Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SmitFraud C down but not out?


  • Please log in to reply

#1
killsmittyc

killsmittyc

    New Member

  • Member
  • Pip
  • 1 posts
I have tried pretty much all the suggestions on this website and others to remove the SmitFraud C from my computer. When I run the Spybot-Search & Destroy scan for problems SmitFraud C is always there and it won't be removed. There are 40 items that I can't remove. I'll just paste what I can from the SpyBot and hopefully you can help me get rid of this
--- Search result list ---
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adulthell.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\awmdabest.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bin.wordsx.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crl.thawte.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\datingforlove.org\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dl.ad-ware.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\e-finder.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ewizard.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\[bleep]-[bleep].org\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ga31.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\greg-tut.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\love-catalog.net\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\makechoice.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\meetyourfriend.biz\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\new.8ad.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.remove.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.tempx.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s2.kav.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\terra.hcworld.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trackhits.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracking.allposters.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracktraff.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u45.cx\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u46.cx\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u47.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u48.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\v-224.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\veryeasysearch.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\visitfriend.net\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vparivalka.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vv7.al.57e.net\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webpidor.biz\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\win-eto.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.6o9.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.niger.ru\*!=W=4


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-08-11 UNINS000.EXE (51.41.0.0)
2005-05-31 BLINDMAN.EXE (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 ADVCHECK.DLL (1.0.2.0)
2005-05-31 APORTS.DLL (2.1.0.0)
2005-05-31 BORLNDMM.DLL (7.0.4.453)
2005-05-31 DELPHIMM.DLL (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2005-07-29 Includes\Dialer.sbi (*)
2005-08-04 Includes\Hijackers.sbi (*)
2005-06-23 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.SBI (*)
2005-08-04 Includes\Malware.sbi (*)
2005-08-04 Includes\PUPS.SBI (*)
2005-04-27 Includes\Revision.sbi (*)
2005-08-02 Includes\Security.sbi (*)
2005-08-04 Includes\Spybots.sbi (*)
2005-02-16 Includes\Tracks.uti
2005-08-04 Includes\Trojans.sbi (*)



--- System information ---
Windows ME (Build: 3000)
/ Windows Media Player: Windows Media Update 828026
/ Windows Media Player: Windows Media Update 320920
/ Windows Media Player: Windows Media Update Q308567
/ Windows Media Player: Windows Media Update 885492
/ DirectX: DirectX Update 819696
/ DataAccess: Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Microsoft Data Access Components KB870669
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)


--- Startup entries list ---
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 54976
MD5: f2f3cf92c4d6cf2e019493baf3de0f5e

Located: HK_LM:Run, ccRegVfy
command: "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
size: 59072
MD5: 3dc5f0e636baa3cd6e0c97e03128963d

Located: HK_LM:Run, RegSvr32
command: C:\WINDOWS\SYSTEM\msmsgs.exe
file:

Located: HK_LM:Run, ScanRegistry
command: C:\WINDOWS\scanregw.exe /autorun
file: C:\WINDOWS\scanregw.exe
size: 126976
MD5: 548ae8c51870ec245dac589b9bf271fc

Located: HK_LM:RunServices, ccEvtMgr
command: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 317128
MD5: edc5c2342e91f7a8870e17ac5a87d6ec

Located: HK_LM:RunServices, SchedulingAgent
command: mstask.exe
file: C:\WINDOWS\SYSTEM\mstask.exe
size: 126976
MD5: 6770eaf1dfb8d3c952dca22cd956f570

Located: HK_LM:RunServices, ScriptBlocking
command: "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
file: C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
size: 54408
MD5: 3db0459e2661531bfe88ae0a182d019a

Located: HK_LM:RunServices, StillImageMonitor
command: C:\WINDOWS\SYSTEM\STIMON.EXE
file: C:\WINDOWS\SYSTEM\STIMON.EXE
size: 28432
MD5: 902252f831d45763f7711b24ed430785

Located: HK_CU:Run, a-squared
command: "C:\Program Files\a2\a2guard.exe"
file: C:\Program Files\a2\a2guard.exe
size: 1144320
MD5: a0eba67501c05fd5c95797924f40c400



--- Browser helper object list ---


--- ActiveX list ---
{32564D57-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\wmv8dmo.inf
Codebase: http://codecs.micros...386/wmv8dmo.cab

{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_04
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_04\bin\
Long name: NPJPI150_04.dll
Short name: NPJPI1~1.DLL
Date (created): 6/3/2005 3:52:58 AM
Date (last access): 8/12/2005
Date (last write): 6/3/2005 4:09:54 AM
Filesize: 69746
Attributes: archive
MD5: 8548FE98BD687F35AFD0AED9C2A2DEE3
CRC32: 4058FA1B
Version: 5.0.40.5

{04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control)
DPF name:
CLSID name: HouseCall Control
Installer: C:\WINDOWS\Downloaded Program Files\xscan60.inf
Codebase: http://housecall60.t...all/xscan60.cab
Path: C:\WINDOWS\DOWNLO~1\
Long name: xscan60.ocx
Short name: XSCAN60.OCX
Date (created): 5/3/2005 11:45:54 AM
Date (last access): 8/12/2005
Date (last write): 5/3/2005 11:45:54 AM
Filesize: 475190
Attributes:
MD5: 145C288D55A91D6469223136EA93A406
CRC32: A36DBA2A
Version: 6.0.0.1261



--- Process list ---
PID: -1059893 (2123579955) C:\WINDOWS\SYSTEM\KERNEL32.DLL
size: 536576
MD5: 629E271A615588E918D6B27D5E4A5265
PID: -27309 (-1059893) C:\WINDOWS\SYSTEM\MSGSRV32.EXE
size: 11776
MD5: 4B7546E40EA1EACEEB330CB4D259265A
PID: -25269 (-27309) C:\WINDOWS\SYSTEM\SPOOL32.EXE
size: 45056
MD5: A20122F5905AB2845D97DCB933912DC4
PID: -17833 (-25269) C:\WINDOWS\SYSTEM\MPREXE.EXE
size: 28672
MD5: 207AA0E020D4DE978F459B3AC11AC230
PID: -107109 (-17833) C:\WINDOWS\SYSTEM\STIMON.EXE
size: 28432
MD5: 902252F831D45763F7711B24ED430785
PID: -101717 (-17833) C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
size: 317128
MD5: EDC5C2342E91F7A8870E17AC5A87D6EC
PID: -123305 (-17833) C:\WINDOWS\SYSTEM\MSTASK.EXE
size: 126976
MD5: 6770EAF1DFB8D3C952DCA22CD956F570
PID: -185129 (-27309) C:\WINDOWS\SYSTEM\mmtask.tsk
size: 1184
MD5: 269231E21D558D468CFC1C03FB463768
PID: -185781 (-27309) C:\WINDOWS\EXPLORER.EXE
size: 225280
MD5: 872F3BA51320560952DBA06CC66FEBF6
PID: -226829 (-185781) C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
size: 54976
MD5: F2F3CF92C4D6CF2E019493BAF3DE0F5E
PID: -1897337 (-185781) C:\PROGRAM FILES\A2\A2GUARD.EXE
size: 1144320
MD5: A0EBA67501C05FD5C95797924F40C400
PID: -2058749 (-1958053) C:\WINDOWS\SYSTEM\DDHELP.EXE
size: 32768
MD5: 0B59A22EEA45A9032A3C4ECA40D3BA93
PID: -1925721 (-185781) C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
size: 91136
MD5: EB9EAF627F705525D01DE5FA07EA1818
PID: -2013581 (-185781) C:\MY DOCUMENTS\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
size: 4393096
MD5: 09CA174A605B480318731E691DC98539


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 8/12/2005 9:06:09 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL
http://home.microsof...search.asp?p=%s
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://search.msn.com/spbasic.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://home.microsof...obby/search.asp
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsof...search.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft...B_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft...er=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
(DXM_Runtime)

(ICW)

(DirectDrawEx)

(Fontcore)

(SchedulingAgent)

(MSTASK)

SiS Audio Driver (SiS7018)
uninstall cmd: C:\PROGRA~1\sis7018\uninst\uninst.exe

Memory Stick Formatter ({27337663-2619-11D4-99DC-0000F49094C7})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" UNINSTALL

Motion JPEG Software Decoder (Motion JPEG Software Decoder)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sony\Motion JPEG Software Decoder\Uninst.isu"

Adaptec UDF Reader (Adaptec UDF Reader)
uninstall cmd: C:\WINDOWS\SYSTEM\UDFRUNIN.EXE

Adobe Acrobat 4.0 4.0 (Adobe Acrobat 4.0)
version (major): 4
install location: C:\Program Files\Adobe\Acrobat 4.0
install source: D:\9934501.adb\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\98\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\98\Uninst.dll"
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com...robat/main.html

Netscape 6 (6.01) (Netscape 6 (6.01))
uninstall cmd: C:\WINDOWS\N6Uninst.exe /ua "6.01 (en)"

OpenMG ({22AA7A0B-12CE-4817-9694-661F7CA0242A})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22AA7A0B-12CE-4817-9694-661F7CA0242A}\Setup.exe " UNINSTALL

Adobe SVG Viewer 1.0 (Adobe SVG Viewer)
version (major): 1
install location: C:\WINDOWS\SYSTEM\Adobe\SVG Viewer
install source: D:\0110901.ADB\SVG\
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
publisher: Adobe Systems, Inc.

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\SYSTEM\QuickTime\Uninstall.log

Sony DV CODEC for QT ({89BD9DB6-B92F-11D4-B64A-00C04F790F76})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89BD9DB6-B92F-11D4-B64A-00C04F790F76}\setup.exe"

DVDExpress (DVD Express A/V Pak)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Mediamatics\DVDExpress\Uninst.isu" -c"C:\Program Files\Mediamatics\DVDExpress\mydll.dll"

Smart Capture ({4B6F4C00-E935-11D3-A98A-0080986030D9})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B6F4C00-E935-11D3-A98A-0080986030D9}\setup.exe"

DVgate ({29F61465-428A-11D4-B646-00C04F790F76})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29F61465-428A-11D4-B646-00C04F790F76}\setup.exe"

VisualFlow 2.0 ({B5B0ABC0-3177-11D3-AC45-0000F879D920})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5B0ABC0-3177-11D3-AC45-0000F879D920}\setup.exe" /Uninstall

({B5B0ABC0-3177-11D3-AC45-0000F879D969})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5B0ABC0-3177-11D3-AC45-0000F879D969}\setup.exe"

({1F7E9980-3652-29D4-8908-006097A470FC})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7E9980-3652-29D4-8908-006097A470FC}\setup.exe" /Uninstall

RealProducer ActiveX Control (RealProducerX 6.0)
uninstall cmd: C:\Program Files\Real\RealProducer ActiveX\UNINSTALL\rnuninst.exe RealNetworks|RealProducerX|6.0

MovieShaker ({4FB7DDCA-9FF3-11D4-B649-00C04F790F76})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FB7DDCA-9FF3-11D4-B649-00C04F790F76}\setup.exe"

(ADAPTECMASTERKEY)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\UNINST.ISU"

(ADAPTECCreateCDKEY)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\CreateCD\UNINST.ISU"

(ADAPTECCreatr32KEY)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\Easy CD Creator 4\UNINST.ISU"

Adaptec DirectCD (DirectCD)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adaptec\DirectCD\DCDUnins.isu" -cC:\PROGRA~1\ADAPTEC\DIRECTCD\Dcduhlp.dll

SiS730s V1.08 (SiS730s V1.08)
uninstall cmd: RUNDLL setuplib.dll,UnInstall ,0&UNINST -f"C:\PROGRA~1\SIS730~1.08\DEISL1.ISU"&P.U 4 sis630m.inf

Adobe Photoshop Elements 1.0 (Adobe Photoshop Elements 1.0)
version (major): 6
install location: C:\Program Files\Adobe\Photoshop Elements
install source: D:\0110901.ADB\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"
publisher: Adobe Systems, Inc.

(ShockwaveFlash)

Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 70070
install date: 20050812
install source: C:\WINDOWS\TEMP\IXP000.TMP\
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"

VX2 Cleaner plug-in for Ad-Aware SE (VX2 Cleaner plug-in for Ad-Aware SE)
uninstall cmd: C:\PROGRA~1\LAVASOFT\AD-AWA~1\PLUGINS\VX2CLE~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\PLUGINS\VX2CLE~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\WINDOWS\TEMP\TD_0009.DIR\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

J2SE Runtime Environment 5.0 Update 4 1.5.0.40 ({3248F0A8-6813-11D6-A77B-00B0D0150040})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 243201
install date: 20050811
install source: http://java.sun.com/...5/windows-i586/
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_04\README.txt

CleanUp! (CleanUp!)
uninstall cmd: C:\Program Files\CleanUp!\uninstall.exe

Microsoft Internet Explorer 6 SP1 and Internet Tools (IE40)
uninstall cmd: rundll32 setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\Uninstall Information\W2KEXCP.EXE /u

(expinst)

(MobileOptionPack)

(IE5BAKEX)

(IE_EXTRA)

(AddressBook)
uninstall cmd: "C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT

Microsoft Outlook Express 6 (OutlookExpress)
uninstall cmd: "C:\Program Files\Outlook Express\setup50.exe" /APP:OE /UNINSTALL /PROMPT

(VGX)

(ADIELangPack)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\AD.inf, Uninstall

(IEREADME)

(Branding)

Internet Explorer Q896727 (ieupdate)
uninstall cmd: C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q896727.inf

Outlook Express Q837009 (oeupdate)
uninstall cmd: C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q837009.inf

Microsoft Data Access Components KB870669 (KB870669)
uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=870669

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

(MPlayer2)

a-squared Personal 1.6 1.6 (a-squared Personal_is1)
install location: C:\Program Files\a2\
uninstall cmd: "C:\Program Files\a2\unins000.exe"
publisher: Emsi Software GmbH
help link: http://forum.emsisoft.com

Rescue Disk (Norton Rescue)

LiveReg (Symantec Corporation) 2.2.0.1621 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSETUP.EXE /REMOVE
publisher: Symantec Corporation

(Sevinst)

Norton AntiVirus 2003 9.0.0 ({47D5D869-FE57-4F2F-A358-83CFAA7B4968})
version: 150994944
version (major): 9
estimated size: 173731
install date: 20050812
install source: D:\NAV\
uninstall cmd: MsiExec.exe /I{47D5D869-FE57-4F2F-A358-83CFAA7B4968}
publisher: Symantec Corporation

LiveUpdate 2.6 (Symantec Corporation) 2.6.14.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

SpywareBlaster v3.4 3.4.0 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC



--- System Services ---
Service (registry key): Class
Start: 0
Type: 0
Error Control: 0

Service (registry key): VxD
Start: 0
Type: 0
Error Control: 0

Service (registry key): Winsock
Start: 0
Type: 0
Error Control: 0

Service (registry key): rt
Image path: \SystemRoot\system32\drivers\rt.sys
Start: 0
Type: 0
Error Control: 0

Service (registry key): WDMFS
Display name: WDM Windows File System Mapper
Image path: \SystemRoot\System32\Drivers\wdmfs.sys
Start: 0
Type: 0
Error Control: 0

Service (registry key): RemoteAccess
Start: 0
Type: 0
Error Control: 0

Service (registry key): Arbitrators
Start: 0
Type: 0
Error Control: 0

Service (registry key): ACPI
Start: 0
Type: 0
Error Control: 0

Service (registry key): USB
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinSock2
Start: 0
Type: 0
Error Control: 0

Service (registry key): ATMARPC
Display name: ATM ARP Module
Image path: \SystemRoot\System\atmarpc.sys
Start: 0
Type: 0
Error Control: 0

Service (registry key): MSNP32
Start: 0
Type: 0
Error Control: 0

Service (registry key): ARP1394
Display name: 1394 ARP Module
Image path: \SystemRoot\System\arp1394.sys
Start: 0
Type: 0
Error Control: 0

Service (registry key): StiSvc
Start: 0
Type: 0
Error Control: 0

Service (registry key): EventLog
Start: 0
Type: 0
Error Control: 0

Service (registry key): ProtectedStorage
Start: 0
Type: 0
Error Control: 0

Service (registry key): W3SVC
Start: 0
Type: 0
Error Control: 0

Service (registry key): wdmaud
Image path: \SystemRoot\system32\drivers\wdmaud.sys
Start: 0
Type: 0
Error Control: 0

Service (registry key): redbook
Image path: \SystemRoot\system32\drivers\redbook.sys
Start: 0
Type: 0
Error Control: 0

Service (registry key): sbemul
Image path: \SystemRoot\system32\drivers\sbemul.sys
Start: 0
Type: 0
Error Control: 0

Service (registry key): V7
Start: 2
Type: 1
Error Control: 1

Service (registry key): Aspi32
Start: 0
Type: 0
Error Control: 0

Service (registry key): Cdr4vsd
Start: 0
Type: 0
Error Control: 0
  • 0

Advertisements


#2
Murray S.

Murray S.

    Trusted Tech

  • Member
  • PipPipPipPipPipPipPip
  • 4,513 posts
  • MVP
Howdy and welcome to G2G:

Please go to the malware forum in my signature and follow the instructions at the top....Especially the CLICK HERE .

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.

Murray
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP