer Networking Forums

SBLars · Mar 23, 2006

I finally had a chance to follow the directions in the sticky thread and it looks like it was fixed, but here are the logs.

HiJackThis First Log
Logfile of HijackThis v1.99.1
Scan saved at 9:38:56 PM, on 3/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1140490597\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1140490597\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\AOL\1140490597\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1140490597\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\common files\aol\1140490597\ee\aolssc.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\Brenda\My Documents\HiJackThis Spyware Tool\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140490597\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1140490597\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1140490597\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1140490597\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe

SBLars · Mar 23, 2006

*********************************
Spybot

--- Search result list ---
Windows.ActiveDesktop: User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-1390067357-789336058-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1

Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)

Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)

Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)

Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, fixed)

DoubleClick: Tracking cookie (Firefox: default) (Cookie, fixed)

MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)

MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-03-08 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-03-19 Includes\Cookies.sbi (*)
2006-03-19 Includes\Dialer.sbi (*)
2006-03-19 Includes\Hijackers.sbi (*)
2006-03-19 Includes\Keyloggers.sbi (*)
2006-03-19 Includes\Malware.sbi (*)
2006-03-19 Includes\PUPS.sbi (*)
2006-03-19 Includes\Revision.sbi (*)
2006-03-19 Includes\Security.sbi (*)
2006-03-19 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-03-19 Includes\Trojans.sbi (*)

--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Internet Explorer 6 / SP0: Windows XP Hotfix - KB834707
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)

--- Startup entries list ---
Located: HK_LM:Run, AOLSPScheduler
command: C:\Program Files\Common Files\AOL\1140490597\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
file: C:\Program Files\Common Files\AOL\1140490597\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
size: 8808
MD5: c76e6f76af6d6d6b4a41df7138b59ae1

Located: HK_LM:Run, EmailScan
command: C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
file: C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
size: 460336
MD5: 92b5202d2a99371233f62a71aa87efc3

Located: HK_LM:Run, HostManager
command: C:\Program Files\Common Files\AOL\1140490597\ee\AOLSoftware.exe
file: C:\Program Files\Common Files\AOL\1140490597\ee\AOLSoftware.exe
size: 50792
MD5: d4c5c5840dab38a96e8d5838f2a01bfc

Located: HK_LM:Run, MPFExe
command: C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
file: C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
size: 988712
MD5: 426f2befbcee57d7016f19a9e406e5d0

Located: HK_LM:Run, OASClnt
command: C:\Program Files\mcafee.com\antivirus\oasclnt.exe
file: C:\Program Files\mcafee.com\antivirus\oasclnt.exe
size: 116272
MD5: d034be4eef7a4a9ad7b13801937ea33a

Located: HK_LM:Run, Pure Networks Port Magic
command: "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
file: C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
size: 99480
MD5: ba99c608a075c44026720d5383f3d75b

Located: HK_LM:Run, RealTray
command: C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
file:

Located: HK_LM:Run, sscRun
command: C:\Program Files\Common Files\AOL\1140490597\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
file: C:\Program Files\Common Files\AOL\1140490597\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
size: 136808
MD5: 485039789c64ace41470fcd61493f262

Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1420560
MD5: 81aa8ba06a824e637e2ba290d4fa9e3e

Located: HK_CU:Run, AOL Fast Start
command: "C:\Program Files\America Online 9.0\AOL.EXE" -b
file: C:\Program Files\America Online 9.0\AOL.EXE
size: 50776
MD5: 9c4239915e23d7df1ddfb88512c08249

Located: Startup (common), Microsoft Find Fast.lnk
command: C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
file: C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
size: 111376
MD5: 5416675709c9f82c7cc0152099e5fb29

Located: Startup (common), Office Startup.lnk
command: C:\Program Files\Microsoft Office\Office\OSA.EXE
file: C:\Program Files\Microsoft Office\Office\OSA.EXE
size: 51984
MD5: d06276d4cad46cdceabefdeb1a0d3c0d

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

--- Browser helper object list ---

--- ActiveX list ---
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab
description:
classification: Open for discussion
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 12/19/2005 1:35:32 PM
Date (last access): 3/21/2006 9:30:38 PM
Date (last write): 12/19/2005 1:35:32 PM
Filesize: 135168
Attributes: archive
MD5: 20C07B231040B49AFCE82397BFC35F9C
CRC32: 9301377D
Version: 58.4.0.0

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\flash\
Long name: Flash.ocx
Short name:
Date (created): 12/8/2003 2:01:58 PM
Date (last access): 3/21/2006 9:31:30 PM
Date (last write): 12/8/2003 2:01:58 PM
Filesize: 933888
Attributes: archive
MD5: F7E435D02F7A48120B746E33254A70BC
CRC32: 02AF493D
Version: 7.0.19.0

--- Process list ---
PID: 0 ( 0) [System]
PID: 136 ( 4) \SystemRoot\System32\smss.exe
PID: 188 ( 136) \??\C:\WINDOWS\system32\csrss.exe
PID: 212 ( 136) \??\C:\WINDOWS\system32\winlogon.exe
PID: 256 ( 212) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 268 ( 212) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 420 ( 256) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 480 ( 256) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 528 ( 256) C:\Program Files\Windows Defender\MsMpEng.exe
size: 45840
MD5: 948D315495195662BA2A683A7A156BEA
PID: 592 ( 256) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 632 ( 956) C:\WINDOWS\explorer.exe
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 756 ( 632) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/21/2006 10:24:35 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://search.msn.com/spbasic.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5D7093A4-2989-41C9-B139-0B95DDCC53A5}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5D7093A4-2989-41C9-B139-0B95DDCC53A5}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{030538ED-9AC5-43A6-A7E1-E4D18734A838}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{030538ED-9AC5-43A6-A7E1-E4D18734A838}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1E7E21DC-2830-4DF2-A519-5E85F2CD551D}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1E7E21DC-2830-4DF2-A519-5E85F2CD551D}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

--- Uninstall list ---
42 Bit Scanner (42 Bit Scanner)
uninstall cmd: C:\PROGRA~1\42BITS~1\UNWISE.EXE C:\PROGRA~1\42BITS~1\INSTALL.LOG

Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

AOL Connectivity Services (AOL Connectivity Services)
uninstall cmd: "C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c

AOL Deskbar (AOL Deskbar)
uninstall cmd: "C:\Program Files\AOL Deskbar\UNWISE.EXE" /u "C:\Program Files\AOL Deskbar\INSTALL.LOG"

AOL Toolbar (AOL Toolbar)
uninstall cmd: "C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"

AOL Uninstaller (AOL Uninstaller)
uninstall cmd: C:\Program Files\Common Files\AOL\uninstaller.exe

AOL You've Got Pictures Screensaver (AOL YGP Screensaver)
uninstall cmd: C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe

(AOLAntivirus)
uninstall cmd: "C:\Program Files\mcafee.com\antivirus\uninst.exe" /PopUpMsgBox="N" /CheckMutx="N" /S

AOL Coach Version 2.0(Build:20041026.5 en) (AolCoach2_en)
uninstall cmd: C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP

(AOLFirewall)
uninstall cmd: "C:\Program Files\mcafee.com\personal firewall\aol\uninst.exe" /PopUpMsgBox="N" /CheckMutx="N" /S

(Branding)

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

ewido anti-malware (ewidoantimalware)
install location: C:\Program Files\ewido anti-malware
uninstall cmd: C:\Program Files\ewido anti-malware\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

(Fontcore)

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\Brenda\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

SBLars · Mar 23, 2006

*********************************
Spybot- Continued

Canon Camera Window DSLR 5 for ZoomBrowser EX 5.3.1 (InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7})
version: 84082689
version (major): 5
version (minor): 3
estimated size: 13616
install date: 20060220
install source: D:\SOFTWARE\CWDS\ENGLISH\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Canon Camera Window DC_DV 6 for ZoomBrowser EX 6.0 (InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D})
version: 100663296
version (major): 6
estimated size: 4750
install date: 20060220
install source: D:\SOFTWARE\CWDVC6\ENGLISH\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Canon Camera Window MC 6 for ZoomBrowser EX 6.0 (InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D})
version: 100663296
version (major): 6
estimated size: 3990
install date: 20060220
install source: D:\SOFTWARE\CWMC\ENGLISH\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Canon Utilities PhotoStitch 3.1 3.1.16 (InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6})
version: 50397200
version (major): 3
version (minor): 1
estimated size: 1856
install date: 20060220
install location: C:\Program Files\Canon\PhotoStitch\
install source: D:\SOFTWARE\PSTITCH\ENGLISH\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}
publisher: Canon
comments:
contact:
help link:
help telephone:

Canon Camera Access Library 8.0.0.21 (InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB})
version: 134217728
version (major): 8
estimated size: 88
install date: 20060220
install source: D:\SOFTWARE\CAL\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{901F8ED7-13E8-43EF-B738-2FE89B0588EB} /l1033
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Canon Camera Support Core Library 7.3.0.4 (InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086})
version: 117637120
version (major): 7
version (minor): 3
estimated size: 1428
install date: 20060220
install source: D:\SOFTWARE\CSCLIB\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Canon Camera Window DC_DV 5 for ZoomBrowser EX 5.4.4 (InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F})
version: 84148228
version (major): 5
version (minor): 4
estimated size: 5410
install date: 20060220
install source: D:\SOFTWARE\CWDVC\ENGLISH\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Canon MovieEdit Task for ZoomBrowser EX 2.0.0.8 (InstallShield_{B147DC1B-49B3-4368-8A01-5AD9992CD58D})
version: 33554432
version (major): 2
estimated size: 1655
install date: 20060220
install location: D:\SOFTWARE\MVW\ENGLISH
install source: D:\SOFTWARE\MVW\ENGLISH\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B147DC1B-49B3-4368-8A01-5AD9992CD58D}
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Canon RAW Image Task for ZoomBrowser EX 2.2 (InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4})
version: 33685504
version (major): 2
version (minor): 2
estimated size: 6724
install date: 20060220
install source: D:\SOFTWARE\RAWTASK\ENGLISH\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

(KB884016)

Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20060316
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Update for Windows XP (KB898461) 1 (KB898461)
install date: 20060315
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Security Update for Windows XP (KB899589) 1 (KB899589)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899589

Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Security Update for Windows XP (KB904706) 2 (KB904706)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

Security Update for Windows XP (KB905915) 1 (KB905915)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915

Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Update for Windows XP (KB910437) 1 (KB910437)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564

Security Update for Windows Media Player 9 (KB911565) (KB911565)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911565

Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927

Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919

Security Update for Windows XP (KB913446) 1 (KB913446)
install date: 20060317
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913446

(McAfee Personal Firewall Plus API)
uninstall cmd: C:\Program Files\Common Files\McAfee\Installer\mcinst.exe "C:\Program Files\mcafee.com\personal firewall\mpfp.inf" /uninstall

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

Mozilla Firefox (1.5) 1.5 (en-US) (Mozilla Firefox (1.5))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\WINDOWS\UninstallFirefox.exe /ua "1.5 (en-US)"
publisher: Mozilla

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(NetMeeting)

Microsoft Office 97, Professional Edition (Office8.0)
uninstall cmd: C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

(PhotoRecord)

Pure Networks Port Magic 1.2.1393.0 (Port Magic)
install location: C:\Program Files\Pure Networks\Port Magic
uninstall cmd: C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
publisher: Pure Networks
help link: http://aol-support.purenetworks.com

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log

RealPlayer Basic (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0

(SchedulingAgent)

Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Viewpoint Media Player (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

Windows Genuine Advantage Validation Tool (WGA)
install date: 20060317
publisher: Microsoft Corporation
help link: http://www.microsoft.com/genuine

Windows XP Service Pack 2 20040803.231319 (Windows XP Service Pack)
uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811113

Camera Window DS 5.3.1 ({0A146245-DB79-4197-BF5D-FE1A699A2CC7})
version: 84082689
version (major): 5
version (minor): 3
estimated size: 13616
install date: 20060220
install source: D:\SOFTWARE\CWDS\ENGLISH\
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

WebFldrs XP 9.50.5318 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154277062
version (major): 9
version (minor): 50
estimated size: 2508
install date: 20050630
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

Camera Window DVC 6.0 ({50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D})
version: 100663296
version (major): 6
estimated size: 4750
install date: 20060220
install source: D:\SOFTWARE\CWDVC6\ENGLISH\
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Camera Window MC 6.0 ({6C3A75A6-9A90-44A3-A703-82AC1EA6A85D})
version: 100663296
version (major): 6
estimated size: 3990
install date: 20060220
install source: D:\SOFTWARE\CWMC\ENGLISH\
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

SBLars · Mar 23, 2006

*********************************
Spybot

Continued 3

PhotoStitch 3.1.16 ({874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6})
version: 50397200
version (major): 3
version (minor): 1
estimated size: 1856
install date: 20060220
install location: C:\Program Files\Canon\PhotoStitch\
install source: D:\SOFTWARE\PSTITCH\ENGLISH\
publisher: Canon
comments:
contact:
help link:
help telephone:

Camera Access Library 8.0.0.21 ({901F8ED7-13E8-43EF-B738-2FE89B0588EB})
version: 134217728
version (major): 8
estimated size: 88
install date: 20060220
install source: D:\SOFTWARE\CAL\
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Camera Support Core Library 7.3.0.4 ({A1D0D14A-B776-4907-BC00-5149F2298086})
version: 117637120
version (major): 7
version (minor): 3
estimated size: 1428
install date: 20060220
install source: D:\SOFTWARE\CSCLIB\
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Camera Window DVC 5.4.4 ({A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F})
version: 84148228
version (major): 5
version (minor): 4
estimated size: 5410
install date: 20060220
install source: D:\SOFTWARE\CWDVC\ENGLISH\
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Windows Defender Signatures 1.20.1325.6 ({A5CC2A09-E9D3-49EC-923D-03874BBD4C2C})
version: 18089261
version (major): 1
version (minor): 20
estimated size: 5380
install date: 20060318
install source: C:\Program Files\Windows Defender\
uninstall cmd: MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
publisher: Microsoft Corporation

Adobe Reader 7.0.7 7.0.7 ({AC76BA86-7AD7-1033-7B44-A70700000002})
version: 117440519
version (major): 7
estimated size: 66896
install date: 20060221
install location: C:\Program Files\Adobe\Acrobat 7.0\Reader\
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig707\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

MovieEdit Task 2.0.0.8 ({B147DC1B-49B3-4368-8A01-5AD9992CD58D})
version: 33554432
version (major): 2
estimated size: 1655
install date: 20060220
install location: D:\SOFTWARE\MVW\ENGLISH
install source: D:\SOFTWARE\MVW\ENGLISH\
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

RAW Image Task 2.2 2.2 ({BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4})
version: 33685504
version (major): 2
version (minor): 2
estimated size: 6724
install date: 20060220
install source: D:\SOFTWARE\RAWTASK\ENGLISH\
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Canon PhotoRecord 02.02.03002 ({BBBC2B89-E193-4348-A83C-C8DD8210A4AC})
version: 33688506
version (major): 2
version (minor): 2
estimated size: 82850
install date: 20060220
install source: D:\SOFTWARE\PR2\
uninstall cmd: MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
publisher: Cisra

Canon ZoomBrowser EX (E) 5.05.0000 ({C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2})
version: 84213760
version (major): 5
version (minor): 5
estimated size: 31073
install date: 20060220
install location: C:\Program Files\Canon\ZoomBrowser EX\Program\
install source: D:\SOFTWARE\ZOOMBRSR\
uninstall cmd: MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
publisher: Canon
comments:
contact:
help telephone:

Windows Defender 1.1.1051.1 ({CAB99E06-B92F-4AE0-89AD-D9AC5991046F})
version: 16843803
version (major): 1
version (minor): 1
estimated size: 10281
install date: 20060318
install source: C:\Documents and Settings\Brenda\Desktop\
uninstall cmd: MsiExec.exe /I{CAB99E06-B92F-4AE0-89AD-D9AC5991046F}
publisher: Microsoft Corporation

SBLars · Mar 23, 2006

*********************
smitfiles log

smitRem © log file
version 2.8

by noahdfear

Microsoft Windows XP [Version 5.1.2600]
The current date is: Tue 03/21/2006
The current time is: 21:47:12.85

Running from
C:\Documents and Settings\Brenda\Desktop\smitrem\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 840 'explorer.exe'
Killing PID 840 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN!

***********************

SBLars · Mar 23, 2006

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:52:09 AM, 3/22/2006
+ Report-Checksum: 2D38EB23

+ Scan result:

:mozilla.6:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Brenda\Cookies\brenda@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Brenda\Cookies\brenda@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Brenda\Cookies\brenda@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Brenda\Cookies\brenda@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Brenda\Cookies\brenda@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Brenda\Cookies\brenda@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Brenda\Cookies\brenda@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Brenda\Cookies\brenda@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Brenda\Cookies\brenda@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Brenda\Cookies\brenda@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Brenda\Cookies\brenda@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Brenda\Cookies\brenda@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Brenda\Cookies\brenda@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Brenda\Cookies\brenda@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\html.exe -> Downloader.Delf.ks : Cleaned with backup
C:\WINDOWS\sec.exe -> Dropper.Small.amh : Cleaned with backup
C:\WINDOWS\system32\41.dl_ -> Proxy.Small.ct : Cleaned with backup
C:\WINDOWS\system32\birdasfihuy32.dll -> Proxy.Small.ct : Cleaned with backup

::Report End
*****************
PandaScan Log

Incident Status Location

Adware:adware/adwaresheriff Not disinfected C:\WINDOWS\security.html
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Brenda\Cookies\brenda@apmebf[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Brenda\Cookies\brenda@atwola[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Brenda\Cookies\brenda@realmedia[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Brenda\Cookies\brenda@target[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Brenda\Cookies\brenda@tucows[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt[.go.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt[.target.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\ipwnx32p.default\cookies.txt[]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Brenda\Cookies\brenda@apmebf[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Brenda\Cookies\brenda@atwola[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Brenda\Cookies\brenda@realmedia[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Brenda\Cookies\brenda@target[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Brenda\Cookies\brenda@tucows[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Brenda\Desktop\smitrem\smitRem\Process.exe
*********************
HiJackThis Second Log
Logfile of HijackThis v1.99.1
Scan saved at 7:04:40 AM, on 3/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1140490597\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1140490597\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\AOL\1140490597\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1140490597\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\America Online 9.0\shellmon.exe
c:\program files\common files\aol\1140490597\ee\aolssc.exe
C:\Documents and Settings\Brenda\My Documents\HiJackThis Spyware Tool\HijackThis.exe
.

SBLars · Mar 23, 2006

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140490597\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1140490597\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1140490597\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1140490597\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe

**************************

Everything looks clear, but we'll see what time does

pskelley · Mar 23, 2006

I am not quite sure who you are working with, but I requested this information once my instructions I posted at this time: 2006-03-20, 21:03
were followed:

Post the ewido scan results, a new HJT log and tell me how the computer is running now.

If you are working with someone else, I will be glad to step out of the way and allow you to finish. Otherwise, please complete the instructions I posted and post only the logs I request.

Thanks

tashi · Mar 29, 2006

Due to lack of a response this topic will be archived.
If you need it re-opened please send me a pm and provide a link to the thread.

Adware Sheriff [LOGS]

SBLars

New member

pskelley

In Memoriam -Always in our heart

SBLars

New member

SBLars

New member

SBLars

New member

SBLars

New member

SBLars

New member

SBLars

New member

SBLars

New member

pskelley

In Memoriam -Always in our heart

tashi

Member of Team Spybot