Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help


  • This topic is locked This topic is locked
22 replies to this topic

#1 onemanmosh

onemanmosh

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 11 August 2006 - 02:26 PM

i have alot of spyware and was wondering how to get rid of it. i scanned my computer with ewido antispyware and XoftSpySE. i keep finding more. .
im also infected with spywarequake
heres the hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 3:19:53 PM, on 8/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\JT\MYDOCU~1\WNSXS~1\msdtc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\JT\Local Settings\Temporary Internet Files\Content.IE5\2327292F\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\Searchx.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/misfits/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20069&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20069&k=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Yvakt Class - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - C:\WINDOWS\system32\v199.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SDWin32 Class - {091C22F2-FAD5-4FC7-866F-F56490104B7E} - C:\WINDOWS\system32\wsvmd.dll (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {31766E6D-4D8C-51E4-626D-A45B42FF663A} - C:\WINDOWS\system32\otiaivbb\foxyxwvg.dll (file missing)
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {5062FAF2-85FF-8417-C1F4-9A18066421EB} - C:\WINDOWS\system32\jvnvktwy\kgjiliax.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6E527CF7-F606-A1D2-DEFE-7836B168B9AD} - C:\WINDOWS\system32\iuczvvhc.dll (file missing)
O2 - BHO: (no name) - {77312BA7-3D82-B06C-FC0B-6F619C1E4A0C} - C:\WINDOWS\system32\saboxiyy\hdoyxlrp.dll
O2 - BHO: (no name) - {7B5C66D6-4395-E7DA-DF6C-14FE50531771} - C:\WINDOWS\system32\snaqftoi\qmlknjge.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {D94DB0B7-5907-4C0F-BA8D-268DEBF1559E} - C:\WINDOWS\system32\vtuts.dll
O2 - BHO: (no name) - {DF5005AE-826E-7E56-8C24-EE974259BAD3} - C:\WINDOWS\system32\nmehryrv\ddamqbmx.dll
O2 - BHO: (no name) - {E2816395-D6D3-C649-B46A-7C7D490B4969} - C:\WINDOWS\system32\cinuspug\vhtmsxtw.dll
O2 - BHO: (no name) - {E4AA5E19-BA88-E171-A4AE-E1CB249B0FC3} - C:\WINDOWS\system32\hjmowvod.dll (file missing)
O2 - BHO: (no name) - {E67DC663-7806-FDCA-C1AB-2D666AA7D8F5} - C:\WINDOWS\system32\bdsuydlx\sutijosk.dll (file missing)
O2 - BHO: (no name) - {F43572A0-D8B4-DA16-9A70-15D76232C376} - C:\WINDOWS\system32\jurgokmh\ligxdifi.dll
O2 - BHO: (no name) - {FCF233C0-7C14-DCAF-2020-307CECA9959E} - C:\WINDOWS\system32\bkhdptht\ltyyxxct.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
O3 - Toolbar: Searchfst Class - {000277A3-7D84-406a-9799-D12A81594693} - C:\WINDOWS\srchfst.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [styibplk] C:\WINDOWS\system32\vxmradxh\styibplk.exe
O4 - HKLM\..\Run: [fclsaugn] C:\WINDOWS\system32\uajpqn\fclsaugn.exe
O4 - HKLM\..\Run: [ufbx] C:\WINDOWS\system32\fofoxmpe\ufbx.exe
O4 - HKLM\..\Run: [nbjueck] C:\WINDOWS\system32\npksp\nbjueck.exe
O4 - HKLM\..\Run: [ejapx] C:\WINDOWS\system32\mvbywd\ejapx.exe
O4 - HKLM\..\Run: [uyes] C:\WINDOWS\system32\ovqhsjoh\uyes.exe
O4 - HKLM\..\Run: [ndrmew] C:\WINDOWS\system32\kmfk\ndrmew.exe
O4 - HKLM\..\Run: [wmngcf] C:\WINDOWS\system32\yfou\wmngcf.exe
O4 - HKLM\..\Run: [dokfo] C:\WINDOWS\system32\jbywrcj\dokfo.exe
O4 - HKLM\..\Run: [trxeo] C:\WINDOWS\system32\pliwg\trxeo.exe
O4 - HKLM\..\Run: [hhsqtltg] C:\WINDOWS\system32\wmpelir\hhsqtltg.exe
O4 - HKLM\..\Run: [ovqk] C:\WINDOWS\system32\oxbem\ovqk.exe
O4 - HKLM\..\Run: [terctjwo] C:\WINDOWS\system32\vbwtvd\terctjwo.exe
O4 - HKLM\..\Run: [bnahptnf] C:\WINDOWS\system32\kqlkbvj\bnahptnf.exe
O4 - HKLM\..\Run: [ycryhlk] C:\WINDOWS\system32\yueemwtu\ycryhlk.exe
O4 - HKLM\..\Run: [kiqhmf] C:\WINDOWS\system32\cnvc\kiqhmf.exe
O4 - HKLM\..\Run: [pcvnmh] C:\WINDOWS\system32\adbjy\pcvnmh.exe
O4 - HKLM\..\Run: [bdep] C:\WINDOWS\system32\rcyhjiid\bdep.exe
O4 - HKLM\..\Run: [bgxxsi] C:\WINDOWS\system32\mxkuyk\bgxxsi.exe
O4 - HKLM\..\Run: [rjbee] C:\WINDOWS\system32\sssrfxk\rjbee.exe
O4 - HKLM\..\Run: [oohv] C:\WINDOWS\system32\aumhye\oohv.exe
O4 - HKLM\..\Run: [ljeqk] C:\WINDOWS\system32\rhhwbivb\ljeqk.exe
O4 - HKLM\..\Run: [eqwdgn] C:\WINDOWS\system32\tjfnss\eqwdgn.exe
O4 - HKLM\..\Run: [jfkfeth] C:\WINDOWS\system32\wxthuldt\jfkfeth.exe
O4 - HKLM\..\Run: [drnxlj] C:\WINDOWS\system32\xmdqve\drnxlj.exe
O4 - HKLM\..\Run: [sfvepysm] C:\WINDOWS\system32\wwhajgbu\sfvepysm.exe
O4 - HKLM\..\Run: [ajffrpp] C:\WINDOWS\system32\bdxbowi\ajffrpp.exe
O4 - HKLM\..\Run: [ipgjm] C:\WINDOWS\system32\egoqyaoe\ipgjm.exe
O4 - HKLM\..\Run: [jajob] C:\WINDOWS\system32\mabcdf\jajob.exe
O4 - HKLM\..\Run: [ipekveb] C:\WINDOWS\system32\tedmgvew\ipekveb.exe
O4 - HKLM\..\Run: [khwiyk] C:\WINDOWS\system32\orhsunl\khwiyk.exe
O4 - HKLM\..\Run: [dutg] C:\WINDOWS\system32\bitfll\dutg.exe
O4 - HKLM\..\Run: [nssxgy] C:\WINDOWS\system32\aeqawsus\nssxgy.exe
O4 - HKLM\..\Run: [cugq] C:\WINDOWS\system32\svbeh\cugq.exe
O4 - HKLM\..\Run: [kumcg] C:\WINDOWS\system32\knnkd\kumcg.exe
O4 - HKLM\..\Run: [omoqy] C:\WINDOWS\system32\vokosg\omoqy.exe
O4 - HKLM\..\Run: [oxjc] C:\WINDOWS\system32\ddlvijx\oxjc.exe
O4 - HKLM\..\Run: [bymaaptf] C:\WINDOWS\system32\vnosmn\bymaaptf.exe
O4 - HKLM\..\Run: [paoye] C:\WINDOWS\system32\ttvjdva\paoye.exe
O4 - HKLM\..\Run: [sqcpg] C:\WINDOWS\system32\uphav\sqcpg.exe
O4 - HKLM\..\Run: [fochibr] C:\WINDOWS\system32\ruqhocs\fochibr.exe
O4 - HKLM\..\Run: [pqdy] C:\WINDOWS\system32\oynb\pqdy.exe
O4 - HKLM\..\Run: [euvyaib] C:\WINDOWS\system32\auggyxx\euvyaib.exe
O4 - HKLM\..\Run: [dvucmwfs] C:\WINDOWS\system32\xprqptfx\dvucmwfs.exe
O4 - HKLM\..\Run: [tbxdgr] C:\WINDOWS\system32\ukcuds\tbxdgr.exe
O4 - HKLM\..\Run: [sypi] C:\WINDOWS\system32\ihilm\sypi.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM32\mwinsmaw.exe FI002
O4 - HKLM\..\Run: [kgocejcw] C:\WINDOWS\system32\fudxapae\kgocejcw.exe
O4 - HKLM\..\Run: [wnch] C:\WINDOWS\system32\xsvo\wnch.exe
O4 - HKLM\..\Run: [jcrx] C:\WINDOWS\system32\mxpvjnix\jcrx.exe
O4 - HKLM\..\Run: [euyklql] C:\WINDOWS\system32\mgnvogak\euyklql.exe
O4 - HKLM\..\Run: [rypslq] C:\WINDOWS\system32\qaieifyx\rypslq.exe
O4 - HKLM\..\Run: [teianc] C:\WINDOWS\system32\yyxj\teianc.exe
O4 - HKLM\..\Run: [xpashpi] C:\WINDOWS\system32\vqocc\xpashpi.exe
O4 - HKLM\..\Run: [wubheu] C:\WINDOWS\system32\jpaxx\wubheu.exe
O4 - HKLM\..\Run: [ndoyipn] C:\WINDOWS\system32\ouym\ndoyipn.exe
O4 - HKLM\..\Run: [haydqxl] C:\WINDOWS\system32\nrrtbb\haydqxl.exe
O4 - HKLM\..\Run: [fkrw] C:\WINDOWS\system32\hqdsj\fkrw.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lkwh] C:\WINDOWS\system32\awal\lkwh.exe
O4 - HKLM\..\Run: [degc] C:\WINDOWS\system32\lknp\degc.exe
O4 - HKLM\..\Run: [SpyQuake2.com] C:\Program Files\SpyQuake2.com\Spy-Quake2.exe /h
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\JT\MYDOCU~1\WNSXS~1\msdtc.exe" -vt yazr
O4 - HKCU\..\Run: [Rlubbiik] C:\PROGRA~1\FNTS~2\dvdplay.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.morwillsearch.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct2_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0031.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098651608343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137194252906
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/heavyweap...aploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - AppInit_DLLs: csrss.dll C:\WINDOWS\system32\taskmgr.dll C:\WINDOWS\system32\csrss.dll C:\WINDOWS\system32\iexplore.dll
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\wwvdmoe2.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll
O20 - Winlogon Notify: winftx32 - C:\WINDOWS\SYSTEM32\winftx32.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: cpgxjooqmih - Unknown owner - C:\WINDOWS\system32\qmih\cpgxjoo.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: drcadrdaccynr - Unknown owner - C:\WINDOWS\system32\ccynr\drcadrda.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: greenstdsystem32 - Unknown owner - C:\WINDOWS\system32\greenstd.exe (file missing)
O23 - Service: uywdabcyxffi (ievylird5) - Unknown owner - C:\WINDOWS\system32\cnfbyhhb5.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\rfjxoxh.exe (file missing)


Edited by onemanmosh, 11 August 2006 - 02:34 PM.


BC AdBot (Login to Remove)

 


m

#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:52 AM

Posted 12 August 2006 - 07:07 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Before we can get started on fixing your problem you must change the location of Hijackthis. It should not run from a temp directory.
  • Download and run the HijackThis autoinstall program
  • Please choose the default location of C:\Program Files as the destination.
  • Run the program only from that location from now on. It is essential that you follow these steps or certain important features of the program will not function correctly.
Once you have Hijackthis running from this folder, please reboot and post a new hijackthis log as a reply in this thread.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 onemanmosh

onemanmosh
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 12 August 2006 - 07:17 AM

here you go. i removed soywarequake but i still have a bunch of spyware.

Logfile of HijackThis v1.99.1
Scan saved at 8:15:09 AM, on 8/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\JT\MYDOCU~1\WNSXS~1\msdtc.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\Searchx.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/misfits/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/misfits/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20069&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20069&k=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
O3 - Toolbar: Searchfst Class - {000277A3-7D84-406a-9799-D12A81594693} - C:\WINDOWS\srchfst.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\JT\MYDOCU~1\WNSXS~1\msdtc.exe" -vt yazr
O4 - HKCU\..\Run: [Rlubbiik] C:\PROGRA~1\FNTS~2\dvdplay.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.morwillsearch.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct2_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0031.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098651608343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137194252906
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/heavyweap...aploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - AppInit_DLLs: csrss.dll C:\WINDOWS\system32\taskmgr.dll C:\WINDOWS\system32\csrss.dll C:\WINDOWS\system32\iexplore.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: cpgxjooqmih - Unknown owner - C:\WINDOWS\system32\qmih\cpgxjoo.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: drcadrdaccynr - Unknown owner - C:\WINDOWS\system32\ccynr\drcadrda.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: greenstdsystem32 - Unknown owner - C:\WINDOWS\system32\greenstd.exe (file missing)
O23 - Service: uywdabcyxffi (ievylird5) - Unknown owner - C:\WINDOWS\system32\cnfbyhhb5.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\rfjxoxh.exe (file missing)



#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:52 AM

Posted 12 August 2006 - 07:23 AM

Yes you do. :thumbsup:
Let's see about getting rid of it for you.


Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\Searchx.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20069&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20069&k=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: Searchfst Class - {000277A3-7D84-406a-9799-D12A81594693} - C:\WINDOWS\srchfst.dll (file missing)
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\JT\MYDOCU~1\WNSXS~1\msdtc.exe" -vt yazr
O4 - HKCU\..\Run: [Rlubbiik] C:\PROGRA~1\FNTS~2\dvdplay.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.morwillsearch.com
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0031.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O20 - AppInit_DLLs: csrss.dll C:\WINDOWS\system32\taskmgr.dll C:\WINDOWS\system32\csrss.dll C:\WINDOWS\system32\iexplore.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll (file missing)
O23 - Service: cpgxjooqmih - Unknown owner - C:\WINDOWS\system32\qmih\cpgxjoo.exe (file missing)
O23 - Service: drcadrdaccynr - Unknown owner - C:\WINDOWS\system32\ccynr\drcadrda.exe (file missing)
O23 - Service: greenstdsystem32 - Unknown owner - C:\WINDOWS\system32\greenstd.exe (file missing)
O23 - Service: uywdabcyxffi (ievylird5) - Unknown owner - C:\WINDOWS\system32\cnfbyhhb5.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\rfjxoxh.exe (file missing)



=================


Reboot your computer.


=================



I need to see a different type of log from Hijackthis
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 onemanmosh

onemanmosh
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 13 August 2006 - 07:35 AM

it wont open a notepad file for some reason. i hit save and it closes.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:52 AM

Posted 13 August 2006 - 04:40 PM

Let's get the info a different way.


Open notepad and copy and paste this text in it:

if exist %systemdrive%\look.txt del %systemdrive%\look.txt
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" >> %systemdrive%\look.txt
cd\
cd %appdata%
dir /ad /o:-d /p >> %systemdrive%\look.txt
cd %allusersprofile%\Application Data
dir /ad /o:-d /p >> %systemdrive%\look.txt
cd %ProgramFiles%
dir /ad /o:-d /p >> %systemdrive%\look.txt
cd %ProgramFiles%\Common Files
dir /ad /o:-d /p >> %systemdrive%\look.txt
start notepad %systemdrive%\look.txt

Save this as look.bat
Change the "Save As Type" to "All Files" and save it on your desktop.
Doubleclick look.bat and post the content of the txtfile you get in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 onemanmosh

onemanmosh
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 14 August 2006 - 08:16 AM

okay, heres the stuff from look.bat

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
<NO NAME> REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware SE Personal

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Atmosphere Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdobeESD

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AOL Instant Messenger

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audio Converter

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Automap 9.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Azureus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BCM V.92 56K Modem

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Audio CD Ripper (Unicode)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Auto Tag Cleaner

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Import Wizard (Unicode)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Media Toolbox

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource AudioSync Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource Detector

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource NOMAD II/MG Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource NOMAD Jukebox 2/3/Zen Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource NOMAD Jukebox Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource NOMAD MuVo Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource Player Skin Pack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Removable Disk Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Sync Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Zen MicroPhoto

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d13debb354a7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dBpowerAMP FLAC Codec

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dBpowerAMP Mp3 Blade Codec

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dBpowerAMP Mp4 Codec

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dBpowerAMP Music Converter

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dBpowerAMP Real Audio Codec

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dBpowerAMP WMA V9.1 Codec

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dell Digital Jukebox Driver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DellSupport

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Camera 640X480 Driver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ebateswebsavingsdr1.xml

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ewidoantispyware4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Finale NotePad 2005a

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP PrecisionScan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Indeo® Software

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IRISmon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB834707

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB867282

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB870669

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB873333

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB873339

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB883939

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885250

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885835

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885836

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885884

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886185

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887472

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887742

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888113

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888302

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890046

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890047

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890175

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890859

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890923

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891781

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893066

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893086

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893756

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB894391

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896358

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896422

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896423

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896424

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896428

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896688

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896727

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898458

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898461

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB899587

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB899588

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB899591

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900485

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900725

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB901017

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB901214

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902400

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB903235

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB904706

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB905414

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB905749

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB905915

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB908519

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB908531

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB910437

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911280

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911562

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911564

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911565

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911567

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911927

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB912812

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB912919

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB913446

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB913580

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB914388

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB914389

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB916281

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB916595

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917159

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917344

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917734_WMP10

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917953

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB918439

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB921883

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Logic Hit Kit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M886903

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M886906

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Macromedia Shockwave Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Magic Online

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework Full v1.0.3705 (1033)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Interactive Training

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft NetShow Player 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla (1.7.2)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsJavaVM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PROSet

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickTime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealJukebox 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 6.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RiseOfNations Trial 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Soulseek

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBlaster_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Starcraft

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StyleXP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SysInfo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UT2004-Demo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Works2003Setup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XoftSpySE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Anti-Spy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YInstHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zen MicroPhoto Media Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00010409-78E1-11D2-B60F-006097C998E7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01F9D88C-3C86-4E82-840A-101A3221F67A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{03410014-3975-4267-9F39-1DC4745090B7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{10798AE3-DCBB-43C3-9C93-C23512427E25}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11F1920A-56A2-4642-B6E0-3B31A12C9288}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12141D70-0324-42DB-B5E8-706040083931}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1888DAFD-C634-4BC4-865C-3455E24F6177}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AEC8F41-4701-415D-9782-F69CFB535463}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{236BB7C4-4419-42FD-0409-1E257A25E34D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3101857A-2D36-4DD5-A092-27478119601A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150050}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{369B36BE-3D64-4641-9AEA-808D436FE132}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{434C733C-27FA-423E-8CDC-F72B55631BA5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45EBDA59-D33B-433A-956E-B2F236468B56}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{492E1D84-D7BF-4FA2-A26A-30AFC89EF547}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{536F7C74-844B-4683-B0C5-EA39E19A6FE3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56F3E1FF-54FE-4384-A153-6CCABA097814}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58EBC737-9828-4204-8512-E0E71BD7E792}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B095CD4-555F-4F70-9B90-B1DB84D810ED}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{609F7AC8-C510-11D4-A788-009027ABA5D0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{66BCC50C-22D9-4927-9251-27FA88A32214}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67AEFC4C-69E4-11D7-85F4-00E018013273}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{70D1416D-C0FF-461C-8AF3-71B98C7F5CA4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142050}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{786C5747-1033-0000-B58E-000000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A900EAB-DA37-4554-AF19-9C337476D05D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7D268154-7A31-40F2-9779-7A250914BB39}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DBBC522-F642-4D6C-A03F-22E49EB63437}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F142D56-3326-11D5-B229-002078017FBF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8851E12C-0EF9-11D4-A788-009027ABA5D0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AF3E926-ED59-11D4-A44B-0000E86D2305}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8EDBA74D-0686-4C99-BFDD-F894678E5B39}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{911B0409-6000-11D3-8CFE-0050048383C9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{927C5414-3077-45FF-A916-E0DA8A5DAEF8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9559F7CA-5E34-4237-A2D9-D856464AD727}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{98DF85D9-96C0-4F57-A92E-C3539477EF5E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A4CBCF09-0C7E-40AA-0080-34B8A5CFE7FA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AA32BDBB-A91E-47AB-97F1-4C7007F4953C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB7E8EC4-D04C-4A2B-A33B-4A3725C72285}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A70000000000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B43357AA-3A6D-4D94-B56E-43C44D09E548}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B74D4E10-1033-0000-0000-000000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C86A8B40-0702-45FA-BFEC-82B0C5932038}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE7BE6FA-A577-49CD-81B1-FF0A61657C65}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DC9E2F1C-CC14-41B0-AFF5-2AFE87B76A1F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E09B48B5-E141-427A-AB0C-D3605127224A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9787678-1033-0000-8E67-000000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}
Volume in drive C has no label.
Volume Serial Number is CC56-8248

Directory of C:\Documents and Settings\JT\Application Data

08/09/2006 03:13 PM <DIR> NetMedia Providers
08/09/2006 09:11 AM <DIR> Sony
08/09/2006 09:09 AM <DIR> .
08/09/2006 09:09 AM <DIR> ..
08/09/2006 09:09 AM <DIR> Publish Providers
08/07/2006 08:41 AM <DIR> Adobe
07/21/2006 09:48 AM <DIR> RapidGet
07/21/2006 09:08 AM <DIR> Azureus
06/25/2006 08:49 AM <DIR> Microsoft
06/20/2006 03:47 PM <DIR> HP
06/03/2006 08:49 AM <DIR> .BitTornado
05/17/2006 04:47 PM <DIR> Opera
04/28/2006 09:05 AM <DIR> Creative
01/24/2006 07:49 PM <DIR> Help
01/06/2006 04:03 PM <DIR> WeatherBug
10/28/2005 05:13 PM <DIR> iMesh
10/26/2005 04:00 PM <DIR> Roxio
06/16/2005 03:57 PM <DIR> Leadertech
05/21/2005 02:10 PM <DIR> Gtek
05/13/2005 04:40 PM <DIR> Macromedia
02/22/2005 03:44 PM <DIR> {12EE7A5E-0674-42f9-A76B-000000004D00}
11/26/2004 10:38 PM <DIR> Raptisoft
10/28/2004 06:53 PM <DIR> Lavasoft
09/22/2004 04:52 PM <DIR> Sun
09/19/2004 08:17 AM <DIR> Aim
08/30/2004 08:03 AM <DIR> Mozilla
08/30/2004 08:03 AM <DIR> Talkback
11/08/2003 08:28 AM <DIR> Real
08/07/2003 11:32 AM <DIR> AdobeUM
08/03/2003 03:18 PM <DIR> MSN6
06/22/2003 09:22 AM <DIR> Microsoft Games
06/06/2003 07:35 AM <DIR> CyberLink
05/29/2003 06:41 PM <DIR> Identities
07/13/2000 09:33 PM <DIR> Lycos
0 File(s) 0 bytes
34 Dir(s) 15,207,215,104 bytes free
Volume in drive C has no label.
Volume Serial Number is CC56-8248

Directory of C:\Documents and Settings\All Users\Application Data

08/14/2006 07:43 AM <DIR> ..
08/14/2006 07:43 AM <DIR> .
08/09/2006 09:06 AM <DIR> Sony
06/22/2006 12:21 PM <DIR> HP
05/15/2006 07:35 PM <DIR> Adobe Systems
05/15/2006 07:31 PM <DIR> Adobe
01/26/2006 10:33 PM <DIR> Microsoft
12/03/2005 12:23 PM <DIR> nsv
12/01/2005 06:26 PM <DIR> Viewpoint
12/01/2005 06:21 PM <DIR> AOL Downloads
10/26/2005 04:07 PM <DIR> Napster
10/20/2005 04:54 PM <DIR> Yahoo! Companion
10/10/2005 07:38 PM <DIR> Windows Genuine Advantage
09/12/2005 05:43 PM <DIR> Trymedia
06/10/2005 04:47 PM <DIR> Dell
05/22/2005 09:24 AM <DIR> msw
05/20/2005 04:26 PM <DIR> GTek
02/21/2005 07:32 PM <DIR> Spybot - Search & Destroy
02/21/2005 03:59 PM <DIR> vmss
01/02/2005 11:22 AM <DIR> InstallShield
07/16/2004 08:34 AM <DIR> PopCap
02/18/2004 08:48 PM <DIR> Symantec
01/11/2004 03:03 PM <DIR> QuickTime
06/12/2003 08:14 PM <DIR> MSN6
06/11/2003 08:12 PM <DIR> McAfee.com
05/29/2003 07:12 PM <DIR> SBSI
0 File(s) 0 bytes
26 Dir(s) 15,207,211,008 bytes free
Volume in drive C has no label.
Volume Serial Number is CC56-8248

Directory of C:\Program Files

08/14/2006 09:07 AM <DIR> Soulseek
08/14/2006 07:43 AM <DIR> ..
08/14/2006 07:43 AM <DIR> .
08/14/2006 06:32 AM <DIR> ewido anti-spyware 4.0
08/13/2006 03:25 PM <DIR> Hijackthis
08/13/2006 03:19 PM <DIR> Microsoft AntiSpyware
08/12/2006 10:28 AM <DIR> F?nts
08/11/2006 10:34 AM <DIR> XoftSpySE
08/11/2006 09:16 AM <DIR> Common Files
08/11/2006 09:06 AM <DIR> TGTSoft
08/09/2006 02:43 PM <DIR> Uninstall Information
08/09/2006 02:42 PM <DIR> Microsoft SQL Server
08/09/2006 09:04 AM <DIR> Vstplugins
08/09/2006 09:03 AM <DIR> Sony
08/09/2006 09:02 AM <DIR> Sony Setup
07/20/2006 03:08 PM <DIR> Azureus
07/17/2006 10:00 AM <DIR> ?ssembly
07/08/2006 10:00 AM <DIR> InstallShield Installation Information
06/29/2006 03:03 PM <DIR> F?nts
06/25/2006 08:49 AM <DIR> Project64 1.6
06/22/2006 12:27 PM <DIR> HP
06/17/2006 09:31 AM <DIR> Finale NotePad 2005a
06/17/2006 03:16 AM <DIR> Internet Explorer
06/01/2006 02:02 PM <DIR> ?icrosoft.NET
05/16/2006 04:21 PM <DIR> Ulead Systems
05/15/2006 07:48 PM <DIR> Adobe
05/14/2006 05:53 PM <DIR> Illustrate
05/10/2006 05:35 PM <DIR> Stardock
04/26/2006 03:53 PM <DIR> Creative
04/26/2006 03:03 PM <DIR> ?asks
04/12/2006 03:06 AM <DIR> Outlook Express
04/06/2006 04:39 PM <DIR> Windows Media Player
03/23/2006 05:11 PM <DIR> ewido anti-malware
02/26/2006 03:48 PM <DIR> Google
02/21/2006 06:09 PM <DIR> WinRAR
02/20/2006 11:48 AM <DIR> rdso
02/16/2006 02:04 PM <DIR> EA GAMES
02/04/2006 04:09 PM <DIR> SpywareBlaster
01/26/2006 04:49 PM <DIR> AACoder Plus
01/25/2006 04:38 PM <DIR> easetech
01/10/2006 07:29 PM <DIR> AWS
01/10/2006 07:28 PM <DIR> Arachnid V5.2.0
01/01/2006 08:21 PM <DIR> Java
12/28/2005 06:00 PM <DIR> Wal-Mart Music Downloads Store
12/01/2005 06:34 PM <DIR> AOL
12/01/2005 06:26 PM <DIR> AOD
11/27/2005 03:08 PM <DIR> Audible
11/13/2005 06:14 PM <DIR> imgthin
11/13/2005 08:44 AM <DIR> Ftk
11/09/2005 06:00 PM <DIR> Corel
10/20/2005 04:54 PM <DIR> Yahoo!
10/18/2005 07:10 PM <DIR> Symantec
10/18/2005 06:18 PM <DIR> Palm
10/18/2005 06:18 PM <DIR> AIM95
10/18/2005 06:17 PM <DIR> Dell Support
10/18/2005 05:57 PM <DIR> Microsoft Works
10/15/2005 09:52 AM <DIR> Quick Links
10/15/2005 09:51 AM <DIR> Cas
10/08/2005 07:22 AM <DIR> Lavasoft
09/09/2005 05:37 AM <DIR> MyWebSearchWB
06/26/2005 07:55 AM <DIR> WindowsUpdate
06/10/2005 04:47 PM <DIR> Dell
05/22/2005 09:43 AM <DIR> Rio
05/15/2005 11:50 AM <DIR> sf
05/13/2005 04:37 PM <DIR> Macromedia
03/30/2005 04:47 PM <DIR> AIM Games
03/29/2005 03:48 PM <DIR> SecretSmileys
03/05/2005 09:14 PM <DIR> SEARCH3
03/05/2005 09:14 PM <DIR> SEARCH3 TOOLBAR
02/22/2005 07:49 PM <DIR> WindowsSB
02/22/2005 05:35 PM <DIR> Dynamic Toolbar
02/21/2005 07:32 PM <DIR> SWF Studio
02/13/2005 08:55 AM <DIR> Messenger
02/04/2005 09:02 PM <DIR> OfficeUpdate11
10/24/2004 06:18 PM <DIR> Movie Maker
10/24/2004 06:10 PM <DIR> NetMeeting
10/24/2004 06:10 PM <DIR> Windows NT
09/01/2004 10:05 AM <DIR> emagic
08/29/2004 07:35 PM <DIR> mozilla.org
08/26/2004 12:40 PM <DIR> Spybot - Search & Destroy
08/15/2004 10:29 PM <DIR> wipe
05/16/2004 07:36 AM <DIR> TryMedia
02/29/2004 06:32 PM <DIR> EA SPORTS
02/20/2004 06:27 PM <DIR> Wizards of the Coast
02/19/2004 05:32 PM <DIR> MSN
02/18/2004 08:48 PM <DIR> Norton AntiVirus
02/18/2004 08:29 PM <DIR> Symantec_Client_Security
02/13/2004 05:17 PM <DIR> SysShield Tools
01/11/2004 03:02 PM <DIR> QuickTime
12/25/2003 09:36 AM <DIR> Thomson
11/15/2003 04:43 PM <DIR> Disney
10/18/2003 10:21 AM <DIR> MUSICMATCH
06/22/2003 04:06 PM <DIR> microsoft frontpage
06/22/2003 09:16 AM <DIR> Microsoft Games
06/09/2003 08:40 PM <DIR> Zone Labs
06/07/2003 08:24 PM <DIR> Hewlett-Packard
06/07/2003 09:27 AM <DIR> Ligos
06/07/2003 09:24 AM <DIR> Disney Interactive
05/29/2003 07:18 PM <DIR> Roxio
05/29/2003 07:18 PM <DIR> Real
05/29/2003 07:16 PM <DIR> McAfee.com
05/29/2003 07:15 PM <DIR> Dell Computer
05/29/2003 07:15 PM <DIR> Jasc Software Inc
05/29/2003 07:14 PM <DIR> CyberLink
05/29/2003 07:13 PM <DIR> Modem Helper
05/29/2003 07:12 PM <DIR> Intel
05/29/2003 06:43 PM <DIR> Microsoft Encarta
05/29/2003 06:43 PM <DIR> Microsoft Picture It! 7
05/29/2003 06:42 PM <DIR> Microsoft Streets & Trips
05/29/2003 06:42 PM <DIR> Microsoft ActiveSync
05/29/2003 06:42 PM <DIR> Microsoft Money
05/29/2003 06:42 PM <DIR> Microsoft Office
05/29/2003 06:41 PM <DIR> Online Services
05/29/2003 06:41 PM <DIR> Microsoft Works Suite 2003
05/29/2003 06:41 PM <DIR> ComPlus Applications
05/29/2003 06:41 PM <DIR> MSN Gaming Zone
05/29/2003 06:41 PM <DIR> XEROX
07/11/2000 12:04 PM <DIR> Maxis
0 File(s) 0 bytes
118 Dir(s) 15,207,206,912 bytes free
Volume in drive C has no label.
Volume Serial Number is CC56-8248

Directory of C:\Program Files\Common Files

08/12/2006 05:03 PM <DIR> {CC568248-0A21-1033-0428-030416030001}
08/11/2006 09:16 AM <DIR> ..
08/11/2006 09:16 AM <DIR> .
06/07/2006 04:14 PM <DIR> ??crosoft
05/22/2006 07:17 PM <DIR> ?icrosoft.NET
05/15/2006 07:41 PM <DIR> Adobe
05/15/2006 07:35 PM <DIR> Adobe Systems Shared
04/15/2006 07:56 PM <DIR> s?mbols
04/12/2006 03:06 AM <DIR> System
04/11/2006 05:29 PM <DIR> s?stem
03/15/2006 05:41 PM <DIR> ?ymbols
01/26/2006 04:45 PM <DIR> wkwr
12/04/2005 08:40 AM <DIR> Uninstall Information
12/01/2005 08:05 PM <DIR> AOL
11/13/2005 09:35 AM <DIR> Java
11/07/2005 07:01 PM <DIR> InstallShield
11/05/2005 10:28 AM <DIR> Scanner
10/18/2005 07:09 PM <DIR> Symantec Shared
05/13/2005 04:38 PM <DIR> Vbox
04/21/2005 03:56 PM <DIR> xing shared
04/21/2005 03:55 PM <DIR> Real
02/04/2005 09:04 PM <DIR> Microsoft Shared
08/30/2004 08:25 AM <DIR> mozilla.org
05/12/2004 03:44 PM <DIR> SWF Studio
05/10/2004 03:42 PM <DIR> NSV
05/10/2004 03:42 PM <DIR> Nullsoft
05/29/2003 07:18 PM <DIR> Dell
05/29/2003 07:18 PM <DIR> Adaptec Shared
05/29/2003 06:41 PM <DIR> SpeechEngines
05/29/2003 06:41 PM <DIR> MSSoap
05/29/2003 06:41 PM <DIR> Services
05/29/2003 06:41 PM <DIR> Designer
05/29/2003 06:41 PM <DIR> ODBC
0 File(s) 0 bytes
33 Dir(s) 15,207,198,720 bytes free



#8 onemanmosh

onemanmosh
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 14 August 2006 - 03:45 PM

i thought i should let you know i can only access the internet now in safe mode with networking. the state of my computer is falling fast.

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:52 AM

Posted 14 August 2006 - 06:26 PM

Can you boot into normal mode without problems? But you can not get a connection in normal mode?


Please click Start -> Control Panel -> Add/Remove Programs and uninstall these programs:

ebateswebsavingsdr1.xml
ViewpointMediaPlayer



Delete these folders.

C:\Program Files\F?nts <-- dated 8/12/06, but may appear as Fonts
C:\Program Files\?ssembly <-- dated 7/17/06, but appear as Assemby
C:\Program Files\F?nts <-- dated 6/29/06, but may also appear as Fonts
C:\Program Files\?icrosoft.NET <-- dated 6/1/06, but may appear as Microsoft.NET
C:\Program Files\?asks <-- dated 4/26/06, but may appear as Tasks



Please post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 onemanmosh

onemanmosh
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 14 August 2006 - 07:57 PM

i couldnt remove ebates websavings for some reason.
i also cannot log on to internet explorer without restarting the computer first.

Logfile of HijackThis v1.99.1
Scan saved at 8:55:40 PM, on 8/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/misfits/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://awesomestart.com/misfits/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/misfits/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
O3 - Toolbar: Searchfst Class - {000277A3-7D84-406a-9799-D12A81594693} - C:\WINDOWS\srchfst.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct2_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098651608343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137194252906
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/heavyweap...aploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: uywdabcyxffi (ievylird5) - Unknown owner - C:\WINDOWS\system32\cnfbyhhb5.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\rfjxoxh.exe (file missing)


Edited by onemanmosh, 14 August 2006 - 08:01 PM.


#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:52 AM

Posted 15 August 2006 - 07:57 AM

You didn't answer my question from before. Can you get a connection in normal mode?


Click Start > Run and type these commands hitting enter after each one:

sc stop ievylird5

sc delete ievylird5

sc stop Windows Overlay Components

sc delete Windows Overlay Components




Fix these lines with Hijackthis.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
O3 - Toolbar: Searchfst Class - {000277A3-7D84-406a-9799-D12A81594693} - C:\WINDOWS\srchfst.dll (file missing)




Reboot and post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 onemanmosh

onemanmosh
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 15 August 2006 - 03:49 PM

yes i can get a connection in normal mode. im using mozilla firefox now and its working just fine.

#13 onemanmosh

onemanmosh
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 15 August 2006 - 03:58 PM

heres the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 4:58:07 PM, on 8/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/misfits/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://awesomestart.com/misfits/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomestart.com/misfits/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/games/clients/y/dct2_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098651608343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137194252906
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/heavyweap...aploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\rfjxoxh.exe (file missing)



#14 onemanmosh

onemanmosh
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 15 August 2006 - 04:05 PM

i should probably let you know that if i try to open My Computer, the taskbar and all the icons disappear, then reappear.

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:52 AM

Posted 15 August 2006 - 04:18 PM

Fix this line with Hijackthis.

O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\rfjxoxh.exe (file missing)

Reboot and post a new hijackthis log.


How much memory(RAM) do you have?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users