Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Need Help...........popups


  • This topic is locked This topic is locked
12 replies to this topic

#1 bigtrevdogg

bigtrevdogg

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 03 September 2006 - 06:45 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:38:33 PM, on 9/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\progra~1\mcafee\MCAFEE~2\masalert.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\kwinopex.exe
C:\Program Files\Common Files\{6487EC52-0A21-1033-0927-040624030001}\Update.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\WINDOWS\System32\crunner\cproc.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\trevis scott\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\System32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~2\masalert.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [loaddr] C:\topaff.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\kwinopex.exe GEN001
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\trevis scott\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\System32\crunner\cproc.exe
O4 - HKCU\..\Run: [iqkz] C:\PROGRA~1\COMMON~1\iqkz\iqkzm.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\kwinopex.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.gamehouse.com/games/DinerDash2.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.gamehouse.com/games/tumblebugs/axhost.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,19/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\p8n8li5u18.dll
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\i806lids1806.dll (file missing)
O20 - Winlogon Notify: WBSrv - c:\PROGRA~1\WINDOW~4\wbsrv.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\ZGV5b25hIGJ1cmtl\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

please help me out

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:31 AM

Posted 04 September 2006 - 08:03 AM

Hello,

Before we clean this up, I want some extra info first..

* Download uninstallcmd_XP
Unzip it to your desktop.
Doubleclick uninstallcmd.bat
A short scan will follow and notepad will open afterwards.
Copy and paste the results of uninstallcmd.txt in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 bigtrevdogg

bigtrevdogg
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 04 September 2006 - 08:55 AM

UninstallString REG_SZ RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
DisplayName REG_SZ 3D Groove Playback Engine
DisplayName REG_SZ EA SPORTS online 2005
UninstallString REG_SZ C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
DisplayName REG_SZ AC3Filter (remove only)
UninstallString REG_SZ C:\Program Files\AC3Filter\uninstall.exe
DisplayName REG_SZ Ad-Aware SE Personal
UninstallString REG_SZ C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
UninstallString REG_SZ msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
DisplayName REG_SZ Adobe Illustrator CS2
DisplayName REG_SZ Adobe Photoshop CS2
UninstallString REG_SZ msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
DisplayName REG_SZ Adobe Shockwave Player
UninstallString REG_SZ C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
DisplayName REG_SZ Adobe SVG Viewer 3.0
UninstallString REG_SZ C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
DisplayName REG_SZ Adobe Download Manager 1.2 (Remove Only)
UninstallString REG_SZ "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
DisplayName REG_SZ Advanced Encode Decode Tools v.1.063
UninstallString REG_SZ C:\PROGRA~1\MEDIAT~1\AEDTools\UNWISE.EXE C:\PROGRA~1\MEDIAT~1\AEDTools\INSTALL.LOG
DisplayName REG_SZ America Online (Choose which version to remove)
UninstallString REG_SZ C:\Program Files\Common Files\aolshare\aolunins_us.exe
DisplayName REG_SZ AOL Uninstaller (Choose which Products to Remove)
UninstallString REG_SZ C:\Program Files\Common Files\AOL\uninstaller.exe
DisplayName REG_SZ Audacity 1.2.3
UninstallString REG_SZ "C:\Program Files\Audacity\unins000.exe"
DisplayName REG_SZ AviSynth 2.5
UninstallString REG_SZ "C:\Program Files\AviSynth 2.5\Uninstall.exe"
UninstallString REG_SZ C:\WINDOWS\BCMSMU.exe quiet
DisplayName REG_SZ BCM V.92 56K Modem
DisplayName REG_SZ BellSouth FastAccess DSL Help Center
UninstallString REG_SZ "C:\Program Files\Support.com\BellSouth\Uninstall.exe" /c "Remove BellSouth® FastAccess® DSL Help Center?"
DisplayName REG_SZ BitLord 1.1
UninstallString REG_SZ C:\Program Files\BitLord\uninst.exe
DisplayName REG_SZ BitTornado 0.3.12
UninstallString REG_SZ C:\Program Files\BitTornado\uninst.exe
DisplayName REG_SZ Blaze Media Pro
UninstallString REG_SZ "C:\Documents and Settings\All Users\Application Data\{D83E700A-D450-4DA7-A5B7-A84FC1FC3B69}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
DisplayName REG_SZ BellSouth Toolbar 1.0
UninstallString REG_SZ C:\Program Files\blstoolbar\uninstall.exe -uninstall -prompt
UninstallString REG_SZ RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45893FEB-30FD-4034-8661-3BA4238FE67A}\SETUP.EXE" -l0x9 -uninst -y -a -f"b2003ce.isu"
DisplayName REG_SZ CD Art Display RC 4
UninstallString REG_SZ "C:\Program Files\CD Art Display\unins000.exe"
DisplayName REG_SZ Comcast High-Speed Internet Install Wizard
UninstallString REG_SZ C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
DisplayName REG_SZ CopyPod (remove only)
UninstallString REG_SZ "C:\Program Files\CopyPod\uninstall.exe"
DisplayName REG_SZ Dell Digital Jukebox Driver
UninstallString REG_SZ C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
DisplayName REG_SZ Dell Support 5.0.0 (766)
UninstallString REG_SZ rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
DisplayName REG_SZ Digimarc MyPictureMarc Watermarking Plugin
UninstallString REG_SZ C:\PROGRA~1\Digimarc\MYPICT~1\UNWISE.EXE C:\PROGRA~1\Digimarc\MYPICT~1\INSTALL.LOG
DisplayName REG_SZ Uninstall DreamSuite Demo
UninstallString REG_SZ C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\DreamSuite Demo\DreamSuite Demo Uninstall.log
DisplayName REG_SZ DVD Decrypter (Remove Only)
UninstallString REG_SZ "C:\Program Files\DVD Decrypter\uninstall.exe"
DisplayName REG_SZ DVDFab Platinum 2.82
UninstallString REG_SZ "C:\Program Files\DVDFab Platinum\unins001.exe"
DisplayName REG_SZ ESPNMotion
UninstallString REG_SZ C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
DisplayName REG_SZ ewido anti-malware
UninstallString REG_SZ C:\Program Files\ewido anti-malware\Uninstall.exe
DisplayName REG_SZ HijackThis 1.99.1
UninstallString REG_SZ C:\Program Files\HijackThis\HijackThis.exe /uninstall
UninstallString REG_SZ C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\uninst.dll"
DisplayName REG_SZ HP OfficeJet T Series (Remove Only)
DisplayName REG_SZ IconPackager
UninstallString REG_SZ C:\PROGRA~1\Stardock\OBJECT~1\ICONPA~1\iconpackager.exe /uninstallwise
UninstallString REG_SZ C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
DisplayName REG_SZ Canon Camera Window DSLR 5 for ZoomBrowser EX
UninstallString REG_SZ C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{0FB261F3-6F16-43FD-A404-F377C169B937}
DisplayName REG_SZ Madagascar
UninstallString REG_SZ C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1} /l1033
DisplayName REG_SZ iPod for Windows 2005-09-06
UninstallString REG_SZ C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5} /l1033
DisplayName REG_SZ iTunes
UninstallString REG_SZ C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}
DisplayName REG_SZ Canon Camera Window DC_DV 6 for ZoomBrowser EX
UninstallString REG_SZ C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}
DisplayName REG_SZ Canon Camera Window MC 6 for ZoomBrowser EX
UninstallString REG_SZ C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}
DisplayName REG_SZ Canon Utilities PhotoStitch 3.1
UninstallString REG_SZ C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{901F8ED7-13E8-43EF-B738-2FE89B0588EB} /l1033
DisplayName REG_SZ Canon Camera Access Library
UninstallString REG_SZ C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
DisplayName REG_SZ QuickTime
UninstallString REG_SZ C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
DisplayName REG_SZ Canon Camera Support Core Library
UninstallString REG_SZ C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
DisplayName REG_SZ Canon Camera Window DC_DV 5 for ZoomBrowser EX
UninstallString REG_SZ C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}
DisplayName REG_SZ Canon RAW Image Task for ZoomBrowser EX
UninstallString REG_SZ C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
DisplayName REG_SZ iPod for Windows 2006-06-28
UninstallString REG_SZ C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_01\Uninst.isu"
DisplayName REG_SZ Java 2 Runtime Environment Standard Edition v1.3.1_01
DisplayName REG_SZ Kids Next Door
UninstallString REG_SZ C:\PROGRA~1\CARTOO~1\BEST\UNWISE.EXE C:\PROGRA~1\CARTOO~1\BEST\INSTALL.LOG
UninstallString REG_SZ "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
QuietDisplayName REG_SZ McAfee AntiSpyware
_DisplayName REG_SZ McAfee AntiSpyware
UninstallString REG_SZ c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mas /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\masrem.ui::uninstall.htm
UninstallString REG_SZ c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
_DisplayName REG_SZ McAfee SecurityCenter
QuietDisplayName REG_SZ McAfee SecurityCenter
DisplayName REG_SZ McAfee Uninstall Wizard
UninstallString REG_SZ C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
DisplayName REG_SZ MediaMonkey 2.4
UninstallString REG_SZ "C:\Program Files\MediaMonkey\unins000.exe"
UninstallString REG_SZ msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
DisplayName REG_SZ Microsoft .NET Framework 1.1
DisplayName REG_SZ Microsoft .NET Framework 2.0
UninstallString REG_SZ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
UninstallString REG_SZ C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
DisplayName REG_SZ MP3 Wav Editor 2.5
UninstallString REG_SZ "C:\Program Files\MP3 Wav Editor\unins000.exe"
DisplayName REG_SZ MicroStaff WINASPI
UninstallString REG_SZ C:\MWASPI\uninst.exe
DisplayName REG_SZ Uninstall Mystical
UninstallString REG_SZ C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Mystical\Mystical Uninstall.log
UninstallString REG_SZ C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
DisplayName REG_SZ Nero 6 Ultra Edition
DisplayName REG_SZ NVIDIA Windows 2000/XP Display Drivers
UninstallString REG_SZ rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
UninstallString REG_SZ C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan
DisplayName REG_SZ Panda ActiveScan
UninstallString REG_SZ rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
UninstallString REG_SZ C:\WINDOWS\uninst.exe -f"C:\Program Files\Cosmi\Phonics 4 Kids\DeIsL1.isu" -c"C:\Program Files\Cosmi\Phonics 4 Kids\_ISREG32.DLL"
DisplayName REG_SZ Phonics 4 Kids
DisplayName REG_SZ Intel® PRO Network Adapters and Drivers
UninstallString REG_SZ Prounstl.exe
DisplayName REG_SZ PSP Video 9 1.74
UninstallString REG_SZ C:\Program Files\pspvideo9\uninst.exe
DisplayName REG_SZ Python 2.2.3
UninstallString REG_SZ C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
DisplayName REG_SZ Windows XP Hotfix (SP2) Q328310
UninstallString REG_SZ C:\WINDOWS\$NtUninstallQ328310$\spuninst\spuninst.exe
DisplayName REG_SZ Windows XP Hotfix (SP2) [See Q329115 for more information]
UninstallString REG_SZ C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe
DisplayName REG_SZ Windows XP Hotfix (SP2) Q329170
UninstallString REG_SZ C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
DisplayName REG_SZ Windows XP Hotfix (SP2) [See Q329390 for more information]
UninstallString REG_SZ C:\WINDOWS\$NtUninstallQ329390$\spuninst\spuninst.exe
DisplayName REG_SZ Windows XP Hotfix (SP2) Q329441
UninstallString REG_SZ C:\WINDOWS\$NtUninstallQ329441$\spuninst\spuninst.exe
DisplayName REG_SZ Windows XP Hotfix (SP2) [See Q329834 for more information]
UninstallString REG_SZ C:\WINDOWS\$NtUninstallQ329834$\spuninst\spuninst.exe
DisplayName REG_SZ Windows XP Hotfix (SP2) Q810565
UninstallString REG_SZ C:\WINDOWS\$NtUninstallQ810565$\spuninst\spuninst.exe
DisplayName REG_SZ Windows XP Hotfix (SP2) Q810577
UninstallString REG_SZ C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe
DisplayName REG_SZ Windows XP Hotfix (SP2) Q810833
UninstallString REG_SZ C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe
DisplayName REG_SZ Windows XP Hotfix (SP2) Q811493
UninstallString REG_SZ C:\WINDOWS\$NtUninstallQ811493$\spuninst\spuninst.exe
DisplayName REG_SZ Windows XP Hotfix (SP2) Q814033
UninstallString REG_SZ C:\WINDOWS\$NtUninstallQ814033$\spuninst\spuninst.exe
DisplayName REG_SZ Windows XP Hotfix (SP2) Q815021
UninstallString REG_SZ C:\WINDOWS\$NtUninstallQ815021$\spuninst\spuninst.exe
DisplayName REG_SZ Windows XP Hotfix (SP2) Q817287
UninstallString REG_SZ C:\WINDOWS\$NtUninstallQ817287$\spuninst\spuninst.exe
DisplayName REG_SZ Windows Media Player Hotfix [See wm828026 for more information]
UninstallString REG_SZ C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe
UninstallString REG_SZ C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
UninstallString REG_SZ C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
DisplayName REG_SZ RealPlayer
DisplayName REG_SZ Shockwave
UninstallString REG_SZ C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
QuietDisplayName REG_SZ Shockwave Director 10.1.3
QuietDisplayName REG_SZ Shockwave Flash
DisplayName REG_SZ Adobe Flash Player 9 ActiveX
UninstallString REG_SZ C:\WINDOWS\System32\Macromed\Flash\UninstFl.exe -q
DisplayName REG_SZ Spybot - Search & Destroy 1.3
UninstallString REG_SZ "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
DisplayName REG_SZ SpyderBar (remove only)
UninstallString REG_SZ "C:\Program Files\TGTSoft\SpyderBar\SpyderBar-uninstall.exe"
DisplayName REG_SZ SpywareBlaster v3.5.1
UninstallString REG_SZ "C:\Program Files\SpywareBlaster\unins000.exe"
DisplayName REG_SZ Videora iPod Converter 0.91
UninstallString REG_SZ C:\Program Files\VideoraiPodConverter\uninst.exe
DisplayName REG_SZ Viewpoint Manager (Remove Only)
UninstallString REG_SZ C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
DisplayName REG_SZ Viewpoint Media Player
UninstallString REG_SZ C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
QuietDisplayName REG_SZ McAfee VirusScan
UninstallString REG_SZ c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
DisplayName REG_SZ Winamp (remove only)
UninstallString REG_SZ "C:\Program Files\Winamp\UninstWA.exe"
DisplayName REG_SZ Windows Media Format Runtime
UninstallString REG_SZ "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
DisplayName REG_SZ Windows Media Player 10
UninstallString REG_SZ "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
DisplayName REG_SZ WinRAR archiver
UninstallString REG_SZ C:\Program Files\WinRAR\uninstall.exe
DisplayName REG_SZ WinZip
UninstallString REG_SZ "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
DisplayName REG_SZ WinZip Self-Extractor
UninstallString REG_SZ "C:\Program Files\WinZip Self-Extractor\wzipse32.exe" -uninstall
DisplayName REG_SZ XVid;-)
UninstallString REG_SZ C:\Program Files\XVid;-)\Uninstall.exe
DisplayName REG_SZ XviD MPEG-4 Video Codec
UninstallString REG_SZ "C:\Program Files\XviD\unins000.exe"
UninstallString REG_SZ C:\PROGRA~1\Yahoo!\Common\unypsr.exe
DisplayName REG_SZ Yahoo! Anti-Spy
DisplayName REG_SZ Yahoo! Toolbar for Internet Explorer
UninstallString REG_SZ C:\PROGRA~1\Yahoo!\Common\unyt.exe
UninstallString REG_SZ C:\PROGRA~1\Yahoo!\Common\unyext.exe
DisplayName REG_SZ Yahoo! extras
DisplayName REG_SZ Yahoo! Toolbar
DisplayName REG_SZ Yahoo! Widget Engine
UninstallString REG_SZ C:\Program Files\Yahoo!\Yahoo! Widget Engine\uninstall.exe
UninstallString REG_EXPAND_SZ MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
DisplayName REG_SZ Microsoft Office 2000 Professional
DisplayName REG_SZ Camera Window DS
UninstallString REG_EXPAND_SZ MsiExec.exe /I{0AD5AD99-6172-4385-8765-385FBE3A1013}
DisplayName REG_SZ Sunbelt CounterSpy
DisplayName REG_SZ Madagascar ™
UninstallString REG_EXPAND_SZ MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DisplayName REG_SZ Dell Solution Center
UninstallString REG_EXPAND_SZ MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
DisplayName REG_SZ Dell Picture Studio - Dell Image Expert
DisplayName REG_SZ AutoUpdate
DisplayName REG_SZ Google Toolbar for Internet Explorer
UninstallString REG_SZ regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
DisplayName REG_SZ Adobe Photoshop CS2
DisplayName REG_SZ iPod for Windows 2005-09-06
UninstallString REG_EXPAND_SZ MsiExec.exe /I{2F30A886-DC9F-4C4D-8CE5-124388C82943}
DisplayName REG_SZ Microsoft Network Guide
DisplayName REG_SZ WebFldrs XP
UninstallString REG_EXPAND_SZ MsiExec.exe /X{35917680-C0DA-4618-B878-54B74694A2FB}
DisplayName REG_SZ Yahoo! Widget Engine
UninstallString REG_EXPAND_SZ MsiExec.exe /X{3622DF78-ADD4-4AC5-BBAE-EE6D17417EAA}
DisplayName REG_SZ Sunbelt CounterSpy Enterprise
UninstallString REG_EXPAND_SZ MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
DisplayName REG_SZ RTC Client API v1.2
UninstallString REG_SZ RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45893FEB-30FD-4034-8661-3BA4238FE67A}\SETUP.EXE" -l0x9 -uninst
DisplayName REG_SZ Britannica Ready Reference
UninstallString REG_SZ C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
DisplayName REG_SZ MUSICMATCH® Jukebox
UninstallString REG_SZ RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}\setup.exe" -l0x9 -removeonly
DisplayName REG_SZ Google Earth Pro
DisplayName REG_SZ Banctec Service Agreement
DisplayName REG_SZ iTunes
DisplayName REG_SZ Camera Window DVC
UninstallString REG_SZ RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
DisplayName REG_SZ FUJIFILM USB Driver
UninstallString REG_EXPAND_SZ MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}
DisplayName REG_SZ WordPerfect Office 11
UninstallString REG_SZ RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55BC7EFA-D832-4EE3-9DEA-49B0C07539D9}\setup.exe" -l0x9 -L0x9anything
DisplayName REG_SZ
UninstallString REG_EXPAND_SZ MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
DisplayName REG_SZ Easy CD Creator 5 Basic
UninstallString REG_SZ RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{625304B0-2976-473B-AD81-5CA376093F03}\setup.exe" -l0x9 -removeonly
DisplayName REG_SZ Xingtone Ringtone Maker
DisplayName REG_SZ McAfee Shredder
UninstallString REG_EXPAND_SZ MsiExec.exe /I{64116298-93C5-401D-B06C-39D8E3338508}
DisplayName REG_SZ DAO
UninstallString REG_SZ RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
DisplayName REG_SZ PowerDVD
DisplayName REG_SZ Dell Networking Guide
DisplayName REG_SZ Camera Window MC
DisplayName REG_SZ Microsoft .NET Framework 2.0
UninstallString REG_SZ C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
UninstallString REG_SZ RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
DisplayName REG_SZ LiveUpdate BVRP Software
UninstallString REG_EXPAND_SZ MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
DisplayName REG_SZ Adobe Stock Photos 1.0
DisplayName REG_SZ DivX
UninstallString REG_SZ C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
UninstallString REG_SZ RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DisplayName REG_SZ Modem Helper
DisplayName REG_SZ PhotoStitch
DisplayName REG_SZ DivX Player
UninstallString REG_SZ C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
UninstallString REG_EXPAND_SZ MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
DisplayName REG_SZ Adobe Common File Installer
DisplayName REG_SZ Camera Access Library
DisplayName REG_SZ Help and Support Customization
DisplayName REG_SZ QuickTime
UninstallString REG_EXPAND_SZ MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
DisplayName REG_SZ DVDSentry
DisplayName REG_SZ Camera Support Core Library
DisplayName REG_SZ Camera Window DVC
UninstallString REG_SZ RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
DisplayName REG_SZ Macromedia Extension Manager
UninstallString REG_EXPAND_SZ MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
DisplayName REG_SZ Intel® PROSet
UninstallString REG_EXPAND_SZ MsiExec.exe /I{AC76BA86-7AD7-1033-7646-000000000001}
DisplayName REG_SZ Adobe Reader 6.0
DisplayName REG_SZ DivX Converter
UninstallString REG_SZ C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DisplayName REG_SZ Adobe Illustrator CS2
DisplayName REG_SZ DivX Web Player
UninstallString REG_SZ C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
UninstallString REG_EXPAND_SZ MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
DisplayName REG_SZ Adobe Bridge 1.0
UninstallString REG_SZ RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0x9
DisplayName REG_SZ Logitech Gaming Software
DisplayName REG_SZ RAW Image Task 2.2
UninstallString REG_EXPAND_SZ MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
DisplayName REG_SZ Canon PhotoRecord
DisplayName REG_SZ iPod for Windows 2006-06-28
UninstallString REG_EXPAND_SZ MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
DisplayName REG_SZ Canon ZoomBrowser EX (E)
DisplayName REG_SZ Blaze Media Pro
UninstallString REG_EXPAND_SZ MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
DisplayName REG_SZ Microsoft .NET Framework 1.1
UninstallString REG_SZ RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DisplayName REG_SZ Dell ResourceCD
UninstallString REG_SZ RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA9F6EF5-E48A-4E45-BC57-AA16193763B7}\Setup.exe"
DisplayName REG_SZ Detto IntelliMover
UninstallString REG_SZ RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCDC8E79-4600-4C02-9824-CD3BB8971D4E}\Setup.exe" -l0x9 -L0x9anything
DisplayName REG_SZ
UninstallString REG_EXPAND_SZ MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
DisplayName REG_SZ Adobe Help Center 1.0
DisplayName REG_SZ mobile PhoneTools
UninstallString REG_SZ RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9


while i was waiting i tried by myself to run a few scans and have some things removed. but i am still getting pop-ups......thnx, for the help.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:31 AM

Posted 04 September 2006 - 09:13 AM

Hi, Yes, I see that you already uninstalled some..

Let's deal with your problems now..

It is important you don't miss a step and perform everything in the right order!!

I see you have Viewpoint installed..
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
* Download Brute Force Uninstaller.
Unzip it to a folder of it’s own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script
( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

--------------------

Please download, install, and update Ewido anti-spyware
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close Ewido and reboot!!
    I need the log later.
-------------------------

* Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog and the log from Ewido.
You may need several replies to post the logs.

Edited by miekiemoes, 04 September 2006 - 09:18 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 bigtrevdogg

bigtrevdogg
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 04 September 2006 - 12:19 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:15:38 PM, on 9/4/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\Enterprise\PolicyService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sunbelt Software\CounterSpy\Enterprise\ReportingService.exe
C:\Program Files\Sunbelt Software\CounterSpy\Enterprise\UpdateService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\BCMSMMSG.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\progra~1\mcafee\MCAFEE~2\masalert.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Documents and Settings\trevis scott\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\System32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~2\masalert.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\trevis scott\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\System32\crunner\cproc.exe
O4 - HKCU\..\Run: [iqkz] C:\PROGRA~1\COMMON~1\iqkz\iqkzm.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\kwinopex.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,19/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O20 - Winlogon Notify: WBSrv - c:\PROGRA~1\WINDOW~4\wbsrv.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: CounterSpy Policy Service - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\Enterprise\PolicyService.exe
O23 - Service: CounterSpy Reporting Service - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\Enterprise\ReportingService.exe
O23 - Service: CounterSpy Update Service - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\Enterprise\UpdateService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



trevis scott - 06-09-04 13:04:14.67
ComboFix 06.09.04BT - Running from: C:\Documents and Settings\trevis scott\Desktop

Microsoft Windows XP [Version 5.1.2600]

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{1BA13338-8F4C-4A46-B670-367B3AEA17A4}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{1BA13338-8F4C-4A46-B670-367B3AEA17A4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1BA13338-8F4C-4A46-B670-367B3AEA17A4}\Implemented

Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1BA13338-8F4C-4A46-B670-367B3AEA17A4}\InprocServer32]
@="C:\\WINDOWS\\system32\\NFTAudioCompress2.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{60DB7B01-8E22-403E-82FD-0C86A6370A20}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{60DB7B01-8E22-403E-82FD-0C86A6370A20}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60DB7B01-8E22-403E-82FD-0C86A6370A20}\Implemented

Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60DB7B01-8E22-403E-82FD-0C86A6370A20}\InprocServer32]
@="C:\\WINDOWS\\system32\\sDfrcdlg.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{4BE737A4-FB7A-4FB8-B14A-CEF43F8EBF98}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4BE737A4-FB7A-4FB8-B14A-CEF43F8EBF98}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4BE737A4-FB7A-4FB8-B14A-CEF43F8EBF98}\Implemented

Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4BE737A4-FB7A-4FB8-B14A-CEF43F8EBF98}\InprocServer32]
@="C:\\WINDOWS\\system32\\QGON32.DLL"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\SYSTEM32\lvrm0991e.dll
C:\WINDOWS\SYSTEM32\QGON32.DLL
C:\WINDOWS\SYSTEM32\s4rs0e97eh.dll


Granting sedebugprivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\trevis scott\Local Settings\Temporary Internet

Files\Content.IE5\I1SV6P4P\nwnmff_15[1].exe
C:\Program Files\Inetget2
C:\Program Files\Common Files\{6487EC52-0A21-1033-0927-040624030001}
C:\WINDOWS\system32\crunner


((((((((((((((((((((((((((((((( Files Created from 2006-08-04 to 2006-09-04 ))))))))))))))))))))))))))))))))))


2006-09-03 16:29 126,976 --a------ C:\WINDOWS\SYSTEM32\ieserv.exe
2006-09-03 16:26 25,688 --a------ C:\WINDOWS\SYSTEM32\w10c3919.dll
2006-09-03 16:25 930 --a------ C:\WINDOWS\SYSTEM32\winpfg32.sys
2006-09-03 16:24 302,576 --a------ C:\803_104.exe
2006-09-02 13:05 847,920 --a------ C:\WINDOWS\SYSTEM32\python22.dll
2006-08-25 18:55 40,960 --a------ C:\WINDOWS\SYSTEM32\SSubTmr6.dll
2006-08-25 15:52 45,056 --a------ C:\WINDOWS\SYSTEM32\InstallDriver.exe
2006-08-23 14:23 109,568 --------- C:\WINDOWS\SYSTEM32\pxinsi64.exe
2006-08-23 14:23 108,544 --------- C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2006-08-04 11:37 73,728 --a------ C:\WINDOWS\SYSTEM32\dpl100.dll
2006-08-04 11:37 196,608 --a------ C:\WINDOWS\SYSTEM32\dtu100.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-04 13:07 -------- d-------- C:\Program Files\Common Files
2006-09-04 12:48 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-04 11:42 -------- d-------- C:\Program Files\ewido anti-malware
2006-09-04 10:08 -------- d-------- C:\Program Files\PrintView
2006-09-04 01:38 -------- d-------- C:\Program Files\Setup NetZero
2006-09-04 00:59 -------- d-------- C:\Program Files\Sunbelt Software
2006-09-04 00:59 -------- d-------- C:\Program Files\Crystal Decisions
2006-09-04 00:59 -------- d-------- C:\Program Files\Common Files\Crystal Decisions
2006-09-03 21:44 -------- d-------- C:\Program Files\Winamp
2006-09-03 21:44 -------- d-------- C:\Program Files\QuickTime
2006-09-03 21:44 -------- d-------- C:\Program Files\iTunes
2006-09-03 21:44 -------- d-------- C:\Program Files\Internet Explorer
2006-09-03 21:44 -------- d-------- C:\Program Files\Dell Support
2006-09-03 18:11 -------- d-------- C:\Program Files\Common Files\misc002
2006-09-03 18:11 -------- d-------- C:\Program Files\Common Files\iqkz
2006-08-28 17:50 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-28 17:49 -------- d-------- C:\Program Files\iPod
2006-08-26 18:09 28256 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.sys
2006-08-26 17:15 -------- d-------- C:\Program Files\Stardock
2006-08-26 17:15 -------- d-------- C:\Program Files\Common Files\Stardock
2006-08-26 01:17 -------- d-------- C:\Program Files\Yahoo!
2006-08-26 01:03 -------- d-------- C:\Program Files\CD Art Display
2006-08-26 00:47 -------- d-------- C:\Documents and Settings\trevis scott\Application Data\AveDesk
2006-08-25 20:41 -------- d-------- C:\Program Files\windowbbbs
2006-08-25 15:52 -------- d-------- C:\Program Files\Detto
2006-08-25 00:43 -------- d-------- C:\Program Files\x360
2006-08-25 00:43 -------- d-------- C:\Program Files\VistaXP301
2006-08-25 00:43 -------- d-------- C:\Program Files\VistaXP300
2006-08-25 00:43 -------- d-------- C:\Program Files\Noire
2006-08-25 00:43 -------- d-------- C:\Program Files\Forever
2006-08-25 00:43 -------- d-------- C:\Program Files\Dream
2006-08-25 00:43 -------- d-------- C:\Program Files\Believe
2006-08-25 00:43 -------- d-------- C:\Program Files\Arrow
2006-08-24 23:07 -------- d-------- C:\Program Files\DivX
2006-08-24 22:45 -------- d-------- C:\Program Files\XviD
2006-08-24 20:05 188 --a------ C:\Program Files\trevis scott.CAT
2006-08-24 19:50 0 --a------ C:\Program Files\wbdbg.ini
2006-08-24 19:50 0 --a------ C:\Program Files\Copy of wbdbg.ini
2006-08-23 13:55 -------- d-------- C:\Program Files\Blaze Media Pro
2006-08-23 07:40 -------- d-------- C:\Documents and Settings\trevis scott\Application Data\Seven Zip
2006-08-10 17:04 -------- d-------- C:\Documents and Settings\trevis scott\Application Data\PlayFirst
2006-07-31 21:02 -------- d-------- C:\Documents and Settings\trevis scott\Application Data\AdobeUM
2006-07-26 22:05 3596288 --a------ C:\WINDOWS\SYSTEM32\qt-dx331.dll
2006-07-25 16:37 -------- d-------- C:\Documents and Settings\trevis scott\Application Data\Wildfire
2006-07-21 16:14 659968 --a------ C:\WINDOWS\SYSTEM32\AdjMmsEng.dll
2006-07-18 13:52 -------- d-------- C:\Program Files\support.com
2006-07-18 13:51 -------- d-------- C:\Program Files\blstoolbar
2006-07-18 12:45 -------- d-------- C:\Program Files\Common Files\Motive
2006-07-14 17:11 -------- d-------- C:\Program Files\Advanced System Optimizer
2006-07-10 18:45 -------- d-------- C:\Program Files\Common Files\aol
2006-07-09 18:46 -------- d-------- C:\Program Files\Canon
2006-07-06 21:25 10920 --a------ C:\aolconnfix.exe
2006-07-06 13:39 -------- d-------- C:\Documents and Settings\trevis scott\Application Data\AOL
2006-07-06 13:34 -------- d-------- C:\Program Files\Common Files\aolback
2006-07-06 13:33 -------- d-------- C:\Program Files\Common Files\aolshare
2006-07-06 13:29 -------- d-------- C:\Documents and Settings\trevis scott\Application Data\Mozilla
2006-07-03 17:40 778240 --a------ C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2006-07-03 17:40 778240 --a------ C:\WINDOWS\SYSTEM32\divx_xx07.dll
2006-07-03 17:40 761856 --a------ C:\WINDOWS\SYSTEM32\divx_xx11.dll
2006-07-03 17:40 620180 --a------ C:\WINDOWS\SYSTEM32\DivX.dll
2006-06-29 11:32 208896 --a------ C:\WINDOWS\SYSTEM32\erdmpg-4.5.dll
2006-06-29 11:32 135168 --a------ C:\WINDOWS\SYSTEM32\DirectEncode.dll
2006-06-21 06:49 53248 --a------ C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2006-06-21 06:43 520192 --a------ C:\WINDOWS\SYSTEM32\DivXsm.exe
2006-06-21 06:42 200704 --a------ C:\WINDOWS\SYSTEM32\ssldivx.dll
2006-06-21 06:42 1044480 --a------ C:\WINDOWS\SYSTEM32\libdivx.dll
2006-06-21 06:34 593920 --a------ C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2006-06-21 06:34 57344 --a------ C:\WINDOWS\SYSTEM32\dpv11.dll
2006-06-21 06:34 344064 --a------ C:\WINDOWS\SYSTEM32\dpus11.dll
2006-06-21 06:34 294912 --a------ C:\WINDOWS\SYSTEM32\dpu11.dll
2006-06-21 06:34 294912 --a------ C:\WINDOWS\SYSTEM32\dpu10.dll
2006-06-21 06:33 12288 --a------ C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2006-06-21 06:33 118784 --a------ C:\WINDOWS\SYSTEM32\DivXCodecUpdateChecker.exe
2006-06-07 05:09 433678 --a------ C:\WINDOWS\SYSTEM32\erdmpg-parse.dll
2006-06-07 05:09 2559762 --a------ C:\WINDOWS\SYSTEM32\erdmpg-enc.dll
2006-06-07 05:06 23757 --a------ C:\WINDOWS\SYSTEM32\erdmpg-int.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"DIGStream"="C:\\Program Files\\DIGStream\\digstream.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"USB2Check"="RUNDLL32.EXE \"C:\\WINDOWS\\System32\\PCLECoInst.dll\",CheckUSBController"
"USBToolTip"="\"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\USBTip\\USBTip.exe\""
"_AntiSpyware"="c:\\progra~1\\mcafee\\MCAFEE~2\\masalert.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"tgcmd"="\"C:\\Program Files\\Support.com\\BellSouth\\hcenter.exe\" /starthidden /tgcmdwrapper"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunServer"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"Start WingMan Profiler"="\"C:\\Program Files\\Logitech\\Profiler\\lwemon.exe\" /noui"
"Startup Manager"="C:\\Documents and Settings\\trevis scott\\Application Data\\Systweak\\ASO 2\\smstartUp

manager.exe"
"AdobeUpdater"="C:\\Program Files\\Common Files\\Adobe\\Updater\\AdobeUpdater.exe"
"cprocsvc"="C:\\WINDOWS\\System32\\crunner\\cproc.exe"
"iqkz"="C:\\PROGRA~1\\COMMON~1\\iqkz\\iqkzm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and

Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
"backup"="C:\\WINDOWS\\pss\\America Online 8.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"item"="America Online 8.0 Tray Icon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and

Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and

Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
"backup"="C:\\WINDOWS\\pss\\AOL Companion.lnkCommon Startup"
"location"="Common Startup"
"item"="AOL Companion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and

Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
"backup"="C:\\WINDOWS\\pss\\Exif Launcher.lnkCommon Startup"
"location"="Common Startup"
"item"="Exif Launcher"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and

Settings^All Users^Start Menu^Programs^Startup^HP OfficeJet T Series Startup.lnk]
"backup"="C:\\WINDOWS\\pss\\HP OfficeJet T Series Startup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\HPOFFI~1\\Bin\\HPOstr05.exe "
"item"="HP OfficeJet T Series Startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and

Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and

Settings^trevis scott^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
"backup"="C:\\WINDOWS\\pss\\PowerReg Scheduler V3.exeStartup"
"location"="Startup"
"item"="PowerReg Scheduler V3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOL Fast Start]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOL"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOL Spyware

Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\aol\\AOLSPY~1\\AOLSP Scheduler.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BCMSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCMSMMSG"
"hkey"="HKLM"
"command"="BCMSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DVDSentry]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DSentry"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\DSentry.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1142227580\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McUpdate"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"command"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSKAGENTEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MskAgent"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSKDetectorExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSKDetct"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\REGSHAVE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="REGSHAVE"
"hkey"="HKLM"
"command"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SpyderBar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpyderBar"
"hkey"="HKCU"
"command"="C:\\Program Files\\TGTSoft\\SpyderBar\\SpyderBar.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Systweak Memory

Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="memtuneup"
"hkey"="HKCU"
"command"="c:\\program files\\advanced system optimizer\\memtuneup.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\tunebite.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tunebite"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"inimapping"="0"
"command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ypager.exe\" -quiet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"XdriveService"=dword:00000002

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McAfee AntiSpyware.job

Completion time: Mon 09/04/2006 13:10:24.31
ComboFix.txt

#6 bigtrevdogg

bigtrevdogg
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 04 September 2006 - 12:24 PM

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:52:26 PM 9/4/2006

+ Scan result:



C:\Program Files\Common Files\{6487EC52-0A21-1033-0927-040624030001}\Update.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP521\A0112488.exe -> Adware.Agent : Cleaned with backup (quarantined).
[2492] C:\Program Files\Common Files\{6487EC52-0A21-1033-0927-040624030001}\Update.exe -> Adware.Agent : Error during cleaning.
C:\Documents and Settings\trevis scott\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\00C48267-3ACE-498F-A71E-B148BC\12969098-5533-4819-AD58-AB8ACA -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP518\A0109157.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP518\A0109170.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP518\A0109177.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP518\A0109181.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP518\A0110190.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP518\A0110195.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP518\A0110199.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP518\A0110477.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP521\A0111503.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP521\A0111504.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP521\A0111505.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP521\A0111506.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP521\A0111507.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP521\A0112480.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\enn6l15s1.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\f42mlef11h2.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\fpj8031ue.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\gp0sl3d71.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\j0j60a1sed.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wnpcore.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
[1632] C:\WINDOWS\system32\snci.dll -> Adware.Look2Me : Error during cleaning.
[1900] C:\WINDOWS\system32\snci.dll -> Adware.Look2Me : Error during cleaning.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP518\A0108117.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP521\A0111508.exe -> Adware.RK : Cleaned with backup (quarantined).
C:\Program Files\blstoolbar\uninstall.exe -> Adware.VMN : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP521\A0111500.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP518\A0108123.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP521\A0111594.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP521\A0111515.exe -> Adware.Zestyfind : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP518\A0108104.exe -> Downloader.Dyfuca.fb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP518\A0108093.exe -> Downloader.VB.agk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP521\A0111517.exe -> Downloader.VB.alg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP518\A0108118.exe -> Downloader.VB.alt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP518\A0108119.exe -> Downloader.VB.alt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP518\A0108120.exe -> Downloader.VB.alt : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Local Settings\Temporary Internet Files\Content.IE5\WXMRC9UB\xp-cydoor-728[1].swf -> Not-A-Virus.Hoax.SWF.Alerter.a : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\deyona burke\Cookies\deyona burke@ad.admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
C:\Documents and Settings\deyona burke\Cookies\deyona burke@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@www.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@ehg-inforspaceinc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\trevis scott\Cookies\trevis scott@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP521\A0111516.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).


::Report end


that's all of them.............sorry it took so long

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:31 AM

Posted 04 September 2006 - 12:34 PM

Looking much better already...

Let's deal with the leftovers now..

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\System32\crunner\cproc.exe
O4 - HKCU\..\Run: [iqkz] C:\PROGRA~1\COMMON~1\iqkz\iqkzm.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\kwinopex.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O20 - Winlogon Notify: WBSrv - c:\PROGRA~1\WINDOW~4\wbsrv.dll (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Delete next files and folders:

C:\WINDOWS\SYSTEM32\ieserv.exe
C:\WINDOWS\SYSTEM32\w10c3919.dll
C:\WINDOWS\SYSTEM32\winpfg32.sys
C:\803_104.exe
C:\Program Files\Common Files\misc002 <== folder
C:\Program Files\Common Files\iqkz <== folder
C:\WINDOWS\System32\crunner <== folder, if still present

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Post a new hijackthislog in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 bigtrevdogg

bigtrevdogg
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 04 September 2006 - 12:58 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:55:18 PM, on 9/4/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\Enterprise\PolicyService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sunbelt Software\CounterSpy\Enterprise\ReportingService.exe
C:\Program Files\Sunbelt Software\CounterSpy\Enterprise\UpdateService.exe
C:\WINDOWS\BCMSMMSG.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\progra~1\mcafee\MCAFEE~2\masalert.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\trevis scott\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\System32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~2\masalert.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\trevis scott\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,19/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: CounterSpy Policy Service - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\Enterprise\PolicyService.exe
O23 - Service: CounterSpy Reporting Service - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\Enterprise\ReportingService.exe
O23 - Service: CounterSpy Update Service - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\Enterprise\UpdateService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

here it is

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:31 AM

Posted 04 September 2006 - 01:05 PM

Your hijackthislog looks clean again. :thumbsup:
Let me know in your next reply how things are running now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 bigtrevdogg

bigtrevdogg
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 04 September 2006 - 01:13 PM

thnx, for all your help!!!! things are back to normal and the system is running good......one quick question.........is their a software out there that can make my computer run really fast? meaning surfing through websites very quickly.......also, nice dogs on your homepage..........does paypal do conversions of currency?

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:31 AM

Posted 04 September 2006 - 01:27 PM

Hi,

So you want faster surfing? Well... I use Firefox as a browser. Startup is a bit slow, but once firefox is loaded, you can surf quite fast. There's also a nice extension for it called fasterfox: http://fasterfox.mozdev.org/
But for that you need to install Firefox to use that extension.
Take a look at next to speed up your Internet explorer:

http://www.regxplor.com/tweak11.html
Next are more advanced tweaks: http://www.tweakxp.com/Article37934.aspx So be careful when you modify the registry, make a backup of your registry first.

But I suggest you try Firefox first: http://www.mozilla.com/firefox/
Firefox is also more secure than Internet Explorer.
Yes, I guess paypal does conversions.

Glad I could help. :thumbsup:

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates, so visit asap: http://windowsupdate.microsoft.com/ to update to SP2!
Effective October 11, 2006, Windows XP SP1 and SP1a will transition to a non-supported status. After this date, Microsoft will no longer provide any incident support options or security updates. Existing support documents, however, will continue to be available through the Microsoft Support Product Solution Center Web site.
http://support.microsoft.com/gp/lifean19

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

Also visit this Free Online Scanner for PC Health and Safety and Microsoft Security At Home for tips to Protect your Pc, Protect yourself and Protect your Family.

More info on how to prevent malware you can also find here (By Tony Klein)
and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection

Also read: Simple and easy ways to keep your computer safe and secure on the Internet

Happy surfing again! :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 bigtrevdogg

bigtrevdogg
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 04 September 2006 - 01:33 PM

thnx again

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:31 AM

Posted 04 September 2006 - 05:10 PM

You're most welcome :thumbsup:

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users