Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
viruswebprotect infection viruswebprotect infection
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2 >
 
Thread Tools
Old 12-26-2007, 07:16 PM   #1 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 13
OS: Widows XP pro SP2


viruswebprotect infection
Need help removing "viruswebprotect" icons and messages from my system.
Windows xp pro sp2.

Thanks
flor858 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-26-2007, 09:52 PM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,756
OS: 2000 Pro; XP Pro; XP Home


Re: viruswebprotect infection
Please follow MicroBell's 5 Step process outlined here:

http://www.techsupportforum.com/secu...tml#post342651

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-27-2007, 10:14 PM   #3 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 13
OS: Widows XP pro SP2


Re: viruswebprotect infection
Here's a paste of the "main.txt" file.
I hope this is the right place to submit this.

I am not able to attach the extra.txt file. Every time I click on the manage attachments buttons an "Error on page" icon appears on the bottom of the window.

Thanks.

Deckard's System Scanner v20071014.68
Run by Ed on 2007-12-27 19:27:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2007-12-28 03:27:56 UTC - RP422 - Deckard's System Scanner Restore Point
15: 2007-12-26 23:51:45 UTC - RP421 - System Checkpoint
14: 2007-12-17 00:32:28 UTC - RP420 - Software Distribution Service 3.0
13: 2007-12-16 22:19:16 UTC - RP419 - Software Distribution Service 3.0
12: 2007-12-16 11:00:35 UTC - RP418 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-10-07 18:29:59 UTC - RP407 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-27 19:31:11
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\WINDOWS\SYSTEM32\E_S00RP1.EXE
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\Tablet.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\SYSTEM32\DSentry.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
C:\WINDOWS\SYSTEM32\CTHELPER.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Verizon Online\SupportCenter\SmartBridge\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\ipmon32.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Common Files\AOL\1104127849\EE\aolsoftware.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexar Media Inc\USB Card Reader Driver v2.2(M)\Disk_Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\AcroTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Common Files\efax\HotTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\efax\Dllcmd32.exe
C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
C:\WINDOWS\SYSTEM32\Wtablet\TabUserW.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1104127849\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1104127849\EE\aolsoftware.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ed\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O3 - Toolbar: The leosrv - {257F0149-3042-4F1E-97A1-7602460E97EE} - C:\WINDOWS\leosrv.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104127849\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Lexar Media Inc.\USB Card Reader Driver v2.2(M)\Disk_Monitor.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R1800 on RANDEE] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P39 "Auto EPSON Stylus Photo R1800 on RANDEE" /O19 "\\RANDEE\EPSONR1800" /M "Stylus Photo R1800"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Auto EPSON Stylus Photo R1800 on Randee] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P39 "Auto EPSON Stylus Photo R1800 on Randee" /M "Stylus Photo R1800" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: HotSync Manager.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2000\Office\OSA9.EXE
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = ?
O4 - Global Startup: MonacoGamma.lnk = C:\Program Files\Monaco Systems\MonacoOPTIX 2.0\MonacoGamma.exe
O4 - Global Startup: MonacoReminder.lnk = C:\Program Files\Monaco Systems\MonacoOPTIX 2.0\Monaco Reminder.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\Wtablet\TabUserW.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - CmdMapping - (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.exe
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...6/mcinsctl.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/...16/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...35/mcfscan.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: xcvwer - {770D44BC-12B3-4C3B-8311-7FB40A8417D9} - C:\WINDOWS\xcvwer.dll
O21 - SSODL: hjoqor - {F70965EA-BC38-41FA-ACD0-D7DFE71E026E} - C:\WINDOWS\hjoqor.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\SYSTEM32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUPnPRenderer - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\SYSTEM32\Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 18831 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>

S3 ATWPKT - c:\windows\system32\drivers\atwpkt.sys <Not Verified; America Online; ATW Protocol Driver>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\linksys\printserver\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 WUSB12 (Instant Wireless Compact USB Adapter Driver) - c:\windows\system32\drivers\lswlusb.sys <Not Verified; The Linksys Group, Inc.; Instant Wireless USB Network Adapter ver.2.5>
S3 X-Rite (X-Rite USB Service) - c:\windows\system32\drivers\xrusb.sys <Not Verified; X-Rite, Inc.; X-Rite Bulk USB Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Adobe Version Cue CS2 - "c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe" -win32service <Not Verified; Adobe Systems Incorporated; Adobe Version Cue CS2>
R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>

S3 AdobeVersionCue - c:\program files\adobe\adobe version cue\service\versioncue.exe <Not Verified; Adobe Sytems; Adobe Version Cue™>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\A103374023C00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\A103374023C00
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: IBM 10/100 EtherJet PCI Management Adapter
Device ID: PCI\VEN_8086&DEV_1229&SUBSYS_305C1014&REV_08\4&1C660DD6&0&10F0
Manufacturer: IBM
Name: IBM 10/100 EtherJet PCI Management Adapter
PNP Device ID: PCI\VEN_8086&DEV_1229&SUBSYS_305C1014&REV_08\4&1C660DD6&0&10F0
Service: E100B

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01571028&REV_02\4&1C660DD6&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01571028&REV_02\4&1C660DD6&0&40F0
Service: E100B


-- Scheduled Tasks -------------------------------------------------------------

2007-07-15 00:43:03 258 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2006-08-01 19:23:39 350 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2007-11-27 and 2007-12-27 -----------------------------

2007-12-27 18:53:05 0 d-------- C:\Program Files\SpywareBlaster
2007-12-27 16:27:23 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2007-12-27 16:25:33 8576 --a------ C:\WINDOWS\system32\drivers\qqufnsmydkwf.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-12-27 13:07:21 0 d-------- C:\WINDOWS\privacy_danger
2007-12-27 11:30:49 8576 --a------ C:\WINDOWS\system32\drivers\waawbpusgirl.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-12-27 11:11:45 0 d-------- C:\WINDOWS\system32\ActiveScan <ACTIVE~1>
2007-12-26 17:07:53 0 d-------- C:\Program Files\NoAdware5.0
2007-12-15 09:21:43 270336 --a------ C:\WINDOWS\xcvwer.dll <Not Verified; ; xcvwer>
2007-12-15 09:21:43 253952 --a------ C:\WINDOWS\hjoqor.dll
2007-12-15 09:21:43 77824 --a------ C:\WINDOWS\binret.exe


-- Find3M Report ---------------------------------------------------------------

2007-12-27 17:55:08 0 d-------- C:\Program Files\QuickTime
2007-12-27 17:54:33 0 d-------- C:\Program Files\Palm
2007-12-27 17:47:03 0 d-------- C:\Program Files\iTunes
2007-12-27 17:45:38 0 d-------- C:\Program Files\Google
2007-12-27 17:40:55 0 d-------- C:\Program Files\Common Files\Scanner
2007-12-27 17:38:40 0 d-------- C:\Program Files\Common Files\efax
2007-12-27 17:36:08 0 d-------- C:\Program Files\AOL Deskbar
2007-12-27 16:03:07 335 --a------ C:\WINDOWS\system32\tablet.dat
2007-12-27 10:46:37 0 d-------- C:\Program Files\Viewpoint
2007-12-26 20:21:58 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
2007-12-26 20:21:58 288 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000001-00001102-00000004-10031102}.dat
2007-12-18 19:29:49 0 d-------- C:\Program Files\SiteAdvisor
2007-12-15 22:52:59 0 d-------- C:\Documents and Settings\Ed\Application Data\SiteAdvisor
2007-12-02 17:22:15 0 d-------- C:\Documents and Settings\Ed\Application Data\Adobe
2007-12-02 08:57:41 0 d-------- C:\Program Files\EPSON Print CD
2007-11-25 22:48:56 0 d-------- C:\Program Files\Canon
2007-11-21 23:36:13 0 d-------- C:\Program Files\McAfee
2007-11-18 18:01:15 0 d-------- C:\Documents and Settings\Ed\Application Data\Creative
2007-11-10 11:22:19 0 d-------- C:\Program Files\Common Files\McAfee
2007-11-03 10:21:32 0 d-------- C:\Program Files\RegCure
2007-11-03 10:18:50 0 d-------- C:\Program Files\Common Files\ScanSoft Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [04/24/2003 01:58 PM]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [03/11/2003 01:24 PM]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [08/14/2002 03:22 PM]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [10/29/2002 06:18 AM]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [09/29/2002 10:00 PM]
"CTHelper"="CTHELPER.EXE" [02/20/2003 01:45 PM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [08/03/2004 11:56 PM C:\WINDOWS\SYSTEM32\regsvr32.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/10/2000 10:00 PM]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [07/03/2001 09:11 AM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [11/09/2003 05:59 PM]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [08/01/2005 06:50 PM]
"IPInSightLAN 01"="C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" [03/18/2002 05:34 AM]
"IPInSightMonitor 01"="C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe" [03/18/2002 05:34 AM]
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [10/13/2003 04:24 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1104127849\ee\AOLSoftware.exe" [03/10/2006 02:22 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [07/24/2002 01:20 PM]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" [12/10/2004 03:39 PM]
"Disk Monitor"="C:\Program Files\Lexar Media Inc.\USB Card Reader Driver v2.2(M)\Disk_Monitor.exe" [06/28/2004 11:22 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/08/2006 02:03 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/18/2006 05:35 PM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [10/20/2005 08:47 PM]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [10/21/2005 03:13 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" []
"Auto EPSON Stylus Photo R1800 on RANDEE"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LA.exe" [09/08/2004 03:00 AM]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [04/04/2005 06:58 PM]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [01/12/2006 08:52 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 10:33 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05/12/2004 12:03 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"Auto EPSON Stylus Photo R1800 on Randee"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LA.exe" [09/08/2004 03:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/14/2007 03:38 PM]

C:\Documents and Settings\Ed\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:36:04 AM]
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [8/21/2002 12:00:00 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2/5/2007 9:52:17 PM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/2/2003 4:09:27 PM]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/2/2003 4:09:27 PM]
DataViz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [10/2/2003 4:50:49 PM]
DESKTOP.INI [9/3/2002 10:36:04 AM]
eFax.com Tray Menu.lnk - C:\Program Files\Common Files\efax\HotTray.exe [3/10/2005 8:37:04 PM]
Live Menu.lnk - C:\Program Files\Common Files\efax\Dllcmd32.exe [3/10/2005 8:37:02 PM]
Microsoft Office.lnk - C:\Program Files\Office2000\Office\OSA9.EXE [1/21/2000 12:15:54 AM]
MiniEYE-MiniREAD Launch.lnk - C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe [8/1/2004 10:29:25 PM]
MonacoGamma.lnk - C:\Program Files\Monaco Systems\MonacoOPTIX 2.0\MonacoGamma.exe [11/25/2005 8:58:37 PM]
MonacoReminder.lnk - C:\Program Files\Monaco Systems\MonacoOPTIX 2.0\Monaco Reminder.exe [11/25/2005 8:58:38 PM]
TabUserW.exe.lnk - C:\WINDOWS\SYSTEM32\Wtablet\TabUserW.exe [12/4/2003 8:48:40 AM]
Verizon Online Support Center.lnk - C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe [12/5/2003 11:44:28 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [10/5/2003 1:18:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"xcvwer"= {770D44BC-12B3-4C3B-8311-7FB40A8417D9} - C:\WINDOWS\xcvwer.dll [12/15/2007 07:46 AM 270336]
"hjoqor"= {F70965EA-BC38-41FA-ACD0-D7DFE71E026E} - C:\WINDOWS\hjoqor.dll [12/15/2007 07:46 AM 253952]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto EPSON Stylus Photo R1800 on Randee]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LA.EXE /P39 "Auto EPSON Stylus Photo R1800 on Randee" /O14 "\\RANDEE\EPSON" /M "Stylus Photo R1800"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5029237e-c4de-11db-8c5f-00038a000015}]
AutoRun\command- F:\LaunchU3.exe -a

*Newly Created Service* - QQUFNSMYDKWF



-- End of Deckard's System Scanner: finished at 2007-12-27 19:32:37 ------------
flor858 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-27-2007, 10:19 PM   #4 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,756
OS: 2000 Pro; XP Pro; XP Home


Re: viruswebprotect infection
Please post the extra.txt in a separate reply while I review this log.

Thanks.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-27-2007, 10:24 PM   #5 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,756
OS: 2000 Pro; XP Pro; XP Home


Re: viruswebprotect infection
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

    * IMPORTANT !!! Place combofix.exe on your Desktop


  2. Disconnect from the internet....pull the plug!
  3. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  4. S& D Spybot's Tea Timer

    While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
    Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
    • Open Spybot Search & Destroy.
    • In the Mode menu click "Advanced mode" if not already selected.
    • Choose "Yes" at the Warning prompt.
    • Expand the "Tools" menu.
    • Click "Resident".
    • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
    • In the File menu click "Exit" to exit Spybot Search & Destroy.
  5. Go to -> Run -> paste in the following single line command & click OK

    "%userprofile%\desktop\combofix.exe" /killall



  6. Follow the prompts. Type "1" and press Enter to begin the scan.
  7. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  8. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  9. Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.
  10. Re-establish an internet connection.
  11. Please download HijackThis to your desktop

    Alternate link

    Double-click on the file you just downloaded.
    Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

    Upon install, HijackThis should open for you.

    Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

    1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
    2. If you don't get the intro screen, just hit Scan and then click on Save log.
    3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-27-2007, 10:38 PM   #6 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 13
OS: Widows XP pro SP2


Re: viruswebprotect infection
Hi,

I'm sorry, but I don't know where the extra.txt file is. I closed all the open windows after I replied to you, but I did not realize the files were not on the desktop till I closed the windows. Do I have to re-run the DSS program?

Thanks for your time and patience
flor858 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-27-2007, 10:38 PM   #7 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,756
OS: 2000 Pro; XP Pro; XP Home


Re: viruswebprotect infection
Hi, no don't run it again.

The file should be located at C:\Deckard\System Scanner\extra.txt
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-27-2007, 10:43 PM   #8 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 13
OS: Widows XP pro SP2


Re: viruswebprotect infection
Here it is.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 80%
Physical Memory (total/avail): 1023 MiB / 196.31 MiB
Pagefile Memory (total/avail): 2464.86 MiB / 1622.48 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.65 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.46 GiB total, 50.06 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 298.09 GiB total, 254.88 GiB free.

\\.\PHYSICALDRIVE0 - ST380011A - 74.5 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 74.46 GiB - C:

\\.\PHYSICALDRIVE1 - STECH Simple Drive USB Device - 298.09 GiB - 1 partition
\PARTITION0 - Installable File System - 298.09 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1104127849\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1104127849\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\SAGENT4.EXE"="C:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"="C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2"
"C:\\Program Files\\JAlbum7.0\\JAlbumWin.exe"="C:\\Program Files\\JAlbum7.0\\JAlbumWin.exe:*:Enabled:JAlbumWin"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"="C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ed\Application Data
CLASSPATH=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EDS-XPS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ed
LOGONSERVER=\\EDS-XPS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\Roxio Central\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ed\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ed\LOCALS~1\Temp
USERDOMAIN=EDS-XPS
USERNAME=Ed
USERPROFILE=C:\Documents and Settings\Ed
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ed (admin)
Randee (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> -c"C:\Program Files\Palm\UNPS.dll"
--> "C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /U /S
--> C:\PROGRA~1\VERIZO~1\SUPPOR~1\Uninstall.exe Verizon
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\InstallShield Installation Information\{25EF00A0-F17B-11D6-88EA-000476CD2443}Verizon Online\setup.exe Verizon Online UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
--> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
--> msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
--> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
--> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
--> MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
--> MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
--> MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{6D4F02C4-F6AF-4659-A933-7FC06235A8D5}
--> MsiExec.exe /I{7FD9FD10-9F7F-4DDF-B9F0-911209FF0CEA}
--> MsiExec.exe /I{8C60949A-46F9-4DD7-BA9F-78C00D9D4C8D}
--> MsiExec.exe /I{EB748B9B-F872-4E95-98E8-5CA7E5425DAF}
--> MsiExec.exe /I{F0EACC27-A729-406C-9BF6-C8F10CEC36F8}
--> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe"
--> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01958032-9877-4118-B87F-9EFA74B3F15F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3E4251D-8364-4698-B0E0-A7C799384403}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee --> C:\PROGRA~1\ACDSYS~1\ACDSee\UNWISE.EXE C:\PROGRA~1\ACDSYS~1\ACDSee\INSTALL.LOG
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat and Reader 6.0.3 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Acrobat and Reader 6.0.4 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
Adobe Acrobat and Reader 6.0.5 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605}
Adobe Acrobat Reader for Palm OS 2.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\Acrobat Reader for Palm OS\AcroDesk.isu" -c"C:\Program Files\Adobe\Acrobat Reader for Palm OS\unpdf.dll"
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite --> C:\PROGRA~1\INSTAL~1\{D52EC~1\setup.exe /Relaunched=yes /Uninstall /Relaunched=yes
Adobe Creative Suite 2 --> C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=d:\adobe creative suite 2.0/lang=0409
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator 10 --> "C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe"
Adobe PageMaker 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\PageMaker 7.0\Uninst.isu" -c"C:\Program Files\Adobe\PageMaker 7.0\Uninst.dll"
Adobe Photoshop 7.0.1 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AOL Connectivity Services --> "C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c
AOL Deskbar --> "C:\Program Files\AOL Deskbar\UNWISE.EXE" /u "C:\Program Files\AOL Deskbar\INSTALL.LOG"
AOL Uninstaller --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
ArcSoft PhotoBase for Palm(tm) handhelds --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{482FB174-2E22-4C85-8F52-0A9863812F90}\SETUP.EXE" -l0x9 -uninst
Attune 2.3.2 --> MsiExec.exe /I{8F7C09A4-EBAE-11D3-A9AF-005004D2ECE4}
Bi-Admin --> C:\WINDOWS\IsUninst.exe -fC:\Linksys\printserver\Uninst.isu
Broadcom Advanced Control Suite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
Canon EOS 20D WIA Driver --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}
Canon Utilities Digital Photo Professional 3.0 --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Capture 1.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1DD47D49-F046-4919-831F-EE576A04D5B2}
Canon Utilities EOS Viewer Utility 1.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D1CA45BE-431A-4FA7-8E98-AFE546F96D58}
Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
Corel Applications --> C:\WINDOWS\Corel\Uninst32.exe
CorelDRAW 10 --> C:\WINDOWS\Corel\uninst32.exe
CorelDRAW 10 --> MsiExec.exe /I{9E50DEC9-081B-441F-B647-98DBEA8B01DD}
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Documents To Go --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C89C4BEA-3B9A-414A-9392-9CE4EC5C63BF}\Setup.exe" -vzUNINST
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
eFax Messenger Plus --> C:\PROGRA~1\EFAXME~1\UNINST.EXE
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\Setup.exe" -l0x9 UNINST
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.exe" -l0x9 -SYSTEM
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON RAW Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64D662BF-462F-4747-A2E4-B6A7FA63BDB8}\Setup.exe" -l0x9 /COMPANE
EPSON SPR1800 Reference Guide --> C:\Program Files\epson\guide\spr1800_e\uninstall.exe
Etk --> C:\WINDOWS\uninst.exe -fC:\BMW95\etk\uninst\DeIsL1.isu
eyeQ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B33CD700-6738-11D4-87FE-0080C6F974A2}\setup.exe" -l0x9 -uninst
FTP Voyager 11.1 --> "C:\Program Files\RhinoSoft.com\FTP Voyager\unins000.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HP Image Zone Express --> MsiExec.exe /X{6E8E0663-4714-4946-8D2A-07E99138A11A}
HP Precisionscan Pro 3.1 --> MsiExec.exe /I{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}
HP Share-to-Web --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" --MAIN -l9
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
Intel(R) PROSet --> MsiExec.exe /I{A790BEB1-BC