Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Quake Removal Help?!


  • This topic is locked This topic is locked
50 replies to this topic

#1 markkerr101

markkerr101

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 28 July 2006 - 03:51 PM

Hi guys I am not good with computers but recently i got the spyquake/spywarequake trojan and some others like Cowabunga in my computer i was told to run Hijack This but I am not good with registry deleting and dont want to destroy my computer. The system said to show a logfile to experienced folks such as yourselfs so if anyone could tell me what to delete from this or what else to show to delete this let me know please. Thank you. Also, i have ran many anti spyware programs. spydoctor, ewido, trojanhunter, etc. and they claim to remove them but they never get removed.

Logfile of HijackThis v1.99.1
Scan saved at 4:47:00 PM, on 7/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ishost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ismon.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\1148966984\ee\AOLSoftware.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\DOCUME~1\CODYMI~1\MYDOCU~1\ICROSO~1\ati2evxx.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\cool.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrojanHunter 4.5\TrojanHunter.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\TEMP\win1DC.tmp.exe
C:\DOCUME~1\CODYMI~1\LOCALS~1\Temp\Rar$EX54.438\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148966984\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [LiveUpdate] C:\Program Files\Byteswarm\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [NI.UWA6P_0001_N91M1807] "c:\documents and settings\cody miller\application data\winantiviruspro2006freeinstall[1].exe" -nag
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\CODYMI~1\MYDOCU~1\ICROSO~1\ati2evxx.exe" -vt ndrv
O4 - HKCU\..\Run: [Sms] C:\PROGRA~1\FNTS~1\RVICES~1.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\fast.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)

BC AdBot (Login to Remove)

 


#2 markkerr101

markkerr101
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 28 July 2006 - 11:43 PM

ttt

#3 markkerr101

markkerr101
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 29 July 2006 - 02:01 AM

ttt

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:53 PM

Posted 29 July 2006 - 08:48 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please realize that it is against the rules to bump your topic. It actually will delay a response since we look for posts with no replies.


I need to see a different type of log from Hijackthis
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 markkerr101

markkerr101
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 29 July 2006 - 01:22 PM

ok i apologize for ttt my friend.


Ok when i hit save list it doesnt open anything. should i just type the program list out???

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:53 PM

Posted 29 July 2006 - 03:15 PM

No, that's too much work. Let's get it another way.


Open notepad and copy and paste this text in it:

if exist %systemdrive%\look.txt del %systemdrive%\look.txt
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" >> %systemdrive%\look.txt
cd\
cd %appdata%
dir /ad /o:-d /p >> %systemdrive%\look.txt
cd %allusersprofile%\Application Data
dir /ad /o:-d /p >> %systemdrive%\look.txt
cd %ProgramFiles%
dir /ad /o:-d /p >> %systemdrive%\look.txt
cd %ProgramFiles%\Common Files
dir /ad /o:-d /p >> %systemdrive%\look.txt
start notepad %systemdrive%\look.txt

Save this as look.bat
Change the "Save As Type" to "All Files" and save it on your desktop.
Doubleclick look.bat and post the content of the txtfile you get in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 markkerr101

markkerr101
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 29 July 2006 - 06:05 PM

Man u guys are good
! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
AOL Connectivity Services REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AceGain_LiveUpdate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware SE Personal

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Acrobat 5.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AOL Uninstaller

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AudibleManager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AudioPlugin.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BroadJump Client Foundation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Byteswarm_LiveUpdate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CADI

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CopyNow.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Audio CD Ripper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource AudioSync Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource CD-ROM Burner Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource Detector

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource NOMAD II/MG Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource NOMAD Jukebox 2/3/Zen Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource NOMAD Jukebox Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource NOMAD MuVo Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource Player Skin Pack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MiniDisc Center

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MuVo NX-TX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MuVo NX-TX Media Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Restore Defaults

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative WaveStudio

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DataPlugin.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dell Photo AIO Printer 962

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DellSupport

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DEVCTRL2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Diagnostics3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dlatray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EAX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EQUALIZER

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ewidoantimalware

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freakin Screensaver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IGN Download Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Intel® 537EP V9x DF PCI Modem

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IrfanView

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB873333

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB873339

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB883939

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884267

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885250

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885353

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885835

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885836

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886185

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886612

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887078

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887472

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887626

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887742

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888113

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888302

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888310

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888656

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB889858

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890046

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890175

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890859

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890923

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891122

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891781

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892313

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893066

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893086

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893240

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893241

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893756

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB894391

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895181

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895316

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896358

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896422

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896423

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896424

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896428

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896688

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896727

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB897586

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898458

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898461

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898549

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB899587

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB899588

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB899591

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900485

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900725

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB901017

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB901190

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB901214

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902344

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902400

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB903235

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB904706

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB905414

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB905749

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB905915

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB907658

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB908519

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB908531

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB910437

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911280

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911562

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911564

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911565

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911567

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911854

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911927

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB912812

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB912919

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB913446

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB913580

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB914388

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB914389

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB916281

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB916595

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917159

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917344

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917953

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB918439

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M886903

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Magic ISO Maker v5.1 (build 0184)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Interactive Training

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (1.5.0.5)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsJavaVM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MuVo Driver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistantDE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Prevx1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PROSet

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealAlt_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SBC Self Support Tool

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SBC Yahoo! Applications

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SBC Yahoo! Base Components

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SBC Yahoo! DSL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SBC Yahoo! DSL Extras

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SBC Yahoo! Internet Mail

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SBC Yahoo! Login

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SBC Yahoo! UMUninstaller

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SBC.MCCInstall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SFBM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sound Blaster Live! 24-bit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sound Blaster Live! 24-bit Windows Drivers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEAKER

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spybot - Search & Destroy_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyQuake2.com

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Doctor_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StreetPlugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SURMIXER

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SysInfo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TrojanHunter_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TurboTax Deluxe 2005

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Universal Media Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wmp11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Customizations

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Internet Mail

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Mail AutoComplete

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Messenger

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YInstHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0456ebd7-5f67-4ab6-852e-63781e3f389c}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{075473F5-846A-448B-BCB3-104AA1760205}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0B095086-7205-4D48-90DF-DCD16613C6D4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{103BCDA0-E063-46AC-8028-64E78722ABA7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{14374619-0900-4056-BA06-C87C900AF9E6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1888DAFD-C634-4BC4-865C-3455E24F6177}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33BB4982-DC52-4886-A03B-F4C5C80BEE89}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{352310C3-E46B-42D3-8F32-54721FDD72D9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35BDEFF1-A610-4956-A00D-15453C116395}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3B124151-B6A0-492C-8838-0854B800535D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F92ABBB-6BBF-11D5-B229-002078017FBF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{403EF592-953B-4794-BCEF-ECAB835C2095}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4192EAC0-6B36-4723-B216-D0E86E7757AC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{435E969D-867E-4364-8E74-3DC8A69C5BDB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56F3E1FF-54FE-4384-A153-6CCABA097814}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5BF2B19D-9C79-492A-8969-F059F06A627F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62369F2F77534556AEF4C58152E3BDE5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E179C77-7335-458D-9537-4F4EAC0181ED}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{700932B3-A964-4878-82A2-96054622A1F7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142030}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7201B853-5833-11D6-A285-00A0CC51B2FE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{74F7662C-B1DB-489E-A8AC-07A06B24978B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78D944D7-A97B-4004-AB0A-B5AD06839940}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A3F0566-5E05-4919-9C98-456F6B5CF831}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F142D56-3326-11D5-B229-002078017FBF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{836612F0-1571-4C65-A4B7-58A39AA578EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F068-5A91-4B41-AE3A-0BCC34DC7904}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A1185190-514F-11D6-A285-00A0CC51B2FE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC157741-3285-4D6A-B934-9174587A3493}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0000-0000-0000-6028747ADE01}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A00000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AF06CAE4-C134-44B1-B699-14FBDB63BD37}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AF19F291-F22F-4798-9662-525305AE9E48}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B12665F4-4E93-4AB4-B7FC-37053B524629}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B13A7C41581B411290FBC0395694E2A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB481CC-F57C-4397-81A0-DADD22257047}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D524239C-FD5C-4183-A49C-7930915A9C0A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D9A812DA-143D-4780-BEDC-FD6D41386317}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E35B3C63-E958-4E31-A178-95D22024109A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E85FA9A1-C241-4698-893B-DD99509B8DB0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F64306A5-4C32-41bb-B153-53986527FAB4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F989306B-9287-444F-AE73-E30C7E4AF0F5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}
Volume in drive C has no label.
Volume Serial Number is 74F9-DF91

Directory of C:\Documents and Settings\Cody Miller\Application Data

07/28/2006 10:25 PM <DIR> PC Tools
07/28/2006 10:25 PM <DIR> ..
07/28/2006 10:25 PM <DIR> .
07/28/2006 04:48 AM <DIR> uTorrent
07/16/2006 07:34 AM <DIR> Microsoft
07/10/2006 09:40 PM <DIR> Lavasoft
07/10/2006 03:46 PM <DIR> TrojanHunter
07/10/2006 02:22 PM <DIR> Prevx
06/30/2006 07:22 AM <DIR> dvdcss
06/07/2006 05:26 PM <DIR> IGN_DLM
05/29/2006 11:31 PM <DIR> acccore
05/29/2006 11:28 PM <DIR> Mozilla
04/06/2006 10:45 AM <DIR> Intuit
04/05/2006 12:09 AM <DIR> SBC Yahoo! Messenger
02/14/2006 04:15 PM <DIR> Microsoft Games
02/12/2006 02:36 PM <DIR> Google
02/09/2006 01:17 PM <DIR> vlc
02/05/2006 07:22 PM <DIR> Real
01/29/2006 03:32 AM <DIR> Apple Computer
01/27/2006 01:11 PM <DIR> Media Player Classic
01/12/2006 02:13 AM <DIR> Nero
01/08/2006 12:08 AM <DIR> Ulead Systems
01/06/2006 04:06 AM <DIR> .bittorrent
12/24/2005 10:35 PM <DIR> InterTrust
12/24/2005 04:47 PM <DIR> Ahead
11/17/2005 10:06 AM <DIR> Corel
10/19/2005 10:31 PM <DIR> .BitTornado
10/01/2005 08:51 PM <DIR> Creative
08/05/2005 10:04 PM <DIR> AdobeUM
08/05/2005 10:04 PM <DIR> Adobe
07/17/2005 09:44 PM <DIR> Jasc Software Inc
07/17/2005 08:15 PM <DIR> CyberLink
07/17/2005 03:23 PM <DIR> Help
07/17/2005 12:48 AM <DIR> Sonic
07/17/2005 12:48 AM <DIR> Leadertech
07/14/2005 05:21 PM <DIR> Aim
07/13/2005 11:13 PM <DIR> Macromedia
07/13/2005 10:55 PM <DIR> Symantec
07/11/2005 06:19 AM <DIR> Gtek
07/11/2005 06:13 AM <DIR> Sun
08/10/2004 12:08 PM <DIR> Identities
0 File(s) 0 bytes
41 Dir(s) 3,076,218,880 bytes free
Volume in drive C has no label.
Volume Serial Number is 74F9-DF91

Directory of C:\Documents and Settings\All Users\Application Data

07/29/2006 03:17 AM <DIR> Spybot - Search & Destroy
07/26/2006 09:11 PM <DIR> ..
07/26/2006 09:11 PM <DIR> .
07/19/2006 05:17 PM <DIR> Prevx
07/16/2006 07:34 AM <DIR> Microsoft
07/11/2006 01:31 AM <DIR> Avg7
05/29/2006 11:30 PM <DIR> AOL
05/29/2006 11:28 PM <DIR> AOL Downloads
05/03/2006 04:00 PM <DIR> Windows Genuine Advantage
04/11/2006 03:45 PM <DIR> Yahoo! Companion
04/09/2006 10:28 PM <DIR> yahoo!
04/06/2006 10:44 AM <DIR> Intuit
02/14/2006 04:15 PM <DIR> Microsoft Games
01/29/2006 03:27 AM <DIR> Apple Computer
01/27/2006 01:10 PM <DIR> Real
01/12/2006 02:07 AM <DIR> Ahead
01/10/2006 11:15 PM <DIR> Ulead Systems
12/19/2005 11:50 PM <DIR> Motive
07/20/2005 03:22 PM <DIR> BVRP Software
07/17/2005 09:28 PM <DIR> Symantec
07/17/2005 12:42 AM <DIR> QuickTime
07/11/2005 06:22 AM <DIR> Viewpoint
07/11/2005 06:19 AM <DIR> InstallShield
07/11/2005 06:19 AM <DIR> GTek
07/11/2005 06:16 AM <DIR> Adobe
08/10/2004 12:13 PM <DIR> SBSI
0 File(s) 0 bytes
26 Dir(s) 3,076,202,496 bytes free
Volume in drive C has no label.
Volume Serial Number is 74F9-DF91

Directory of C:\Program Files

07/29/2006 07:01 PM <DIR> Prevx1
07/29/2006 06:46 PM <DIR> Mozilla Firefox
07/29/2006 03:25 AM <DIR> Spybot - Search & Destroy
07/29/2006 02:21 AM <DIR> Spyware Doctor
07/28/2006 10:25 PM <DIR> ..
07/28/2006 10:25 PM <DIR> .
07/26/2006 10:04 PM <DIR> XoftSpy
07/26/2006 09:12 PM <DIR> Roguescanfix
07/26/2006 09:09 PM <DIR> Enigma Software Group
07/25/2006 09:51 PM <DIR> F?nts
07/25/2006 07:56 PM <DIR> a-squared Anti-Malware
07/25/2006 07:56 PM <DIR> Eset
07/25/2006 05:48 PM <DIR> SpyQuake2.com
07/25/2006 05:46 PM <DIR> ??sks
07/25/2006 05:38 PM <DIR> Cowabanga
07/25/2006 01:56 AM <DIR> Common Files
07/16/2006 12:19 PM <DIR> GameSpy Arcade
07/16/2006 12:14 PM <DIR> InstallShield Installation Information
07/16/2006 12:14 PM <DIR> QuickTime
07/16/2006 07:52 AM <DIR> DL_cats
07/10/2006 09:40 PM <DIR> Lavasoft
07/10/2006 02:29 PM <DIR> TrojanHunter 4.5
07/03/2006 02:48 PM <DIR> Universal Media Player
06/15/2006 03:01 AM <DIR> Internet Explorer
06/12/2006 07:41 AM <DIR> Windows Media Player
06/09/2006 03:11 AM <DIR> Winamp
06/07/2006 05:25 PM <DIR> IGN
06/07/2006 03:22 AM <DIR> EA GAMES
06/07/2006 02:30 AM <DIR> Byteswarm
06/07/2006 12:12 AM <DIR> America's Army
06/07/2006 12:12 AM <DIR> America's Army Server Manager
05/29/2006 11:30 PM <DIR> AOL
05/29/2006 11:30 PM <DIR> AOD
05/23/2006 12:57 AM <DIR> IrfanView
05/15/2006 03:39 PM <DIR> Sonic
04/18/2006 08:13 PM <DIR> Creative
04/17/2006 04:31 PM <DIR> VideoLAN
04/15/2006 11:57 PM <DIR> Outlook Express
04/06/2006 10:45 AM <DIR> ItsDeductible2005
04/06/2006 10:42 AM <DIR> TurboTax
04/01/2006 05:35 PM <DIR> DivX
04/01/2006 04:57 AM <DIR> SBC Self Support Tool
03/27/2006 02:34 PM <DIR> Google
03/16/2006 07:31 PM <DIR> ewido anti-malware
02/28/2006 01:11 AM <DIR> TrojanHunter 4.2
02/14/2006 10:20 AM <DIR> Java
01/27/2006 01:11 PM <DIR> Real Alternative
01/27/2006 01:10 PM <DIR> Media Player Classic
01/20/2006 02:37 AM <DIR> Street Hacker
01/14/2006 02:57 PM <DIR> WinRAR
01/14/2006 12:02 AM <DIR> Trymedia
01/08/2006 12:08 AM <DIR> SmartSound Software
01/08/2006 12:07 AM <DIR> Windows Media Components
12/25/2005 11:01 PM <DIR> Audible
12/24/2005 10:35 PM <DIR> Adobe
12/24/2005 06:46 PM <DIR> MagicISO
12/24/2005 03:03 AM <DIR> Nero
12/24/2005 02:58 AM <DIR> BitComet
12/20/2005 10:05 AM <DIR> Alwil Software
12/20/2005 01:51 AM <DIR> Yahoo!
12/19/2005 11:47 PM <DIR> SBC Yahoo!
12/17/2005 06:52 PM <DIR> BroadJump
12/15/2005 05:13 PM <DIR> EarthLink TotalAccess
11/25/2005 10:30 PM <DIR> Ubisoft
10/15/2005 12:11 AM <DIR> GustoSoft
10/15/2005 12:06 AM <DIR> DivX_311alpha
10/09/2005 09:46 PM <DIR> Connection Wizard
10/02/2005 04:28 PM <DIR> Shareaza
08/07/2005 07:21 PM <DIR> GanymedeNet
07/20/2005 03:22 PM <DIR> Dell Photo AIO Printer 962
07/20/2005 03:22 PM <DIR> Abbyy FineReader 6.0 Sprint
07/18/2005 12:05 PM <DIR> Symantec
07/14/2005 05:21 PM <DIR> AIM
07/11/2005 06:25 AM <DIR> WordPerfect Office 12
07/11/2005 06:22 AM <DIR> Intuit
07/11/2005 06:22 AM <DIR> EarthLink Setup
07/11/2005 06:22 AM <DIR> Learn2.com
07/11/2005 06:22 AM <DIR> Viewpoint
07/11/2005 06:20 AM <DIR> MUSICMATCH
07/11/2005 06:20 AM <DIR> MyWaySA
07/11/2005 06:20 AM <DIR> Dell Inc
07/11/2005 06:19 AM <DIR> Jasc Software Inc
07/11/2005 06:19 AM <DIR> Dell Support
07/11/2005 06:18 AM <DIR> Microsoft Plus! Photo Story 2 LE
07/11/2005 06:18 AM <DIR> Microsoft Plus! Digital Media Edition
07/11/2005 06:17 AM <DIR> NetZeroInstallers
07/11/2005 06:16 AM <DIR> Your Company Name
07/11/2005 06:16 AM <DIR> CyberLink
07/11/2005 06:15 AM <DIR> Modem On Hold
07/11/2005 06:15 AM <DIR> Intel
07/11/2005 06:14 AM <DIR> Modem Helper
07/11/2005 06:14 AM <DIR> Messenger
09/24/2004 09:33 AM <DIR> Dell
08/10/2004 12:08 PM <DIR> Uninstall Information
08/10/2004 12:04 PM <DIR> microsoft frontpage
08/10/2004 12:04 PM <DIR> xerox
08/10/2004 12:02 PM <DIR> WindowsUpdate
08/10/2004 12:02 PM <DIR> Movie Maker
08/10/2004 12:02 PM <DIR> NetMeeting
08/10/2004 12:02 PM <DIR> ComPlus Applications
08/10/2004 12:01 PM <DIR> Online Services
08/10/2004 12:01 PM <DIR> MSN Gaming Zone
08/10/2004 12:01 PM <DIR> MSN
08/10/2004 12:01 PM <DIR> Windows NT
0 File(s) 0 bytes
104 Dir(s) 3,076,186,112 bytes free
Volume in drive C has no label.
Volume Serial Number is 74F9-DF91

Directory of C:\Program Files\Common Files

07/25/2006 01:56 AM <DIR> ..
07/25/2006 01:56 AM <DIR> .
07/16/2006 07:34 AM <DIR> Microsoft Shared
05/29/2006 11:30 PM <DIR> AOL
05/29/2006 11:29 PM <DIR> aolshare
04/15/2006 11:57 PM <DIR> System
04/06/2006 10:45 AM <DIR> AnswerWorks 4.0
04/01/2006 05:33 PM <DIR> Ahead
02/05/2006 02:13 AM <DIR> NSV
01/11/2006 12:47 PM <DIR> Ulead Systems
01/10/2006 11:14 PM <DIR> Real
12/24/2005 10:35 PM <DIR> Adobe
12/19/2005 11:50 PM <DIR> Motive
07/17/2005 09:30 PM <DIR> Symantec Shared
07/14/2005 05:24 PM <DIR> SWF Studio
07/11/2005 06:25 AM <DIR> Borland Shared
07/11/2005 06:25 AM <DIR> Corel
07/11/2005 06:25 AM <DIR> Sonic Shared
07/11/2005 06:23 AM <DIR> Intuit
07/11/2005 06:22 AM <DIR> Nullsoft
07/11/2005 06:20 AM <DIR> InstallShield
07/11/2005 06:19 AM <DIR> Jasc Software Inc
07/11/2005 06:13 AM <DIR> Java
08/10/2004 12:02 PM <DIR> Services
08/10/2004 12:02 PM <DIR> MSSoap
08/10/2004 11:57 AM <DIR> ODBC
08/10/2004 11:57 AM <DIR> SpeechEngines
0 File(s) 0 bytes
27 Dir(s) 3,076,194,304 bytes free

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:53 PM

Posted 29 July 2006 - 07:46 PM

Please click Start -> Control Panel -> Add/Remove Programs and uninstall these programs:

MyWaySearchAssistantDE
SpyQuake2.com
ViewpointMediaPlayer



=============




Download SmitfraudFix (by S!Ri) to your Desktop.
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.


Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 markkerr101

markkerr101
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 29 July 2006 - 10:30 PM

MyWaySearchAssistantDE
SpyQuake2.com will not uninstall. The my way gets an error message and Spyquake 2 gets an install instead of uninstall message

Can i delete them via add/remove in the Hijack this tools section??


edit: ok that is what i did and they are now gone in the control panel section. hope this is ok :thumbsup:

Edited by markkerr101, 29 July 2006 - 11:53 PM.


#10 markkerr101

markkerr101
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 29 July 2006 - 11:52 PM

SmitFraudFix v2.76

Scan done at 0:50:50.07, Sun 07/30/2006
Run from C:\Documents and Settings\Cody Miller\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32

C:\WINDOWS\system32\ishost.exe FOUND !
C:\WINDOWS\system32\ismon.exe FOUND !
C:\WINDOWS\system32\isnotify.exe FOUND !
C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Cody Miller\Application Data

C:\Documents and Settings\Cody Miller\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyQuake2.com 2.3.lnk FOUND !

Start Menu

C:\DOCUME~1\CODYMI~1\STARTM~1\SpyQuake2.com 2.3.lnk FOUND !
C:\DOCUME~1\CODYMI~1\STARTM~1\Programs\SpyQuake2.com FOUND !

C:\DOCUME~1\CODYMI~1\FAVORI~1

C:\DOCUME~1\CODYMI~1\FAVORI~1\Antivirus Test Online.url FOUND !

Desktop


C:\Program Files

C:\Program Files\SpyQuake2.com\ FOUND !

Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"

[HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g8337453.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g8337453.dll"


Scanning wininet.dll infection


End

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:53 PM

Posted 30 July 2006 - 06:54 AM

Please print out or copy these instructions/tutorial to Notepad as the internet will not be available to you at certain points of the removal process (while in Safe Mode). Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.


1. Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
2. Run Smitfraud
  • Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
  • Select option #2 - Clean by typing 2 and press Enter.
  • Wait for the tool to complete and disk cleanup to finish.
  • You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
  • The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.


    A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

    The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
3. Clean out your Temporary Internet files
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start -> Control Panel and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
4. Next Click Start -> Control Panel and then double-click Display.
  • Click on the Desktop tab, then click the Customize Desktop button.
  • Click on the Web tab.
  • Under Web Pages you may see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button.
  • Click Ok then Apply and Ok.
5. Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.


6. Lauch Ewido-Anti-spyware by double-clicking the icon on your desktop.
  • IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.

  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • Ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close Ewido.
7. Reboot back into Normal Windows Mode


8. Run SmitfraudFix.
  • Open the SmitfraudFix folder and double-click smitfraudfix.cmd
  • Select option #3 - Delete Trusted zone by typing 3 and press Enter


    Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
9.Please Post the following logs:
  • c:\rapport.txt
  • Ewido log
  • A new HijackThis log
You may need several replies to post the requested logs, otherwise they might get cut off.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 markkerr101

markkerr101
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 30 July 2006 - 05:37 PM

New Hijack this Log


Logfile of HijackThis v1.99.1
Scan saved at 6:34:33 PM, on 7/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\AOL\1148966984\ee\AOLSoftware.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\explorer.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\DOCUME~1\CODYMI~1\LOCALS~1\Temp\Rar$EX06.719\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148966984\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [LiveUpdate] C:\Program Files\Byteswarm\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [NI.UWA6P_0001_N91M1807] "c:\documents and settings\cody miller\application data\winantiviruspro2006freeinstall[1].exe" -nag
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\CODYMI~1\MYDOCU~1\ICROSO~1\ati2evxx.exe" -vt ndrv
O4 - HKCU\..\Run: [Sms] C:\PROGRA~1\FNTS~1\RVICES~1.EXE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\fast.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

#13 markkerr101

markkerr101
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 30 July 2006 - 05:38 PM

Rapport log

SmitFraudFix v2.76

Scan done at 15:33:18.70, Sun 07/30/2006
Run from C:\Documents and Settings\Cody Miller\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"

[HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g8337453.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g8337453.dll"


Killing process


Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\g8337453.dll -> Missing File

C:\WINDOWS\system32\pmnqguh.dll -> Missing File


Deleting infected files

C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismon.exe Deleted
C:\WINDOWS\system32\isnotify.exe Deleted
C:\WINDOWS\system32\issearch.exe Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\components\flx?.dll Deleted
C:\WINDOWS\system32\components\flx??.dll Deleted
C:\WINDOWS\system32\components\flx???.dll Deleted
C:\Documents and Settings\Cody Miller\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyQuake2.com 2.3.lnk Deleted
C:\DOCUME~1\CODYMI~1\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\CODYMI~1\STARTM~1\SpyQuake2.com 2.3.lnk Deleted
C:\DOCUME~1\CODYMI~1\STARTM~1\Programs\SpyQuake2.com Deleted
C:\Program Files\SpyQuake2.com\ Deleted

Deleting Temp Files


Registry Cleaning

Registry Cleaning done.

After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"

[HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g8337453.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g8337453.dll"



End

#14 markkerr101

markkerr101
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 30 July 2006 - 05:41 PM

Ewido log: (Something went wrong with this. I had a full scan going but it stopped at 50%, it did remove the infected objects it found. I ran another full scan after and it went through 100%, but no log was there because it didn't find any infected objects. I will post the log of the 50% incomplete one, that was all it found i believe. Let me know if I should do something else. Sorry and Thanx again.


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:30:42 PM, 7/30/2006
+ Report-Checksum: E77D9061

+ Scan result:

:mozilla.28:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.382:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.395:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.414:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.422:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.423:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.424:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.425:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.426:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.427:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.430:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.460:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.462:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.467:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.468:C:\Documents and Settings\Cody Miller\Application Data\Mozilla\Firefox\Profiles\o6qrvbd1.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup


::Report End

Edited by markkerr101, 30 July 2006 - 05:44 PM.


#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:53 PM

Posted 30 July 2006 - 10:12 PM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O4 - HKLM\..\Run: [NI.UWA6P_0001_N91M1807] "c:\documents and settings\cody miller\application data\winantiviruspro2006freeinstall[1].exe" -nag
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\CODYMI~1\MYDOCU~1\ICROSO~1\ati2evxx.exe" -vt ndrv
O4 - HKCU\..\Run: [Sms] C:\PROGRA~1\FNTS~1\RVICES~1.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O20 - AppInit_DLLs: C:\WINDOWS\system32\fast.dll





Download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe



Reboot and post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users