Trojan.Adclicker and More

Started by Felburg, November 02, 2006, 03:42:03 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2 3
User actions

Felburg

#30
November 05, 2006, 01:14:22 AM
I just tried to look for that file in Safe Mode and no luck.  Killbox said that this directory did not exist.  I am starting to beleive that this is an old registry entry to a file that is no longer on my system.
Need computer help?  Get it for FREE at: http://www.Felburg.com

Corrine

#31
November 05, 2006, 01:27:06 AM
So, when you went to Jotti and clicked on Browse, you couldn't locate the file.  Do you have "show hidden files" on?



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Felburg

#32
November 05, 2006, 06:47:06 AM
Correct.  I always have hidden files showing.
Need computer help?  Get it for FREE at: http://www.Felburg.com

Felburg

#33
November 05, 2006, 09:30:13 AM
I think I found a way to get it off of my system.  I simply removed the following key from the registry:

QuoteAutorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

jeixpaj.exe = C:\WINDOWS\system\jeixpaj.exe

Since it appears that it is just an old key that refers to a file no longer existing I felt it was safe to delete the key.  I made a backup of that key in case I need to revert for any reason.
Need computer help?  Get it for FREE at: http://www.Felburg.com

Felburg

#34
November 05, 2006, 10:46:48 AM
I just ran Spybot Search & Destroy and found references to Smitfraud.  This is one of the things that appeared when I first initially noticed my problem.

Here are the results of the Spybot log:

Quote
--- Search result list ---
Smitfraud-C.Toolbar888: User settings (Registry key, fixed)
  HKEY_USERS\S-1-5-21-602162358-1454471165-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}

Smitfraud-C.Toolbar888: Class ID (Registry key, fixed)
  HKEY_CLASSES_ROOT\CLSID\{1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA}

Smitfraud-C.Toolbar888: Settings (Registry key, fixed)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR

Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

Microsoft.WindowsSecurityCenter.UpdateDisableNotify: Settings (Registry change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0

Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2

Avenue A, Inc.: Tracking cookie (Internet Explorer: Administrator) (Cookie, fixed)
 

DoubleClick: Tracking cookie (Internet Explorer: Administrator) (Cookie, fixed)
 

Statcounter: Tracking cookie (Internet Explorer: Administrator) (Cookie, fixed)
 

FastClick: Tracking cookie (Internet Explorer: Administrator) (Cookie, fixed)
 

Advertising.com: Tracking cookie (Internet Explorer: Administrator) (Cookie, fixed)
 

MediaPlex: Tracking cookie (Internet Explorer: Administrator) (Cookie, fixed)
 

TagASaurus: Tracking cookie (Internet Explorer: Administrator) (Cookie, fixed)
 


--- Spybot - Search & Destroy version: 1.4  (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-10-31 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-11-03 Includes\Cookies.sbi (*)
2006-10-13 Includes\Dialer.sbi (*)
2006-11-03 Includes\DialerC.sbi (*)
2006-11-03 Includes\Hijackers.sbi (*)
2006-11-03 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-11-03 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-11-03 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-11-03 Includes\PUPSC.sbi (*)
2006-11-03 Includes\Revision.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-11-03 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-11-03 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-11-03 Includes\Trojans.sbi (*)
2006-11-03 Includes\TrojansC.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/917283
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/922770
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB887797
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Update for Windows XP (KB900930)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Update for Windows XP (KB912945)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Update for Windows XP (KB920342)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)


--- Startup entries list ---
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
   file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
   size: 84640
    MD5: 61937bfdf7e4d169461a547acd09974c

Located: HK_LM:Run, ISUSPM Startup
command: "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
   file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
   size: 221184
    MD5: b4b4eb2f8849e93fe5fece11e52c5930

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
   file: C:\Program Files\iTunes\iTunesHelper.exe
   size: 278528
    MD5: 8778072a594e1310c0b7d0a93771e8bd

Located: HK_LM:Run, NvCplDaemon
command: "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
   file: C:\WINDOWS\system32\RUNDLL32.EXE
   size: 33280
    MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, nwiz
command: "nwiz.exe" /install
   file: C:\WINDOWS\system32\nwiz.exe
   size: 741376
    MD5: a4ae9ba1e10cb9f6c0949c4db91a1f72

Located: HK_LM:Run, osCheck
command: "C:\Program Files\Norton AntiVirus\osCheck.exe"
   file: C:\Program Files\Norton AntiVirus\osCheck.exe
   size: 26248
    MD5: 3602c14e8b2bf31e7b4f14c162178945

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
   file: C:\Program Files\QuickTime\qttask.exe
   size: 282624
    MD5: 383145864f6543c97a7e1b78505d2f1c

Located: HK_LM:Run, RemoteControl
command: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
   file: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
   size: 32768
    MD5: 8fb740d758b14b1bc950cc347c21e461

Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
   file: C:\Program Files\Windows Defender\MSASCui.exe
   size: 866584
    MD5: 2642aa91abf53f528b943da5a4c50094

Located: System.ini, crypt32chain
command: crypt32.dll
   file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
   file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
   file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
   file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
   file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
   file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
   file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
   file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
   file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
   file: wlnotify.dll

Located: System.ini, WRNotifier
command: WRLogonNTF.dll
   file: WRLogonNTF.dll



--- Browser helper object list ---


--- ActiveX list ---


--- Process list ---
PID:    0 (   0) [System]
PID:  532 (   4) \SystemRoot\System32\smss.exe
PID:  604 ( 532) \??\C:\WINDOWS\system32\winlogon.exe
PID:  648 ( 604) C:\WINDOWS\system32\services.exe
size: 108032
  MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID:  660 ( 604) C:\WINDOWS\system32\lsass.exe
size: 13312
  MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID:  820 ( 648) C:\WINDOWS\system32\svchost.exe
size: 14336
  MD5: 8F078AE4ED187AAABC0A305146DE6716
PID:  932 ( 648) C:\Program Files\Windows Defender\MsMpEng.exe
size: 13592
  MD5: 581061776E1B7C4C7771E97AE5EAF377
PID:  976 ( 648) C:\WINDOWS\System32\svchost.exe
size: 14336
  MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1244 ( 648) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
size: 105632
  MD5: 15C40B3E236C98C3C31F802881713064
PID: 1324 ( 648) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
size: 46736
  MD5: CE045B180D34404FF3017C18D308E9C1
PID: 1376 ( 648) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 1087680
  MD5: 6FDA95007C483C378824F86FE351AA9C
PID: 1712 ( 648) C:\WINDOWS\system32\spoolsv.exe
size: 57856
  MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID:  188 (2008) C:\WINDOWS\Explorer.EXE
size: 1032192
  MD5: A0732187050030AE399B241436565E64
PID:  316 ( 188) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
size: 32768
  MD5: 8FB740D758B14B1BC950CC347C21E461
PID:  384 ( 188) C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
  MD5: 8778072A594E1310C0B7D0A93771E8BD
PID:  412 ( 188) C:\Program Files\Windows Defender\MSASCui.exe
size: 866584
  MD5: 2642AA91ABF53F528B943DA5A4C50094
PID:  452 ( 188) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 84640
  MD5: 61937BFDF7E4D169461A547ACD09974C
PID:  528 ( 648) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
size: 10328
  MD5: AA2770FD967DAB91A597619C4EADC0C9
PID:  708 ( 648) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
size: 100016
  MD5: 7FB54900AA9792AB6307C699EC1859D4
PID:  852 ( 648) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
size: 198336
  MD5: 0FCFBD0EDAA188B3D652DDCE6D16D866
PID: 1932 ( 648) C:\WINDOWS\System32\svchost.exe
size: 14336
  MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1976 ( 648) C:\PROGRA~1\Iomega\System32\AppServices.exe
size: 73728
  MD5: 19EF7FB809D3073EE60F85464E9C4C51
PID: 2024 ( 648) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 322120
  MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 2092 ( 648) C:\WINDOWS\System32\nvsvc32.exe
size: 81920
  MD5: 5ED834603C36414B579979B3A9C90F54
PID: 2232 ( 648) C:\WINDOWS\System32\svchost.exe
size: 14336
  MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2588 ( 648) C:\Program Files\iPod\bin\iPodService.exe
size: 323584
  MD5: 962BC769D1008D83F6A00B9DE887EEF4
PID: 4032 ( 188) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
  MD5: 09CA174A605B480318731E691DC98539
PID:    4 (   0) System
PID:  580 ( 532) csrss.exe
PID:  868 ( 648) svchost.exe
PID: 1032 ( 648) svchost.exe
PID: 1148 ( 648) svchost.exe
PID:  912 ( 708) aoltpspd.exe
PID: 2400 ( 648) wmpnetwk.exe
PID: 3056 ( 648) alg.exe


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11/5/2006 2:37:33 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL
  http://ie.search.msn.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
  C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
  http://www.msn.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
  http://home.microsoft.com/search/search.asp
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
  http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
  %SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
  about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
  http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
  http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
   uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
       publisher: Lavasoft
       help link: http://www.lavasoft.com

  (AddressBook)

Adobe Acrobat 5.0 5.1 (Adobe Acrobat 5.0)
version (major): 5
version (minor): 1
install location: C:\Program Files\Adobe\Acrobat 5.0
  install source: C:\Documents and Settings\Administrator\Local Settings\Temp\pft15~tmp\
   uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
       publisher: Adobe Systems, Inc.
       help link: http://www.adobe.com/prodindex/acrobat/main.html

America Online (Choose which version to remove)  (America Online us)
   uninstall cmd: C:\Program Files\Common Files\aolshare\aolunins_us.exe

AOL Connectivity Services  (AOL Connectivity Services)
   uninstall cmd: "C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c

AOL Instant Messenger  (AOL Instant Messenger)
   uninstall cmd: C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=

AOL You've Got Pictures Screensaver  (AOL YGP Screensaver)
   uninstall cmd: C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe

AOL Coach Version 2.0(Build:20041026.5 en)  (AolCoach2_en)
   uninstall cmd: C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP

AVG Anti-Spyware 7.5  (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
   uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
       publisher: Grisoft Ltd.
       help link: http://www.grisoft.com

  (Branding)

Conexant HSF V92 56K RTAD Speakerphone PCI Modem  (CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0)
   uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0\HxFSETUP.EXE -U -IVEN_14F1&DEV_2016&SUBSYS_021913E0

  (Connection Manager)

  (DirectAnimation)

  (DirectDrawEx)

  (DXM_Runtime)

  (Fontcore)

Gold Miner Vegas (remove only)  (Gold Miner Vegas)
   uninstall cmd: "C:\Program Files\Gold Miner Vegas\Uninstall.exe"

Hauppauge WinTV Radio  (Hauppauge WinTV Radio)
   uninstall cmd: C:\PROGRA~1\WinTV\UNrad32.EXE C:\PROGRA~1\WinTV\RADIO32.LOG

Hauppauge WinTV2000  (Hauppauge WinTV2000)
   uninstall cmd: C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG

HijackThis 1.99.1 1.99.1 (HijackThis)
   uninstall cmd: C:\New Folder\hijackthis\HijackThis.exe /uninstall
       publisher: Soeperman Enterprises Ltd.

  (ICW)

Microsoft Internationalized Domain Names Mitigation APIs  (IDNMitigationAPIs)
    install date: 20061020
   uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation

  (IE40)

  (IE4Data)

  (IE5BAKEX)

Windows Internet Explorer 7 20061017.133151 (ie7)
    install date: 20061020
   uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://www.microsoft.com/ie

  (IEData)

Indeo® Software  (Indeo® Software)
   uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu"

  (InstallShield Uninstall Information)

DataPilot USB Driver Pack 1.13.0000 (InstallShield_{4F02C4F5-0FE6-42E0-B440-0E5D3F939790})
         version: 17629184
version (major): 1
version (minor): 13
  estimated size: 14385
    install date: 20060623
install location: C:\Program Files\Susteen\Driver Installers\DP\
  install source: C:\WINDOWS\Downloaded Installations\{41AE958D-6140-41CC-BD7D-80BEA910BA0E}\
   uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{4F02C4F5-0FE6-42E0-B440-0E5D3F939790}
       publisher: Susteen
        comments: Your Comments
         contact: Customer Support Department
       help link: http://www.datapilot.com/contact.htm
  help telephone: 1-949-789-8200

iTunes 6.0.4.2 (InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709})
         version: 100663300
version (major): 6
  estimated size: 34690
    install date: 20060615
install location: C:\Program Files\iTunes\
  install source: C:\WINDOWS\Downloaded Installations\{59C4F14F-7590-45FC-BE9F-A67AB3590709}\
   uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
       publisher: Apple Computer, Inc.
         contact: AppleCare Support
       help link: http://www.info.apple.com/
  help telephone: 1-800-275-2273

iPod for Windows 2005-02-07 3.1.0 (InstallShield_{78B50D1D-642C-4B89-BCC7-352EAE3614D7})
         version: 50397184
version (major): 3
version (minor): 1
  estimated size: 40814
    install date: 20050409
install location: C:\Program Files\iPod\
  install source: C:\WINDOWS\Downloaded Installations\{27CA2C5D-95E6-467E-898C-AE509746C4BE}\
   uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{78B50D1D-642C-4B89-BCC7-352EAE3614D7} /l1033
       publisher: Apple Computer, Inc.
         contact: AppleCare
       help link: http://www.info.apple.com

NTI CD & DVD-Maker 7 Platinum 7.0.0.67 (InstallShield_{7946D17C-937A-4FF6-8915-1748881BD590})
         version: 117440512
version (major): 7
  estimated size: 23631
    install date: 20060212
install location: C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\
  install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pft736.tmp\
   uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7946D17C-937A-4FF6-8915-1748881BD590} CDM7
       publisher: NewTech Infosystems
        comments: Your Comments
         contact: Customer Support Department
       help link: http://www.yourcompany.com/help
  help telephone: 1-555-555-4505

DataPilot 4.01.0000 (InstallShield_{B58436F5-EEC6-4005-A1B7-26597CD4B644})
         version: 67174400
version (major): 4
version (minor): 1
  estimated size: 124476
    install date: 20060623
install location: C:\Program Files\Susteen\DataPilot\
  install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pft90D.tmp\
   uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{B58436F5-EEC6-4005-A1B7-26597CD4B644}
       publisher: Susteen
        comments: Your Comments
         contact: Customer Support Department
       help link: http://www.datapilot.com/contact.htm
  help telephone: 1-949-789-8200

QuickTime 7.1 (InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31})
         version: 117506048
version (major): 7
version (minor): 1
  estimated size: 71339
    install date: 20060624
install location: C:\Program Files\QuickTime\
  install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_is23\
   uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
       publisher: Apple Computer, Inc.
         contact: AppleCare Support
       help link: http://www.info.apple.com/
  help telephone: 1-800-275-2273

NTI Backup NOW! 4 4.0.20.8 (InstallShield_{DAAC0BF0-BB13-40F7-9F9E-4F7C8ADD142C})
         version: 67108884
version (major): 4
  estimated size: 17350
    install date: 20050907
install location: C:\Program Files\NewTech Infosystems\NTI Backup NOW! 4\
  install source: C:\Documents and Settings\Administrator\Local Settings\Temp\pft8.tmp\BUN\
   uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{DAAC0BF0-BB13-40F7-9F9E-4F7C8ADD142C} BUN4
       publisher: NewTech Infosystems
        comments: Your Comments
         contact: Customer Support Department
       help link: http://www.yourcompany.com/help
  help telephone: 1-555-555-4505

Windows XP Hotfix - KB834707 20040929.110854 (KB834707)
   uninstall cmd: C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=834707

Windows XP Hotfix - KB867282 20050127.090417 (KB867282)
   uninstall cmd: C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=867282

Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
   uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=873333

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
   uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=873339

Security Update for Windows XP (KB883939) 1 (KB883939)
    install date: 20050614
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=883939

  (KB884016)

  (KB884267)

Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
   uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=885250

  (KB885353)

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
   uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
   uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB885884 20040924.025457 (KB885884)
   uninstall cmd: C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=885884

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
   uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=886185

  (KB886612)

  (KB887078)

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
   uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=887472

  (KB887626)

Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
   uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=887742

Windows XP Hotfix - KB887797 20041018.133824 (KB887797)
   uninstall cmd: C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=887797

Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
   uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=888113

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
   uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=888302

  (KB888656)

  (KB889858)

Security Update for Windows XP (KB890046) 1 (KB890046)
    install date: 20050702
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890047 20041221.124506 (KB890047)
   uninstall cmd: C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=890047

Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
   uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=890175

Windows XP Hotfix - KB890859 1 (KB890859)
    install date: 20050412
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=890859

Windows XP Hotfix - KB890923 1 (KB890923)
    install date: 20050412
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=890923

Windows Media Format SDK Hotfix - KB891122  (KB891122)
    install date: 20051101
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=891122

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
   uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=891781

  (KB892313)

Windows XP Hotfix - KB893066 1 (KB893066)
    install date: 20050412
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=893066

Windows XP Hotfix - KB893086 1 (KB893086)
    install date: 20050412
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=893086

  (KB893240)

  (KB893241)

Security Update for Windows XP (KB893756) 1 (KB893756)
    install date: 20050809
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=893756

Windows Installer 3.1 (KB893803) 3.1 (KB893803)
   uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://go.microsoft.com/fwlink/?LinkId=42467

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
   uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
    install date: 20050809
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=894391

  (KB895181)

  (KB895316)

  (KB895572)

Hotfix for Windows XP (KB896344) 2 (KB896344)
    install date: 20050702
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=896344

Security Update for Windows XP (KB896358) 1 (KB896358)
    install date: 20050614
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896422) 1 (KB896422)
    install date: 20050614
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=896422

Security Update for Windows XP (KB896423) 1 (KB896423)
    install date: 20050809
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896424) 1 (KB896424)
    install date: 20051108
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=896424

Security Update for Windows XP (KB896428) 1 (KB896428)
    install date: 20050614
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=896428

Security Update for Windows XP (KB896688) 1 (KB896688)
    install date: 20051011
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=896688

Update for Windows XP (KB896727) 1 (KB896727)
    install date: 20050809
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=896727

  (KB897586)

Update for Windows XP (KB898461) 1 (KB898461)
    install date: 20050629
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=898461

  (KB898549)

Security Update for Windows XP (KB899587) 1 (KB899587)
    install date: 20050809
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=899587

Security Update for Windows XP (KB899588) 1 (KB899588)
    install date: 20050809
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=899588

Security Update for Windows XP (KB899589) 1 (KB899589)
    install date: 20051011
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=899589

Security Update for Windows XP (KB899591) 1 (KB899591)
    install date: 20050809
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=899591

  (KB900399)

Update for Windows XP (KB900485) 2 (KB900485)
    install date: 20060426
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=900485

Security Update for Windows XP (KB900725) 1 (KB900725)
    install date: 20051011
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=900725

Update for Windows XP (KB900930) 1 (KB900930)
    install date: 20050731
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB900930$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=900930

Security Update for Windows XP (KB901017) 1 (KB901017)
    install date: 20051011
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=901017

Security Update for Windows XP (KB901214) 1 (KB901214)
    install date: 20050712
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=901214

Hotfix for Windows Media Format SDK (KB902344)  (KB902344)
    install date: 20051103
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=902344

Security Update for Windows XP (KB902400) 1 (KB902400)
    install date: 20051011
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=902400

Security Update for Windows XP (KB903235) 1 (KB903235)
    install date: 20050712
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=903235

Security Update for Windows XP (KB904706) 1 (KB904706)
    install date: 20051011
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=904706

Update for Windows XP (KB904942) 2 (KB904942)
    install date: 20060304
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=904942

Security Update for Windows XP (KB905414) 1 (KB905414)
    install date: 20051011
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=905414

Security Update for Windows XP (KB905749) 1 (KB905749)
    install date: 20051011
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=905749

Security Update for Windows XP (KB905915) 1 (KB905915)
    install date: 20051214
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=905915

  (KB907658)

Security Update for Windows XP (KB908519) 1 (KB908519)
    install date: 20060111
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=908519

Security Update for Windows XP (KB908531) 1 (KB908531)
    install date: 20060417
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=908531

Microsoft Base Smart Card Cryptographic Service Provider Package  (KB909520)
   uninstall cmd: "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation

Update for Windows XP (KB910437) 1 (KB910437)
    install date: 20051214
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=910437

Security Update for Windows XP (KB911280) 1 (KB911280)
    install date: 20060614
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=911280

Security Update for Windows XP (KB911562) 1 (KB911562)
    install date: 20060417
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=911562

Security Update for Windows Media Player (KB911564)  (KB911564)
    install date: 20060217
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com/?kbid=911564

Security Update for Windows Media Player 10 (KB911565)  (KB911565)
    install date: 20060217
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com/?kbid=911565

Security Update for Windows XP (KB911567) 1 (KB911567)
    install date: 20060417
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=911567

  (KB911854)

Security Update for Windows XP (KB911927) 1 (KB911927)
    install date: 20060217
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=911927

Security Update for Windows XP (KB912812) 1 (KB912812)
    install date: 20060417
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=912812

Security Update for Windows XP (KB912919) 1 (KB912919)
    install date: 20060106
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=912919

Update for Windows XP (KB912945) 1 (KB912945)
    install date: 20060304
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=912945

Security Update for Windows XP (KB913446) 1 (KB913446)
    install date: 20060217
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=913446

Security Update for Windows XP (KB913580) 1 (KB913580)
    install date: 20060510
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=913580

Security Update for Windows XP (KB914388) 1 (KB914388)
    install date: 20060712
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=914388

Security Update for Windows XP (KB914389) 1 (KB914389)
    install date: 20060614
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=914389

Hotfix for Windows XP (KB914440) 10 (KB914440)
    install date: 20061020
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=914440

Hotfix for Windows XP (KB915865) 10 (KB915865)
    install date: 20061020
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=915865

Security Update for Windows XP (KB916281) 1 (KB916281)
    install date: 20060614
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=916281

Update for Windows XP (KB916595) 1 (KB916595)
    install date: 20060712
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=916595

Security Update for Windows XP (KB917159) 1 (KB917159)
    install date: 20060712
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=917159

Security Update for Microsoft .NET Framework 2.0 (KB917283) 1 (KB917283.T1_1ToU93_1)
   uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com/kb/917283

Security Update for Windows XP (KB917344) 1 (KB917344)
    install date: 20060614
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=917344

Security Update for Windows XP (KB917422) 1 (KB917422)
    install date: 20060813
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=917422

Security Update for Windows Media Player 10 (KB917734)  (KB917734_WMP10)
    install date: 20060614
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com/?kbid=917734

Security Update for Windows XP (KB917953) 1 (KB917953)
    install date: 20060614
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=917953

Security Update for Windows XP (KB918439) 1 (KB918439)
    install date: 20060614
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=918439

Security Update for Windows XP (KB918899) 1 (KB918899)
    install date: 20060813
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=918899

Security Update for Windows XP (KB919007) 1 (KB919007)
    install date: 20060913
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=919007

Security Update for Windows XP (KB920214) 1 (KB920214)
    install date: 20060813
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=920214

Update for Windows XP (KB920342) 1 (KB920342)
    install date: 20061025
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=920342

Security Update for Windows XP (KB920670) 1 (KB920670)
    install date: 20060813
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=920670

Security Update for Windows XP (KB920683) 1 (KB920683)
    install date: 20060813
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=920683

Security Update for Windows XP (KB920685) 1 (KB920685)
    install date: 20060913
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=920685

Update for Windows XP (KB920872) 1 (KB920872)
    install date: 20060913
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=920872

Security Update for Windows XP (KB921398) 1 (KB921398)
    install date: 20060813
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=921398

Security Update for Windows XP (KB921883) 1 (KB921883)
    install date: 20060813
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=921883

Update for Windows XP (KB922582) 1 (KB922582)
    install date: 20060913
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=922582

Security Update for Windows XP (KB922616) 1 (KB922616)
    install date: 20060813
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=922616

Security Update for Microsoft .NET Framework 2.0 (KB922770) 1 (KB922770.T1_1ToU168_1)
   uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com/kb/922770

Security Update for Windows XP (KB922819) 1 (KB922819)
    install date: 20061011
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=922819

Security Update for Windows XP (KB923191) 1 (KB923191)
    install date: 20061011
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=923191

Security Update for Windows XP (KB923414) 1 (KB923414)
    install date: 20061011
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=923414

Security Update for Windows XP (KB924191) 1 (KB924191)
    install date: 20061011
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=924191

Security Update for Windows XP (KB924496) 1 (KB924496)
    install date: 20061011
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=924496

Security Update for Windows XP (KB925486) 1 (KB925486)
    install date: 20061005
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=925486

Hotfix for Windows XP (KB926239) 2 (KB926239)
    install date: 20061101
   uninstall cmd: "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: http://support.microsoft.com?kbid=926239

LiveUpdate 3.1 (Symantec Corporation) 3.1.0.99 (LiveUpdate)
install location: "C:\Program Files\Symantec\LiveUpdate"
   uninstall cmd: "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
       publisher: Symantec Corporation

  (LREWebGames)

LucasArts' Yoda Stories  (LucasArts' Yoda Stories)
   uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\LucasArts\Yoda\DeIsL2.isu"

Microsoft .NET Framework 1.1 Hotfix (KB886903)  (M886903)
   uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"

Macromedia Shockwave Player  (Macromedia Shockwave Player)
   uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Microsoft .NET Framework 1.1  (Microsoft .NET Framework 1.1  (1033))
   uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
          readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Microsoft .NET Framework 2.0  (Microsoft .NET Framework 2.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
   uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
Need computer help?  Get it for FREE at: http://www.Felburg.com

Corrine

#35
November 05, 2006, 06:47:56 PM
So, is C:\WINDOWS\system\jeixpaj.exe gone from startup?  Is your computer back to normal?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Felburg

#36
November 05, 2006, 06:58:47 PM
I think so, must I am not 100% sure.  Here is my startup log:

QuoteStartupList report, 11/5/2006, 10:56:33 AM
StartupList version: 1.52.2
Started from : C:\New Folder\hijackthis\NewHJT.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5730.0011)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\New Folder\hijackthis\NewHJT.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz = "nwiz.exe" /install
RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
ISUSPM Startup = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
osCheck = "C:\Program Files\Norton AntiVirus\osCheck.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

AOL Fast Start = "C:\Program Files\America Online 9.0\AOL.EXE" -b

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Task Scheduler jobs:

MP Scheduled Scan.job
Norton AntiVirus - Run Full System Scan - Administrator.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://download.microsoft.com/download/b/e/5/be592e3e-4442-4588-b01e-8fe3a2e104ac/LegitCheckControl.cab

[ewidoOnlineScan Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL
CODEBASE = http://downloads.ewido.net/ewidoOnlineScan.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119923077359

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 5,470 bytes
Report generated in 0.078 seconds

Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only

Also, are there any other tools to verify that Smitfraud is off of my system?  I am curious since Spybot detected it last night.
Need computer help?  Get it for FREE at: http://www.Felburg.com

Corrine

#37
November 05, 2006, 07:31:35 PM
Yes, but the file that was on your system was not on the change log nor did it show up in the AVG scan.  It could be that Safer Networking uses a different naming convention.  You can follow the instructions here.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Felburg

#38
November 05, 2006, 07:37:20 PM
OK.  I'll take a look at that.
Need computer help?  Get it for FREE at: http://www.Felburg.com

Felburg

#39
November 05, 2006, 07:56:45 PM
I'm back.  I don't think that the tool found anything.  Here are the results:

QuoteSmitFraudFix v2.119

Scan done at 11:40:35.28, Sun 11/05/2006
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Also, here is the latest Hijackthis log:

QuoteLogfile of HijackThis v1.99.1
Scan saved at 11:55:42 AM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\New Folder\hijackthis\NewHJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119923077359
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


Does this mean that my system is now clean and back to normal?
Need computer help?  Get it for FREE at: http://www.Felburg.com

Corrine

#40
November 05, 2006, 08:29:02 PM
Yes, your system appears to be clean.  As to normal, that is not a judgment call I wish to make.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Felburg

#41
November 05, 2006, 08:45:05 PM
Great!   :mitch:

I really appreciate your help.

If you want me to try anything else to check, just let me know.  I'll let you know if anything more strange comes up.

(Just to be safe, can you please leave this thread open for a few days?)
Need computer help?  Get it for FREE at: http://www.Felburg.com

Felburg

#42
November 14, 2006, 04:40:30 AM
Just to let you know, everything still seems to be working perfectly.

I found a video that goes great with my topic:

http://www.youtube.com/watch?v=jzRxkxu5ZKc

Need computer help?  Get it for FREE at: http://www.Felburg.com
Print
Go Up Pages 1 2 3
User actions