Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 



Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > HijackThis Log Help (Inactive)
Reload this Page Hacked by Godzilla and lost search function - Help please?
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


 
 
LinkBack Thread Tools
Old 06-20-2007, 05:43 PM   #1 (permalink)
Registered User
 
Mick S's Avatar
 
Join Date: Dec 2004
Location: South West UK
Posts: 43
OS: XP


Hacked by Godzilla and lost search function - Help please?
Hi there hope someone can help - i get a hacked by godziila message with ie
also when i try to use search from the start menu i get the folowing message
"a file that is required to run search companion cannot be found. You my need to run setup"
I've done as much as i can from the 5 steps - when i ran dss it could not find Hijack This! although it is installed
Also my antivirus is BitDefender not AVG as i managed to corrupt the AVG update somehow
Many Thanks in advance
Mick S

Deckard's System Scanner v20070611.50
Run by Michael Seabrook on 2007-06-21 at 00:25:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
36: 2007-06-20 23:25:36 UTC - RP448 - Deckard's System Scanner Restore Point
35: 2007-06-20 15:03:34 UTC - RP447 - Software Distribution Service 3.0
34: 2007-06-20 12:54:58 UTC - RP446 - Installed Java(TM) SE Runtime Environment 6 Update 1
33: 2007-06-20 12:20:32 UTC - RP445 - Spybot-S&D Spyware removal
32: 2007-06-20 11:12:37 UTC - RP444 - Installed Windows XP KB885295.


-- First Restore Point --
1: 2007-03-28 19:14:49 UTC - RP413 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-06-21 00:28:58
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1175620642\ee\aolsoftware.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Documents and Settings\Michael Seabrook\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/en-us/srchasst/srchcust.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O4 - HKLM\..\Run: [EPSON Stylus C62 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C62 Series (Copy 1)" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175620642\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (file missing)
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra 'Tools' menuitem: (no name) - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra 'Tools' menuitem: (no name) - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-30.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1182380918401
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37680.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} () - http://acceso.masminutos.com/laaplicacion.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...253.6709606481
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\Resources\IntraLaunch.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...loader_v10.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - "C:\WINDOWS\wanmpsvc.exe"
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service


-- HijackThis Fixed Entries (C:\Documents and Settings\Michael Seabrook\My Documents\hijack\backups\) --------------------------------------------------------------------------------

backup-20050122-145549-646 O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetm\winlogon.exe
backup-20050124-103321-594 O1 - Hosts: 64.91.255.87 www.dcsresearch.com
backup-20050215-173915-895 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
backup-20050218-065019-169 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
backup-20050218-065019-855 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
backup-20050218-065020-141 O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PxHelper - c:\windows\system32\drivers\pxhelper.sys <Not Verified; VERITAS Software, Inc.; PxHelp20>
R1 Asapi - c:\windows\system32\drivers\asapi.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R1 VIAPFD - c:\windows\system32\drivers\viapfd.sys <Not Verified; VIA Technologies. Inc.; VIA PFD driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.0.1>
R2 CDRPDACC (Quinnware CDDA Driver (by InfinaDyne)) - c:\program files\quintessential player\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R3 ALABULK (Fujifilm USB MemoryCard ReaderWriter device driver) - c:\windows\system32\drivers\alabulk2.sys <Not Verified; Copyright (C) Fuji Photo film Co.,Ltd.; Fujifilm USB MemoryCard ReaderWriter USB Class Driver Win2K/XP>

S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
S3 gUSBSTOi - c:\docume~1\michae~1\locals~1\temp\gusbstoi.sys (file missing)
S3 VNUSB (VN Series Device) - c:\windows\system32\drivers\vnusb.sys <Not Verified; OLYMPUS OPTICAL CO.,LTD.; VVRUSB Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
R2 ScsiAccess - c:\windows\system32\scsiaccess.exe

S2 Avg7Alrt (AVG7 Alert Manager Server) - c:\progra~1\grisoft\avgfre~1\avgamsvr.exe (file missing)
S2 Avg7UpdSvc (AVG7 Update Service) - c:\progra~1\grisoft\avgfre~1\avgupsvc.exe (file missing)


-- Scheduled Tasks -------------------------------------------------------------

2007-05-23 16:26:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-05-21 and 2007-06-21 -----------------------------

2007-06-20 23:53:40 0 d-------- C:\Program Files\Mythicsoft
2007-06-20 23:36:52 0 d-------- C:\WINDOWS\LastGood
2007-06-20 13:51:57 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-06-14 15:53:50 0 d-------- C:\Documents and Settings\Elaine Seabrook\Application Data\PlayFirst
2007-06-14 15:53:50 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-06-14 15:53:03 0 d-------- C:\Program Files\Playfirst
2007-06-14 12:59:14 0 d-------- C:\Documents and Settings\Elaine Seabrook\Application Data\Beep Industries
2007-05-29 17:51:38 0 d--hs---- C:\FOUND.016


-- Find3M Report ---------------------------------------------------------------

2007-05-09 15:30:38 0 d--h----- C:\Program Files\Zero G Registry
2007-05-09 15:30:38 0 d-------- C:\Program Files\BugsysClub Software


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"EPSON Stylus C62 Series (Copy 1)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P32 \"EPSON Stylus C62 Series (Copy 1)\" /O6 \"USB001\" /M \"Stylus C62\""
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"NeroCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"DSLSTATEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon"
"DSLAGENTEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe"
"%FP%Friendly fts.exe"="\"C:\\Program Files\\VoyagerTest\\fts.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"DIGStream"="C:\\Program Files\\DIGStream\\digstream.exe"
"DIGServices"="C:\\Program Files\\ESPNRunTime\\DIGServices.exe /brand=ESPN /priority=0 /poll=24"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdmcon.exe\""
"BDNewsAgent"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdnagent.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1175620642\\ee\\AOLSoftware.exe"
"MS32DLL"="C:\\WINDOWS\\MS32DLL.dll.vbs"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"PopUpStopperFreeEdition"="\"C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFREE.EXE\""
"BitComet"="\"C:\\Program Files\\BitComet\\BitComet.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ C:\Documents and Settings\Sarah Chapman\My Documents\My Pictures\Sarah's\Micky.bmp

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PholiRun"="\"C:\\Program Files\\Pholix Software\\PhotoPhilia\\PholiRun.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"nwiz"="nwiz.exe /install"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\KODAK Software Updater.lnk"
"backup"="C:\\WINDOWS\\pss\\KODAK Software Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKS~1\\7288971\\Program\\BACKWE~1.EXE "
"item"="KODAK Software Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AttuneSysTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Attune_st"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Aveo\\Attune\\Bin\\Attune_st.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="services"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\inetm\\services.exe"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-06-21 at 00:29:33 ---------






Deckard's System Scanner v20070611.50
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP 2200+
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 511.48 MiB / 241.24 MiB
Pagefile Memory (total/avail): 1250.55 MiB / 993.67 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1969.07 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 110.45 GiB total, 20.17 GiB free.
D: is Fixed (FAT32) - 4.55 GiB total, 3.88 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: ZoneAlarm Firewall v6.1.737.000 (Zone Labs, Inc.) Disabled
AV: AVG Anti-Virus 7.1.411 v7.1.411 (GRISOFT) Disabled

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\UnrealTournament\\System\\UnrealTournament.exe"="C:\\UnrealTournament\\System\\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Documents and Settings\\Sarah Chapman\\Desktop\\Sarah's Music\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\Sarah Chapman\\Desktop\\Sarah's Music\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Tesco internet phone\\TescoIP.exe"="C:\\Program Files\\Tesco internet phone\\TescoIP.exe:*:Enabled:Tesco internet phone"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\William Hill Poker\\UA.exe"="C:\\Program Files\\William Hill Poker\\UA.exe:*:Enabled:UA Application"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Michael Seabrook\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ORCHARD1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Michael Seabrook
LOGONSERVER=\\ORCHARD1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0800
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp
USERDOMAIN=ORCHARD1
USERNAME=Michael Seabrook
USERPROFILE=C:\Documents and Settings\Michael Seabrook
windir=C:\WINDOWS






-- User Profiles ---------------------------------------------------------------

Owner (admin)
User (admin)
Michael Seabrook (admin)
Elaine Seabrook (admin)
Fiona Chapman (admin)
Sarah Chapman (admin)
MickeysEbayStuff (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\AOL\BROADB~1\Uninstall.exe aoluk
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB82A76F-C3A1-4EBE-9788-148240FFDEE6}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ace DivX Player --> "C:\Program Files\GustoSoft\Ace DivX Player\Uninstall.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\LAVASOFT\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~2\INSTALL.LOG
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Agent Ransack Version 1.7.3 --> "C:\Program Files\Mythicsoft\Agent Ransack\unins000.exe"
AlienFiles - Create Stunning eBay Adverts --> C:\Program Files\AlienFiles - Create Stunning eBay Adverts\Uninstal.exe
AOL Broadband Check-Up --> C:\WINDOWS\Motive\aoluk\CustomUninstall.exe
AOL Coach Version 1.0(Build:20040229.1 uk) --> "C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk"
AOL Spyware Protection --> C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AOL Toolbar --> "C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Arx Fatalis --> MsiExec.exe /X{96443F45-13E2-11D6-AC87-00D0B7A9E540}
Ashampoo Photo Illuminator --> C:\Program Files\ashampoo\Ashampoo Photo Illuminator\Uninstall\Illuminator_Uninstall.EXE
Ashampoo Privacy Protector --> C:\Program Files\Ashampoo\Ashampoo Privacy Protector\Uninstall\PrivacyProtector_Uninstall.exe
aspi --> MsiExec.exe /I{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}
Audacity 1.2.3 --> "C:\Program Files\Audacity\unins000.exe"
Avance AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
Azureus --> C:\Program Files\Azureus\Uninstall.exe
BitDefender 8 Free Edition --> MsiExec.exe /I{8BFFDBAB-FD81-4137-A98E-A769C828080C}
BitTornado 0.3.10 --> C:\Program Files\BitTornado\uninst.exe
Blackjack Trainer --> C:\PROGRA~1\BJTRAIN\Unwise.exe C:\PROGRA~1\BJTRAIN\Install.log
Bodog Poker Version 2.8.2.8 --> "C:\Program Files\Bodog Poker\unins000.exe"
BritePoker Calculator --> MsiExec.exe /I{616FDC90-425B-4B2F-9BDD-F171A7A249D0}
BT Voyager 105 ADSL Modem --> C:\Program Files\BT Voyager 105 ADSL Modem\uninstall.exe
BT Voyager Modem AOL Test --> C:\WINDOWS\APPRUN.EXE C:\PROGRA~1\VOYAGE~1
BugsysClub Software --> "C:\Program Files\BugsysClub Software\UninstallerData\Uninstall BugsysClub Software.exe"
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CD-DA X-Tractor v0.21 --> "C:\Program Files\CD-DA X-Tractor\unins000.exe"
Chocolatier (remove only) --> "C:\Program Files\Playfirst\Chocolatier\Uninstall.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Complete Holy Bible --> C:\WINDOWS\uninst.exe -fc:\compbib\DeIsL2.isu -cc:\compbib\_ISREG32.DLL
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
Cribbage Champion --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Fun For All Software\Cribbage Champion\Uninst.isu"
Cribbage Squares v3.1.0 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\CribbSol\ST6UNST.LOG"
CyberScrub Basic 3.5 --> C:\PROGRA~1\CYBERS~2\UNWISE.EXE C:\PROGRA~1\CYBERS~2\INSTALL.LOG
CyberScrub Trial Edition 3.5 --> C:\PROGRA~1\CYBERS~1\UNWISE.EXE C:\PROGRA~1\CYBERS~1\INSTALL.LOG
Diamond Detective Deluxe --> "C:\Program Files\Zylom Games\Diamond Detective Deluxe\GameInstlr.exe" --uninstall UnInstall.log
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DOOM Collector's Edition --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DOOM Collector's Edition\DC.isu"
Dredd --> C:\Program Files\Dredd\uninstall.exe
Driving Test Success 2002-2003 --> MsiExec.exe /I{8F888625-7591-498F-8211-F7009C126AB7}
Eclipse 3.1.5 --> "C:\Program Files\Eclipse\unins000.exe"
EPSON PhotoQuicker3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2EFE303-A594-11D5-95EB-005004BC1C65}\setup.exe" uninstuninstuninstuninst
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
ESC62 Guide --> C:\WINDOWS\uninst.exe -f"C:\Program Files\EPSON\ESC62\DeIsL1.isu"
ESPN RunTime --> C:\Program Files\ESPNRunTime\DIGSvcUninstall.exe /brand=ESPN
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSstore --> MsiExec.exe /I{6016734B-42A7-4AEB-9248-1D1E4F69AB52}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
FileLock --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\FileLock\Uninst.isu"
FinePixViewer Ver.3.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{24ED4D80-8294-11D5-96CD-0040266301AD} /l1033
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Fujifilm USB MemoryCard ReaderWriter --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F87F471C-66C0-4F70-B493-6E59E4D402E6} /l1033
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Half-Life --> C:\SIERRA\HALF-L~1\UNWISE.EXE C:\SIERRA\HALF-L~1\INSTALL.LOG
Hazard Perception Training 2002-2003 --> MsiExec.exe /I{500D04BB-543A-49DF-A939-A67ABAA8238B}
HijackThis 1.99.0 --> C:\Documents and Settings\Michael Seabrook\My Documents\hijack\HijackThis.exe /uninstall
HJTHotkey 2.8.0 --> "C:\Program Files\HJTHotkey\unins000.exe"
Hold'em Hawk 1.0 --> C:\Program Files\Hold'em Hawk\uninst.exe
Hold'em Partner --> MsiExec.exe /I{8FBC99DE-4687-49C2-BA97-9DE2E741AED3}
Hold'em Pirate 1.0 --> C:\Program Files\Hold'em Pirate\uninst.exe
Icewind Dale II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{588C135F-0B15-4A02-8F2D-04697BE2904E}\setup.exe" -l0x9
ImageMixer VCD for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
IncrediMail Xe --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_350000_19a0eb\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Ladbrokes Poker --> C:\PROGRA~1\LADBRO~1\LADBRO~1\UNWISE.EXE C:\PROGRA~1\LADBRO~1\LADBRO~1\INSTALL.LOG
Lavasoft VX2 Cleaner --> C:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\INSTALL.LOG
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Office XP Standard for Students and Teachers --> MsiExec.exe /I{913D0409-6000-11D3-8CFE-0050048383C9}
Microsoft XML Parser and SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Monopoly Tycoon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B975F4A1-63B6-11D4-BFEC-005004AF2D32}\Setup.exe" -l0x9
Mozilla Firefox (1.5.0.8) --> C:\PROGRA~1\MOZILL~1\uninstall\uninstall.exe /ua "1.5.0.8 (en-GB)"
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Nero --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NOMAD MuVo TX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB82A76F-C3A1-4EBE-9788-148240FFDEE6}\SETUP.EXE" -l0x9 /remove
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
Olympus Digital Wave Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x9
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
Pacific Poker --> C:\PROGRA~1\PACIFI~1\UNWISE.EXE C:\PROGRA~1\PACIFI~1\INSTALL.LOG
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Paradise Poker --> C:\PROGRA~1\PARADI~1\UNWISE.EXE C:\PROGRA~1\PARADI~1\INSTALL.LOG
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PCFriendly --> C:\Program Files\PCFriendly\inuninst.exe
PhotoPhilia 1.6 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Pholix Software\PhotoPhilia\Uninst.isu" -c"C:\Program Files\Pholix Software\PhotoPhilia\PhUnInst.dll"
Poker Tracker Omaha Version 1.10.02 --> "C:\Program Files\Poker Tracker Omaha\unins000.exe"
Poker Tracker Version 2.10.01c --> "C:\Program Files\Poker Tracker V2\unins000.exe"
PokerStars --> C:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
Pop-Up Stopper Free Edition --> C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall
Prassi PrimoCD Plus 2.0 (English) --> C:\WINDOWS\Unin.exe /U:C:\Program Files\Prassi PrimoCD Plus 2.0 (English)\Unin01.in
Print Pilot 1.10 SE --> "C:\Program Files\Invention Pilot\Print Pilot\unins000.exe"
Quake III Arena --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Quake III Arena\QIII.isu"
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Quintessential Player --> "C:\Program Files\Quintessential Player\uninst.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Return to Castle Wolfenstein - Platinum Edition --> C:\PROGRA~1\RETURN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\RETURN~1\Uninstall\Install.log
RT2500 Wireless LAN Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAA66A0D-E610-40B8-9D51-C1854285773A}\setup.exe" -l0x9 -removeonly
Scrabble --> C:\WINDOWS\UbiSoft\SetupUbi.exe -uninstall Scrabble
SFR --> MsiExec.exe /I{DE601BAB-2499-4B25-B858-11360F71658B}
SFR2 --> MsiExec.exe /I{ABE068DF-8DC4-4947-ABFC-DD2B40850225}
Shanghai: Great Moments version 2.0 --> C:\Shanghai Great Moments\uninstal.exe
Shockwave --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Sid Meier's Pirates! --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68} /l1033
SimCity 3000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\SimCity 3000\Uninst.isu"
SmartFTP --> MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}
Solitaire --> C:\PROGRA~1\EGAMES\SOLITA~1\UNWISE.EXE C:\PROGRA~1\EGAMES\SOLITA~1\INSTALL.LOG
SpadeEye --> MsiExec.exe /I{E46D9C82-8507-417B-8969-AD685F325168}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.3 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
Tesco internet phone --> "C:\Program Files\Tesco internet phone\unins000.exe"
Text Express 2 Deluxe --> "C:\Program Files\Zylom Games\Text Express 2 Deluxe\GameInstlr.exe" --uninstall UnInstall.log
THE SETTLERS - Heritage of Kings --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}\setup.exe" -l0x9 -removeonly
The Sims Deluxe Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l0009
TriPeaks 2001 --> c:\Program Files\TriPeaks 2001\Uninstal.exe
Trivial Pursuit(TM) Genus Edition Deluxe --> "C:\Program Files\Zylom Games\Trivial Pursuit(TM) Genus Edition Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Unreal Tournament 2003 --> C:\UT2003\System\Setup.exe uninstall "UT2003"
Unreal Tournament G.O.T.Y. Edition --> C:\UnrealTournament\System\Setup.exe uninstall "UnrealTournament"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual Villagers (remove only) --> "C:\Documents and Settings\Sarah Chapman\Desktop\Pictures and Stuff\Virtual Villagers\Uninstall.exe"
VX2 Cleaner plug-in for Ad-Aware SE --> C:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\VX2CLE~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\VX2CLE~1\INSTALL.LOG
William Hill Poker --> C:\WINDOWS\system32\UnPoker.exe WilliamHillPokerXP
WinAce Archiver --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Word Spiral Deluxe --> "C:\Program Files\Zylom Games\Word Spiral Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Yahoo! Toolbar --> C:\PROGRA~1\YAHOO!\COMMON\unyt.exe
ZX Spectrum Emulator for Windows 95 --> C:\PROGRA~1\ZXSPEC~1\UNZX32.EXE C:\PROGRA~1\ZXSPEC~1\INSTALL.LOG


-- End of Deckard's System Scanner: finished at 2007-06-21 at 00:29:33 ---------
Mick S is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 06-20-2007, 06:45 PM   #2 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,871
OS: WinXP Home, Vista, Windows 7 64bit


Re: Hacked by Godzilla and lost search function - Help please?
Hello Mick,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

Quote:
when i ran dss it could not find Hijack This! although it is installed
dss couldn't find a copy of HijackThis 1.99.1. You have HijackThis 1.99.0 installed.

We'll need a current working copy of HijackThis 1.99.1. Please download HijackThis 1.99.1

--------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Please ensure Hidden files and folders are viewable:

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following File and Folder

C:\WINDOWS\ MS32DLL.dll.vbs
C:\Program Files\ MyWebSearch

--------------------------------------------------------------------


Reboot into Normal Mode.

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

Panda results
New HijackThis log
__________________
Member of ASAP since 2005
Member of UNITE since 2006


"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-21-2007, 04:23 PM   #3 (permalink)
Registered User
 
Mick S's Avatar
 
Join Date: Dec 2004
Location: South West UK
Posts: 43
OS: XP


Re: Hacked by Godzilla and lost search function - Help please?
Hi Ried
Thanks for the quick reply
I've followed your instructions as far as I could

I could not find this entry though

Using 'My Computer', navigate to and delete the following File and Folder

C:\WINDOWS\MS32DLL.dll.vbs


Panda Results

Incident Status Location

Dialer:dialer.db Not disinfected c:\windows\downloaded program files\MSA64CHK.INF
Spyware:spyware/aveo-attune Not disinfected c:\program files\Aveo
Adware:adware/sidesearch Not disinfected c:\program files\Lycos
Adware:adware/portalscan Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179}
Adware:Adware/Trymedia Not disinfected C:\Downloads\DinerDashSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\VirtualVillagers-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\CityLifeSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\VirtualVillagers-dm[2].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\MysteryvilleSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\BookwormAdventuresSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\ChocolatierSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\Wonders_Setup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\The_Rise_of_Atlantis-v1_0-dm[1].exe
Dialer:Dialer.Gen Not disinfected C:\WINDOWS\SYSTEM32\UKVideo2-uninstall.exe
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Michael Seabrook\Cookies\michael_seabrook@go[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Michael Seabrook\Cookies\michael seabrook@go[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Michael Seabrook\Cookies\michael_seabrook@com[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Michael Seabrook\Cookies\michael_seabrook@searchportal.information[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Michael Seabrook\Application Data\Mozilla\Firefox\Profiles\t6jlt9mk.default\COOKIES.TXT[.tribalfusion.com/]
Adware:Adware/IST Not disinfected C:\Documents and Settings\Sarah Chapman\Local Settings\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\Cache\FEF34E17d01[HBTVSetup.exe][²ÜÇ\TVEngineCommand.dll]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@go[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@go[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@xmts[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@belnk[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@terra.com[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@dist.belnk[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@burstnet[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah_chapman@gostats[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@dist.belnk[3].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@xmts[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@atwola[3].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@adopt.hbmediapro[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@cgi-bin[3].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@www.errorsafe[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@errorsafe[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@winfixer[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@cgi-bin[4].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@888[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@cassava[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@xiti[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah chapman@azjmp[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah_chapman@go[3].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah_chapman@go[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah_chapman@atwola[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sarah Chapman\Cookies\sarah_chapman@ad.yieldmanager[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.adopt.hbmediapro.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.112.2o7.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.fastclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.adtech.de/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.realmedia.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.targetnet.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.burstnet.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Fiona Chapman\Cookies\fiona chapman@belnk[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Fiona Chapman\Cookies\fiona chapman@atwola[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Fiona Chapman\Cookies\fiona chapman@www.myaffiliateprogram[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Fiona Chapman\Cookies\fiona chapman@dist.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Fiona Chapman\Cookies\fiona chapman@atwola[2].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Fiona Chapman\Cookies\fiona chapman@xmts[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Fiona Chapman\Cookies\fiona chapman@go[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Fiona Chapman\Cookies\fiona chapman@atwola[3].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Fiona Chapman\Cookies\fiona_chapman@go[3].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Fiona Chapman\Cookies\fiona chapman@errorsafe[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Fiona Chapman\Cookies\fiona chapman@adopt.hbmediapro[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Fiona Chapman\Cookies\fiona chapman@cgi-bin[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Fiona Chapman\Cookies\fiona chapman@target[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Fiona Chapman\Cookies\fiona_chapman@xiti[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Fiona Chapman\Cookies\fiona chapman@ad.yieldmanager[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Fiona Chapman\Cookies\fiona_chapman@go[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Fiona Chapman\Application Data\Mozilla\Firefox\Profiles\dbt2c8il.default\COOKIES.TXT[.systemdoctor.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Fiona Chapman\Application Data\Mozilla\Firefox\Profiles\dbt2c8il.default\COOKIES.TXT[stats1.reliablestats.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Fiona Chapman\Application Data\Mozilla\Firefox\Profiles\dbt2c8il.default\COOKIES.TXT[.systemdoctor.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Elaine Seabrook\Local Settings\Temp\~DF5C0B.TMP
Adware:Adware/Trymedia Not disinfected C:\Documents and Settings\Elaine Seabrook\Local Settings\Temporary Internet Files\Content.IE5\QNSXWFCP\ChocolatierSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Documents and Settings\Elaine Seabrook\Local Settings\Temporary Internet Files\Content.IE5\OTIVS1UB\MysteryvilleSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Documents and Settings\Elaine Seabrook\Local Settings\Temporary Internet Files\Content.IE5\SHIN0LQV\Wonders_Setup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Documents and Settings\Elaine Seabrook\Local Settings\Temporary Internet Files\Content.IE5\WT2ZO9QV\The_Rise_of_Atlantis-v1_0-dm[1].exe
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Elaine Seabrook\Cookies\elaine seabrook@atwola[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Elaine Seabrook\Cookies\elaine seabrook@xmts[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Elaine Seabrook\Cookies\elaine seabrook@atwola[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Elaine Seabrook\Cookies\elaine_seabrook@go[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Elaine Seabrook\Cookies\elaine seabrook@xmts[3].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Elaine Seabrook\Cookies\elaine seabrook@go[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Elaine Seabrook\Cookies\elaine seabrook@xiti[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Elaine Seabrook\Cookies\elaine seabrook@atwola[3].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Elaine Seabrook\Cookies\elaine_seabrook@atwola[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Elaine Seabrook\Cookies\elaine_seabrook@go[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Elaine Seabrook\Cookies\elaine_seabrook@www.burstbeacon[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Elaine Seabrook\Cookies\elaine_seabrook@ad.yieldmanager[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Elaine Seabrook\Application Data\Mozilla\Firefox\Profiles\18wv0xxy.default\COOKIES.TXT[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Elaine Seabrook\Application Data\Mozilla\Firefox\Profiles\18wv0xxy.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Elaine Seabrook\Application Data\Mozilla\Firefox\Profiles\18wv0xxy.default\COOKIES.TXT[.adtech.de/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Elaine Seabrook\Application Data\Mozilla\Firefox\Profiles\18wv0xxy.default\COOKIES.TXT[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Elaine Seabrook\Application Data\Mozilla\Firefox\Profiles\18wv0xxy.default\COOKIES.TXT[.go.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Elaine Seabrook\Application Data\Mozilla\Firefox\Profiles\18wv0xxy.default\COOKIES.TXT[.questionmarket.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Elaine Seabrook\Application Data\Mozilla\Firefox\Profiles\18wv0xxy.default\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Elaine Seabrook\Application Data\Mozilla\Firefox\Profiles\18wv0xxy.default\COOKIES.TXT[.xiti.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\MickeysEbayStuff\Cookies\mickeysebaystuff@go[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Guest\Cookies\guest@atwola[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Guest\Cookies\guest@go[2].txt
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Softwin\BitDefender8\Quarantine\MWSBAR.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Softwin\BitDefender8\Quarantine\MWSOEPLG.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MSN Messenger\RICHED20.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\PLUGINS\NPMyWebS.dll
Spyware:Cookie/Go Not disinfected C:\FOUND.011\FILE0002.CHK
Spyware:Cookie/Go Not disinfected C:\FOUND.012\FILE0005.CHK
Spyware:Cookie/Go Not disinfected C:\FOUND.014\FILE0000.CHK
Spyware:Cookie/Go Not disinfected C:\FOUND.016\FILE0019.CHK
Spyware:Cookie/Go Not disinfected C:\Deckard\System Scanner\BACKUP\DOCUME~1\MICHAE~1\LOCALS~1\Temp\me_urmiPUiKdyJd1wp
Spyware:Cookie/Go Not disinfected C:\Deckard\System Scanner\BACKUP\DOCUME~1\MICHAE~1\LOCALS~1\Temp\me_v39ONQchdhWtJVx


Logfile of HijackThis v1.99.1
Scan saved at 11:18:27 PM, on 06/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1175620642\ee\aolsoftware.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Michael Seabrook\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [EPSON Stylus C62 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C62 Series (Copy 1)" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1175620642\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe (file missing)
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Program Files\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-30.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1182380918401
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37680.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\Resources\IntraLaunch.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...loader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1829F74B-A4CD-4B86-AEDA-4B5023573D9B}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{1829F74B-A4CD-4B86-AEDA-4B5023573D9B}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Mick S is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-22-2007, 09:25 AM   #4 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,871
OS: WinXP Home, Vista, Windows 7 64bit


Re: Hacked by Godzilla and lost search function - Help please?
Ok Mick, let's sweep through and clean out the junk.



Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows Installation Files"

  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the main Status screen, under Your Computer's Security, click Resident Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Do Not Automatically generate report after every scan"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.
-----------------------------------------------------------------------

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
----------------------------------------------------------------------

Go to Start->Run and type in regedit and hit OK.

Open notepad and copy/paste the entire text in the quotebox below: (don't forget to copy and paste REGEDIT4)

Quote:
REGEDIT4

[-hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179}]

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

--------------------------------------------------------------------

Run CleanUp:

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
  • Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.
Click OK
Press the CleanUp! button to start the program. Do not reboot/logoff when prompted.
--------------------------------------------------------------------

Click Start>Run and copy/paste the following text into the Run box and and click OK:

regsvr32 /u occache.dll

----------------------------------------------------------------------

Delete the following files and folders:

c:\program files\ Aveo
c:\program files\ Lycos
C:\Program Files\Mozilla Firefox\PLUGINS\ NPMyWebS.dll
C:\Program Files\MSN Messenger\ RICHED20.DLL
c:\windows\downloaded program files\ MSA64CHK.INF
C:\WINDOWS\SYSTEM32\ UKVideo2-uninstall.exe

----------------------------------------------------------------------

Now, click Start>Run and copy/paste the following text into the Run box and click OK:

regsvr32 occache.dll


Reboot your system and run another online scan at Panda. Post the results here along with an update on system behavior.
__________________
Member of ASAP since 2005
Member of UNITE since 2006


"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Last edited by Ried; 06-22-2007 at 09:27 AM.
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-23-2007, 04:58 AM   #5 (permalink)
Registered User
 
Mick S's Avatar
 
Join Date: Dec 2004
Location: South West UK
Posts: 43
OS: XP


Re: Hacked by Godzilla and lost search function - Help please?
Hi Ried

Thanks for the reply

System seems a bit quicker
Clean Up! saved about 1.5G of space
Still cant use search function
Cant use internet explorer i get this message when i try

Internet Explorer has encountered a problem and needs to close

The following add-on was running when this problem occured

File: googletoolbar3.dll
Company Name: Google Inc
Description: Google Toolbar for Internet Explorer


Incident Status Location

Adware:adware/portalscan Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}
Adware:Adware/Trymedia Not disinfected C:\Downloads\DinerDashSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\VirtualVillagers-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\CityLifeSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\VirtualVillagers-dm[2].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\MysteryvilleSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\BookwormAdventuresSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\ChocolatierSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\Wonders_Setup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\The_Rise_of_Atlantis-v1_0-dm[1].exe
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Michael Seabrook\Cookies\michael seabrook@go[1].txt
Adware:Adware/IST Not disinfected C:\Documents and Settings\Sarah Chapman\Local Settings\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\Cache\FEF34E17d01[HBTVSetup.exe][²ÜÇ\TVEngineCommand.dll]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.adopt.hbmediapro.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.112.2o7.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.fastclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.adtech.de/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.realmedia.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.targetnet.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.burstnet.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Fiona Chapman\Application Data\Mozilla\Firefox\Profiles\dbt2c8il.default\COOKIES.TXT[.systemdoctor.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Fiona Chapman\Application Data\Mozilla\Firefox\Profiles\dbt2c8il.default\COOKIES.TXT[stats1.reliablestats.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Fiona Chapman\Application Data\Mozilla\Firefox\Profiles\dbt2c8il.default\COOKIES.TXT[.systemdoctor.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Elaine Seabrook\Application Data\Mozilla\Firefox\Profiles\18wv0xxy.default\COOKIES.TXT[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Elaine Seabrook\Application Data\Mozilla\Firefox\Profiles\18wv0xxy.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Elaine Seabrook\Application Data\Mozilla\Firefox\Profiles\18wv0xxy.default\COOKIES.TXT[.adtech.de/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Elaine Seabrook\Application Data\Mozilla\Firefox\Profiles\18wv0xxy.default\COOKIES.TXT[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Elaine Seabrook\Application Data\Mozilla\Firefox\Profiles\18wv0xxy.default\COOKIES.TXT[.go.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Elaine Seabrook\Application Data\Mozilla\Firefox\Profiles\18wv0xxy.default\COOKIES.TXT[.questionmarket.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Elaine Seabrook\Application Data\Mozilla\Firefox\Profiles\18wv0xxy.default\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Elaine Seabrook\Application Data\Mozilla\Firefox\Profiles\18wv0xxy.default\COOKIES.TXT[.xiti.com/]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Softwin\BitDefender8\Quarantine\MWSBAR.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Softwin\BitDefender8\Quarantine\MWSOEPLG.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Recycled\Dc93.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Recycled\Dc94.dll
Dialer:Dialer.DZE Not disinfected C:\Recycled\Dc95.inf
Dialer:Dialer.Gen Not disinfected C:\Recycled\Dc96.exe
Spyware:Cookie/Go Not disinfected C:\FOUND.011\FILE0002.CHK
Spyware:Cookie/Go Not disinfected C:\FOUND.012\FILE0005.CHK
Spyware:Cookie/Go Not disinfected C:\FOUND.014\FILE0000.CHK
Spyware:Cookie/Go Not disinfected C:\FOUND.016\FILE0019.CHK
Spyware:Cookie/Go Not disinfected C:\Deckard\System Scanner\BACKUP\DOCUME~1\MICHAE~1\LOCALS~1\Temp\me_urmiPUiKdyJd1wp
Spyware:Cookie/Go Not disinfected C:\Deckard\System Scanner\BACKUP\DOCUME~1\MICHAE~1\LOCALS~1\Temp\me_v39ONQchdhWtJVx
Mick S is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-23-2007, 10:23 PM   #6 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,871
OS: WinXP Home, Vista, Windows 7 64bit


Re: Hacked by Godzilla and lost search function - Help please?
Did you run AVG A-S yet? It should have cleaned a lot of that 'junk' reported by Panda.
__________________
Member of ASAP since 2005
Member of UNITE since 2006


"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-24-2007, 05:56 AM   #7 (permalink)
Registered User
 
Mick S's Avatar
 
Join Date: Dec 2004
Location: South West UK
Posts: 43
OS: XP


Re: Hacked by Godzilla and lost search function - Help please?
Hi Ried

I did run it but my have forgotten to do the apply al actiovs bit

I've run it again and done that then run Pandscan again with these results:


Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}
Adware:Adware/IST Not disinfected C:\Documents and Settings\Sarah Chapman\Local Settings\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\Cache\FEF34E17d01[HBTVSetup.exe][²ÜÇ\TVEngineCommand.dll]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Sarah Chapman\Application Data\Mozilla\Firefox\Profiles\e8lu5ddv.default\COOKIES.TXT[.adopt.hbmediapro.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Fiona Chapman\Application Data\Mozilla\Firefox\Profiles\dbt2c8il.default\COOKIES.TXT[.systemdoctor.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Elaine Seabrook\Application Data\Mozilla\Firefox\Profiles\18wv0xxy.default\COOKIES.TXT[.go.com/]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Softwin\BitDefender8\Quarantine\MWSBAR.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Softwin\BitDefender8\Quarantine\MWSOEPLG.DLL
Spyware:Cookie/Go Not disinfected C:\FOUND.011\FILE0002.CHK
Spyware:Cookie/Go Not disinfected C:\FOUND.012\FILE0005.CHK
Spyware:Cookie/Go Not disinfected C:\FOUND.014\FILE0000.CHK
Spyware:Cookie/Go Not disinfected C:\FOUND.016\FILE0019.CHK
Spyware:Cookie/Go Not disinfected C:\Deckard\System Scanner\BACKUP\DOCUME~1\MICHAE~1\LOCALS~1\Temp\me_urmiPUiKdyJd1wp
Spyware:Cookie/Go Not disinfected C:\Deckard\System Scanner\BACKUP\DOCUME~1\MICHAE~1\LOCALS~1\Temp\me_v39ONQchdhWtJVx
Mick S is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-24-2007, 09:14 PM   #8 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,871
OS: WinXP Home, Vista, Windows 7 64bit


Re: Hacked by Godzilla and lost search function - Help please?
Hi Mick,

Ok, that's looks a little better.

Delete these folders:

C:\FOUND.011
C:\FOUND.012
C:\FOUND.014
C:\FOUND.016

-----------------------------------------------------------------

Clear the BitDefender Quarantine

-----------------------------------------------------------------

Open notepad and copy/paste the entire text in the quotebox below: (don't forget to copy and paste REGEDIT4)

Quote:
REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

--------------------------------------------------------------------

If your Search function still isn't working, try this:

Open Explorer and go to the Windows\inf folder. Locate the srchasst.inf file. Right click it and select Install. You'll need your XP CD or the files from the i386 folder. (This fix will require you to have your Win XP CD).


Is everything running smoothly now?
__________________
Member of ASAP since 2005
Member of UNITE since 2006


"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-25-2007, 06:35 AM   #9 (permalink)
Registered User
 
Mick S's Avatar
 
Join Date: Dec 2004
Location: South West UK
Posts: 43
OS: XP


Re: Hacked by Godzilla and lost search function - Help please?
Hi Ried

Thanks for the help

The search funtion is working now(i didn't need to do the fix)

All seems OK but i did notice my stepdaughter has put Limewire on the PC
I'm pretty sure this could have caused most of my problems

Do you think it would be a good idea to get rid of it?

Many Thanks

Mick
Mick S is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-25-2007, 10:15 AM   #10 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,871
OS: WinXP Home, Vista, Windows 7 64bit


Re: Hacked by Godzilla and lost search function - Help please?
Hi Mick,

It's possible. Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

Reset hidden/system files and folders

===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Ensure Windows Auto Update is Enabled
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.

-------------------------------------------------------------

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Spyware Guard to catch and block spyware before it can execute.

IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
  • Now navigate to C:\ie-spyad. Double click to open it.
  • From within the folder, double-click install.bat
  • Select Option #2 - Install the new IE-SPYAD list, by typing 2
  • Then return to the main menu.
  • Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.
__________________
Member of ASAP since 2005
Member of UNITE since 2006


"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 09:54 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2010, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85