Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spybot trouble [RESOLVED]


  • This topic is locked This topic is locked

#1
twohi24by

twohi24by

    Member

  • Member
  • PipPip
  • 11 posts
Hi,

Spybot reports that it cannot remove these items:

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.niger.ru\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.6o9.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webpidor.biz\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\visitfriend.net\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\veryeasysearch.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\v-224.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u48.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u47.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u46.cx\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u45.cx\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracking.allposters.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\toprefsys.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\terra.hcworld.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\t34rulit.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\super-spider.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\solongas.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s2.kav.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.remove.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rf104.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\new.8ad.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\meetyourfriend.biz\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\makechoice.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\love-catalog.net\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\greg-tut.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ga31.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\[bleep]-[bleep].org\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ewizard.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\e-finder.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dl.ad-ware.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\datingforlove.org\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crl.thawte.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bin.wordsx.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adulthell.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\75tz.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\20x2p.com\*!=W=4


--- Spybot - Search && Destroy version: 1.3 ---
2004-11-29 Includes\LSP.sbi
2005-04-26 Includes\Cookies.sbi
2005-08-12 Includes\Dialer.sbi
2005-08-12 Includes\Hijackers.sbi
2005-06-23 Includes\Keyloggers.sbi
2005-08-12 Includes\Malware.sbi
2005-04-27 Includes\Revision.sbi
2005-08-06 Includes\Security.sbi
2005-08-12 Includes\Spybots.sbi
2005-08-12 Includes\Trojans.sbi
2005-02-17 Includes\Tracks.uti
2005-08-12 Includes\PUPS.sbi



Any help would be greatly appreciated
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please read the first link in my signature and follow the steps outlined there. When you are ready, post the HijackThis log here.
  • 0

#3
twohi24by

twohi24by

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:05:16 PM, on 8/23/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINNT\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\WINNT\system32\UMonit2k.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINNT\Plaxo\2.1.0.80\InstallStub.exe
C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2001.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Mark Kelley\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://eagent.farme...e?req_page=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://eagent.farmersinsurance.com
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Mark Kelley\Application Data\Mozilla\Profiles\default\isk8ejdw.slt\prefs.js)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_4.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\UMonit2k.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINNT\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2001.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://eagent.farme...iveX/msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c...ymmapi_0727.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B8AA7A7-A7B8-4674-B18B-50A154BBAE7C}: NameServer = 209.116.241.10,206.205.242.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{D79BFB6D-260A-4F8A-AF85-E1E4D120A3D4}: NameServer = 209.116.241.10,206.205.242.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B8AA7A7-A7B8-4674-B18B-50A154BBAE7C}: NameServer = 209.116.241.10,206.205.242.132
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B8AA7A7-A7B8-4674-B18B-50A154BBAE7C}: NameServer = 209.116.241.10,206.205.242.132
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINNT\System32\PackethSvc.exe
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
OK, let's hope this will get rid of those...if not, we'll have to do it the hard way.

I want you to uninstall Spybot now. Then restart and make sure these folders are deleted already (if not, delete them now and restart again):

c:\program files\spybot...
c:\documents and settings\mark kelley\application data\spybot...

Then install Spybot back and check for updates. Try running the scan again and see if they are still found. If so, we might have to go with the manual removal (more work on my part than your's if we have to do it :tazz:).
  • 0

#5
twohi24by

twohi24by

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I did that and the new scan took just a few seconds and came back...Congratulations, No immediate threats were found.

I guess that means it is fixed.

Please send me the paypal links
  • 0

#6
twohi24by

twohi24by

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Oops, I ran another Spybot scan and got the 40 entries that could not be removed :tazz:
  • 0

#7
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
OK, I guess we'll have to do it the hard way then...

I will give you instructions on how to create a registry batch file below. This shouldn't take you more than 5 minutes to make and fix :tazz:

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.niger.ru\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.6o9.com\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webpidor.biz\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\visitfriend.net\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\veryeasysearch.com\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\v-224.com\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u48.cc\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u47.cc\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u46.cx\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u45.cx\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracking.allposters.com\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\toprefsys.com\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\terra.hcworld.com\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\t34rulit.com\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\super-spider.com\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\solongas.com\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s2.kav.cc\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.remove.cc\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rf104.com\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\new.8ad.com\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\meetyourfriend.biz\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\makechoice.com\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\love-catalog.net\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\greg-tut.com\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ga31.com\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\[bleep]-[bleep].org\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ewizard.cc\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\e-finder.cc\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dl.ad-ware.cc\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\datingforlove.org\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crl.thawte.com\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bin.wordsx.cc\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adulthell.com\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\75tz.com\]
[-HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\20x2p.com\]


Save the file as "delete.reg". Make sure to save it with the quotes. Double click on it and choose Yes to merge it. You may delete the file afterwards.

Restart and see if Spybot finds anything now. If not:

Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#8
twohi24by

twohi24by

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ok, now it gave me this result.


--- Search result list ---
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\[bleep]-[bleep].org\*!=W=4


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-08-24 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2005-08-19 Includes\Dialer.sbi (*)
2005-08-19 Includes\Hijackers.sbi (*)
2005-08-16 Includes\Keyloggers.sbi (*)
2005-08-19 Includes\Malware.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-08-19 Includes\Security.sbi (*)
2005-08-16 Includes\Spybots.sbi (*)
2005-08-19 Includes\Trojans.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-08-12 Includes\PUPS.sbi (*)



--- System information ---
Windows 2000 (Build: 2195) Service Pack 4
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB867282
/ Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB883939
/ Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB896727
/ Outlook Express 6 / SP1: Windows 2000 Hotfix - KB897715
/ Windows 2000 / SP4: Windows 2000 Service Pack 4
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB823182
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB823559
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB823980
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB824105
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB824146
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB825119
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB826232
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB828035
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB828741
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB828749
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB835732
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB837001
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB839645
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB840315
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB840987
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841356
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841533
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841872
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841873
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB842526
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB842773
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB871250
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB873333
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB873339
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB885250
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB885835
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB885836
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB888113
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB890046
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB890859
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB891781
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB893066
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB893086
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB893756
/ Windows 2000 / SP5: Windows Installer 3.1 (KB893803)
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB894320
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB896358
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB896422
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB896423
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB899587
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB899588
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB901214
/ Windows 2000 / SP5: Update Rollup 1 for Windows 2000 SP4
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player: Windows Media Update Q308567


--- Startup entries list ---
Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 352256
MD5: 6e74941e3e14cb67fb1648b45a041f0d

Located: HK_LM:Run, AVG7_EMC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 273920
MD5: 8f0843b553882e9c678b8f83be8a438a

Located: HK_LM:Run, CXMon
command: "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
file: C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
size: 32768
MD5: 98cd48b0aaf42abd16263258d3dde83e

Located: HK_LM:Run, gcasServ
command: "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
file: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 473928
MD5: 263740ede788a60a6c0a47249fc410bf

Located: HK_LM:Run, Gene USB Monitor
command: C:\WINNT\system32\UMonit2k.exe
file: C:\WINNT\system32\UMonit2k.exe
size: 45056
MD5: 8c14ddfccdc52ab5fbce5867a6be6685

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: 2cea51dce23443549ead1fba4237c4e6

Located: HK_LM:Run, Lexmark X6100 Series
command: "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
file: C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
size: 57344
MD5: 0497f4fdbbdca697920777af430031f3

Located: HK_LM:Run, LoadQM
command: loadqm.exe
file: C:\WINNT\loadqm.exe
size: 7536
MD5: 69d7217f9d7f49d6706baf90f52b472b

Located: HK_LM:Run, MULTIMEDIA KEYBOARD
command: C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
file: C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
size: 126976
MD5: f819fb2b4ee17d01cf7ccec4e47032b4

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: 5d22b4258489575412f6d18affc847a2

Located: HK_LM:Run, Synchronization Manager
command: mobsync.exe /logon
file: C:\WINNT\system32\mobsync.exe
size: 111376
MD5: 9b2f5b9e745deaaa57fb78329ed03061

Located: HK_LM:Run, THGuard
command: "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
file: C:\Program Files\TrojanHunter 4.2\THGuard.exe
size: 1089024
MD5: edb3dca0b1f57ac8d915c8ad0830b27c

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 7237366a57a26b7ed71c9b081fbdd6eb

Located: HK_LM:Run, WinPatrol
command: "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
file: C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
size: 218688
MD5: 75b76261591db03eac1fb7eeeebee75a

Located: HK_CU:Run, ctfmon.exe
command: ctfmon.exe
file: C:\WINNT\system32\ctfmon.exe
size: 8192
MD5: d36a33c21eeed5a6c1daecb7c80a1909

Located: HK_CU:Run, PlaxoUpdate
command: C:\WINNT\Plaxo\2.1.0.80\InstallStub.exe -a
file: C:\WINNT\Plaxo\2.1.0.80\InstallStub.exe
size: 116736
MD5: 7abcb53c5b6e266c512004cbcede899a

Located: HK_CU:Run, Yahoo! Pager
command: C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
file:

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: Startup (common), QuickBooks 2001 Delivery Agent.lnk
command: C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2001.exe
file: C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2001.exe
size: 307200
MD5: d098055bc88c74a942e1ae67709cb834

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, NavLogon
command: C:\WINNT\System32\NavLogon.dll
file: C:\WINNT\System32\NavLogon.dll
size: 45056
MD5: 2c22d530f81edb7d96b4b1d8237f9ab0

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, wzcnotif
command: wzcdlg.dll
file: wzcdlg.dll



--- Browser helper object list ---


--- ActiveX list ---
{88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0)
DPF name:
CLSID name: XML DOM Document 4.0
Installer: C:\WINNT\Downloaded Program Files\msxml4.inf
Codebase: https://eagent.farme...iveX/msxml4.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
Path: %SystemRoot%\System32\
Long name: msxml4.dll

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINNT\Downloaded Program Files\asinst.inf
Codebase: http://www.pandasoft.../as5/asinst.cab
description:
classification: Open for discussion
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINNT\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 4/11/2005 12:20:22 PM
Date (last access): 8/25/2005
Date (last write): 4/11/2005 12:20:22 PM
Filesize: 118784
Attributes: archive
MD5: 36259D36E842FCF12B3D2F3766E7529F
CRC32: F62E6268
Version: 57.6.0.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 148 ( 8) \SystemRoot\System32\smss.exe
PID: 172 ( 148) \??\C:\WINNT\system32\csrss.exe
PID: 168 ( 148) \??\C:\WINNT\system32\winlogon.exe
PID: 220 ( 168) C:\WINNT\system32\services.exe
size: 92944
MD5: B861B4E6E9637EB76A40C10C552E0229
PID: 232 ( 168) C:\WINNT\system32\lsass.exe
size: 33552
MD5: F19D0A319AB4BF5496F08807CB9B8651
PID: 408 ( 220) C:\WINNT\system32\svchost.exe
size: 7952
MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
PID: 432 ( 220) C:\WINNT\system32\LEXBCES.EXE
size: 303104
MD5: BF270F15F6A702444F8AC621BBC30F87
PID: 460 ( 220) C:\WINNT\system32\spoolsv.exe
size: 47376
MD5: FACFB75ECC070103619FA044E0B210D3
PID: 468 ( 432) C:\WINNT\system32\LEXPPS.EXE
size: 174592
MD5: D13441CFA73604BE1D9766AF86A71A6A
PID: 496 ( 220) C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
size: 28672
MD5: D368A8A0FB5DB8B86BBC9B97EFBDB64E
PID: 524 ( 220) C:\WINNT\System32\PackethSvc.exe
size: 51200
MD5: A42349B46EE8362BFDCB849A6A014F60
PID: 568 ( 220) C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
size: 330240
MD5: 9DBD26D7D7967D918C507B1E2A93A37E
PID: 596 ( 220) C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
size: 84480
MD5: 62E6B23B906B213836470740FE449B43
PID: 632 ( 220) C:\WINNT\System32\svchost.exe
size: 7952
MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
PID: 648 ( 220) C:\Program Files\ewido\security suite\ewidoctrl.exe
size: 16448
MD5: 867D9D1FA818F8629BB7A4A26E94B06A
PID: 700 ( 220) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
size: 270336
MD5: DF631667AC107A56FBD3F111577ECD80
PID: 760 ( 220) C:\WINNT\system32\regsvc.exe
size: 68368
MD5: 250C4CE389783FA2398E3AFA4317008C
PID: 828 ( 220) C:\WINNT\system32\MSTask.exe
size: 122128
MD5: B00529EAE5D0CE97010B69CC677128C8
PID: 872 ( 220) C:\WINNT\system32\stisvc.exe
size: 61712
MD5: B75235626B950FF821146555C612F814
PID: 920 ( 220) C:\WINNT\System32\WBEM\WinMgmt.exe
size: 196706
MD5: 05B2001E1BC653FD6091E741B46F71B4
PID: 948 ( 220) C:\WINNT\system32\svchost.exe
size: 7952
MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
PID: 692 ( 220) C:\WINNT\System32\svchost.exe
size: 7952
MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
PID: 1092 (1080) C:\WINNT\Explorer.EXE
size: 243472
MD5: 59CF2B7DCED9111F48F51B4B570E672D
PID: 1216 (1092) C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
size: 126976
MD5: F819FB2B4EE17D01CF7CCEC4E47032B4
PID: 1248 (1092) C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
size: 32768
MD5: 98CD48B0AAF42ABD16263258D3DDE83E
PID: 1264 (1092) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 7237366A57A26B7ED71C9B081FBDD6EB
PID: 1280 (1092) C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
size: 57344
MD5: 0497F4FDBBDCA697920777AF430031F3
PID: 1300 (1092) C:\WINNT\system32\UMonit2k.exe
size: 45056
MD5: 8C14DDFCCDC52AB5FBCE5867A6BE6685
PID: 1308 (1280) C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
size: 49152
MD5: 5E35AD49E874190F5493AA42F3DBA007
PID: 1316 (1216) C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
size: 49152
MD5: 40F2ADF4A879CEBB4C9E6654A9538159
PID: 1324 (1092) C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: 5D22B4258489575412F6D18AFFC847A2
PID: 1344 (1092) C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: 2CEA51DCE23443549EAD1FBA4237C4E6
PID: 1352 (1092) C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 473928
MD5: 263740EDE788A60A6C0A47249FC410BF
PID: 1360 (1216) C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
size: 73728
MD5: A5975D826F6864B7639D1C646571CAD5
PID: 1368 (1092) C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
size: 218688
MD5: 75B76261591DB03EAC1FB7EEEEBEE75A
PID: 1376 (1216) C:\Program Files\Netropa\Onscreen Display\OSD.exe
size: 86016
MD5: 337C068B28D83961310D6F9726AEF435
PID: 1384 (1092) C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 352256
MD5: 6E74941E3E14CB67FB1648B45A041F0D
PID: 1400 (1092) C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 273920
MD5: 8F0843B553882E9C678B8F83BE8A438A
PID: 1436 (1092) C:\WINNT\system32\ctfmon.exe
size: 8192
MD5: D36A33C21EEED5A6C1DAECB7C80A1909
PID: 1444 ( 408) C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
size: 756552
MD5: 21BD4696317A4A6383F86CDC5E026BFD
PID: 1460 (1092) C:\Program Files\Yahoo!\Messenger\ypager.exe
size: 1490944
MD5: E8F0D0274C10AE881322E562F038BC93
PID: 1476 (1092) C:\WINNT\Plaxo\2.1.0.80\InstallStub.exe
size: 116736
MD5: 7ABCB53C5B6E266C512004CBCEDE899A
PID: 936 (1092) C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2001.exe
size: 307200
MD5: D098055BC88C74A942E1AE67709CB834
PID: 608 ( 220) C:\Program Files\iPod\bin\iPodService.exe
size: 327680
MD5: 0AC6F8E183B76DD723830CA73799F2BE
PID: 1128 (1092) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 8 ( 0) System
PID: 1428 (1092) THGuard.exe


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 8/25/2005 10:34:07 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINNT\SYSTEM32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://search.msn.com/spbasic.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
https://eagent.farme...e?req_page=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINNT\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://home.microsof...obby/search.asp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
https://eagent.farmersinsurance.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft...er=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
(802UP_A.EXE)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\Symantec Corp\802UP_A.EXE\Uninst.isu"

(ABBYY FineReader 5.0 Sprint)

ACDSee (ACDSee)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\ACD\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\ACD\hpiunAC.dll

Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\LAVASOFT\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~2\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Adobe Download Manager 1.2 (Remove Only) (AdobeESD)
uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"

America Online (America Online us)
uninstall cmd: C:\WINNT\Aolunins_us.exe

App (App)

ATI Display Driver (ATI Display Driver)
uninstall cmd: rundll32 C:\WINNT\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

AVG Free Edition (AVG7Uninstall)
uninstall cmd: C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL

(Branding)

CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"

CleanUp! (CleanUp!)
uninstall cmd: C:\Program Files\CleanUp!\uninstall.exe

CONEXANT HCF V90 56K DATA FAX PCI MODEM (Uninstall) (Conexant)
uninstall cmd: C:\WINNT\System32\Conexant\setup.exe -u -sd

(Connection Manager)

DiamondCS TDS-3 (DiamondCS TDS-3_is1)
uninstall cmd: "C:\Program Files\TDS3\unins000.exe"
help link: http://tds.diamondcs.com.au/

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

EasyZip (EasyZip)
uninstall cmd: C:\PROGRA~1\EasyZip\\UNINST.EXE

ewido security suite (ewidosecuritysuite)
install location: C:\Program Files\ewido\security suite
uninstall cmd: C:\Program Files\ewido\security suite\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

(expinst)

Farmers New World Life (Farmers New World Life)
uninstall cmd: C:\PROGRA~1\FARMERS\UNWISE.EXE C:\PROGRA~1\FARMERS\INSTALL.LOG

(Fontcore)

Generic USB Mass Storage Driver (GenericUstor2k)
uninstall cmd: C:\WINNT\temp\ustordrv\Remove.exe

Golden Tee Golf (GTGolfDeinstKey)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\Incredible Technologies\Golden Tee Golf\Uninst.isu"

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\DOCUMENTS AND SETTINGS\MARK KELLEY\DESKTOP\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

HP Photo Imaging Software (HP Photo Imaging Software)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll

HP Photo Printing Software (HP Photo Printing Software)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(IEREADME)

InfoPRO 5250/PCI (InfoPRO 5250/PCI)
uninstall cmd: C:\PROGRA~1\INFOPR~1\UNWISE.EXE C:\PROGRA~1\INFOPR~1\INSTALL.LOG

(InstallShield Uninstall Information)

iTunes 4.8.0.32 (InstallShield_{0552A36D-0D7E-4FF5-8FDB-6629ABA7C779})
version: 67633152
version (major): 4
version (minor): 8
estimated size: 13789
install date: 20050601
install location: C:\Program Files\iTunes\
install source: C:\WINNT\Downloaded Installations\{4047B242-1233-451B-AC91-A318DE01F288}\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0552A36D-0D7E-4FF5-8FDB-6629ABA7C779}
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

InterVideo WinDVD (InterVideo WinDVD)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\InterVideo\WinDVD\Uninst.isu"

Windows 2000 Hotfix - KB842773 (KB842773)
uninstall cmd: C:\WINNT\$NtUninstallKB842773$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=842773

Windows 2000 Hotfix - KB867282 20050127.163319 (KB867282-IE6SP1-20050127.163319)
uninstall cmd: C:\WINNT\$NtUninstallKB867282-IE6SP1-20050127.163319$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...om/?kbid=867282

Windows 2000 Hotfix - KB883939 20050428.125228 (KB883939-IE6SP1-20050428.125228)
uninstall cmd: "C:\WINNT\$NtUninstallKB883939-IE6SP1-20050428.125228$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...om/?kbid=883939

(KB884016)

Windows 2000 Hotfix - KB890046 20050517.235025 (KB890046)
uninstall cmd: "C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=890046

Windows 2000 Hotfix - KB893756 20050702.42421 (KB893756)
uninstall cmd: "C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=893756

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINNT\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft....k/?LinkId=42467

Windows 2000 Hotfix - KB894320 20050429.01037 (KB894320)
uninstall cmd: "C:\WINNT\$NtUninstallKB894320$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=894320

Windows 2000 Hotfix - KB896358 20050421.70926 (KB896358)
uninstall cmd: "C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=896358

Windows 2000 Hotfix - KB896422 20050503.23608 (KB896422)
uninstall cmd: "C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=896422

Windows 2000 Hotfix - KB896423 20050713.01536 (KB896423)
uninstall cmd: "C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=896423

Windows 2000 Hotfix - KB896727 20050719.165959 (KB896727-IE6SP1-20050719.165959)
uninstall cmd: "C:\WINNT\$NtUninstallKB896727-IE6SP1-20050719.165959$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...om/?kbid=896727

Windows 2000 Hotfix - KB897715 20050503.210336 (KB897715-OE6SP1-20050503.210336)
uninstall cmd: "C:\WINNT\$NtUninstallKB897715-OE6SP1-20050503.210336$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...om/?kbid=897715

Windows 2000 Hotfix - KB899587 20050614.212757 (KB899587)
uninstall cmd: "C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=899587

Windows 2000 Hotfix - KB899588 20050628.234036 (KB899588)
uninstall cmd: "C:\WINNT\$NtUninstallKB899588$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=899588

Windows 2000 Hotfix - KB901214 20050629.02152 (KB901214)
uninstall cmd: "C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=901214

Lexmark X6100 Series (Lexmark X6100 Series)
uninstall cmd: C:\WINNT\System32\spool\drivers\w32x86\3\LXBFUN5C.EXE -dLexmark X6100 Series

LiveUpdate (LiveUpdate)
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\Uninst.exe -u

MBI RateCalc (MBI RateCalc)
uninstall cmd: C:\WINNT\uninst.exe -f"C:\Program Files\MBI RateCalc\DeIsL1.isu" -c"C:\Program Files\MBI RateCalc\_ISREG32.DLL"

mbi_calc (mbi_calc)
uninstall cmd: C:\Program Files\mbi_calc\uninstall.exe

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

Mozilla Firefox (1.0.4) 1.0.4 (en-US) (Mozilla Firefox (1.0.4))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\WINNT\UninstallFirefox.exe /ua "1.0.4 (en-US)"
publisher: Mozilla

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(MsJavaVM)

(NetMeeting)

Netscape 6 (6.2.2) (Netscape 6 (6.2.2))
uninstall cmd: C:\WINNT\N6Uninst.exe /ua "6.2.2 (en)"

(OutlookExpress)

PDFLIB (PDFLIB)
uninstall cmd: C:\PROGRA~1\COSSTEMP\UNWISE.EXE C:\PROGRA~1\COSSTEMP\PDFINSTALL.LOG

Plaxo (Plaxo)
install location: C:\WINNT\Plaxo\2.1.0.80
uninstall cmd: C:\WINNT\Plaxo\2.1.0.80\uninstall.exe
help link: http://www.plaxo.com/support/uninstall

Microsoft PowerPoint Viewer 97 (PPTView97)
uninstall cmd: C:\Program Files\PowerPoint Viewer\setup\setup.exe

Windows Media Player Hotfix [See Q828026 for more information] (Q828026)
uninstall cmd: C:\WINNT\$NtUninstallQ828026$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=828026

Internet Explorer Q903235 (Q903235)
uninstall cmd: C:\WINNT\ieuninst.exe C:\WINNT\INF\Q903235.inf
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=903235

QuickTime (QuickTime)
uninstall cmd: C:\WINNT\unvise32qt.exe C:\WINNT\system32\QuickTime\Uninstall.log

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Rand McNally Route Planner (RoutePlanner)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\Rand McNally\Route Planner\Uninst.isu"

(SchedulingAgent)

Shockwave (Shockwave)
uninstall cmd: C:\WINNT\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\MACROMED\SHOCKW~1\Install.log

(ShockwaveFlash)

SoundMAXWDM (SoundMAXWDM)
uninstall cmd: C:\Program Files\Analog Devices\SoundMAX\ADIOUT.BAT

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

SpywareBlaster v3.4 3.4.0 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC

(ThyJay)

TrojanHunter 4.2 4.2 (TrojanHunter_is1)
uninstall cmd: "C:\Program Files\TrojanHunter 4.2\unins000.exe"
publisher: Mischel Internet Security
help link: http://www.misec.net

Update Rollup 1 for Windows 2000 SP4 20050602.215753 (Update Rollup 1)
uninstall cmd: "C:\WINNT\$NtUpdateRollupPackUninstall$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=891861

Microsoft VGX Q833989 (vgxupdate)
uninstall cmd: C:\WINNT\vgxuninst.exe C:\WINNT\INF\Q833989.inf

Windows 2000 Service Pack 4 (Windows 2000 Service Pack)
uninstall cmd: C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe

Windows Casino (Windows Casino)
uninstall cmd: C:\Windows Casino\Install.exe -u

WinPatrol (WinPatrol)
uninstall cmd: C:\WINNT\uninst.exe -f"C:\Program Files\BillP Studios\WinPatrol\DeIsL1.isu" -c"C:\Program Files\BillP Studios\WinPatrol\_ISREG32.DLL"

Nic's XviD Decoder (XviDDec)
uninstall cmd: "C:\WINNT\System32\UninstXviDDec.exe"

Yahoo! Companion (Yahoo! Companion)
uninstall cmd: regsvr32 /s /u C:\PROGRA~1\Yahoo!\COMPAN~1\YCOMP5~1.DLL

Yahoo! Internet Mail (Yahoo! Mail)
uninstall cmd: C:\WINNT\System32\regsvr32 /u /s C:\WINNT\DOWNLO~1\ymmapi.dll

Yahoo! Messenger 5.5 (Yahoo! Messenger)
uninstall cmd: C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
publisher: Yahoo! Inc.
help link: http://messenger.yahoo.com

Yahoo! Messenger Explorer Bar (Yahoo! Messenger Explorer Bar)
uninstall cmd: C:\WINNT\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\YHEXBM~2.DLL

iTunes 4.8.0.32 ({0552A36D-0D7E-4FF5-8FDB-6629ABA7C779})
version: 67633152
version (major): 4
version (minor): 8
estimated size: 13789
install date: 20050601
install location: C:\Program Files\iTunes\
install source: C:\WINNT\Downloaded Installations\{4047B242-1233-451B-AC91-A318DE01F288}\
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"

Google Earth 3.0.0395 ({3DE5E7D4-7B88-403C-A3FD-2017A8240C5B})
version: 50332043
install date: 20050719
install location: C:\Program Files\Google\Google Earth
install source: C:\DOCUME~1\MARKKE~1\LOCALS~1\Temp\byeEE.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
publisher: Google

Microsoft AntiSpyware 1.0 ({536F7C74-844B-4683-B0C5-EA39E19A6FE3})
version: 16777216
version (major): 1
estimated size: 17229
install date: 20050720
install source: C:\WINNT\Downloaded Installations\{78CB0701-6520-4FAE-99CE-20DE50BEF25C}\
uninstall cmd: MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
publisher: Microsoft Corporation
contact: Microsoft Support
help link: http://www.microsoft.com

PDFlib 4.0.1 ({58D92B58-1BE9-4DE4-AE88-ACB205D75B63})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58D92B58-1BE9-4DE4-AE88-ACB205D75B63}\SETUP.EXE" -uninst

({5B239A98-4222-4D8C-AF38-1A8EC07F956B})

Print to Fax 1.00 ({5BF2B19D-9C79-492A-8969-F059F06A627F})
version (major): 1
install location: C:\Program Files\Lexmark X6100 Series\FaxTools
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
publisher: BVRP Software
help link: http://www.bvrp.com

User's Guides ({5CD29180-A95E-11D3-A4EB-00C04F7BDB2C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"

({5D0930A0-1033-433A-8BB9-602665550DD0})

Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91})
version: 16974078
version (major): 1
version (minor): 3
estimated size: 515
install date: 20050823
install source: C:\DOCUME~1\MARKKE~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
publisher: Microsoft
comments: Your Comments
contact: Customer Support Department
help link: http://www.microsoft...idate.aspx/help
help telephone: 1-425.882.8080

WebFldrs 9.00.3907 ({6F716D8C-398F-11D3-85E1-005004838609})
version: 150998851
version (major): 9
estimated size: 2564
install date: 20020103
install source: C:\WINNT\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

DellTouch ({706D5382-7381-4680-9DD0-161832578252})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{706D5382-7381-4680-9DD0-161832578252}\setup.exe"

Microsoft Office XP Media Content 10.0.2619.0 ({90300409-6000-11D3-8CFE-0050048383C9})
version: 167774779
version (major): 10
estimated size: 795233
install date: 20020103
install location: INSTALLLOCATION
install source: D:\
uninstall cmd: MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: ARPREADMESETTING

Microsoft Office XP Small Business 10.0.3520.0 ({91130409-6000-11D3-8CFE-0050048383C9})
version: 167775680
version (major): 10
estimated size: 532023
install date: 20020103
install source: D:\
uninstall cmd: MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM

QuickBooks 2001 ({95F9D960-C571-11D0-90F0-00001B1EFBA8})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{95F9D960-C571-11D0-90F0-00001B1EFBA8}\setup.exe" -uninst

Intel Ultra ATA Storage Driver ({9984DF60-1C5B-11D3-ACA1-908A4FC10801})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\setup.exe" -K -INTELUNINST

Adobe Reader 6.0.1 006.000.001 ({AC76BA86-7AD7-1033-7B44-A00000000001})
version: 100663297
version (major): 6
estimated size: 47037
install date: 20050107
install location: C:\Program Files\Adobe\Acrobat 6.0\Reader\
install source: C:\WINNT\Cache\Adobe Reader 6.0.1\ENUBIG\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
publisher: Adobe Systems Incorporated
comments:
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 6.0\Reader\Readme.htm

({BD12EB47-DBDF-11D3-BEEA-00A0CC272509})

ABBYY FineReader 5.0 Sprint Plus 5.0.482.3431 ({D1696920-9794-4BBC-8A30-7A88763DE5A2})
version: 83886562
version (major): 5
estimated size: 109685
install date: 20041013
install source: D:\OCR\
uninstall cmd: MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
publisher: ABBYY Software House
contact: support@abbyy.com
help link: http://www.abbyy.com/support
help telephone: +7 (095) 234 44 00

ImageMate 8 in 1 Read/Writer (SDDR-88) ({F8EFF5E4-9B76-417B-A0BC-325659CFDA82})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8EFF5E4-9B76-417B-A0BC-325659CFDA82}\Setup.exe" -l0x9



--- System Services ---
Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: System32\DRIVERS\ACPI.sys
Image size: 163120
Image MD5: 083049D5DC3F32D17C2EDFB732C78A09
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1

Service (registry key): AFD
Display name: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 2
Type: 1
Error Control: 1

Service (registry key): agp440
Display name: Intel AGP Bus Filter
Image path: System32\DRIVERS\agp440.sys
Image size: 21008
Image MD5: CDDB71A90077C93BEA5C72507F0B1394
Start: 0
Type: 1
Error Control: 1

Service (registry key): Aha154x
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic116x
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts.
Object name: LocalSystem
Image path: %SystemRoot%\System32\services.exe
Image size: 92944
Image MD5: B861B4E6E9637EB76A40C10C552E0229
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ami0nt
Start: 4
Type: 1
Error Control: 1

Service (registry key): amsint
Start: 4
Type: 1
Error Control: 1

Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 92944
Image MD5: B861B4E6E9637EB76A40C10C552E0229
Start: 3
Type: 32
Error Control: 1

Service (registry key): asc
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Start: 4
Type: 1
Error Control: 1

Service (registry key): Aspi32
Start: 2
Type: 1
Error Control: 1

Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: System32\DRIVERS\asyncmac.sys
Image size: 17840
Image MD5: 5D3D77C9EB3A8E6A14CC8E1252B6CC5C
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: System32\DRIVERS\atapi.sys
Image size: 86672
Image MD5: 8C718AA8C77041B3285D55A0CE980867
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0

Service (registry key): ati2mtaa
Image path: System32\DRIVERS\ati2mtaa.sys
Image size: 313840
Image MD5: AE351B6228107243F69F6E9490D54B5C
Start: 3
Type: 1
Error Control: 0

Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: System32\DRIVERS\atmarpc.sys
Image size: 57904
Image MD5: 3E348B3313EA633D45CAF59DA0D631BA
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): audstub
Display name: Audio Stub Driver
Image path: System32\DRIVERS\audstub.sys
Image size: 2896
Image MD5: 39D57104A45270F0D376E9DDB484EBBD
Start: 3
Type: 1
Error Control: 1

Service (registry key): Avg7Alrt
Display name: AVG7 Alert Manager Server
Object name: LocalSystem
Image path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Image size: 330240
Image MD5: 9DBD26D7D7967D918C507B1E2A93A37E
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): Avg7Core
Display name: AVG7 Kernel
Image path: \SystemRoot\System32\Drivers\avg7core.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Avg7RsNT
Display name: AVG7 Resident Driver NT
Image path: \SystemRoot\System32\Drivers\avg7rsnt.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Avg7RsW
Display name: AVG7 Wrap Driver
Image path: \SystemRoot\System32\Drivers\avg7rsw.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Avg7UpdSvc
Display name: AVG7 Update Service
Object name: LocalSystem
Image path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Image size: 84480
Image MD5: 62E6B23B906B213836470740FE449B43
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): AvgTdi
Display name: AVG Network Redirector
Image path: \??\C:\WINNT\System32\Drivers\avgtdi.sys
Image size: 4704
Image MD5: 065684F105712B71F8FA7A1FD5133252
Start: 2
Type: 1
Error Control: 1

Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1

Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Transfers files in the background using idle network bandwidth. If the service is disabled, then any functions that depend on BITS, such as Windows Update or MSN Explorer will be unable to automatically download programs and other information.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k BITSgroup
Image size: 7952
Image MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
Start: 2
Type: 32
Error Control: 1
Depends On services: Rpcss,SENS,Wmi

Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an up-to-date list of computers on your network and supplies the list to programs that request it.
Object name: LocalSystem
Image path: %SystemRoot%\System32\services.exe
Image size: 92944
Image MD5: B861B4E6E9637EB76A40C10C552E0229
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): BusLogic
Start: 4
Type: 1
Error Control: 1

Service (registry key): cd20xrnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): Cdaudio
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): Cdrom
Display name: CD-ROM Driver
Image path: System32\DRIVERS\cdrom.sys
Image size: 27984
Image MD5: 4B86A90A7F0095D514D22A9083826488
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): Changer
Start: 1
Type: 1
Error Control: 0

Service (registry key): cisvc
Display name: Indexing Service
Object name: LocalSystem
Image path: C:\WINNT\System32\cisvc.exe
Image size: 5392
Image MD5: 2830A2C82270F387265DFA658656EB99
Start: 3
Type: 288
Error Control: 1
Depends On services: RPCSS

Service (registry key): ClipSrv
Display name: ClipBook
Description: Supports ClipBook Viewer, which allows pages to be seen by remote ClipBooks.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 31504
Image MD5: 804212B6B82354CF4F0C2D567575688A
Start: 3
Type: 16
Error Control: 1
Depends On services: NetDDE

Service (registry key): ContentFilter
Start: 0
Type: 0
Error Control: 0

Service (registry key): ContentIndex
Start: 0
Type: 0
Error Control: 0

Service (registry key): Cpqarray
Start: 4
Type: 1
Error Control: 1

Service (registry key): cpqarry2
Start: 4
Type: 1
Error Control: 1

Service (registry key): cpqfcalm
Start: 4
Type: 1
Error Control: 1

Service (registry key): cpqfws2e
Start: 4
Type: 1
Error Control: 1

Service (registry key): dac960nt
Start: 4
Type: 1
Error Control: 1

Service (registry key): deckzpsx
Start: 4
Type: 1
Error Control: 1

Service (registry key): Dhcp
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\System32\services.exe
Image size: 92944
Image MD5: B861B4E6E9637EB76A40C10C552E0229
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT

Service (registry key): Disk
Display name: Disk Driver
Image path: System32\DRIVERS\disk.sys
Image size: 30768
Image MD5: 322B9A3774DBF119F6635A476B0EB058
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): Diskperf
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmadmin
Display name: Logical Disk Manager Administrative Service
Description: Administrative service for disk management requests
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 147728
Image MD5: 7B080C0AC30884E981221342DA197C1E
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer

Service (registry key): dmboot
Image path: System32\drivers\dmboot.sys
Image size: 369104
Image MD5: 0B91C63540682BC3C826FC6D8B3ECB7B
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmio
Display name: Logical Disk Manager Driver
Image path: System32\drivers\dmio.sys
Image size: 137936
Image MD5: 6B35BFDBDBC247113852F18BF0F10E3C
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmload
Image path: System32\drivers\dmload.sys
Image size: 7312
Image MD5: 3F1701FFA97AB012685ABC8A2D6FCE22
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmserver
Display name: Logical Disk Manager
Description: Logical Disk Manager Watchdog Service
Object name: LocalSystem
Image path: %SystemRoot%\System32\services.exe
Image size: 92944
Image MD5: B861B4E6E9637EB76A40C10C552E0229
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): DMusic
Display name: Microsoft DirectMusic SW Synth (WDM)
Image path: system32\drivers\DMusic.sys
Image size: 51152
Image MD5: 3431984234B5988D4C09F043CF4CD779
Start: 3
Type: 1
Error Control: 1

Service (registry key): Dnscache
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names.
Object name: LocalSystem
Image path: %SystemRoot%\System32\services.exe
Image size: 92944
Image MD5: B861B4E6E9637EB76A40C10C552E0229
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip

Service (registry key): EFS
Start: 4
Type: 2
Error Control: 1

Service (registry key): EL90BC
Display name: 3Com EtherLink XL B/C Adapter Driver
Image path: System32\DRIVERS\el90xbc5.sys
Image size: 71728
Image MD5: 915383101FBE3C56066F4061BE723B0C
Start: 3
Type: 1
Error Control: 1

Service (registry key): EL90Xbc
Display name: 3Com 3C90X-BC Family PCI EtherLink Adapter
Image path: System32\DRIVERS\el90Xbc5.SYS
Image size: 71728
Image MD5: 915383101FBE3C56066F4061BE723B0C
Start: 3
Type: 1
Error Control: 1

Service (registry key): Eventlog
Display name: Event Log
Description: Logs event messages issued by programs and Windows. Event Log reports contain information that can be useful in diagnosing problems. Reports are viewed in Event Viewer.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 92944
Image MD5: B861B4E6E9637EB76A40C10C552E0229
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Display name: COM+ Event System
Description: Provides automatic distribution of events to subscribing COM components.
Object name: LocalSystem
Image path: C:\WINNT\System32\svchost.exe -k netsvcs
Image size: 7952
Image MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): ewido security suite control
Display name: ewido security suite control
Object name: LocalSystem
Image path: C:\Program Files\ewido\security suite\ewidoctrl.exe
Image size: 16448
Image MD5: 867D9D1FA818F8629BB7A4A26E94B06A
Start: 2
Type: 272
Error Control: 0

Service (registry key): ewido security suite driver
Display name: ewido security suite driver
Image path: \??\C:\Program Files\ewido\security suite\guard.sys
Imag
  • 0

#9
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please do NOT give me any logs unless I ask for them. As you can see Spybot takes up a lot of space here and most of it is useless to us.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. While in the Registry Editor, navigate to:

HKEY_USERS\S-1-5-21-1406758573-1777871762-1867264134-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ and delete [bleep]-[bleep].org\

If any of the above registry keys are giving you problems deleting, right click on them and click on Permissions. Then click on the Advanced button. Make sure the first box (Inherit from parent...) is checked. Click OK and OK. Then try deleting the entry again. Once you're done, close the Registry Editor.

Restart. How is it running now?
  • 0

#10
twohi24by

twohi24by

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
That seems to have done the trick. Much thanks...I got your paypal link :tazz:
  • 0

#11
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP