Thread: Multiple pieces of Malware/Adware/Spyware...
View Single Post
Old 01-05-2006, 02:52 PM   #5 (permalink)
Ei8htBall1989
Registered User
 
Join Date: Jan 2006
Posts: 15
OS: Windows XP Professional


I successfully disabled TeaTimer.

There was no problem deleting the folder in the registry.

There was no problem deleting the tasks.

LSPFix worked fine.

HJT found all 4 keys, and successfully fixed them.

I found C:\WINDOWS\SYSTEM32\saie_gdf.dat and deleted that (there was also a saie_kyf.dat (8,607k), but I left that alone)
I found and deleted the [empty] C:\PROGRAM FILES\dialers folder.
I found and deleted the C:\PROGRAM FILES\COMMON FILES\Totem Shared folder.
I found and deleted the [empty] C:\Documents and Settings\Administrator\Application Data\Memo Each Face folder.
I found and deleted the [empty] C:\Documents and Settings\Elizabeth Shepherd\Application Data\Stop meta folder.
I found and deleted the [empty] C:\Documents and Settings\Elizabeth Shepherd\Application Data\Memo Each Face folder.
I found and deleted the [empty] C:\Documents and Settings\Pam Shepherd\Application Data\Memo Each Face folder.
I found and deleted the [empty] C:\Documents and Settings\Zach Shepherd\Application Data\Stop meta folder.
I found and deleted the C:\Documents and Settings\Zach Shepherd\Application Data\Memo Each Face folder.

--Zach

-- Kaspersky --

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, January 05, 2006 16:44:41
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 5/01/2006
Kaspersky Anti-Virus database records: 159033
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 170883
Number of viruses found: 12
Number of infected objects: 74
Number of suspicious objects: 0
Duration of the scan process: 8248 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Zach Shepherd\Desktop\not used alot\Adobe_PageMaker_v7.0_Keygen_by_Noutek_Systems\KeyGen.exe Infected: Backdoor.Win32.Rbot.amm
C:\Documents and Settings\Zach Shepherd\Desktop\not used alot\Adobe_PageMaker_v7.0_Keygen_by_Noutek_Systems.zip/KeyGen.exe Infected: Backdoor.Win32.Rbot.amm
C:\Documents and Settings\Zach Shepherd\Desktop\not used alot\Adobe_PageMaker_v7.0_Keygen_by_Noutek_Systems.zip Infected: Backdoor.Win32.Rbot.amm
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Deleted Items.dbx/[From PayPal Security Department <service@paypal.com>][Date Tue, 02 Aug 2005 05:09:00 -0200]/UNNAMED/html Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Deleted Items.dbx/[From PayPal Security Department <service@paypal.com>][Date Tue, 02 Aug 2005 05:09:00 -0200]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Deleted Items.dbx/[From PayPal Security Department <service@paypal.com>][Date Tue, 02 Aug 2005 05:34:42 -0700]/UNNAMED/html Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Deleted Items.dbx/[From PayPal Security Department <service@paypal.com>][Date Tue, 02 Aug 2005 05:34:42 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Deleted Items.dbx/[From PayPal Security Service <service@paypal.com>][Date Wed, 03 Aug 2005 00:44:17 +0300]/UNNAMED/html Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Deleted Items.dbx/[From PayPal Security Service <service@paypal.com>][Date Wed, 03 Aug 2005 00:44:17 +0300]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Deleted Items.dbx/[From Bernardo Reyna <breyna_ed@estee-lauder.co.uk>][Date Thu, 04 Aug 2005 15:15:06 +0000]/html Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Deleted Items.dbx/[From PayPal Security Department <service@paypal.com>][Date Fri, 05 Aug 2005 19:58:37 +0300]/UNNAMED/html Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Deleted Items.dbx/[From PayPal Security Department <service@paypal.com>][Date Fri, 05 Aug 2005 19:58:37 +0300]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Deleted Items.dbx/[From PayPal Security Department <aeijp@verizon.net>][Date Fri, 05 Aug 2005 21:49:16 +0200]/UNNAMED/html Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Deleted Items.dbx/[From PayPal Security Department <aeijp@verizon.net>][Date Fri, 05 Aug 2005 21:49:16 +0200]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Deleted Items.dbx/[From PayPal Security Department <service@paypal.com>][Date Sat, 06 Aug 2005 16:19:55 +0200]/UNNAMED/html Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Deleted Items.dbx/[From PayPal Security Department <service@paypal.com>][Date Sat, 06 Aug 2005 16:19:55 +0200]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Inbox.dbx/[From PayPal <service@paypal.com>][Date Fri, 12 Aug 2005 07:31:18 -0600]/UNNAMED/html Infected: Trojan-Spy.HTML.Paylap.dh
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Inbox.dbx/[From PayPal <service@paypal.com>][Date Fri, 12 Aug 2005 07:31:18 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.dh
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Inbox.dbx/[From PayPal <service@paypal.com>][Date Fri, 12 Aug 2005 07:31:18 -0600]/UNNAMED/html Infected: Trojan-Spy.HTML.Paylap.dh
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Inbox.dbx/[From PayPal <service@paypal.com>][Date Fri, 12 Aug 2005 07:31:18 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.dh
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Spy.HTML.Paylap.dh
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Sent Items.dbx/[From "Zach Shepherd" <zsheph65@twcny.rr.com>][Date Sun, 9 Feb 2003 12:13:36 -0500]/UNNAMED/inst_Ally/bsdhooks.dll Infected: Trojan-Spy.Win32.Perfloger.w
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Sent Items.dbx/[From "Zach Shepherd" <zsheph65@twcny.rr.com>][Date Sun, 9 Feb 2003 12:13:36 -0500]/UNNAMED/inst_Ally/web.dll Infected: Trojan-Spy.Win32.Perfloger.w
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Sent Items.dbx/[From "Zach Shepherd" <zsheph65@twcny.rr.com>][Date Sun, 9 Feb 2003 12:13:36 -0500]/UNNAMED/inst_Ally/bpk.exe Infected: Trojan-Spy.Win32.Perfloger.w
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Sent Items.dbx/[From "Zach Shepherd" <zsheph65@twcny.rr.com>][Date Sun, 9 Feb 2003 12:13:36 -0500]/UNNAMED/inst_Ally/rinst.exe Infected: Trojan-Spy.Win32.Perfloger.w
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Sent Items.dbx/[From "Zach Shepherd" <zsheph65@twcny.rr.com>][Date Sun, 9 Feb 2003 12:13:36 -0500]/UNNAMED/inst_Ally Infected: Trojan-Spy.Win32.Perfloger.w
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Sent Items.dbx/[From "Zach Shepherd" <zsheph65@twcny.rr.com>][Date Sun, 9 Feb 2003 12:13:36 -0500]/UNNAMED Infected: Trojan-Spy.Win32.Perfloger.w
C:\Documents and Settings\Zach Shepherd\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Sent Items.dbx Infected: Trojan-Spy.Win32.Perfloger.w
C:\Documents and Settings\Zach Shepherd\My Documents\SC stuff\editors\inst_Ally Alert 30.exe/bsdhooks.dll Infected: Trojan-Spy.Win32.Perfloger.w
C:\Documents and Settings\Zach Shepherd\My Documents\SC stuff\editors\inst_Ally Alert 30.exe/web.dll Infected: Trojan-Spy.Win32.Perfloger.w
C:\Documents and Settings\Zach Shepherd\My Documents\SC stuff\editors\inst_Ally Alert 30.exe/bpk.exe Infected: Trojan-Spy.Win32.Perfloger.w
C:\Documents and Settings\Zach Shepherd\My Documents\SC stuff\editors\inst_Ally Alert 30.exe/rinst.exe Infected: Trojan-Spy.Win32.Perfloger.w
C:\Documents and Settings\Zach Shepherd\My Documents\SC stuff\editors\inst_Ally Alert 30.exe Infected: Trojan-Spy.Win32.Perfloger.w
C:\Program Files\Diablo II\Incoming files\master.zip/MU.DLL Infected: Backdoor.Win32.Rbot.amm
C:\Program Files\Diablo II\Incoming files\master.zip/D2master.exe Infected: Backdoor.Win32.Rbot.amm
C:\Program Files\Diablo II\Incoming files\master.zip Infected: Backdoor.Win32.Rbot.amm
C:\Program Files\Diablo II\master\D2master.exe Infected: Backdoor.Win32.Rbot.amm
C:\Program Files\Diablo II\master\MU.DLL Infected: Backdoor.Win32.Rbot.amm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0E0E30B0.exe Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0E115AAD.exe Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0E3C7C7E.exe Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0E3F267A.exe Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0E5D205A.exe Infected: Trojan-Downloader.Win32.Swizzor.dv
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0ED916D4.exe Infected: Trojan-Downloader.Win32.Swizzor.dv
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0F89370F.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0F8C610C.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\10D864FA.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\14A7128C.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1BC86488.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1CCE1700.exe Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1DFA7D64.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27F85CF7.exe Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4244448E.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4244448E.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4244448E.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4244448E.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\47126AAF.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4A8F65C0.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4A8F65C0.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4A8F65C0.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4A8F65C0.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55F4715C Infected: Backdoor.Win32.SdBot.xd
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55F81B58.com Infected: Backdoor.Win32.SdBot.xd
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6A2A14B2.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6DC13AF6.exe Infected: Trojan-Downloader.Win32.Swizzor.ca
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\75BA50B1.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP124\A0017863.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP124\A0017864.exe Infected: Trojan-Downloader.Win32.Swizzor.dv
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP124\A0017865.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP159\A0019972.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP159\A0019975.exe Infected: Trojan-Downloader.Win32.Swizzor.dv
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP159\A0019985.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP159\A0019986.exe Infected: Trojan-Downloader.Win32.Swizzor.co

Scan process completed.

---------------
----- HJT -----

Logfile of HijackThis v1.99.1
Scan saved at 4:48:58 PM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [DesktopX] C:\Program Files\Object Desktop\WinStyles\DesktopX.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Object Desktop\ObjectBar\ObjectBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Refresh.lnk = C:\Program Files\Iomega\Tools_NT\refresh.exe
O4 - Global Startup: Splash.lnk = C:\Program Files\Iomega\Tools_NT\splash.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AOL IM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.com/teleport/unleashed/LOT/MaxisUnleashedLotTeleX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: IomegaAccess - Iomega Corporation - C:\Program Files\Iomega\Tools_NT\iomegaaccess.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ZipToA - Unknown owner - C:\WINDOWS\System32\ZipToA.exe

---------------
-- Uninstall --

Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 5.0
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe InDesign CS Time Limited Trial
Adobe PageMaker 7.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
Adobe Reader for Pocket PC 2.0
AIM+ (remove only)
All Mobile Casino (remove only)
AltoMP3 Maker 3.20
American Greetings CreataCard Select 6
AOL Instant Messenger
AutoREALM Version 1.20a
Battle.net Buddy Monitor
BF Mines (remove only)
BitTornado 0.3.7
BitTorrent 3.3
Bounce!
CAD 3D
Carmen Sandiego Math Detective
CC_ccProxyExt
CC2-Pro
CC2-Pro Demo
ccCommon
ccPxyCore
CD to MP3 Maker 1.21
Cheating-Death 4.17.1
Classic PhoneTools
CleanUp!
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
D&D Character Generator Demo
Dell Modem-On-Hold
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support
Dell Support 5.0.0 (766)
Dell TM WLAN Card
Digital Line Detect
Easy CD Creator 5 Basic
Elastic Software Favorite Card Games 2
FastCAD
FastCAD Demo
Faster Tools
Half-Life
Half-Life: Blue Shift
Half-Life: Counter-Strike
Half-Life: Opposing Force
HijackThis 1.99.1
HLSW v1.0.0.44
Hoyle Board Games 5
Hoyle Card Games 4
Hoyle Word Games 3
IconPackager
ICQ
Inside the SAT '97 Edition
Intel RSX 3D
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
InterActual Player
IomegaWare for Windows NT
J2SE Runtime Environment 5.0 Update 1
Java 2 Runtime Environment Standard Edition v1.3.1_01
Kaspersky On-line Scanner
K-Lite Codec Pack 2.34 Full
Lavasoft VX2 Cleaner
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia FreeHand 10
Media Library Management Wizard
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.1
Microsoft ActiveSync 3.7
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Office 97, Professional Edition
Microsoft Outlook 2002
Microsoft Picture It! Photo 2002
Microsoft Streets and Trips 2002
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft® Measurement Smart Tag Converter
Modem Helper
Monopoly
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (1.0.7)
MS F1 the Office Assistant (Remove only)
MSN Messenger 6.0
MSRedist
MSRedist
MUSICMATCH Jukebox
MUSTEK 1200 CU v2.0a
Network Play System (Patching)
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Password Manager
Norton Password Manager (Symantec Corporation)
Norton WMI Update
Norton WMI Update
Norton WMI Update
NPM_DRM_COLLECTION
NVIDIA Display Driver
NVIDIA Drivers
Paint Shop Pro 7
Panda ActiveScan
Patiences
Personal License Update Wizard for Windows Media Player
Plus! MP3 Audio Converter LE
PowerDVD
Project: Guilty Mission 1 v1.1
QuickTime
Radio@Netscape
RealPlayer
Roll
Salt Lake 2002
Scrabble
Secure Delivery
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Shockwave
Sid Meier's SimGolf
SideWinder Game Pad Pro
Sierra Utilities
Solitaire Master 3
Sound Blaster Live! Value
SPBBC
Spybot - Search & Destroy 1.4
Starcraft
StarCraft X-tra Editor Version 2.5
StarDraft Setup
Steam
SureThing CD Labeler - First Edition
Sven Co-op 3.0
Symantec Script Blocking Installer
SymNet
TeamSpeak 2 RC2
The Game Of Life
The Sims 2
The Sims Unleashed
Theme Generator
Theme Manager
ThemeManager
thirdedition
TI Connect(TM) 1.3
TI-Black Link
TI-Graph Link 83 Plus
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Ventrilo
Video Professor
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Vorwerk&Stengel RealCalculator 1.3.1 Freeware
WeatherBug
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Bonus Pack for Windows XP
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinStyles
Xfire (remove only)

---------------
Ei8htBall1989 is offline