Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Thesecuritytool.com Problem


  • This topic is locked This topic is locked
41 replies to this topic

#1 Crono139

Crono139

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 22 August 2006 - 06:10 PM

I just came across the yellow caution triangle from McAfee in the corner of my taskbar alerting me about a virus, but it's clearly not legit because balloon is spelled baloon.

Ads from TheSecurityTool.com, and the like are showing up every once in a while.

Spybot, Ad-Aware SE, and SpywareBlaster were no use.

I really hope this problem can be fixed without much difficulty.


Here is the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:08:42 PM, on 8/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ismon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\47227716.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\COMMON~1\AOL\110289~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110289~1\EE\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Documents and Settings\Justin\Desktop\Windows-KB890830-V1.19.exe
c:\5692759c1e00eaa556e69985451a53\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\Documents and Settings\Justin\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://honda-tech.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...Kpucy71BaBJ25hq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.33.140.253:80
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O1 - Hosts: 66.98.178.19 06272002-dbase.hitcountz.net
O1 - Hosts: 66.98.178.19 1ca.cqcounter.com
O1 - Hosts: 66.98.178.19 2001-007.com
O1 - Hosts: 66.98.178.19 ad-logics.com
O1 - Hosts: 66.98.178.19 ad.trafficmp.com
O1 - Hosts: 66.98.178.19 adclient.rottentomatoes.com
O1 - Hosts: 66.98.178.19 adcounter.globeandmail.com
O1 - Hosts: 66.98.178.19 adcounter.theglobeandmail.com
O1 - Hosts: 66.98.178.19 adlog.com.com
O1 - Hosts: 66.98.178.19 admanmail.com
O1 - Hosts: 66.98.178.19 ads.specificpop.com
O1 - Hosts: 66.98.178.19 adtech.de
O1 - Hosts: 66.98.178.19 askmen.thruport.com
O1 - Hosts: 66.98.178.19 banner.0catch.com
O1 - Hosts: 66.98.178.19 bilbo.counted.com
O1 - Hosts: 66.98.178.19 c1.statcounter.com
O1 - Hosts: 66.98.178.19 c1.thecounter.com
O1 - Hosts: 66.98.178.19 c2.gostats.com
O1 - Hosts: 66.98.178.19 c2.thecounter.com
O1 - Hosts: 66.98.178.19 c3.thecounter.com
O1 - Hosts: 66.98.178.19 c3.xxxcounter.com
O1 - Hosts: 66.98.178.19 cashcounter.com
O1 - Hosts: 66.98.178.19 cgi.hotstat.nl
O1 - Hosts: 66.98.178.19 clit6.sextracker.com
O1 - Hosts: 66.98.178.19 clit8.sextracker.com
O1 - Hosts: 66.98.178.19 cookies.cmpnet.com
O1 - Hosts: 66.98.178.19 counter.aaddzz.com
O1 - Hosts: 66.98.178.19 counter.bloke.com
O1 - Hosts: 66.98.178.19 counter.hitslink.com
O1 - Hosts: 66.98.178.19 counter.yadro.ru
O1 - Hosts: 66.98.178.19 counter14.sextracker.com
O1 - Hosts: 66.98.178.19 counter16.bravenet.com
O1 - Hosts: 66.98.178.19 counter17.bravenet.com
O1 - Hosts: 66.98.178.19 counter2.hitslink.com
O1 - Hosts: 66.98.178.19 counter26.bravenet.com
O1 - Hosts: 66.98.178.19 counter32.bravenet.com
O1 - Hosts: 66.98.178.19 counter34.breavenet.com
O1 - Hosts: 66.98.178.19 counter41.bravenet.com
O1 - Hosts: 66.98.178.19 counter47.bravenet.com
O1 - Hosts: 66.98.178.19 counter6.sextracker.com
O1 - Hosts: 66.98.178.19 counter8.bravenet.com
O1 - Hosts: 66.98.178.19 data.coremetrics.com
O1 - Hosts: 66.98.178.19 delivery.loopingclick.com
O1 - Hosts: 66.98.178.19 dwclick.com
O1 - Hosts: 66.98.178.19 fastclick.net
O1 - Hosts: 66.98.178.19 fcstats.bcentral.com
O1 - Hosts: 66.98.178.19 flycast.com
O1 - Hosts: 66.98.178.19 g-wizzads.net
O1 - Hosts: 66.98.178.19 gostats.com
O1 - Hosts: 66.98.178.19 gtcc1.acecounter.com
O1 - Hosts: 66.98.178.19 hc2.humanclick.com
O1 - Hosts: 66.98.178.19 hit2.hotlog.ru
O1 - Hosts: 66.98.178.19 hit37.chark.dk
O1 - Hosts: 66.98.178.19 hitbox.com
O1 - Hosts: 66.98.178.19 hits.webstat.com
O1 - Hosts: 66.98.178.19 images.dailydiscounts.com
O1 - Hosts: 66.98.178.19 imp.clickability.com
O1 - Hosts: 66.98.178.19 impacts.alliancehub.com
O1 - Hosts: 66.98.178.19 insightfirst.com
O1 - Hosts: 66.98.178.19 int.sitestat.com
O1 - Hosts: 66.98.178.19 jkearns.freestats.com
O1 - Hosts: 66.98.178.19 linktrack.bravenet.com
O1 - Hosts: 66.98.178.19 logs.comics.com
O1 - Hosts: 66.98.178.19 m1.nedstatbasic.net
O1 - Hosts: 66.98.178.19 media101.sitebrand.com
O1 - Hosts: 66.98.178.19 mediatrack.revenue.net
O1 - Hosts: 66.98.178.19 mt122.mtree.com
O1 - Hosts: 66.98.178.19 nedstat.s0.nl
O1 - Hosts: 66.98.178.19 nl.sitestat.com
O1 - Hosts: 66.98.178.19 paxito.sitetracker.com
O1 - Hosts: 66.98.178.19 perso.estat.com
O1 - Hosts: 66.98.178.19 pmg.ad-logics.com
O1 - Hosts: 66.98.178.19 postclick.adcentriconline.com
O1 - Hosts: 66.98.178.19 prof.estat.com
O1 - Hosts: 66.98.178.19 s10.sitemeter.com
O1 - Hosts: 66.98.178.19 s11.sitemeter.com
O1 - Hosts: 66.98.178.19 s12.sitemeter.com
O1 - Hosts: 66.98.178.19 s13.sitemeter.com
O1 - Hosts: 66.98.178.19 s14.sitemeter.com
O1 - Hosts: 66.98.178.19 s15.sitemeter.com
O1 - Hosts: 66.98.178.19 s16.sitemeter.com
O1 - Hosts: 66.98.178.19 s2.statcounter.com
O1 - Hosts: 66.98.178.19 sm1.sitemeter.com
O1 - Hosts: 66.98.178.19 sm2.sitemeter.com
O1 - Hosts: 66.98.178.19 sm3.sitemeter.com
O1 - Hosts: 66.98.178.19 sm4.sitemeter.com
O1 - Hosts: 66.98.178.19 sm5.sitemeter.com
O1 - Hosts: 66.98.178.19 sm6.sitemeter.com
O1 - Hosts: 66.98.178.19 sm7.sitemeter.com
O1 - Hosts: 66.98.178.19 sm8.sitemeter.com
O1 - Hosts: 66.98.178.19 sm9.sitemeter.com
O1 - Hosts: 66.98.178.19 sovereign.sitetracker.com
O1 - Hosts: 66.98.178.19 stat.onestat.com
O1 - Hosts: 66.98.178.19 stat.www.fi
O1 - Hosts: 66.98.178.19 stat3.cybermonitor.com
O1 - Hosts: 66.98.178.19 static.smni.com
O1 - Hosts: 66.98.178.19 statik.topica.com
O1 - Hosts: 66.98.178.19 stats.absol.co.za
O1 - Hosts: 66.98.178.19 stats.clickability.com
O1 - Hosts: 66.98.178.19 stats.idsoft.com
O1 - Hosts: 66.98.178.19 stats.jippii.com
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [47227716.exe] C:\WINDOWS\system32\47227716.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [47227716.exe] C:\Documents and Settings\Justin\Local Settings\Application Data\47227716.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/classes...ab?ver=1,1,0,32
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {4FCFF034-6F56-4D65-8C31-70D98C475428} (ddm_download.ddm_control) - http://bins.dynamicdesktopmedia.com/cab/ddm_control.CAB
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/classes...ion=4,3,2,20802
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://install.wildtangent.com/bgn/partner...lim/install.cab
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://www.youbet.net/wr_5_8/controls/ybrequest.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partner...lim/install.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:45 AM

Posted 23 August 2006 - 12:05 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:


Please download SmitfraudFix (by S!Ri) to your Desktop.
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.


=======================


Please download Ewido Anti-spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware. Do not run a scan yet!


========================


Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Crono139

Crono139
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 23 August 2006 - 12:15 AM

The results from that test:

SmitFraudFix v2.81

Scan done at 0:13:31.14, Wed 08/23/2006
Run from C:\Documents and Settings\Justin\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32

C:\WINDOWS\system32\ishost.exe FOUND !
C:\WINDOWS\system32\ismon.exe FOUND !
C:\WINDOWS\system32\isnotify.exe FOUND !
C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\ixt?.dll FOUND !
C:\WINDOWS\system32\ixt??.dll FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Justin\Application Data


Start Menu


C:\DOCUME~1\Justin\FAVORI~1

C:\DOCUME~1\Justin\FAVORI~1\Antivirus Test Online.url FOUND !

Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"


Scanning wininet.dll infection


End

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:45 AM

Posted 23 August 2006 - 12:17 AM

Please print out or copy these instructions/tutorial to Notepad as the internet will not be available to you at certain points of the removal process (while in Safe Mode). Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.


1. Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
2. Run Smitfraud
  • Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
  • Select option #2 - Clean by typing 2 and press Enter.
  • Wait for the tool to complete and disk cleanup to finish.
  • You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
  • The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.


    A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

    The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
3. Clean out your Temporary Internet files
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start -> Control Panel and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
4. Next Click Start -> Control Panel and then double-click Display.
  • Click on the Desktop tab, then click the Customize Desktop button.
  • Click on the Web tab.
  • Under Web Pages you may see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button.
  • Click Ok then Apply and Ok.
5. Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.


6. Lauch Ewido-Anti-spyware by double-clicking the icon on your desktop.
  • IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.

  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • Ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close Ewido.
7. Reboot back into Normal Windows Mode


8. Run SmitfraudFix.
  • Open the SmitfraudFix folder and double-click smitfraudfix.cmd
  • Select option #3 - Delete Trusted zone by typing 3 and press Enter
  • Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.


    Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
9.Please Post the following logs:
  • c:\rapport.txt
  • Ewido log
  • A new HijackThis log
You may need several replies to post the requested logs, otherwise they might get cut off.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Crono139

Crono139
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 23 August 2006 - 03:29 AM

Okay, here we go.

rapport.txt

SmitFraudFix v2.81

Scan done at 0:33:19.95, Wed 08/23/2006
Run from C:\Documents and Settings\Justin\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"


Killing process


Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\urroxtl.dll -> Missing File


Deleting infected files

C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismon.exe Deleted
C:\WINDOWS\system32\isnotify.exe Deleted
C:\WINDOWS\system32\issearch.exe Deleted
C:\WINDOWS\system32\ixt?.dll Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\components\flx?.dll Deleted
C:\DOCUME~1\Justin\FAVORI~1\Antivirus Test Online.url Deleted

Deleting Temp Files


Registry Cleaning

Registry Cleaning done.

After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

#6 Crono139

Crono139
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 23 August 2006 - 03:31 AM

I can't post the Ewido log because there are a bunch of squares in the log for some reason, in between each letter.

HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 3:30:32 AM, on 8/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\COMMON~1\AOL\110289~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110289~1\EE\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Justin\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.33.140.253:80
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O1 - Hosts: 66.98.178.19 06272002-dbase.hitcountz.net
O1 - Hosts: 66.98.178.19 1ca.cqcounter.com
O1 - Hosts: 66.98.178.19 2001-007.com
O1 - Hosts: 66.98.178.19 ad-logics.com
O1 - Hosts: 66.98.178.19 ad.trafficmp.com
O1 - Hosts: 66.98.178.19 adclient.rottentomatoes.com
O1 - Hosts: 66.98.178.19 adcounter.globeandmail.com
O1 - Hosts: 66.98.178.19 adcounter.theglobeandmail.com
O1 - Hosts: 66.98.178.19 adlog.com.com
O1 - Hosts: 66.98.178.19 admanmail.com
O1 - Hosts: 66.98.178.19 ads.specificpop.com
O1 - Hosts: 66.98.178.19 adtech.de
O1 - Hosts: 66.98.178.19 askmen.thruport.com
O1 - Hosts: 66.98.178.19 banner.0catch.com
O1 - Hosts: 66.98.178.19 bilbo.counted.com
O1 - Hosts: 66.98.178.19 c1.statcounter.com
O1 - Hosts: 66.98.178.19 c1.thecounter.com
O1 - Hosts: 66.98.178.19 c2.gostats.com
O1 - Hosts: 66.98.178.19 c2.thecounter.com
O1 - Hosts: 66.98.178.19 c3.thecounter.com
O1 - Hosts: 66.98.178.19 c3.xxxcounter.com
O1 - Hosts: 66.98.178.19 cashcounter.com
O1 - Hosts: 66.98.178.19 cgi.hotstat.nl
O1 - Hosts: 66.98.178.19 clit6.sextracker.com
O1 - Hosts: 66.98.178.19 clit8.sextracker.com
O1 - Hosts: 66.98.178.19 cookies.cmpnet.com
O1 - Hosts: 66.98.178.19 counter.aaddzz.com
O1 - Hosts: 66.98.178.19 counter.bloke.com
O1 - Hosts: 66.98.178.19 counter.hitslink.com
O1 - Hosts: 66.98.178.19 counter.yadro.ru
O1 - Hosts: 66.98.178.19 counter14.sextracker.com
O1 - Hosts: 66.98.178.19 counter16.bravenet.com
O1 - Hosts: 66.98.178.19 counter17.bravenet.com
O1 - Hosts: 66.98.178.19 counter2.hitslink.com
O1 - Hosts: 66.98.178.19 counter26.bravenet.com
O1 - Hosts: 66.98.178.19 counter32.bravenet.com
O1 - Hosts: 66.98.178.19 counter34.breavenet.com
O1 - Hosts: 66.98.178.19 counter41.bravenet.com
O1 - Hosts: 66.98.178.19 counter47.bravenet.com
O1 - Hosts: 66.98.178.19 counter6.sextracker.com
O1 - Hosts: 66.98.178.19 counter8.bravenet.com
O1 - Hosts: 66.98.178.19 data.coremetrics.com
O1 - Hosts: 66.98.178.19 delivery.loopingclick.com
O1 - Hosts: 66.98.178.19 dwclick.com
O1 - Hosts: 66.98.178.19 fastclick.net
O1 - Hosts: 66.98.178.19 fcstats.bcentral.com
O1 - Hosts: 66.98.178.19 flycast.com
O1 - Hosts: 66.98.178.19 g-wizzads.net
O1 - Hosts: 66.98.178.19 gostats.com
O1 - Hosts: 66.98.178.19 gtcc1.acecounter.com
O1 - Hosts: 66.98.178.19 hc2.humanclick.com
O1 - Hosts: 66.98.178.19 hit2.hotlog.ru
O1 - Hosts: 66.98.178.19 hit37.chark.dk
O1 - Hosts: 66.98.178.19 hitbox.com
O1 - Hosts: 66.98.178.19 hits.webstat.com
O1 - Hosts: 66.98.178.19 images.dailydiscounts.com
O1 - Hosts: 66.98.178.19 imp.clickability.com
O1 - Hosts: 66.98.178.19 impacts.alliancehub.com
O1 - Hosts: 66.98.178.19 insightfirst.com
O1 - Hosts: 66.98.178.19 int.sitestat.com
O1 - Hosts: 66.98.178.19 jkearns.freestats.com
O1 - Hosts: 66.98.178.19 linktrack.bravenet.com
O1 - Hosts: 66.98.178.19 logs.comics.com
O1 - Hosts: 66.98.178.19 m1.nedstatbasic.net
O1 - Hosts: 66.98.178.19 media101.sitebrand.com
O1 - Hosts: 66.98.178.19 mediatrack.revenue.net
O1 - Hosts: 66.98.178.19 mt122.mtree.com
O1 - Hosts: 66.98.178.19 nedstat.s0.nl
O1 - Hosts: 66.98.178.19 nl.sitestat.com
O1 - Hosts: 66.98.178.19 paxito.sitetracker.com
O1 - Hosts: 66.98.178.19 perso.estat.com
O1 - Hosts: 66.98.178.19 pmg.ad-logics.com
O1 - Hosts: 66.98.178.19 postclick.adcentriconline.com
O1 - Hosts: 66.98.178.19 prof.estat.com
O1 - Hosts: 66.98.178.19 s10.sitemeter.com
O1 - Hosts: 66.98.178.19 s11.sitemeter.com
O1 - Hosts: 66.98.178.19 s12.sitemeter.com
O1 - Hosts: 66.98.178.19 s13.sitemeter.com
O1 - Hosts: 66.98.178.19 s14.sitemeter.com
O1 - Hosts: 66.98.178.19 s15.sitemeter.com
O1 - Hosts: 66.98.178.19 s16.sitemeter.com
O1 - Hosts: 66.98.178.19 s2.statcounter.com
O1 - Hosts: 66.98.178.19 sm1.sitemeter.com
O1 - Hosts: 66.98.178.19 sm2.sitemeter.com
O1 - Hosts: 66.98.178.19 sm3.sitemeter.com
O1 - Hosts: 66.98.178.19 sm4.sitemeter.com
O1 - Hosts: 66.98.178.19 sm5.sitemeter.com
O1 - Hosts: 66.98.178.19 sm6.sitemeter.com
O1 - Hosts: 66.98.178.19 sm7.sitemeter.com
O1 - Hosts: 66.98.178.19 sm8.sitemeter.com
O1 - Hosts: 66.98.178.19 sm9.sitemeter.com
O1 - Hosts: 66.98.178.19 sovereign.sitetracker.com
O1 - Hosts: 66.98.178.19 stat.onestat.com
O1 - Hosts: 66.98.178.19 stat.www.fi
O1 - Hosts: 66.98.178.19 stat3.cybermonitor.com
O1 - Hosts: 66.98.178.19 static.smni.com
O1 - Hosts: 66.98.178.19 statik.topica.com
O1 - Hosts: 66.98.178.19 stats.absol.co.za
O1 - Hosts: 66.98.178.19 stats.clickability.com
O1 - Hosts: 66.98.178.19 stats.idsoft.com
O1 - Hosts: 66.98.178.19 stats.jippii.com
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [47227716.exe] C:\Documents and Settings\Justin\Local Settings\Application Data\47227716.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/classes...ab?ver=1,1,0,32
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {4FCFF034-6F56-4D65-8C31-70D98C475428} (ddm_download.ddm_control) - http://bins.dynamicdesktopmedia.com/cab/ddm_control.CAB
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/classes...ion=4,3,2,20802
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://install.wildtangent.com/bgn/partner...lim/install.cab
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://www.youbet.net/wr_5_8/controls/ybrequest.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partner...lim/install.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#7 Crono139

Crono139
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 23 August 2006 - 03:39 AM

Started up Windows, and nothing strange appeared, so this is looking good so far.

Should I be worried about those results in the HijackThis log involved an IP address, and random adware web address?

Edited by Crono139, 23 August 2006 - 03:39 AM.


#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:45 AM

Posted 23 August 2006 - 07:30 AM

We're not quite done yet. :thumbsup:

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O1 - Hosts: 66.98.178.19 06272002-dbase.hitcountz.net
O1 - Hosts: 66.98.178.19 1ca.cqcounter.com
O1 - Hosts: 66.98.178.19 2001-007.com
O1 - Hosts: 66.98.178.19 ad-logics.com
O1 - Hosts: 66.98.178.19 ad.trafficmp.com
O1 - Hosts: 66.98.178.19 adclient.rottentomatoes.com
O1 - Hosts: 66.98.178.19 adcounter.globeandmail.com
O1 - Hosts: 66.98.178.19 adcounter.theglobeandmail.com
O1 - Hosts: 66.98.178.19 adlog.com.com
O1 - Hosts: 66.98.178.19 admanmail.com
O1 - Hosts: 66.98.178.19 ads.specificpop.com
O1 - Hosts: 66.98.178.19 adtech.de
O1 - Hosts: 66.98.178.19 askmen.thruport.com
O1 - Hosts: 66.98.178.19 banner.0catch.com
O1 - Hosts: 66.98.178.19 bilbo.counted.com
O1 - Hosts: 66.98.178.19 c1.statcounter.com
O1 - Hosts: 66.98.178.19 c1.thecounter.com
O1 - Hosts: 66.98.178.19 c2.gostats.com
O1 - Hosts: 66.98.178.19 c2.thecounter.com
O1 - Hosts: 66.98.178.19 c3.thecounter.com
O1 - Hosts: 66.98.178.19 c3.xxxcounter.com
O1 - Hosts: 66.98.178.19 cashcounter.com
O1 - Hosts: 66.98.178.19 cgi.hotstat.nl
O1 - Hosts: 66.98.178.19 clit6.sextracker.com
O1 - Hosts: 66.98.178.19 clit8.sextracker.com
O1 - Hosts: 66.98.178.19 cookies.cmpnet.com
O1 - Hosts: 66.98.178.19 counter.aaddzz.com
O1 - Hosts: 66.98.178.19 counter.bloke.com
O1 - Hosts: 66.98.178.19 counter.hitslink.com
O1 - Hosts: 66.98.178.19 counter.yadro.ru
O1 - Hosts: 66.98.178.19 counter14.sextracker.com
O1 - Hosts: 66.98.178.19 counter16.bravenet.com
O1 - Hosts: 66.98.178.19 counter17.bravenet.com
O1 - Hosts: 66.98.178.19 counter2.hitslink.com
O1 - Hosts: 66.98.178.19 counter26.bravenet.com
O1 - Hosts: 66.98.178.19 counter32.bravenet.com
O1 - Hosts: 66.98.178.19 counter34.breavenet.com
O1 - Hosts: 66.98.178.19 counter41.bravenet.com
O1 - Hosts: 66.98.178.19 counter47.bravenet.com
O1 - Hosts: 66.98.178.19 counter6.sextracker.com
O1 - Hosts: 66.98.178.19 counter8.bravenet.com
O1 - Hosts: 66.98.178.19 data.coremetrics.com
O1 - Hosts: 66.98.178.19 delivery.loopingclick.com
O1 - Hosts: 66.98.178.19 dwclick.com
O1 - Hosts: 66.98.178.19 fastclick.net
O1 - Hosts: 66.98.178.19 fcstats.bcentral.com
O1 - Hosts: 66.98.178.19 flycast.com
O1 - Hosts: 66.98.178.19 g-wizzads.net
O1 - Hosts: 66.98.178.19 gostats.com
O1 - Hosts: 66.98.178.19 gtcc1.acecounter.com
O1 - Hosts: 66.98.178.19 hc2.humanclick.com
O1 - Hosts: 66.98.178.19 hit2.hotlog.ru
O1 - Hosts: 66.98.178.19 hit37.chark.dk
O1 - Hosts: 66.98.178.19 hitbox.com
O1 - Hosts: 66.98.178.19 hits.webstat.com
O1 - Hosts: 66.98.178.19 images.dailydiscounts.com
O1 - Hosts: 66.98.178.19 imp.clickability.com
O1 - Hosts: 66.98.178.19 impacts.alliancehub.com
O1 - Hosts: 66.98.178.19 insightfirst.com
O1 - Hosts: 66.98.178.19 int.sitestat.com
O1 - Hosts: 66.98.178.19 jkearns.freestats.com
O1 - Hosts: 66.98.178.19 linktrack.bravenet.com
O1 - Hosts: 66.98.178.19 logs.comics.com
O1 - Hosts: 66.98.178.19 m1.nedstatbasic.net
O1 - Hosts: 66.98.178.19 media101.sitebrand.com
O1 - Hosts: 66.98.178.19 mediatrack.revenue.net
O1 - Hosts: 66.98.178.19 mt122.mtree.com
O1 - Hosts: 66.98.178.19 nedstat.s0.nl
O1 - Hosts: 66.98.178.19 nl.sitestat.com
O1 - Hosts: 66.98.178.19 paxito.sitetracker.com
O1 - Hosts: 66.98.178.19 perso.estat.com
O1 - Hosts: 66.98.178.19 pmg.ad-logics.com
O1 - Hosts: 66.98.178.19 postclick.adcentriconline.com
O1 - Hosts: 66.98.178.19 prof.estat.com
O1 - Hosts: 66.98.178.19 s10.sitemeter.com
O1 - Hosts: 66.98.178.19 s11.sitemeter.com
O1 - Hosts: 66.98.178.19 s12.sitemeter.com
O1 - Hosts: 66.98.178.19 s13.sitemeter.com
O1 - Hosts: 66.98.178.19 s14.sitemeter.com
O1 - Hosts: 66.98.178.19 s15.sitemeter.com
O1 - Hosts: 66.98.178.19 s16.sitemeter.com
O1 - Hosts: 66.98.178.19 s2.statcounter.com
O1 - Hosts: 66.98.178.19 sm1.sitemeter.com
O1 - Hosts: 66.98.178.19 sm2.sitemeter.com
O1 - Hosts: 66.98.178.19 sm3.sitemeter.com
O1 - Hosts: 66.98.178.19 sm4.sitemeter.com
O1 - Hosts: 66.98.178.19 sm5.sitemeter.com
O1 - Hosts: 66.98.178.19 sm6.sitemeter.com
O1 - Hosts: 66.98.178.19 sm7.sitemeter.com
O1 - Hosts: 66.98.178.19 sm8.sitemeter.com
O1 - Hosts: 66.98.178.19 sm9.sitemeter.com
O1 - Hosts: 66.98.178.19 sovereign.sitetracker.com
O1 - Hosts: 66.98.178.19 stat.onestat.com
O1 - Hosts: 66.98.178.19 stat.www.fi
O1 - Hosts: 66.98.178.19 stat3.cybermonitor.com
O1 - Hosts: 66.98.178.19 static.smni.com
O1 - Hosts: 66.98.178.19 statik.topica.com
O1 - Hosts: 66.98.178.19 stats.absol.co.za
O1 - Hosts: 66.98.178.19 stats.clickability.com
O1 - Hosts: 66.98.178.19 stats.idsoft.com
O1 - Hosts: 66.98.178.19 stats.jippii.com
O4 - HKCU\..\Run: [47227716.exe] C:\Documents and Settings\Justin\Local Settings\Application Data\47227716.exe
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} (WTDMMPVersion Class) - http://install.wildtangent.com/bgn/partner...lim/install.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partner...lim/install.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB



Delete these files, if present.

c:\counter.cab
C:\Documents and Settings\Justin\Local Settings\Application Data\47227716.exe
C:\WINDOWS\System32\47227716.exe



==========



I need to see a different type of log from Hijackthis
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file. If you don't get a log, just let me know in your next post.
  • Place the content of that file here in your in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Crono139

Crono139
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 23 August 2006 - 01:05 PM

Left the computer on overnight, and got a few popups for WinAntiVirus Pro. No more caution, though.

After running HijackThis, I clicked Save list..., but Notepad did not open.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:45 AM

Posted 23 August 2006 - 03:12 PM

Ok, let's do this instead.


Open notepad and copy and paste this text in it:

if exist %systemdrive%\look.txt del %systemdrive%\look.txt
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" >> %systemdrive%\look.txt
cd\
cd %appdata%
dir /ad /o:-d /p >> %systemdrive%\look.txt
cd %allusersprofile%\Application Data
dir /ad /o:-d /p >> %systemdrive%\look.txt
cd %ProgramFiles%
dir /ad /o:-d /p >> %systemdrive%\look.txt
cd %ProgramFiles%\Common Files
dir /ad /o:-d /p >> %systemdrive%\look.txt
start notepad %systemdrive%\look.txt

Save this as look.bat
Change the "Save As Type" to "All Files" and save it on your desktop.
Doubleclick look.bat and post the content of the txtfile you get in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Crono139

Crono139
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 23 August 2006 - 03:53 PM

Log:

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
DisplayName REG_SZ
UninstallString REG_SZ C:\DOCUME~1\Justin\LOCALS~1\Temp\vso542tk.tmp\UNWISE.EXE C:\DOCUME~1\Justin\LOCALS~1\Temp\vso542tk.tmp\INSTALL.LOG
AOL Connectivity Services REG_SZ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ABBYY FineReader 5.0 Sprint

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Absolute Poker

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Activision_TWLUninstallKey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad Muncher

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware SE Personal

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\America Online us

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AOL Connectivity Services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AOL Deskbar

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AOL Instant Messenger

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AOL Spyware Protection

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AOL Toolbar

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AOL YGP Screensaver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AOLCoach

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AolCoach2_en

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AviSynth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Azureus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BCM V.92 56K Modem

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BearShare

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bowling

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Britannica Ready Reference

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Collab

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dell AIO Printer A940

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX Codec

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DogProxy II

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Download Accelerator Plus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Drag Racer v3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Elecard MPEG2 Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ewidoantispyware4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fa8427ea8a8e

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Family Feud

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FL Studio 6

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fruity Loops Studio Producer Edition XXL v6.04 Patcher

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gallery Remote

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GunboundWC_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GunBound_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gunz

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{1A5488D7-314D-4CBC-89BF-C5B59510BDBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{78F4DFCE-1336-4027-BCB2-1A00C24A8653}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{9D98F245-3010-43C6-B3B0-67A464DA298E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JRE 1.3.1_04

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB870669

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB873333

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB873339

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884267

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885250

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885353

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885492

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885835

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885836

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885884

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886185

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886612

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887078

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887472

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887626

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887742

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888113

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888302

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888656

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB889858

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890046

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890047

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890175

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890859

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891122

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891781

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892313

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893240

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893241

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893756

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895181

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895316

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896358

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896422

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896423

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896424

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896428

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB897586

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898458

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898461

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898549

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB899587

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB899591

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900485

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900725

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB901017

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB901214

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902344

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902400

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB904706

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB905414

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB905749

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB907658

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB908519

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB908531

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB910437

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911280

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911562

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911564

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911565

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911567

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911854

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911927

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB912812

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB912919

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB913446

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB913580

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB914388

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB914389

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB916281

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB916595

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917159

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917344

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917422

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917953

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB918439

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB918899

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB920214

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB920670

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB920683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB921398

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB921883

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB922616

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\limeshop.xml

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M886903

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Macromedia Shockwave Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mcafee.com SecurityCenter

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Interactive Training

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft NetShow Player 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla (1.6)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (1.5.0.5)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mp3 Codec

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsJavaVM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MUSICMATCH Jukebox

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nero - Burning Rom!UninstallKey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NeroBackItUp!UninstallKey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NeroMediaHome!UninstallKey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NeroRecode!UninstallKey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NeroShowTime!UninstallKey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NeroVision!UninstallKey

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\npkcxp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PeerGuardian_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhotoRecord

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PokerJoint

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pop-Up Stopper Free Edition

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pop-Up Stopper Professional

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Port Magic

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PSP Video 9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealJukebox 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 6.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secret Service

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Snood_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPK210

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpongeBob SquarePants

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpongeBob SquarePants Employee of the Month

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spybot - Search & Destroy_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBlaster_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Street Challenge - Free Drag Racing Game

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StreetPlugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Rumble Cube

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TeamSpeak 2 RC2_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Weather Channel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virtual DJ - Atomix Productions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusScan Online

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WGA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wheel of Fortune

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinAce Archiver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wmp11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WordUp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XviD

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{070BEFE0-5863-440F-99BA-C65C5219AA9B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C574463-24F9-11D5-A1EC-00010333CE01}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F35BFE6-01CA-11D5-970E-00B0D0696879}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11C762F9-95EA-486A-A8E7-683A50C231C1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11F1920A-56A2-4642-B6E0-3B31A12C9288}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A5488D7-314D-4CBC-89BF-C5B59510BDBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26BDE7D8-93F0-4A07-AD47-1707DB417941}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150030}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A0F2E26-C0BC-40B8-94A5-6AFAB7AB1033}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3DD64E5B-995A-4F40-827E-821BDCC0C3A7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{43FCA273-9534-40DB-B7C5-D7758875616A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4468EF97-A253-4699-9E1C-88CAE2C6832D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45893FEB-30FD-4034-8661-3BA4238FE67A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53480520-7555-470E-8C69-750B0472B4BB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{54F90B55-BEB3-4F0D-8802-228822FA5921}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{609F7AC8-C510-11D4-A788-009027ABA5D0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64116298-93C5-401D-B06C-39D8E3338508}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68D60342-7686-45C9-B8EB-40EF843D0460}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A70D9E8-C51B-4196-BD1F-137E6EF6AEBB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142070}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{716E0306-8318-4364-8B8F-0CC4E9376BAC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{789289CA-F73A-4A16-A331-54D498CE069F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78F4DFCE-1336-4027-BCB2-1A00C24A8653}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F142D56-3326-11D5-B229-002078017FBF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8851E12C-0EF9-11D4-A788-009027ABA5D0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89EE857B-8970-4F9F-AB58-A1C873AC72B3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90280409-6000-11D3-8CFE-0050048383C9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9D98F245-3010-43C6-B3B0-67A464DA298E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-000000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6292B03-42F0-4513-8977-83E0C92B5278}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF59708F-60F4-11D5-866A-00A0D2183227}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D78653C3-A8FF-415F-92E6-D774E634FF2D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DE286975-ACF1-45B8-9EF7-34E162B2C817}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DEC511B1-59CB-4F15-AD75-0543034572A5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}
Volume in drive C has no label.
Volume Serial Number is A8CE-3BD1

Directory of C:\Documents and Settings\Justin\Application Data

08/22/2006 03:36 PM <DIR> Ahead
08/22/2006 01:17 PM <DIR> Azureus
08/22/2006 12:23 PM <DIR> .
08/22/2006 12:23 PM <DIR> ..
08/22/2006 12:23 PM <DIR> Pegasys Inc
08/21/2006 02:32 PM <DIR> Adobe
08/21/2006 12:01 AM <DIR> uTorrent
08/08/2006 04:37 PM <DIR> AdobeUM
05/30/2006 12:13 AM <DIR> Microsoft
04/26/2006 04:36 PM <DIR> vlc
04/04/2006 11:27 PM <DIR> Aim
03/13/2006 02:06 AM <DIR> Ventrilo
01/09/2006 11:41 PM <DIR> Apple Computer
11/24/2005 11:04 PM <DIR> Google
07/01/2005 08:35 AM <DIR> AOL
04/22/2005 11:00 PM <DIR> Media Player Classic
03/04/2005 11:35 PM <DIR> Sun
02/15/2005 05:22 PM <DIR> Macromedia
02/02/2005 04:35 PM <DIR> Canopus
01/18/2005 11:59 PM <DIR> Kazaa Lite
01/08/2005 08:58 PM <DIR> Mozilla
09/12/2004 11:59 PM <DIR> Lavasoft
09/12/2004 10:11 PM <DIR> Lycos
06/21/2004 10:14 PM <DIR> Neo-Modus.com
04/18/2004 01:50 AM <DIR> teamspeak2
03/12/2004 05:46 PM <DIR> SmartFTP
11/14/2003 01:18 PM <DIR> Kontiki
11/13/2003 11:23 PM <DIR> Real
09/20/2003 10:55 PM <DIR> Corel
09/02/2003 11:12 PM <DIR> Roxio
08/27/2003 03:09 PM <DIR> Help
08/18/2003 05:44 AM <DIR> Identities
0 File(s) 0 bytes
32 Dir(s) 5,770,702,848 bytes free
Volume in drive C has no label.
Volume Serial Number is A8CE-3BD1

Directory of C:\Documents and Settings\All Users\Application Data

08/21/2006 02:32 PM <DIR> Adobe
08/11/2006 05:00 PM <DIR> ..
08/11/2006 05:00 PM <DIR> Ahead
08/11/2006 05:00 PM <DIR> .
07/13/2006 03:59 PM <DIR> Trymedia
06/07/2006 07:09 PM <DIR> PopCap
05/28/2006 11:08 PM <DIR> Windows Genuine Advantage
12/25/2005 10:42 AM <DIR> Apple Computer
06/30/2005 09:42 PM <DIR> AOL
06/30/2005 05:33 PM <DIR> Viewpoint
05/26/2005 02:32 AM <DIR> msw
02/03/2005 08:58 AM <DIR> Canopus
01/05/2005 10:35 PM <DIR> McAfee.com
12/12/2004 07:32 PM <DIR> AOL Downloads
09/12/2004 11:58 PM <DIR> Microsoft
07/28/2004 03:05 PM <DIR> Pure Networks
07/21/2004 12:25 AM <DIR> Macrovision
01/07/2004 11:28 PM <DIR> Spybot - Search & Destroy
11/23/2003 02:27 AM <DIR> NFS Underground Demo
09/13/2003 12:55 AM <DIR> QuickTime
08/18/2003 06:12 AM <DIR> Dell
08/18/2003 06:10 AM <DIR> SBSI
0 File(s) 0 bytes
22 Dir(s) 5,770,698,752 bytes free
Volume in drive C has no label.
Volume Serial Number is A8CE-3BD1

Directory of C:\Program Files

08/23/2006 12:50 AM <DIR> ewido anti-spyware 4.0
08/22/2006 08:39 PM <DIR> Mozilla Firefox
08/22/2006 07:21 PM <DIR> ..
08/22/2006 07:21 PM <DIR> .
08/22/2006 03:53 PM <DIR> Common Files
08/22/2006 03:31 PM <DIR> Nero
08/22/2006 03:23 PM <DIR> Ahead
08/21/2006 11:07 PM <DIR> Azureus
08/20/2006 10:11 PM <DIR> Absolute Poker
08/10/2006 03:02 AM <DIR> Internet Explorer
08/09/2006 10:30 PM <DIR> Image-Line
08/09/2006 10:28 PM <DIR> VstPlugins
08/09/2006 02:32 AM <DIR> VirtualDJ
08/06/2006 03:09 AM <DIR> Street Challenge
07/30/2006 11:51 PM <DIR> Soulseek
07/30/2006 11:42 AM <DIR> America Online 9.0b
07/27/2006 10:43 PM <DIR> iWin
07/24/2006 11:43 AM <DIR> Family Feud
07/14/2006 05:14 PM <DIR> Sony Pictures Games
07/11/2006 05:58 PM <DIR> Trillian
06/08/2006 11:42 PM <DIR> InstallShield Installation Information
06/08/2006 01:28 PM <DIR> Windows Media Player
06/07/2006 11:21 PM <DIR> XviD
06/07/2006 07:11 PM <DIR> MSN Games
06/07/2006 07:07 PM <DIR> GameHouse
06/03/2006 01:46 PM <DIR> Java
05/31/2006 08:42 AM <DIR> Messenger
05/31/2006 08:41 AM <DIR> Outlook Express
05/30/2006 12:56 AM <DIR> y0octysy
05/29/2006 11:12 PM <DIR> Movie Maker
05/29/2006 11:06 PM <DIR> NetMeeting
05/29/2006 11:05 PM <DIR> Windows NT
05/16/2006 01:06 PM <DIR> Setup NetZero
05/16/2006 01:03 PM <DIR> Cosmi
05/02/2006 10:59 PM <DIR> Ad Muncher
04/26/2006 04:35 PM <DIR> VideoLAN
04/19/2006 10:49 PM <DIR> Silkroad
04/19/2006 09:27 PM <DIR> PartyGaming
04/16/2006 06:12 PM <DIR> BearShare
04/16/2006 06:06 PM <DIR> LimeWire
04/04/2006 11:26 PM <DIR> AIM
04/04/2006 11:26 PM <DIR> AOD
03/25/2006 10:13 AM <DIR> Furcadia
03/15/2006 12:16 AM <DIR> PopCap Games
03/13/2006 02:35 AM <DIR> directx
03/13/2006 02:04 AM <DIR> Ventrilo
02/26/2006 02:07 PM <DIR> PartyPoker
01/29/2006 02:35 AM <DIR> Drag Racer v3
01/17/2006 01:28 AM <DIR> Diablo II
01/14/2006 02:11 AM <DIR> pspvideo9
01/14/2006 02:11 AM <DIR> AviSynth 2.5
12/25/2005 10:45 AM <DIR> QuickTime
12/25/2005 10:43 AM <DIR> iTunes
12/25/2005 10:41 AM <DIR> iPod
11/24/2005 11:03 PM <DIR> Google
09/20/2005 11:39 PM <DIR> PHStat2
08/30/2005 11:36 PM <DIR> eMule
08/30/2005 11:35 PM <DIR> Accessdiver
07/29/2005 12:16 AM <DIR> _uninstallation_info
07/22/2005 12:28 AM <DIR> MAIET
06/30/2005 05:33 PM <DIR> Viewpoint
06/29/2005 03:38 PM <DIR> Microsoft AntiSpyware
06/22/2005 12:22 PM <DIR> QUICKENW
06/21/2005 03:33 PM <DIR> WinMX
06/14/2005 12:38 PM <DIR> Call of Duty
06/14/2005 12:57 AM <DIR> EA GAMES
06/14/2005 12:56 AM <DIR> Ares Lite Edition
06/01/2005 01:47 PM <DIR> softnyx
05/22/2005 09:14 PM <DIR> Zero G Registry
05/22/2005 09:14 PM <DIR> Gallery Remote
05/17/2005 11:46 PM <DIR> America Online 9.0
05/07/2005 08:23 PM <DIR> Snood
03/16/2005 12:18 AM <DIR> WinAce
03/11/2005 01:50 AM <DIR> Shareaza
03/06/2005 05:18 PM <DIR> KaZaA Lite
03/03/2005 06:06 PM <DIR> Uninstall Information
03/03/2005 03:16 PM <DIR> SpywareBlaster
02/02/2005 04:39 PM <DIR> DivX
02/02/2005 04:37 PM <DIR> Canopus
01/22/2005 06:07 PM <DIR> BitTorrent
01/06/2005 09:23 PM <DIR> Trillian1
12/21/2004 12:44 PM <DIR> AOL Deskbar
12/12/2004 07:40 PM <DIR> Pure Networks
12/12/2004 07:39 PM <DIR> AOL Toolbar
12/05/2004 09:39 AM <DIR> America Online 9.0a
10/26/2004 10:18 PM <DIR> Zing
10/25/2004 01:35 AM <DIR> Wizet
10/23/2004 10:28 AM <DIR> EE
09/29/2004 02:16 PM <DIR> Canon
09/12/2004 11:58 PM <DIR> Lavasoft
09/12/2004 10:10 PM <DIR> DogProxy2
09/12/2004 10:00 PM <DIR> LimeShop
08/19/2004 02:28 AM <DIR> WindowsUpdate
08/16/2004 02:51 PM <DIR> OO Software
08/09/2004 09:49 PM <DIR> Spybot - Search & Destroy
07/21/2004 12:18 AM <DIR> Adobe
07/07/2004 10:18 PM <DIR> DC++
07/05/2004 08:32 PM <DIR> Bit Torrent Search
06/28/2004 11:15 AM <DIR> AWS
06/28/2004 11:14 AM <DIR> Direct Connect
05/29/2004 01:45 AM <DIR> Winamp
05/07/2004 01:06 AM <DIR> DAP
04/18/2004 01:50 AM <DIR> teamspeak2_RC2
04/10/2004 08:08 PM <DIR> PokerJoint
03/12/2004 05:30 PM <DIR> SmartFTP
03/12/2004 05:29 PM <DIR> SmartFTP Setup Files
02/27/2004 09:17 PM <DIR> mozilla.org
02/27/2004 09:14 PM <DIR> ArtMoney
02/23/2004 09:48 PM <DIR> MVReader
02/11/2004 09:35 PM <DIR> Pioneer
02/11/2004 12:41 AM <DIR> WildTangent
01/28/2004 07:19 PM <DIR> SurvivalProjectInter
01/10/2004 12:06 AM <DIR> JavaSoft
01/09/2004 10:09 PM <DIR> THQ
01/05/2004 01:25 AM <DIR> Lycos
01/05/2004 01:14 AM <DIR> McAfee VirusScan Professional Edition 7.00 Retail
01/02/2004 02:35 AM <DIR> Yahoo!
12/25/2003 10:17 AM <DIR> Sierra On-Line
12/06/2003 12:47 AM <DIR> TryMedia
11/29/2003 10:22 PM <DIR> Call of Duty Dawnville Demo
11/08/2003 09:20 PM <DIR> CremeSavers
10/30/2003 08:25 PM <DIR> Elecard MPEG2 Player 2.1
10/26/2003 10:15 PM <DIR> America Online 8.0
10/25/2003 12:09 AM <DIR> Panicware
10/22/2003 02:52 PM <DIR> MSXML 4.0
10/11/2003 06:56 PM <DIR> Learn2.com
09/21/2003 10:53 AM <DIR> Microsoft ActiveSync
09/21/2003 10:52 AM <DIR> Microsoft Office
09/20/2003 10:19 PM <DIR> ZHEAD
09/19/2003 04:59 PM <DIR> Real
09/16/2003 03:53 PM <DIR> Easy Upload Tools
09/16/2003 01:59 PM <DIR> PeerGuardian_1.99b
09/09/2003 06:28 PM <DIR> HotlineConnect
09/09/2003 04:40 PM <DIR> The Weather Channel
08/27/2003 10:21 PM <DIR> Activision
08/27/2003 09:43 PM <DIR> LucasArts
08/27/2003 04:20 PM <DIR> Activision Value
08/21/2003 02:26 PM <DIR> On2 Technologies Inc
08/21/2003 12:43 PM <DIR> Dell AIO Printer A940
08/18/2003 06:19 AM <DIR> Roxio
08/18/2003 06:19 AM <DIR> WordPerfect Office 11
08/18/2003 06:17 AM <DIR> McAfee.com
08/18/2003 06:17 AM <DIR> MUSICMATCH
08/18/2003 06:16 AM <DIR> Britannica
08/18/2003 06:15 AM <DIR> Dell Computer
08/18/2003 06:14 AM <DIR> Jasc Software Inc
08/18/2003 06:14 AM <DIR> EarthLink 5.0
08/18/2003 06:13 AM <DIR> ABBYY FineReader 5.0 Sprint
08/18/2003 06:13 AM <DIR> Modem Helper
08/18/2003 06:12 AM <DIR> Dell
08/18/2003 06:11 AM <DIR> Broadcom Management Programs
08/18/2003 05:44 AM <DIR> microsoft frontpage
08/18/2003 05:44 AM <DIR> XEROX
08/18/2003 05:44 AM <DIR> Online Services
08/18/2003 05:44 AM <DIR> ComPlus Applications
08/18/2003 05:44 AM <DIR> MSN Gaming Zone
08/18/2003 05:44 AM <DIR> MSN
0 File(s) 0 bytes
157 Dir(s) 5,770,682,368 bytes free
Volume in drive C has no label.
Volume Serial Number is A8CE-3BD1

Directory of C:\Program Files\Common Files

08/22/2006 03:53 PM <DIR> {A8CE3BD1-0892-1033-0731-030512200001}
08/22/2006 03:53 PM <DIR> ..
08/22/2006 03:53 PM <DIR> .
08/22/2006 03:38 PM <DIR> Ahead
08/11/2006 05:05 PM <DIR> Nero
05/31/2006 08:41 AM <DIR> System
03/13/2006 02:03 AM <DIR> Wise Installation Wizard
10/24/2005 06:41 PM <DIR> aol
05/29/2005 09:22 AM <DIR> aolshare
03/04/2005 11:34 PM <DIR> Java
03/03/2005 06:08 PM <DIR> Microsoft Shared
02/02/2005 04:38 PM <DIR> Canopus Shared
12/12/2004 07:39 PM <DIR> AolCoach
10/26/2004 10:18 PM <DIR> Zing
07/21/2004 12:25 AM <DIR> Adobe Systems Shared
07/21/2004 12:24 AM <DIR> Adobe
02/27/2004 09:17 PM <DIR> mozilla.org
01/27/2004 07:32 AM <DIR> InstallShield
12/05/2003 09:07 PM <DIR> NSV
11/23/2003 02:27 AM <DIR> DirectX
10/30/2003 08:25 PM <DIR> Moonlight
10/11/2003 06:55 PM <DIR> Nullsoft
09/21/2003 10:53 AM <DIR> Designer
08/24/2003 11:07 PM <DIR> SWF Studio
08/18/2003 06:20 AM <DIR> Adaptec Shared
08/18/2003 06:19 AM <DIR> Borland Shared
08/18/2003 06:19 AM <DIR> Corel
08/18/2003 06:18 AM <DIR> xing shared
08/18/2003 06:18 AM <DIR> Real
08/18/2003 06:12 AM <DIR> Dell
08/18/2003 05:44 AM <DIR> MSSoap
08/18/2003 05:44 AM <DIR> Services
08/18/2003 05:44 AM <DIR> SpeechEngines
08/18/2003 05:44 AM <DIR> ODBC
0 File(s) 0 bytes
34 Dir(s) 5,770,690,560 bytes free

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:45 AM

Posted 23 August 2006 - 06:43 PM

Please click Start -> Control Panel -> Add/Remove Programs and uninstall these programs:

Limeshop
ViewpointMediaPlayer




Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Crono139

Crono139
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 23 August 2006 - 07:14 PM

Limeshop refuses to uninstall.

WJView Error
ERROR: Could not execute Main : The system cannot find the file specified.


Viewpoint Media Player was removed without any problems.


Just after doing a scan with ComboFix, I received an error message.

Error: The system was unable to find the specified registry key, or value.

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:45 AM

Posted 24 August 2006 - 07:15 AM

Delete this folder, if present.

C:\Program Files\LimeShop


Please post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 Crono139

Crono139
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 24 August 2006 - 12:17 PM

Done.

Logfile of HijackThis v1.99.1
Scan saved at 13:13, on 06-08-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\AOL\110289~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110289~1\EE\AOLServiceHost.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Justin\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.33.140.253:80
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/classes...ab?ver=1,1,0,32
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {4FCFF034-6F56-4D65-8C31-70D98C475428} (ddm_download.ddm_control) - http://bins.dynamicdesktopmedia.com/cab/ddm_control.CAB
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/classes...ion=4,3,2,20802
O16 - DPF: {670821E0-76D1-11D4-9F60-009027A966BF} (YouBet Secure Data Transfer Control) - http://www.youbet.net/wr_5_8/controls/ybrequest.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users