Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IRC/BackDoor.flood


  • Please log in to reply

#1
Dazed&Confused

Dazed&Confused

    Member

  • Member
  • PipPip
  • 29 posts
I discovered this malware after trying to send an email that was rejected by the recipient for containing a virus. My computer seems to be operating normally. The infection was detected by AVG Anti-Virus and was placed in the Virus Vault before any of these actions were taken. The infected file path is C:\WINDOWS\SYSTEM32\c.bat. Clicking to heal the file fails with the error message: Action failed. Error while handling C:\WINDOWS\SYSTEM32\c.bat

----------------------
SUPERAntiSpyware Scan Log
Generated 02/19/2008 at 09:47 PM

Application Version : 3.6.1000

Core Rules Database Version : 3406
Trace Rules Database Version: 1159

Scan type : Complete Scan
Total Scan Time : 01:52:28

Memory items scanned : 413
Memory threats detected : 0
Registry items scanned : 5339
Registry threats detected : 0
File items scanned : 102358
File threats detected : 0

----------------------------------------
ActiveScan log

Incident Status Location

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\BMS\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\COOKIES.TXT[.statcounter.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\BMS\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\COOKIES.TXT[.com.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\BMS\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\BMS\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\BMS\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\COOKIES.TXT[.trafficmp.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\BMS\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\BMS\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\COOKIES.TXT[.zedo.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\BMS\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\BMS\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\COOKIES.TXT[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\BMS\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\BMS\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\COOKIES.TXT[.casalemedia.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\BMS\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\COOKIES.TXT[.mediaplex.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\BMS\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\COOKIES.TXT[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\BMS\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\BMS\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\COOKIES.TXT[.apmebf.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\BMS\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\COOKIES.TXT[server.iad.liveperson.net/hc/84846171]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\BMS\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\COOKIES.TXT[server.iad.liveperson.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\BMS\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\COOKIES.TXT[.atwola.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\BMS\Application Data\MozillaControl\PROFILES\MozillaControl\5HTXRG4S.SLT\COOKIES.TXT[server.iad.liveperson.net/hc/84846171]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\BMS\Application Data\MozillaControl\PROFILES\MozillaControl\5HTXRG4S.SLT\COOKIES.TXT[server.iad.liveperson.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\BMS\Application Data\MozillaControl\PROFILES\MozillaControl\5HTXRG4S.SLT\COOKIES.TXT[statse.webtrendslive.com/]
Adware:Adware/Startpage.ACY Not disinfected C:\Program Files\Support.com\ADELPHIA\SCRIPTS\IEconfig.vbs


-----------------------------------------
AVG Anti-Spyware Log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:56:00 PM 2/20/2008

+ Scan result:



:mozilla.176:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\bms\Application Data\MozillaControl\profiles\MozillaControl\5htxrg4s.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\bms\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.145:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.146:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.147:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.100:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.103:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.104:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.105:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.106:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.81:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.224:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.139:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.141:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.142:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.143:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.144:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.65:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.158:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.159:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.160:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.161:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.162:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.163:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.164:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.165:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.195:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.250:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.251:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.228:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.22:C:\Documents and Settings\bms\Application Data\MozillaControl\profiles\MozillaControl\5htxrg4s.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.230:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.23:C:\Documents and Settings\bms\Application Data\MozillaControl\profiles\MozillaControl\5htxrg4s.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.148:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.27:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.28:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.125:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.126:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.127:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.128:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.129:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.130:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.131:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.132:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.133:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.134:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.121:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.61:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.62:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.63:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.64:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.13:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.14:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.15:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.16:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.206:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.207:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.208:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.209:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.267:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.86:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.87:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.88:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.89:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.96:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.166:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.32:C:\Documents and Settings\bms\Application Data\MozillaControl\profiles\MozillaControl\5htxrg4s.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.135:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.136:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.137:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.138:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.120:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.122:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.123:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.124:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end


--------------------------------------------------
Hijack This log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:41 PM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://business.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://business.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Update Machine] wuamgrd.exe
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuamgrd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update Machine] wuamgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update Machine] wuamgrd.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.appl...meInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

--
End of file - 8002 bytes


--------------------------------------------------
Uninstall List
Adobe Flash Player Plugin
Adobe Shockwave Player
Adobe Type Manager 4.0
AVG 7.5
AVG Anti-Spyware 7.5
CCleaner (remove only)
Easy Thumbnails (Remove only)
FileZilla (remove only)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Java™ 6 Update 2
Java™ 6 Update 3
Macromedia Extension Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
MIVA Mia
Miva Script Compiler
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB936181)
MySQL interface for Miva Empresa
Panda ActiveScan
PDFCreator
Rhapsody Player Engine
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SUPERAntiSpyware Free Edition
TBS WMP Plug-in
TopStyle (Version 3)
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB920872)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
XAMPP 1.5.3a
  • 0

Advertisements


#2
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,641 posts
Hello and welcome to Geeks To Go! My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your query and we will go through it again.

The fixes may take several attempts and my replies may take some time but stick with it, and we will be sure to get you sorted.

NOTE: I am still in training so I have to let the experts check the content of my fixes before I post them. This may take a little longer but the fixes will be verified and correct.

I will post your first set of instructions shortly.
  • 0

#3
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,641 posts
Hi Dazed&Confused,

Your logs not looking to bad please follow the following steps….

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

===============================================

Update Java Runtime:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 4.
  • Go to http://java.sun.com/...loads/index.jsp
  • Go to Java Runtime Environment (JRE) 6 Update 4 and click on Download button.
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u4-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
  • Reboot your computer
  • Delete the folder C:\Program Files\Java if present
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer

===============================================

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

===============================================

Needed in your next reply :

Report.txt from SDfix

main.txt and extra.txt from Deckard's System Scanner
  • 0

#4
Dazed&Confused

Dazed&Confused

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi Brian, thanks so much for the help!

I have done the first step, but I'm unable to reinstall Java because 1) their download system is undergoing maintenance and 2) I see Java 2 Runtime Environment, SE v1.4.2 in the list of programs under Add/Remove Programs, but it has no Change or Delete buttons. Is there another way to uninstall it? Also, should I also remove the Java ™ 6 Update 2 and the Java ™ 6 Update 3?
  • 0

#5
Dazed&Confused

Dazed&Confused

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Here are my logs:

SDFix:


SDFix: Version 1.145

Run by bms on Sat 02/23/2008 at 08:01 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\FTPUPD.EXE - Deleted
C:\WINDOWS\SYSTEM32\BLING.EXE - Deleted
C:\WINDOWS\system32\TFTP2708 - Deleted
C:\WINDOWS\system32\TFTP2912 - Deleted
C:\WINDOWS\system32\bling.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 08:21:52
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\xampp\\apache\\bin\\apache.exe"="C:\\Program Files\\xampp\\apache\\bin\\apache.exe:*:Enabled:Apache HTTP Server"
"C:\\MIVAMia\\BIN\\Mia.exe"="C:\\MIVAMia\\BIN\\Mia.exe:*:Enabled:MIVA Mia (Virtual Machine)"
"C:\\Program Files\\XAMPP\\mysql\\bin\\mysqld.exe"="C:\\Program Files\\XAMPP\\mysql\\bin\\mysqld.exe:*:Enabled:mysqld"
"C:\\Program Files\\XAMPP\\mysql\\bin\\mysqld-nt.exe"="C:\\Program Files\\XAMPP\\mysql\\bin\\mysqld-nt.exe:*:Enabled:mysqld-nt"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 11 Nov 2006 45,810 A..H. --- "C:\My Documents\eFax Messenger 4.2\J2GPlus.exe-BarState"
Wed 13 Oct 2004 1,694,208 A.SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 29 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 11 Nov 2006 45,810 A..H. --- "C:\Documents and Settings\bms\My Documents\eFax Messenger 4.2\J2GPlus.exe-BarState"
Fri 12 Nov 2004 37,376 A..H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Fri 4 Jan 2008 25,088 ...H. --- "C:\Documents and Settings\bms\Desktop\htdocs\accenv\jobs database\~WRL0005.tmp"
Fri 4 Jan 2008 29,184 ...H. --- "C:\Documents and Settings\bms\Desktop\htdocs\accenv\jobs database\~WRL0779.tmp"

Finished!


----------------------------------------

Deckard's System Scanner:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1400MHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 511.23 MiB / 198.17 MiB
Pagefile Memory (total/avail): 1250.05 MiB / 893.81 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.77 MiB

C: is Fixed (FAT32) - 37.21 GiB total, 19.97 GiB free.
D: is CDROM (CDUDFRW)

\\.\PHYSICALDRIVE0 - HTS548040M9AT00 - 37.26 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Unknown - 37.21 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\xampp\\apache\\bin\\apache.exe"="C:\\Program Files\\xampp\\apache\\bin\\apache.exe:*:Enabled:Apache HTTP Server"
"C:\\MIVAMia\\BIN\\Mia.exe"="C:\\MIVAMia\\BIN\\Mia.exe:*:Enabled:MIVA Mia (Virtual Machine)"
"C:\\Program Files\\XAMPP\\mysql\\bin\\mysqld.exe"="C:\\Program Files\\XAMPP\\mysql\\bin\\mysqld.exe:*:Enabled:mysqld"
"C:\\Program Files\\XAMPP\\mysql\\bin\\mysqld-nt.exe"="C:\\Program Files\\XAMPP\\mysql\\bin\\mysqld-nt.exe:*:Enabled:mysqld-nt"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\bms\Application Data
CLASSPATH=C:\Program Files\PhotoDeluxe BE 1.0\AdobeConnectables;
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TONY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\bms
LOGONSERVER=\\TONY
MVC_LIB=C:\MSC\BUILTINS\
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adaptec Shared\System;C:\MSC\BIN;C:\Program Files\xampp\mysql\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\bms\LOCALS~1\Temp
TMP=C:\DOCUME~1\bms\LOCALS~1\Temp
USERDOMAIN=TONY
USERNAME=bms
USERPROFILE=C:\Documents and Settings\bms
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

bms (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\PhotoDeluxe BE 1.0\DeIsL1.isu"
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\INSTALL.LOG
Adobe Type Manager 4.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Easy Thumbnails (Remove only) --> "C:\Program Files\Easy Thumbnails\unins000.exe"
FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MIVA Mia --> MsiExec.exe /I{C97B441B-F7A6-4B14-A096-45759B0015FF}
Miva Script Compiler --> MsiExec.exe /I{4B63C582-A4F1-43B7-B7F0-E21D7B04CAF9}
Mozilla ActiveX Control v1.7.12 --> C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe
Mozilla Firefox (2.0.0.12) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MySQL interface for Miva Empresa --> MsiExec.exe /I{76B5D961-E047-4A67-A0C8-176DBF861D39}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PDFCreator --> C:\Program Files\PDFCreator\unins000.exe
Pixie 3.1 (remove only) --> "C:\Program Files\Nattyware\Pixie\uninstall.exe"
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TBS WMP Plug-in --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
TopStyle (Version 3) --> "C:\Program Files\Bradbury\TopStyle3\unins000.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
XAMPP 1.5.3a --> "C:\Program Files\xampp\uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type2753 / Error
Event Submitted/Written: 02/15/2008 08:27:22 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.20121, faulting module jsd3250.dll, version 1.8.20080.20121, fault address 0x00004caf.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type2716 / Error
Event Submitted/Written: 02/11/2008 06:47:58 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.20121, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2660 / Error
Event Submitted/Written: 02/05/2008 10:59:29 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20071.12718, faulting module jsd3250.dll, version 1.8.20071.12718, fault address 0x00004caf.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type2657 / Error
Event Submitted/Written: 02/05/2008 08:23:08 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application EXCEL.EXE, version 9.0.0.2719, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2656 / Error
Event Submitted/Written: 02/05/2008 08:23:08 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application EXCEL.EXE, version 9.0.0.2719, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type32904 / Warning
Event Submitted/Written: 02/23/2008 08:22:03 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00042387A140. The IP address being used is 169.254.152.16.

Event Record #/Type32893 / Warning
Event Submitted/Written: 02/23/2008 08:19:46 AM / 02/23/2008 08:20:14 AM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom 570x Gigabit Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type32889 / Error
Event Submitted/Written: 02/23/2008 07:58:26 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
ATMhelpr
AVG Anti-Spyware Driver
Avg7Core
Avg7RsW
Avg7RsXP
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip

Event Record #/Type32888 / Error
Event Submitted/Written: 02/23/2008 07:58:26 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type32887 / Error
Event Submitted/Written: 02/23/2008 07:58:26 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-02-23 08:35:30 ------------


Deckard's System Scanner v20071014.68
Run by bms on 2008-02-23 08:34:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-02-23 15:34:15 UTC - RP388 - Deckard's System Scanner Restore Point
3: 2008-02-22 15:35:05 UTC - RP387 - System Checkpoint
2: 2008-02-20 02:51:22 UTC - RP386 - Installed SUPERAntiSpyware Free Edition
1: 2008-02-20 02:37:02 UTC - RP385 - Feb 08


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as bms.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:57 AM, on 2/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Documents and Settings\bms\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\bms.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://business.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://business.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update Machine] wuamgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update Machine] wuamgrd.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.appl...meInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

--
End of file - 7875 bytes

-- File Associations -----------------------------------------------------------

.js - js_auto_file - DefaultIcon - unable to read value
.js - js_auto_file - shell\open\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ATMhelpr - c:\windows\system32\drivers\atmhelpr.sys <Not Verified; Adobe Systems Incorporated; Adobe Type Manager Deluxe>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.2.1.0) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.2>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 ApfiltrService (Alps Touch Pad Filter Driver for Windows 2000/XP) - c:\windows\system32\drivers\apfiltr.sys <Not Verified; Alps Electric Co., Ltd.; Alps Touch Pad Driver for Windows 2000/XP>
R3 catchme - c:\docume~1\bms\locals~1\temp\catchme.sys (file missing)
R3 O2SCBUS (O2Micro SmartCardBus Reader) - c:\windows\system32\drivers\ozscr.sys <Not Verified; O2Micro; O2Micro © SmartCardBus Reader>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 gv3 (Intel GV3 Processor Driver) - c:\windows\system32\drivers\gv3.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BAsfIpM (Broadcom ASF IP monitoring service v6.0.3) - c:\windows\system32\basfipm.exe <Not Verified; Broadcom Corp.; Broadcom ASF IP monitoring service>
R2 RegSrvc - c:\windows\system32\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-01-23 and 2008-02-23 -----------------------------

2008-02-23 07:58:58 0 d-------- C:\WINDOWS\ERUNT
2008-02-20 20:03:25 0 d-------- C:\Program Files\Trend Micro
2008-02-20 08:44:58 0 d-------- C:\Documents and Settings\bms\Application Data\Grisoft
2008-02-19 22:36:25 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-19 19:51:27 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-19 19:51:24 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-19 19:51:23 0 d-------- C:\Documents and Settings\bms\Application Data\SUPERAntiSpyware.com
2008-02-19 19:50:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-19 17:37:22 0 dr-h----- C:\$VAULT$.AVG
2008-02-19 07:44:36 0 d-------- C:\Documents and Settings\bms\Application Data\AVG7
2008-02-19 07:44:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-19 07:44:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-19 07:44:07 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-15 13:43:08 102400 --a------ C:\WINDOWS\system32\tsccvid.dll <Not Verified; TechSmith Corporation; TechSmith Screen Capture Codec>
2008-01-29 08:38:28 0 d--h----- C:\WINDOWS\PIF
2008-01-25 14:01:52 0 d-------- C:\Documents and Settings\bms\Application Data\FireShot
2008-01-23 07:23:36 0 dr-h----- C:\Documents and Settings\bms\Recent
2008-01-23 06:59:25 0 d-------- C:\Program Files\CCleaner


-- Find3M Report ---------------------------------------------------------------

2008-02-03 06:44:32 9820 --a------ C:\WINDOWS\mozver.dat
2008-01-06 05:21:52 0 d-------- C:\Documents and Settings\bms\Application Data\Help
2008-01-04 20:46:04 0 d-------- C:\Program Files\Miva
2008-01-03 23:34:26 21 --a------ C:\Program Files\insert.txt
2008-01-02 03:58:44 8298 --a------ C:\Documents and Settings\bms\Application Data\Microsoft Excel.JNL
2008-01-01 07:56:10 0 d-------- C:\Program Files\SilverAge Software
2007-12-31 13:42:48 0 d-------- C:\Documents and Settings\bms\Application Data\Screenshot Studio Files
2007-12-30 17:39:00 0 d-------- C:\Program Files\QuickTime
2007-12-17 20:24:22 58904 --a------ C:\WINDOWS\system32\sysfolderazipcnt.dll
2007-12-17 20:24:22 58904 --a------ C:\WINDOWS\system32\azipcontmn.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [06/10/2003 11:07 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [07/29/2003 01:30 PM]
"bascstray"="BascsTray.exe" []
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [05/28/2003 05:32 PM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/2002 12:28 PM]
"LWBKEYBOARD"="C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe" [04/02/2002 02:52 AM]
"LWBMOUSE"="C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE" [11/20/2001 03:51 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/15/2005 11:18 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/30/2007 05:39 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [02/19/2008 07:44 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/16/2007 07:53 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Update Machine"=wuamgrd.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/5/2003 1:25:01 PM]
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [9/7/2004 11:30:36 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 3:05:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll 06/20/2003 07:03 AM 110592 C:\WINDOWS\SYSTEM32\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Main^Start Menu^Programs^Startup^Iomega Product Registration.lnk]
backup=C:\WINDOWS\pss\Iomega Product Registration.lnkStartup




-- End of Deckard's System Scanner: finished at 2008-02-23 08:35:30 ------------
  • 0

#6
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,641 posts
Hi Dazed&Confused,


but I'm unable to reinstall Java because 1) their download system is undergoing maintenance and 2) I see Java 2 Runtime Environment, SE v1.4.2 in the list of programs under Add/Remove Programs, but it has no Change or Delete buttons. Is there another way to uninstall it? Also, should I also remove the Java ™ 6 Update 2 and the Java ™ 6 Update 3?



Please install the Java update by following the above posted directions as soon as they are done with the maintenance. And yes you should remove all of the older Java updates from the add/remove programs. So lets take a look at your uninstall list and see what we have.

HijackThis Uninstall List

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

===============================================


Fix with HijackThis

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update Machine] wuamgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update Machine] wuamgrd.exe (User 'Default user')

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


===============================================


Search and delete files

We need to do a search for one or more files.
  • Click Start.
  • Click Search.
  • Click All files and folders.
  • Expand More advanced options and then check Search system folders, Search hidden files and folders and Search Subfolders.
  • then copy and Paste each of the following (one at a time) into the box:

    wuamgrd.exe
If any of these files are found please delete them.

===============================================


After that, Reboot, and post a new HijackThis log, and the uninstall_list.txt here in your reply, also let me know how your system is running.
  • 0

#7
Dazed&Confused

Dazed&Confused

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
New HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:47:41 PM, on 2/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://business.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://business.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.1\KbdAp32A.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.appl...meInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

--
End of file - 7815 bytes


---------------------------------------------------------------

Uninstall List

Adobe Flash Player Plugin
Adobe Shockwave Player
Adobe Type Manager 4.0
AVG 7.5
AVG Anti-Spyware 7.5
CCleaner (remove only)
Easy Thumbnails (Remove only)
FileZilla (remove only)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Java™ 6 Update 2
Java™ 6 Update 3
Macromedia Extension Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
MIVA Mia
Miva Script Compiler
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB936181)
MySQL interface for Miva Empresa
Panda ActiveScan
PDFCreator
Rhapsody Player Engine
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SUPERAntiSpyware Free Edition
TBS WMP Plug-in
TopStyle (Version 3)
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB920872)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
XAMPP 1.5.3a


There are programs or files that are listed in my Add/Remove programs that don't show in the uninstall list posted above (like the Java one) and that don't have the usual Change / Remove buttons available to them. They just say that they are seldom used. I'm thinking something's messed up!
  • 0

#8
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,641 posts
Hi Dazed&Confused,

Your log is looking good, but lets see if we can clean up your Add/Remove programs :) .

Please go to Start > Control Panel > Add/Remove Programs and make a list in notepad of all the programs with out the usual Change / Remove buttons. Be sure to note on this list any of them that you currently use or want to keep, and post that list in your next reply.


===============================================


Please download RegQuery by Noviciate to your desktop
  • Copy the following registry keypath by highlighting the text and pressing CTRL and C at the same time
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
  • Double click RegQuery.exe to run the program
  • Paste the text you have copied using CRTL and V, into the textbox
  • Click the Query button
  • A Notepad file will open. Please paste the contents in your next reply
  • You may now close the RegQuery program


===============================================


Needed in your next reply:

list of all the programs with out the usual Change / Remove buttons

contents of the RegQuery
  • 0

#9
Dazed&Confused

Dazed&Confused

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Thanks for your help with the trojan -- I'm glad to be rid of it! :)

The list of programs with no Remove button (I only use two of them as far as I know -- many I don't recognize the names). The ones I don't use to my knowledge all say Used Rarely and have no Last Used date.

ASF
Broadcom Advanced Control Suite
BufferChm
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
CueTour
Dell Solution Center
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DocProc
DocumentViewer
DocumentViewerQFolder
eSupportQFolder
FullDPAppQFolder
Help and Support Customization
HP Software Update
HPProductAssistant
InstantShareDevices
Intel® PROSet
Java 2 Runtime Environment, SE v1.4.2
PanoStandAlone
PhotoGallery
RandMap
ScannerCopy
SkinsHP1
SolutionCenter
Sonic_PrimoSDK
Status
Toolbox
TrayApp
Unload
WebReg
Windows Genuine Advantage v1.3.0254.0

I use these two:
Easy CD Creator 5 Basic
Retrospect 7.5

-----------------------------------------------------------------

RegQuery log:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin]
"DisplayName"="Adobe Flash Player Plugin"
"DisplayVersion"="9.0.115.0"
"Publisher"="Adobe Systems Incorporated"
"URLInfoAbout"="http://www.adobe.com...getflashplayer"
"DisplayIcon"="C:\\WINDOWS\\System32\\Macromed\\Flash\\uninstall_plugin.exe"
"UninstallString"="C:\\WINDOWS\\System32\\Macromed\\Flash\\uninstall_plugin.exe"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe PhotoDeluxe Business Edition 1.0]
"UninstallString"="C:\\WINDOWS\\UNINST.EXE -f\"C:\\Program Files\\PhotoDeluxe BE 1.0\\DeIsL1.isu\""
"InstallLocation"="C:\\Program Files\\PhotoDeluxe BE 1.0"
"InstallSource"="D:\\ADOBE\\PHOTODLX\\INSTALL\\"
"DisplayVersion"="1.0"
"Publisher"="Adobe Systems, Inc."
"ProductID"="CKW100B7101001-660"
"RegOwner"="Anthony Mason"
"RegCompany"=""
"HelpTelephone"=""
"HelpLink"=""
"URLUpdateInfo"="http://www.adobe.com...luxe/main.html"
"URLInfoAbout"="http://www.adobe.com...luxe/main.html"
"UninstallPath"="C:\\WINDOWS\\UNINST.EXE -f\"C:\\Program Files\\PhotoDeluxe BE 1.0\\DeIsL1.isu\""
"ModifyPath"="C:\\WINDOWS\\UNINST.EXE -f\"C:\\Program Files\\PhotoDeluxe BE 1.0\\DeIsL1.isu\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player]
"DisplayName"="Adobe Shockwave Player"
"UninstallString"="C:\\WINDOWS\\SYSTEM32\\MACROMED\\SHOCKW~1\\UNWISE.EXE C:\\WINDOWS\\SYSTEM32\\MACROMED\\SHOCKW~1\\INSTALL.LOG"
"DisplayVersion"="10.2.0.23"
"Publisher"="Adobe Systems, Inc."
"URLInfoAbout"="http://www.adobe.com"
"HelpLink"="http://www.adobe.com...port/shockwave"
"URLUpdateInfo"="http://www.adobe.com...yer/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Type Manager 4.0]
"UninstallString"="C:\\WINDOWS\\uninst.exe -f\"C:\\Program Files\\Adobe Type Manager\\DeIsL1.isu\" -c\"C:\\Program Files\\Adobe Type Manager\\UNINST.DLL\""
"DisplayName"="Adobe Type Manager 4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall]
"ProductType"="Avg75Free"
"DisplayName"="AVG 7.5"
"UninstallString"="C:\\Program Files\\Grisoft\\AVG7\\setup.exe /UNINSTALL"
"DisplayIcon"="C:\\Program Files\\Grisoft\\AVG7\\setup.exe"
"Language"=dword:00000409

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall\Directories]
"dir_AvgDir"="C:\\Program Files\\Grisoft\\AVG7"
"dir_AvgData"="C:\\Documents and Settings\\All Users\\Application Data\\Grisoft\\Avg7Data"
"dir_AllUsersAppData_Avg7"="C:\\Documents and Settings\\All Users\\Application Data\\avg7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall\Features]
"fea_AVG_Remove"=dword:00000000
"fea_AVG_LeaveInstalled"=dword:00000001
"fea_AVGWin"=dword:00000001
"fea_AVG_Data_Dir"=dword:00000001
"fea_AVG_ResidentShield"=dword:00000001
"fea_AVG_Firewall"=dword:00000000
"fea_AVG_Antispy"=dword:00000000
"fea_AVG_CC_Startup"=dword:00000001
"fea_AVG_Cl"=dword:00000000
"fea_AVG_Bootup"=dword:00000001
"fea_AVG_Languages"=dword:00000000
"fea_AVG_Language_CS"=dword:00000000
"fea_AVG_Language_CZ"=dword:00000000
"fea_AVG_Language_FR"=dword:00000000
"fea_AVG_Language_GE"=dword:00000000
"fea_AVG_Language_HU"=dword:00000000
"fea_AVG_Language_IT"=dword:00000000
"fea_AVG_Language_JP"=dword:00000000
"fea_AVG_Language_NL"=dword:00000000
"fea_AVG_Language_PB"=dword:00000000
"fea_AVG_Language_PT"=dword:00000000
"fea_AVG_Language_PL"=dword:00000000
"fea_AVG_Language_SC"=dword:00000000
"fea_AVG_Language_SK"=dword:00000000
"fea_AVG_Language_SP"=dword:00000000
"fea_AVG_Language_DA"=dword:00000000
"fea_AVG_EmailPlugins"=dword:00000001
"fea_AVG_Bat_plugin"=dword:00000000
"fea_AVG_Exchange_plugin"=dword:00000000
"fea_AVG_Eudora_plugin"=dword:00000000
"fea_AVG_EMC"=dword:00000001
"fea_AVG_Antispam"=dword:00000000
"fea_AVG_Office_2000_plugin"=dword:00000001
"fea_AVGDOS"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall\TextCache]
"@AVG75DesktopLinkAVGW"="AVG 7.5.lnk"
"@AVG75StartupMenuFolderName"="AVG 7.5"
"@AvgDir"="AVG7"
"@GrisoftDir"="Grisoft"
"@LinkAVGCC"="AVG Control Center.lnk"
"@LinkAVGUninstall"="Uninstall AVG.lnk"
"@LinkAVGVV"="AVG Virus Vault.lnk"
"@LinkAVGW"="AVG Test Center.lnk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVGAntiSpyware75]
"DisplayName"="AVG Anti-Spyware 7.5"
"UninstallString"="C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\Uninstall.exe"
"InstallLocation"="C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5"
"DisplayIcon"="C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe"
"Publisher"="Grisoft Ltd."
"HelpLink"="http://www.grisoft.com"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
"DisplayName"="CCleaner (remove only)"
"UninstallString"="\"C:\\Program Files\\CCleaner\\uninst.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Easy Thumbnails_is1]
"Inno Setup: Setup Version"="5.1.12"
"Inno Setup: App Path"="C:\\Program Files\\Easy Thumbnails"
"InstallLocation"="C:\\Program Files\\Easy Thumbnails\\"
"Inno Setup: Icon Group"="Easy Thumbnails"
"Inno Setup: User"="bms"
"Inno Setup: Selected Tasks"=""
"Inno Setup: Deselected Tasks"="desktopicon,quicklaunchicon"
"DisplayName"="Easy Thumbnails (Remove only)"
"DisplayIcon"="C:\\Program Files\\Easy Thumbnails\\EzThumbs.exe"
"UninstallString"="\"C:\\Program Files\\Easy Thumbnails\\unins000.exe\""
"QuietUninstallString"="\"C:\\Program Files\\Easy Thumbnails\\unins000.exe\" /SILENT"
"DisplayVersion"="2.91"
"Publisher"="Fookes Software"
"URLInfoAbout"="http://www.fookes.com/"
"HelpLink"="http://www.fookes.co...om/support.php"
"URLUpdateInfo"="http://www.fookes.com/ezthumbs/"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"InstallDate"="20070818"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla]
"DisplayName"="FileZilla (remove only)"
"UninstallString"="\"C:\\Program Files\\FileZilla\\uninstall.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis]
"DisplayName"="HijackThis 2.0.2"
"UninstallString"="\"C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe\" /uninstall"
"DisplayIcon"="C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"
"DisplayVersion"="2.0.2"
"Publisher"="TrendMicro"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Scanning Software]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs]
"DisplayName"="Microsoft Internationalized Domain Names Mitigation APIs"
"UninstallString"="\"C:\\WINDOWS\\$NtServicePackUninstallIDNMitigationAPIs$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20070817"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HiddenByIE7Setup"=dword:00000001
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie7]
"DisplayName"="Windows Internet Explorer 7"
"UninstallString"="\"C:\\WINDOWS\\ie7\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20070817"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://www.microsoft.com/ie"
"URLInfoAbout"="http://www.microsoft.com/ie"
"DisplayVersion"="20061107.210142"
"DisplayIcon"="C:\\Program Files\\Internet Explorer\\iexplore.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{DB5F474C-B584-417F-810B-DEBBC1893C2A}]
"LogFile"="C:\\Program Files\\InstallShield Installation Information\\{DB5F474C-B584-417F-810B-DEBBC1893C2A}\\Setup.ilg"
"StatusText"="TBS WMP Plug-in Setup is preparing the InstallShield Wizard, which will guide you through the program setup process. Please wait."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}]
"UninstallString"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\Driver\\1050\\INTEL3~1\\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A} "
"DisplayName"="TBS WMP Plug-in"
"LogFile"="C:\\Program Files\\InstallShield Installation Information\\{DB5F474C-B584-417F-810B-DEBBC1893C2A}\\Setup.ilg"
"Comments"=""
"Contact"=""
"DisplayVersion"="1.00.007"
"HelpTelephone"=""
"InstallDate"="20071128"
"InstallLocation"="C:\\Program Files\\CNN\\My Product Name\\"
"InstallSource"="C:\\DOCUME~1\\bms\\LOCALS~1\\Temp\\_is19\\"
"ProductID"=""
"Publisher"="CNN"
"Readme"=""
"URLInfoAbout"="http://www.CNN.com"
"URLUpdateInfo"=""
"HelpLink"=hex(2):00,00
"EstimatedSize"=dword:00000340
"Language"=dword:00000409
"Version"=dword:01000007
"VersionMajor"=dword:00000001
"VersionMinor"=dword:00000000
"DisplayIcon"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,5c,00,7b,00,\
44,00,42,00,35,00,46,00,34,00,37,00,34,00,43,00,2d,00,42,00,35,00,38,00,34,\
00,2d,00,34,00,31,00,37,00,46,00,2d,00,38,00,31,00,30,00,42,00,2d,00,44,00,\
45,00,42,00,42,00,43,00,31,00,38,00,39,00,33,00,43,00,32,00,41,00,7d,00,5c,\
00,41,00,52,00,50,00,50,00,52,00,4f,00,44,00,55,00,43,00,54,00,49,00,43,00,\
4f,00,4e,00,2e,00,65,00,78,00,65,00,00,00
"RegOwner"=" "
"RegCompany"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884267]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885353]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885835]
"DisplayName"="Windows XP Hotfix - KB885835"
"UninstallString"="C:\\WINDOWS\\$NtUninstallKB885835$\\spuninst\\spuninst.exe"
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=885835"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="20041027.181713"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886185]
"DisplayName"="Windows XP Hotfix - KB886185"
"UninstallString"="C:\\WINDOWS\\$NtUninstallKB886185$\\spuninst\\spuninst.exe"
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=886185"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="20041021.090540"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886612]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887078]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887626]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888302]
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888656]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB889858]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890046]
"DisplayName"="Security Update for Windows XP (KB890046)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB890046$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=890046"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB890046"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"DisplayIcon"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,00,65,00,\
78,00,65,00,63,00,2e,00,65,00,78,00,65,00,00,00
"InstallDate"="20070817"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB890859]
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB890859"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891122]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891781]
"DisplayName"="Windows XP Hotfix - KB891781"
"UninstallString"="C:\\WINDOWS\\$NtUninstallKB891781$\\spuninst\\spuninst.exe"
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=891781"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="20050110.165439"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892313]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893240]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893241]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893756]
"DisplayName"="Security Update for Windows XP (KB893756)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB893756$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=893756"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB893756"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"DisplayIcon"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,00,65,00,\
78,00,65,00,63,00,2e,00,65,00,78,00,65,00,00,00
"InstallDate"="20070817"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB894391]
"DisplayName"="Update for Windows XP (KB894391)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB894391$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=894391"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB894391"
"InstallDate"="20051123"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895181]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895316]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895572]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896358]
"DisplayName"="Security Update for Windows XP (KB896358)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB896358$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=896358"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB896358"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"DisplayIcon"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,00,65,00,\
78,00,65,00,63,00,2e,00,65,00,78,00,65,00,00,00
"InstallDate"="20070817"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896423]
"DisplayName"="Security Update for Windows XP (KB896423)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB896423$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=896423"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB896423"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"DisplayIcon"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,00,65,00,\
78,00,65,00,63,00,2e,00,65,00,78,00,65,00,00,00
"InstallDate"="20070817"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896424]
"DisplayName"="Security Update for Windows XP (KB896424)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB896424$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=896424"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB896424"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"DisplayIcon"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,00,65,00,\
78,00,65,00,63,00,2e,00,65,00,78,00,65,00,00,00
"InstallDate"="20070817"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB896428]
"DisplayName"="Security Update for Windows XP (KB896428)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB896428$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=896428"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB896428"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"DisplayIcon"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,00,65,00,\
78,00,65,00,63,00,2e,00,65,00,78,00,65,00,00,00
"InstallDate"="20070817"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB897586]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898549]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB899587]
"DisplayName"="Security Update for Windows XP (KB899587)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB899587$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=899587"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB899587"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"DisplayIcon"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,00,65,00,\
78,00,65,00,63,00,2e,00,65,00,78,00,65,00,00,00
"InstallDate"="20070817"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB899589]
"DisplayName"="Security Update for Windows XP (KB899589)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB899589$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=899589"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB899589"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"DisplayIcon"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,00,65,00,\
78,00,65,00,63,00,2e,00,65,00,78,00,65,00,00,00
"InstallDate"="20070817"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB899591]
"DisplayName"="Security Update for Windows XP (KB899591)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB899591$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=899591"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB899591"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"DisplayIcon"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,00,65,00,\
78,00,65,00,63,00,2e,00,65,00,78,00,65,00,00,00
"InstallDate"="20070817"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900399]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900485]
"DisplayName"="Update for Windows XP (KB900485)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB900485$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20070817"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=900485"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="2"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB900485"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900725]
"DisplayName"="Security Update for Windows XP (KB900725)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB900725$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=900725"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB900725"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"DisplayIcon"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,00,65,00,\
78,00,65,00,63,00,2e,00,65,00,78,00,65,00,00,00
"InstallDate"="20070817"
"HiddenByIE7Setup"=dword:00000001
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB901017]
"DisplayName"="Security Update for Windows XP (KB901017)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB901017$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=901017"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB901017"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"DisplayIcon"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,00,65,00,\
78,00,65,00,63,00,2e,00,65,00,78,00,65,00,00,00
"InstallDate"="20070817"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB901214]
"DisplayName"="Security Update for Windows XP (KB901214)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB901214$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=901214"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB901214"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"DisplayIcon"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,00,65,00,\
78,00,65,00,63,00,2e,00,65,00,78,00,65,00,00,00
"InstallDate"="20070817"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902344]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902400]
"DisplayName"="Security Update for Windows XP (KB902400)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB902400$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=902400"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB902400"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"DisplayIcon"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,00,65,00,\
78,00,65,00,63,00,2e,00,65,00,78,00,65,00,00,00
"InstallDate"="20070817"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB904706]
"DisplayName"="Security Update for Windows XP (KB904706)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB904706$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20070817"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=904706"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="2"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB904706"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"DisplayIcon"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,00,65,00,\
78,00,65,00,63,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB904942]
"DisplayName"="Update for Windows XP (KB904942)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB904942$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20070817"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=904942"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="2"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB904942"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB905414]
"DisplayName"="Security Update for Windows XP (KB905414)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB905414$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=905414"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB905414"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"DisplayIcon"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,00,65,00,\
78,00,65,00,63,00,2e,00,65,00,78,00,65,00,00,00
"InstallDate"="20070817"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB905749]
"DisplayName"="Security Update for Windows XP (KB905749)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB905749$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=905749"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB905749"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"DisplayIcon"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,00,65,00,\
78,00,65,00,63,00,2e,00,65,00,78,00,65,00,00,00
"InstallDate"="20070817"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB907658]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB908519]
"DisplayName"="Security Update for Windows XP (KB908519)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB908519$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20070817"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=908519"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB908519"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"DisplayIcon"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,00,65,00,\
78,00,65,00,63,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB908531]
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB908531"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB910437]
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB910437"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911280]
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB911280"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911562]
"DisplayName"="Security Update for Windows XP (KB911562)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB911562$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20070817"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=911562"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB911562"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"DisplayIcon"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,00,65,00,\
78,00,65,00,63,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911565]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911854]
"SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911927]
"DisplayName"="Security Update for Windows XP (KB911927)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB911927$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20070817"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=911927"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB911927"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"DisplayIcon"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,53,\
00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,69,00,65,00,\
78,00,65,00,63,00,2e,00,65,00,78,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB913580]
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB913580"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB914388]
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB914388"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB914389]
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB914389"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB915865]
"DisplayName"="Hotfix for Windows XP (KB915865)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB915865$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20070817"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=915865"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="10"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Hotfix"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB915865"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917953]
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB917953"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB918118]
"DisplayName"="Security Update for Windows XP (KB918118)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB918118$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20070817"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=918118"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB918118"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB919007]
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB919007"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB920213]
"DisplayName"="Security Update for Windows XP (KB920213)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB920213$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20070817"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=920213"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB920213"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB920683]
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB920683"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB920685]
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Security Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB920685"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB920872]
"DisplayName"="Update for Windows XP (KB920872)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB920872$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20070817"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.micro...om?kbid=920872"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB920872"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB921503]
"DisplayName"="Security Update for Windows XP (KB921503)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB921503$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
&
  • 0

#10
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,641 posts
I would like you to please run one more scan so we can make sure this isn’t malware related :)

AVG Anti-Spyware

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select ""Do no automatically generate report""
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

  • 0

#11
Dazed&Confused

Dazed&Confused

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Here you go:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:17:53 PM 2/28/2008

+ Scan result:



:mozilla.6:C:\Documents and Settings\bms\Application Data\MozillaControl\profiles\MozillaControl\5htxrg4s.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.8:C:\Documents and Settings\bms\Application Data\MozillaControl\profiles\MozillaControl\5htxrg4s.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.12:C:\Documents and Settings\bms\Application Data\Mozilla\Firefox\Profiles\cs7xfbds.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.


::Report end
  • 0

#12
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,641 posts
Hi Dazed&Confused,


I have some good news and bad news :) good news is you are clean of any malware :) . Bad news is I am not quite sure how to fix you add/remove programs problem of programs listed with out the usual Change / Remove buttons.. but I would like to refer you to the tech staff here at Windows XP™, 2000, 2003, NT and see if you can get some help there. They appear to be ghost or orphaned entries but the tech staff should be able to help you clean them out.


This is my standard post for when you are clear - which you now are - or seem to be. Please advise me of any problems you still have.

I know you already have some of the programs like Antivirus, and or 3rd party firewall, but I still like to share the information incase you ever need it, or want to change them.

  • First
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    Windows XP System Restore Guide
    re-enable system restore with instructions from tutorial above.


    Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

    Posted Image 1.) Watch what you download!
    Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read This Article written by Mike Healan of Spywareinfo.com fame. It is an updated and comprehensive article that gives in-depth detail about which P2P programs are "safe" to use.

    Posted Image 2.) Go to Intenet Explorer > Tools > Windows Update > Product Updates, and install ALL High-Priority Security Updates listed. If you're running Windows XP, that of course includes the Service Pack 2! If you suspect your computer is infected with Malware of any type, we advise you to not install SP2 if you don't already have it. You can post a HijackThis log on our Forums to get free Expert help cleaning your machine. Once you are sure you have a clean system, it is highly recommended to install SP2 to help prevent against future infections.

    It's important to always keep current with the latest security fixes from Microsoft.
    Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.

    Posted Image 3.) Open Intenet Explorer and go to Internet Options > Security > Internet, then press "Default Level", then OK. Now press "Custom Level." In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".

    Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
    Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security.

    So why is ActiveX so dangerous that you have to increase the security for it?
    When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
    Would you run just any random file downloaded off a web site without knowing what it is and what it does?

    Posted Image 4.) Install Javacool's SpywareBlaster

    It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects.

    Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer) Press "Enable All Protection", and you're done.
    The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
    Don't forget to check for updates every week or so.

    Posted Image 5.) Let's also not forget that Spybot Search & Destroy has the Immunize feature which works roughly the same way. Another feature within Spybot is the TeaTimer option. This option immediately detects known malicious processes wanting to start and terminates them. TeaTimer also detects when something wants to change some critical registry keys and gives you an option to allow them or not.

    Posted Image 6.) Microsoft now offers their own free malicious software blocking tool. Windows Defender improves Internet browsing safety by guarding over fifty (50) ways spyware can enter your PC.

    Posted Image 7.) Another excellent program by Javacool we recommend is SpywareGuard.
    It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

    Posted Image 8.) IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Another good hosts program is mvpshosts. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial.

    *It is important to note that all of the above programs/files can be run simultaneously on your system. They will work together in layers, so to speak, to help protect your computer. However, the following suggestions are designed to only run one of each. It is not a good idea to run more than one firewall, and one anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other.*

    Posted Image 9.) It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Three good ones that are freeware to boot are ZoneAlarm, Kerio and Sygate

    Posted Image 10.) An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free A/V programs are AVG, Avast, and AntiVir. It's a good idea to set these to receive automatic updates so you are always as fully protected as possible from the newest virus threats.
    NOTE: DO NOT install more than one anti-virus program. They will conflict, and provide less protection, not more.


    Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Thanks for letting us help you!
  • 0

#13
Dazed&Confused

Dazed&Confused

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Thanks for the help, Brian! I'll head over to the other forum to see if they can help me tidy up this poor old machine :)
  • 0

#14
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,641 posts
your welcome glad I could help :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP