Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

pop up malware?

Started by mkh , Nov 05 2005 05:50 PM

  • Please log in to reply

#1
mkh
Posted 05 November 2005 - 05:50 PM

mkh

    New Member

  • Member
  • Pip
  • 2 posts
I have a horrible malware (?) program on my pc which creates pop ups every minute or more.. they appear to start from a site c.azjmp.something and often steal my search terms from google.com or whatever. I have run a thousand free removal tools without any luck. Can anyone help? Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 7:33:42 PM, on 11/5/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\ArcGIS\ArcIMS\Server\bin\aimsserver.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\apache\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Documents and Settings\Administrator.NWHC276\Desktop\HijackThis.exe
C:\WINNT\System32\svchost.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\apache\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://gswimdnm02.e...gov/iNotes6.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://usgs.webex.c...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EF26692-5A4F-42D4-BDD7-EE3519D698EA}: NameServer = 130.11.48.2,136.177.16.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = er.usgs.gov,cr.usgs.gov,wr.usgs.gov
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = er.usgs.gov,cr.usgs.gov,wr.usgs.gov
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = er.usgs.gov,cr.usgs.gov,wr.usgs.gov
O20 - Winlogon Notify: Uninstall - C:\WINNT\system32\e6jmlg1116.dll
O23 - Service: Apache2 - Unknown owner - C:\apache\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: ArcIMS Application Server 9.1 - Unknown owner - C:\Program Files\ArcGIS\ArcIMS\AppServer\Aims_appserver.exe
O23 - Service: ArcIMS Monitor 9.1 - Unknown owner - C:\Program Files\ArcGIS\ArcIMS\server\monitor\AIMS_Monitor.exe
O23 - Service: ArcIMS Tasker 9.1 - Unknown owner - C:\Program Files\ArcGIS\ArcIMS\AppServer\tasker\AIMS_Tasker.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ArcSde Service(esri_sde) (esri_sde) - Environmental Systems Research Institute, Inc. - C:\ArcGIS\ArcSDE\sqlexe\bin\giomgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Tomcat5028\bin\tomcat5.exe




Here is alog from CWShredder
**** Run Keys ****

RUN: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
RUN: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
RUN: [Spyware Begone] c:\freescan\freescan.exe -FastScan


**** Browser Helper Objects ****



**** IE Toolbars ****



**** IE Extensions ****

IEExt: [Web Browser Applet Control] C:\WINNT\system32\msjava.dll


**** Hosts File Entries ****

HOSTS: 127.0.0.1 www.isearch.com
HOSTS: 127.0.0.1 isearch.com
HOSTS: 127.0.0.1 www.idownload.com
HOSTS: 127.0.0.1 idownload.com
HOSTS: 127.0.0.1 www.websearch.com
HOSTS: 127.0.0.1 websearch.com
HOSTS: 127.0.0.1 www.clkoptimizer.com
HOSTS: 127.0.0.1 www.page-not-found.net
HOSTS: 127.0.0.1 page-not-found.net
HOSTS: 127.0.0.1 www.mytotalsearch.com
HOSTS: 127.0.0.1 mytotalsearch.com
HOSTS: 127.0.0.1 www.lop.com
HOSTS: 127.0.0.1 lop.com
HOSTS: 127.0.0.1 xads.offeroptimizer.comm
HOSTS: 127.0.0.1 search.offeroptimizer.com
HOSTS: 127.0.0.1 ximages.offeroptimizer.com
HOSTS: 127.0.0.1 xlime.offeroptimizer.com
HOSTS: 127.0.0.1 code.ignphrases.com
HOSTS: 127.0.0.1 xadsj-o.offeroptimizer.com
HOSTS: 127.0.0.1 xadsj.offeroptimizer.com
HOSTS: 127.0.0.1 www.offeroptimizer.com
HOSTS: 127.0.0.1 as.adwave.com
HOSTS: 127.0.0.1 sr.adwave.com
HOSTS: 127.0.0.1 clear-search.com
HOSTS: 127.0.0.1 www.adwave.com
HOSTS: 127.0.0.1 adwave.com EVENT:HOST:127.0.0.1
HOSTS: 127.0.0.1 www.pacimedia.com
HOSTS: 127.0.0.1 www.clrsch.com
HOSTS: 127.0.0.1 clr-sch.com
HOSTS: 127.0.0.1 sds-qckads.com
HOSTS: 127.0.0.1 www.igetnet.com
HOSTS: 127.0.0.1 r1.clrsch.com
HOSTS: 127.0.0.1 sds.clrsch.com
HOSTS: 127.0.0.1 status.qckads.com
HOSTS: 127.0.0.1 www.qoolaid.com
HOSTS: 127.0.0.1 www.qoologic.com
HOSTS: 127.0.0.1 www.isearchhere.com
HOSTS: 127.0.0.1 isearchhere.com
HOSTS: 127.0.0.1 status.clrsch.com
HOSTS: 127.0.0.1 www.CLKPrecision.com
HOSTS: 127.0.0.1 www.urllogic.com
HOSTS: 127.0.0.1 www.urllogic.com


**** IE Settings ****

Default Page: http://www.microsoft...er=6&ar=msnhome
Default Search: http://www.microsoft...=ie&ar=iesearch
Local Page: C:\WINNT\system32\blank.htm


**** IE Context Menu (Right click) ****



**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{19FC99A2-2EE1-44DC-ACD5-142AA3266B8E}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{19FC99A2-2EE1-44DC-ACD5-142AA3266B8E}] DATAGRAM 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{715C5D8D-1B72-4751-8BA9-DA9FD0A2833C}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{715C5D8D-1B72-4751-8BA9-DA9FD0A2833C}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0D0852D2-EB75-45DA-B3FE-8385468DF988}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0D0852D2-EB75-45DA-B3FE-8385468DF988}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3EF26692-5A4F-42D4-BDD7-EE3519D698EA}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3EF26692-5A4F-42D4-BDD7-EE3519D698EA}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9F357AC0-19D7-4455-8BEE-1C9C73570F55}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9F357AC0-19D7-4455-8BEE-1C9C73570F55}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{28AF9FB7-9A88-466D-9D5D-0F9F2575D8CC}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{28AF9FB7-9A88-466D-9D5D-0F9F2575D8CC}] DATAGRAM 2


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

DirectAnimation Java Classes [file://C:\WINNT\Java\classes\dajava.cab]
Microsoft XML Parser for Java [file://C:\WINNT\Java\classes\xmldso.cab]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [http://www.apple.com...x/qtplugin.cab]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} [http://www.kaspersky...an_unicode.cab]
{17492023-C23A-453E-A040-C7C580BBF700} [http://go.microsoft..../?linkid=39204] C:\WINNT\system32\GWFSPidGen.DLL C:\WINNT\system32\LegitCheckControl.DLL
{33564D57-0000-0010-8000-00AA00389B71} [http://download.micr...22/wmv9VCM.CAB]
{3BFFE033-BF43-11D5-A271-00A024A51325} [https://gswimdnm02.e...ov/iNotes6.cab]
{4B48D5DF-9021-45F7-A240-60304302A215} [http://download.micr...WebCleaner.cab]
{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/...ndows-i586.cab]
{9F1C11AA-197B-4942-BA54-47A8489BB47F} [http://v4.windowsupd...273.4799652778]
{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} [http://java.sun.com/...ndows-i586.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://fpdownload.ma...sh/swflash.cab]
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [https://usgs.webex.c...ex/ieatgpc.cab]


**** Windows Services ****

[Alerter] %SystemRoot%\System32\services.exe
[Apache2] "C:\apache\Apache2\bin\Apache.exe" -k runservice
[AppMgmt] %SystemRoot%\system32\services.exe
[ArcIMS Application Server 9.1] C:\Program Files\ArcGIS\ArcIMS\AppServer\Aims_appserver.exe
[ArcIMS Monitor 9.1] C:\Program Files\ArcGIS\ArcIMS\server\monitor\AIMS_Monitor.exe
[ArcIMS Tasker 9.1] C:\Program Files\ArcGIS\ArcIMS\AppServer\tasker\AIMS_Tasker.exe
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[Ati HotKey Poller] %SystemRoot%\System32\Ati2evxx.exe
[BITS] %SystemRoot%\System32\svchost.exe -k BITSgroup
[Browser] %SystemRoot%\System32\services.exe
[cisvc] C:\WINNT\System32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[DefWatch] "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
[Dfs] %SystemRoot%\system32\Dfssvc.exe
[Dhcp] %SystemRoot%\System32\services.exe
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\services.exe
[Dnscache] %SystemRoot%\System32\services.exe
[esri_sde] C:\ArcGIS\ArcSDE\sqlexe\bin\giomgr.exe
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINNT\System32\svchost.exe -k netsvcs
[Fax] %systemroot%\system32\faxsvc.exe
[IDriverT] "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
[iPodService] C:\Program Files\iPod\bin\iPodService.exe
[IsmServ] %SystemRoot%\System32\ismserv.exe
[kdc] %SystemRoot%\System32\lsass.exe
[lanmanserver] %SystemRoot%\System32\services.exe
[lanmanworkstation] %SystemRoot%\System32\services.exe
[LicenseService] %SystemRoot%\System32\llssrv.exe
[LmHosts] %SystemRoot%\System32\services.exe
[Macromedia Licensing Service] "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"
[Messenger] %SystemRoot%\System32\services.exe
[mnmsrvc] C:\WINNT\System32\mnmsrvc.exe
[MSDTC] C:\WINNT\System32\msdtc.exe
[MSIServer] C:\WINNT\system32\msiexec.exe /V
[MSSEARCH] "C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"
[MSSQLSERVER] C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
[MSSQLServerADHelper] C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtFrs] %SystemRoot%\system32\ntfrs.exe
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\services.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\regsvc.exe
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe -s
[SamSs] %SystemRoot%\system32\lsass.exe
[SavRoam] "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
[SCardDrv] %SystemRoot%\System32\SCardSvr.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\system32\MSTask.exe
[seclogon] %SystemRoot%\system32\services.exe
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[SQLSERVERAGENT] C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe
[Symantec AntiVirus] "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k tapisrv
[TermService] %SystemRoot%\System32\termsrv.exe
[TlntSvr] %SystemRoot%\system32\tlntsvr.exe
[Tomcat5] C:\Tomcat5028\bin\tomcat5.exe //RS//Tomcat5
[TrkSvr] %SystemRoot%\system32\services.exe
[TrkWks] %SystemRoot%\system32\services.exe
[UPS] %SystemRoot%\System32\ups.exe
[UtilMan] %SystemRoot%\System32\UtilMan.exe
[W32Time] %SystemRoot%\System32\services.exe
[WinMgmt] %SystemRoot%\System32\WBEM\WinMgmt.exe
[WLTRYSVC] %SystemRoot%\System32\wltrysvc.exe %SystemRoot%\System32\bcmwltry.exe
[WMDM PMSP Service] C:\WINNT\system32\mspmspsv.exe
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[Wmi] %SystemRoot%\system32\Services.exe
[wuauserv] %systemroot%\system32\svchost.exe -k wugroup
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[spupdsvc] C:\WINNT\system32\spupdsvc.exe


**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://ie.search.msn...st/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn...st/srchcust.htm


**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINNT\system32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] about:blank
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Q261272] yes
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [Use FormSuggest] no
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] yes
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [FormSuggest PW Ask] no
IEOPT: [AddToFavoritesExpanded]
IEOPT: [Use Custom Search URL]
IEOPT: [AutoSearch]
IEOPT: [Expand Alt Text] no
IEOPT: [Move System Caret] no
IEOPT: [NscSingleExpand]
IEOPT: [NoWebJITSetup]
IEOPT: [Page_Transitions]
IEOPT: [FavIntelliMenus] no
IEOPT: [Enable Browser Extensions] no
IEOPT: [Force Offscreen Composition]
IEOPT: [AllowWindowReuse]
IEOPT: [Friendly http errors] yes
IEOPT: [ShowGoButton] yes
IEOPT: [SmoothScroll]
IEOPT: [Enable AutoImageResize] yes
IEOPT: [Enable_MyPics_Hoverbar] yes
IEOPT: [Play_Animations] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Display Inline Videos] yes
IEOPT: [Show image placeholders]
IEOPT: [Print_Background] no
IEOPT: [Check_Associations] no
IEOPT: [Default_Page_URL] http://www.microsoft...er=6&ar=msnhome
IEOPT: [Default_Search_URL] http://www.microsoft...=ie&ar=iesearch
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] C:\WINNT\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] about:blank
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.00.2800.1106
IEOPT: [FullScreen] no
IEOPT: [Check_Associations] no

From Spybot

--- Search result list ---
NicTechNetworks.Zestyfind: Executable (File, fixed)
C:\WINNT\iconu.exe


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-10-22 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-10-28 Includes\Cookies.sbi (*)
2005-10-28 Includes\Dialer.sbi (*)
2005-10-28 Includes\Hijackers.sbi (*)
2005-10-28 Includes\Keyloggers.sbi (*)
2005-10-28 Includes\Malware.sbi (*)
2005-10-28 Includes\PUPS.sbi (*)
2005-10-28 Includes\Revision.sbi (*)
2005-10-28 Includes\Security.sbi (*)
2005-10-28 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-10-28 Includes\Trojans.sbi (*)



--- System information ---
Windows 2000 (Build: 2195) Service Pack 4
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB834707
/ Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB867282
/ Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB883939
/ Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB889293
/ Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB890923
/ Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB896688
/ Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB896727
/ Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB905495
/ MSXML4: Patch Available For XMLHTTP Vulnerability
/ Outlook Express 6 / SP1: Windows 2000 Hotfix - KB897715
/ Windows 2000 / SP4: Windows 2000 Service Pack 4
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB820888
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB822831
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB823182
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB823559
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB824105
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB825119
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB826232
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB828035
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB828741
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB828749
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB835732
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB837001
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB839643
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB839645
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB840315
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB840987
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841356
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841533
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841872
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841873
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB842526
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB842773
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB871250
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB873333
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB873339
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB883935
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB885250
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB885834
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB885835
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB885836
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB888113
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB890046
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB890047
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB890175
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB890859
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB891711
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB891781
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB893066
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB893086
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB893756
/ Windows 2000 / SP5: Windows Installer 3.1 (KB893803)
/ Windows 2000 / SP5: Windows Installer 3.1 (KB893803)
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB894320
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB896358
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB896422
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB896423
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB899587
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB899588
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB899589
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB899591
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB900725
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB901017
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB901214
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB902400
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB904368
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB904706
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB905414
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB905749
/ Windows 2000 / SP5: Update Rollup 1 for Windows 2000 SP4
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player 9 / SP0: Windows Media Player 9 Hotfix [See KB885492 for more information]


--- Startup entries list ---
Located: HK_LM:Run, gcasServ
command: "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
file: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 473928
MD5: 263740ede788a60a6c0a47249fc410bf

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 155648
MD5: d772c357e47a6817ac3b73f2426b3c10

Located: HK_LM:Run, vptray
command: C:\PROGRA~1\SYMANT~2\VPTray.exe
file: C:\PROGRA~1\SYMANT~2\VPTray.exe
size: 124232
MD5: 46af9457ff9d22a5832490c546169363

Located: HK_CU:Run, Spyware Begone
command: c:\freescan\freescan.exe -FastScan
file:

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Startup (common), Monitor Apache Servers.lnk
command: C:\apache\Apache2\bin\ApacheMonitor.exe
file: C:\apache\Apache2\bin\ApacheMonitor.exe
size: 41042
MD5: 33ba43c2aa5272bc54fe40c1c3cea16a

Located: Startup (common), Service Manager.lnk
command: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
file: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
size: 69632
MD5: 978294640062c57482bf2b65a342c266

Located: WinLogon, StillImage
command: C:\WINNT\system32\i8loli3318.dll
file: C:\WINNT\system32\i8loli3318.dll
size: 0
MD5: d41d8cd98f00b204e9800998ecf8427e ???



--- Browser helper object list ---


--- ActiveX list ---
{3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class)
DPF name:
CLSID name: iNotes6 Class
Installer: C:\WINNT\Downloaded Program Files\inotes6.inf
Codebase: https://gswimdnm02.e...gov/iNotes6.cab
Path: C:\WINNT\Downloaded Program Files\
Long name: inotes6.dll
Short name:
Date (created): 3/12/2004 9:08:36 AM
Date (last access): 11/5/2005 6:23:04 PM
Date (last write): 3/12/2004 9:08:36 AM
Filesize: 356352
Attributes: archive
MD5: B74379299FFB149E4C07EC6106FF789D
CRC32: 6938B015
Version: 6.0.31.0

{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
DPF name:
CLSID name: GpcContainer Class
Installer: C:\WINNT\Downloaded Program Files\ieatgpc.inf
Codebase: https://usgs.webex.c...bex/ieatgpc.cab
description:
classification: Open for discussion
known filename: ieatgpc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINNT\Downloaded Program Files\
Long name: ieatgpc.dll
Short name:
Date (created): 7/22/2005 10:53:32 AM
Date (last access): 11/5/2005 6:23:14 PM
Date (last write): 7/22/2005 10:53:32 AM
Filesize: 86016
Attributes: archive
MD5: 86175E8E28DF5DCE58F84A0A832F41AC
CRC32: C11F2821
Version: 2.0.0.7



--- Process list ---
PID: 0 ( 0) [System]
PID: 156 ( 8) \SystemRoot\System32\smss.exe
PID: 180 ( 156) \??\C:\WINNT\system32\winlogon.exe
PID: 232 ( 180) C:\WINNT\system32\services.exe
size: 92944
MD5: B861B4E6E9637EB76A40C10C552E0229
PID: 244 ( 180) C:\WINNT\system32\lsass.exe
size: 33552
MD5: F19D0A319AB4BF5496F08807CB9B8651
PID: 436 ( 232) C:\WINNT\system32\svchost.exe
size: 7952
MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
PID: 472 ( 232) C:\WINNT\system32\spoolsv.exe
size: 47376
MD5: FACFB75ECC070103619FA044E0B210D3
PID: 556 ( 232) C:\WINNT\System32\Ati2evxx.exe
size: 98304
MD5: 8DF468E0FDD735023ADCBFEE7625F641
PID: 576 ( 232) C:\Program Files\Symantec AntiVirus\DefWatch.exe
size: 30024
MD5: 626534AD71DAB174C4524214A9E8BB89
PID: 592 ( 232) C:\WINNT\System32\svchost.exe
size: 7952
MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
PID: 636 ( 232) C:\WINNT\System32\llssrv.exe
size: 85264
MD5: 6F8BDCBE2908CBD8E52F43DE007B2403
PID: 868 ( 232) C:\WINNT\system32\regsvc.exe
size: 68368
MD5: 250C4CE389783FA2398E3AFA4317008C
PID: 844 ( 232) C:\WINNT\system32\MSTask.exe
size: 122128
MD5: B00529EAE5D0CE97010B69CC677128C8
PID: 984 ( 232) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
size: 1267024
MD5: 825349E7566B49E583399CA821D3436A
PID: 1056 ( 232) C:\WINNT\System32\WBEM\WinMgmt.exe
size: 196706
MD5: 05B2001E1BC653FD6091E741B46F71B4
PID: 1096 ( 232) C:\WINNT\system32\mspmspsv.exe
size: 53248
MD5: AF619B3908BB1C9336FB6981609018FE
PID: 1112 ( 232) C:\WINNT\system32\svchost.exe
size: 7952
MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
PID: 1132 ( 232) C:\WINNT\system32\Dfssvc.exe
size: 90896
MD5: CC9B709C81A5E7282B97328EC7592E2F
PID: 332 ( 232) C:\WINNT\System32\msdtc.exe
size: 6928
MD5: EDC54E17CDF1811A472D518A82182449
PID: 1340 ( 232) C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
size: 73728
MD5: D02DA157E549697154010280DDAD45FD
PID: 1560 ( 232) C:\WINNT\System32\svchost.exe
size: 7952
MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
PID: 2084 ( 524) C:\Program Files\ArcGIS\ArcIMS\Server\bin\aimsserver.exe
size: 131140
MD5: C8502DC2B2A270832D4EFD5C0F9961AC
PID: 2096 ( 232) C:\WINNT\System32\svchost.exe
size: 7952
MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
PID: 1760 ( 180) C:\WINNT\system32\rundll32.exe
size: 10000
MD5: 1ED5274825CD1EEBBE102B9FF7C9EC31
PID: 1872 (1380) C:\WINNT\Explorer.EXE
size: 243472
MD5: 59CF2B7DCED9111F48F51B4B570E672D
PID: 1920 (1872) C:\PROGRA~1\SYMANT~2\VPTray.exe
size: 124232
MD5: 46AF9457FF9D22A5832490C546169363
PID: 1792 (1872) C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 473928
MD5: 263740EDE788A60A6C0A47249FC410BF
PID: 1784 (1872) C:\Program Files\QuickTime\qttask.exe
size: 155648
MD5: D772C357E47A6817AC3B73F2426B3C10
PID: 216 ( 436) C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
size: 756552
MD5: 21BD4696317A4A6383F86CDC5E026BFD
PID: 2068 (1872) C:\apache\Apache2\bin\ApacheMonitor.exe
size: 41042
MD5: 33BA43C2AA5272BC54FE40C1C3CEA16A
PID: 2248 (1872) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
size: 69632
MD5: 978294640062C57482BF2B65A342C266
PID: 2284 (1112) C:\WINNT\system32\wuauclt.exe
size: 124184
MD5: EBF1AB7E4FC05CABF2F4680D2A45F827
PID: 1860 (1872) C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
size: 824832
MD5: 1B0EDBF799B57EAD6EF68A82906C2097
PID: 2056 (1872) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 91136
MD5: EB9EAF627F705525D01DE5FA07EA1818
PID: 1832 ( 232) C:\Program Files\ewido\security suite\ewidoguard.exe
size: 163904
MD5: 13EE66A939D7C3A2ED62C967DEBD52BB
PID: 2344 ( 232) C:\Program Files\ewido\security suite\ewidoctrl.exe
size: 16448
MD5: 867D9D1FA818F8629BB7A4A26E94B06A
PID: 2412 (1768) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 1188 (1832) C:\Program Files\ewido\security suite\securitysuite.exe
size: 528448
MD5: D1BEA8EA19F7911516572D653E666CF8
PID: 8 ( 0) System
PID: 184 ( 156) CSRSS.EXE
PID: 504 ( 232) Aims_AppServer.
PID: 524 ( 232) Aims_Monitor.ex
PID: 540 ( 232) Aims_Tasker.exe
PID: 736 ( 232) sqlservr.exe


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11/5/2005 6:43:43 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINNT\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINNT\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft...er=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
WebEx (ActiveTouchMeetingClient)
uninstall cmd: C:\WINNT\DOWNLO~1\atcliun.exe

Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Apache Tomcat 5.0 (remove only) (Apache Tomcat 5.0)
uninstall cmd: "C:\Tomcat5028\Uninstall.exe"

ATI Display Driver (ATI Display Driver)
uninstall cmd: rundll32 C:\WINNT\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

(Branding)

CleanUp! (CleanUp!)
uninstall cmd: C:\Program Files\CleanUp!\uninstall.exe

(Connection Manager)

CutePDF Writer 2.3 (CutePDF Writer Installation)
uninstall cmd: C:\WINNT\system32\uninscpw.exe C:\Program Files\

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

ewido security suite (ewidosecuritysuite)
install location: C:\Program Files\ewido\security suite
uninstall cmd: C:\Program Files\ewido\security suite\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

(expinst)

(Fontcore)

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\hjt\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(IEREADME)

(InstallShield Uninstall Information)

QuickTime 7.0.3 (InstallShield_{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD})
version: 117440515
version (major): 7
estimated size: 62254
install date: 20051017
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\ADMINI~2.NWH\LOCALS~1\Temp\_is2D\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

iTunes 6.0.0.18 (InstallShield_{13616DE2-9795-4910-8C93-80D45AF09658})
version: 100663296
version (major): 6
estimated size: 30987
install date: 20051017
install location: C:\Program Files\iTunes\
install source: C:\WINNT\Downloaded Installations\{13616DE2-9795-4910-8C93-80D45AF09658}\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{13616DE2-9795-4910-8C93-80D45AF09658} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

IrfanView (remove only) (IrfanView)
uninstall cmd: C:\Program Files\IrfanView\iv_uninstall.exe

iText Toolbox (iText Toolbox)
uninstall cmd: C:\WINNT\system32\javaws.exe -uninstall "http://www.lowagie.c...ext/itext.jnlp"

Java Web Start (Java Web Start)
uninstall cmd: "C:\Program Files\Java Web Start\uninst-javaws.exe"

Kaspersky On-line Scanner 5.0.67.0 (Kaspersky On-line Scanner)
estimated size: 6040
install location: C:\WINNT\system32\KASPER~1\KASPER~1
uninstall cmd: C:\WINNT\system32\KASPER~1\KASPER~1\kavuninstall.exe
publisher: Kaspersky Lab
contact: Customer Support Department
help link: http://www.kaspersky.com/support.asp

Windows 2000 Hotfix - KB834707 20040929.091901 (KB834707-IE6SP1-20040929.091901)
uninstall cmd: C:\WINNT\$NtUninstallKB834707-IE6SP1-20040929.091901$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...om/?kbid=834707

Windows 2000 Hotfix - KB842773 (KB842773)
uninstall cmd: C:\WINNT\$NtUninstallKB842773$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=842773

Windows 2000 Hotfix - KB867282 20050127.163319 (KB867282-IE6SP1-20050127.163319)
uninstall cmd: C:\WINNT\$NtUninstallKB867282-IE6SP1-20050127.163319$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...om/?kbid=867282

Windows 2000 Hotfix - KB883935 20040826.144249 (KB883935)
uninstall cmd: C:\WINNT\$NtUninstallKB883935$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=883935

Windows 2000 Hotfix - KB883939 20050428.125228 (KB883939-IE6SP1-20050428.125228)
uninstall cmd: "C:\WINNT\$NtUninstallKB883939-IE6SP1-20050428.125228$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...om/?kbid=883939

(KB884016)

Windows Media Player 9 Hotfix [See KB885492 for more information] (KB885492)
uninstall cmd: C:\WINNT\$NtUninstallKB885492$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=885492

Windows 2000 Hotfix - KB889293 20041111.235619 (KB889293-IE6SP1-20041111.235619)
uninstall cmd: C:\WINNT\$NtUninstallKB889293-IE6SP1-20041111.235619$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...om/?kbid=889293

Windows 2000 Hotfix - KB890046 20050517.235025 (KB890046)
uninstall cmd: "C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=890046

Windows 2000 Hotfix - KB890923 20050225.103456 (KB890923-IE6SP1-20050225.103456)
uninstall cmd: "C:\WINNT\$NtUninstallKB890923-IE6SP1-20050225.103456$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...om/?kbid=890923

Windows 2000 Hotfix - KB893756 20050702.42421 (KB893756)
uninstall cmd: "C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=893756

Windows Installer 3.1 (KB893803) 3.1 (KB893803)
uninstall cmd: "C:\WINNT\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft....k/?LinkId=42467

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINNT\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft....k/?LinkId=42467

Windows 2000 Hotfix - KB894320 20050429.01037 (KB894320)
uninstall cmd: "C:\WINNT\$NtUninstallKB894320$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=894320

Windows 2000 Hotfix - KB896358 20050421.70926 (KB896358)
uninstall cmd: "C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=896358

Windows 2000 Hotfix - KB896422 20050503.23608 (KB896422)
uninstall cmd: "C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=896422

Windows 2000 Hotfix - KB896423 20050713.01536 (KB896423)
uninstall cmd: "C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=896423

Windows 2000 Hotfix - KB896688 20051004.130236 (KB896688-IE6SP1-20051004.130236)
uninstall cmd: "C:\WINNT\$NtUninstallKB896688-IE6SP1-20051004.130236$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...om/?kbid=896688

Windows 2000 Hotfix - KB896727 20050719.165959 (KB896727-IE6SP1-20050719.165959)
uninstall cmd: "C:\WINNT\$NtUninstallKB896727-IE6SP1-20050719.165959$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...om/?kbid=896727

Windows 2000 Hotfix - KB897715 20050503.210336 (KB897715-OE6SP1-20050503.210336)
uninstall cmd: "C:\WINNT\$NtUninstallKB897715-OE6SP1-20050503.210336$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...om/?kbid=897715

Windows 2000 Hotfix - KB899587 20050614.212757 (KB899587)
uninstall cmd: "C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=899587

Windows 2000 Hotfix - KB899588 20050628.234036 (KB899588)
uninstall cmd: "C:\WINNT\$NtUninstallKB899588$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=899588

Windows 2000 Hotfix - KB899589 20050822.21016 (KB899589)
uninstall cmd: "C:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=899589

Windows 2000 Hotfix - KB899591 20050629.14549 (KB899591)
uninstall cmd: "C:\WINNT\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=899591

Windows 2000 Hotfix - KB900725 20050923.34708 (KB900725)
uninstall cmd: "C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=900725

Windows 2000 Hotfix - KB901017 20050830.22150 (KB901017)
uninstall cmd: "C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=901017

Windows 2000 Hotfix - KB901214 20050629.02152 (KB901214)
uninstall cmd: "C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=901214

Windows 2000 Hotfix - KB902400 20050905.04634 (KB902400)
uninstall cmd: "C:\WINNT\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=902400

Windows 2000 Hotfix - KB904368 20050719.212549 (KB904368)
uninstall cmd: "C:\WINNT\$NtUninstallKB904368$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=904368

Windows 2000 Hotfix - KB904706 20050830.201441 (KB904706)
uninstall cmd: "C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=904706

Windows 2000 Hotfix - KB905414 20050816.13004 (KB905414)
uninstall cmd: "C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=905414

Windows 2000 Hotfix - KB905495 20050805.184113 (KB905495-IE6SP1-20050805.184113)
uninstall cmd: "C:\WINNT\$NtUninstallKB905495-IE6SP1-20050805.184113$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...om/?kbid=905495

Windows 2000 Hotfix - KB905749 20050902.21643 (KB905749)
uninstall cmd: "C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=905749

LiveReg (Symantec Corporation) 2.0.6.1314 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
publisher: Symantec Corporation

LiveUpdate 2.0 (Symantec Corporation) 2.0.39.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINNT\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

(Microsoft NetShow Player 2.0)

Microsoft SQL Server 2000 8.00.194 (Microsoft SQL Server 2000)
version (major): 8
install date: 9-15-2004
install location: C:\Program Files\Microsoft SQL Server\MSSQL
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\Microsoft SQL Server\MSSQL\Uninst.isu" -c"C:\Program Files\Microsoft SQL Server\MSSQL\sqlsun.dll" -msql.mif i=MSSQLSERVER
publisher: Microsoft
help link: http://www.microsoft.com/sql

(MobileOptionPack)

Motorola Wireless Network Adapter (Motorola Wireless Network Adapter)
uninstall cmd: C:\WINNT\system32\BCMWLU00.exe verbose

Mozilla Firefox (1.0.4) 1.0.4 (en-US) (Mozilla Firefox (1.0.4))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\WINNT\UninstallFirefox.exe /ua "1.0.4 (en-US)"
publisher: Mozilla

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(MsJavaVM)

(NetMeeting)

(OutlookExpress)

Python 2.1 (Python 2.1)
uninstall cmd: C:\Python21\\Python21\UNWISE.EXE C:\Python21\\Python21\INSTALL.LOG

Python 2.1 combined Win32 extensions (Python 2.1 combined Win32 extensions)
uninstall cmd: C:\Python21\UNWISE~1.EXE C:\Python21\w32inst.log

Windows Media Player Hotfix [See Q828026 for more information] (Q828026)
uninstall cmd: C:\WINNT\$NtUninstallQ828026$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=828026

Internet Explorer Q903235 (Q903235)
uninstall cmd: C:\WINNT\ieuninst.exe C:\WINNT\INF\Q903235.inf
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=903235

Registrar Lite 2.00 (Registrar Lite 2.00)
uninstall cmd: "C:\Program Files\Registrar Lite\unwise.exe" C:\PROGRA~1\REGIST~1\INSTALL.LOG
publisher: Resplendence Software Projects Sp.
help link: http://www.resplendence.com

ScanSpyware v3.8.0.4 (ScanSpyware_is1)
install location: C:\Program Files\ScanSpyware v3.8.0.4\
uninstall cmd: "C:\Program Files\ScanSpyware v3.8.0.4\unins000.exe"
publisher: PC Security Center, Inc.
help link: http://www.scanspyware.net

(SchedulingAgent)

(Sevinst)

Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINNT\INF\swflash.inf,DefaultUninstall,5
publisher: Macromedia
help link: http://www.macromedi...player_support/

Spybot - Search & Destroy 1.3.1 TX 1.3.1 TX (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Update Rollup 1 for Windows 2000 SP4 20050602.215753 (Update Rollup 1)
uninstall cmd: "C:\WINNT\$NtUpdateRollupPackUninstall$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=891861

Windows 2000 Service Pack 4 (Windows 2000 Service Pack)
uninstall cmd: C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe

WinZip 9.0 (6028) (WinZip)
version (major): 9
install location: C:\PROGRA~1\WINZIP\
uninstall cmd: "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
publisher: WinZip Computing, Inc.
help link: http://www.winzip.com/xsupport.htm

Macromedia Dreamweaver 8 8.0.0.2734 ({0837A661-FEC3-48B3-876C-91E7D32048A9})
version: 134217728
version (major): 8
estimated size: 150399
install date: 20051022
install location: C:\Program Files\Macromedia\Dreamweaver 8\
install source: C:\WINNT\Downloaded Installations\Macromedia Dreamweaver 8\
uninstall cmd: MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
publisher: Macromedia
comments: Language: En
help link: http://www.macromedi...mweaver/support

QuickTime 7.0.3 ({0B69DA57-BC7D-461D-B7D6-2AA9F08869CD})
version: 117440515
version (major): 7
estimated size: 62254
install date: 20051017
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\ADMINI~2.NWH\LOCALS~1\Temp\_is2D\
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

iTunes 6.0.0.18 ({13616DE2-9795-4910-8C93-80D45AF09658})
version: 100663296
version (major): 6
estimated size: 30987
install date: 20051017
install location: C:\Program Files\iTunes\
install source: C:\WINNT\Downloaded Installations\{13616DE2-9795-4910-8C93-80D45AF09658}\
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: <a href="http://www.info.apple.com/" target=

Edited by mkh, 05 November 2005 - 07:39 PM.

  • 0

Advertisements

#2
mkh
Posted 06 November 2005 - 10:14 AM

mkh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
well after not getting a response, i went through other people's forum questions pertaining to similar issues, and finally came across one where the geek mentioned downloading webroot spysweeper. this tool has removed the issue i was having, and after uninstalling spysweeper, the problem is still fixed. thanks geeks! you've helped me indirectly.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP