Author Topic: zlob trojon again (Mr Bell) (Read 2976 times)

Mr Bell · « **on:** September 30, 2006, 09:33:25 AM »

I download this program and ran a spybot scan and Zlob showed up again.

--- Search result list ---
Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

Zlob.Downloader: Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f4c3d09-b3b9-4f88-aa82-31332fee1c08}

Common Dialogs: History (13 files) (Registry key, fixed)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Log: Activity: SchedLgU.Txt (Backup file, fixing failed)
C:\WINDOWS\SchedLgU.Txt

Log: Activity: imsins.log (Backup file, fixed)
C:\WINDOWS\imsins.log

Log: Install: comsetup.log (Backup file, fixed)
C:\WINDOWS\comsetup.log

Log: Install: ocgen.log (Backup file, fixed)
C:\WINDOWS\ocgen.log

Log: Install: setupact.log (Backup file, fixed)
C:\WINDOWS\setupact.log

Log: Install: setupapi.log (Backup file, fixed)
C:\WINDOWS\setupapi.log

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, fixed)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Internet Explorer: Typed URL list (8 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-527237240-2139871995-839522115-1004\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: Download directory (Registry change, fixed)
HKEY_USERS\S-1-5-21-527237240-2139871995-839522115-1004\Software\Microsoft\Internet Explorer\Download Directory!=

MS Media Player: Anonymous ID (Registry change, fixed)
HKEY_USERS\S-1-5-21-527237240-2139871995-839522115-1004\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

MS Direct3D: Most recent application (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=

MS Direct3D: Most recent application (Registry change, fixed)
HKEY_USERS\S-1-5-21-527237240-2139871995-839522115-1004\Software\Microsoft\Direct3D\MostRecentApplication\Name!=

MS DirectDraw: Most recent application (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

MS DirectInput: Most recent application (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-527237240-2139871995-839522115-1004\Software\Microsoft\DirectInput\MostRecentApplication\Name!=

MS DirectInput: Most recent application ID (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-527237240-2139871995-839522115-1004\Software\Microsoft\DirectInput\MostRecentApplication\Id!=

MS Search Assistant: Typed search terms history (Registry key, fixed)
HKEY_USERS\S-1-5-21-527237240-2139871995-839522115-1004\Software\Microsoft\Search Assistant\ACMru

Windows.OpenWith: Open with list - .BMP extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-527237240-2139871995-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: Open with list - .CFG extension (3 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-527237240-2139871995-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CFG\OpenWithList

Windows Explorer: User Assistant history IE (11 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-527237240-2139871995-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: User Assistant history files (40 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-527237240-2139871995-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: Last visited history (3 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-527237240-2139871995-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: Recent file global history (Registry key, fixed)
HKEY_USERS\S-1-5-21-527237240-2139871995-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: Computer name (Registry change, fixed)
HKEY_USERS\S-1-5-21-527237240-2139871995-839522115-1004\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Unique ID (Registry change, fixed)
HKEY_USERS\S-1-5-21-527237240-2139871995-839522115-1004\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Volume serial number (Registry value, fixed)
HKEY_USERS\S-1-5-21-527237240-2139871995-839522115-1004\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

WinRAR: Recent file list (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-527237240-2139871995-839522115-1004\Software\WinRAR\ArcHistory

WinRAR: Last used directory (Registry change, fixed)
HKEY_USERS\S-1-5-21-527237240-2139871995-839522115-1004\Software\WinRAR\General\LastFolder!=

WinRAR: Extraction directory history (1 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-527237240-2139871995-839522115-1004\Software\WinRAR\DialogEditHistory\ExtrPath

Cookie: Cookie (41) (Cookie, fixed)

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-01-02 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-09-29 Includes\Cookies.sbi (*)
2006-09-29 Includes\Dialer.sbi (*)
2006-09-29 Includes\Hijackers.sbi (*)
2006-09-29 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-09-29 Includes\Malware.sbi (*)
2006-09-29 Includes\PUPS.sbi (*)
2006-09-29 Includes\Revision.sbi (*)
2006-09-29 Includes\Security.sbi (*)
2006-09-29 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2006-09-29 Includes\Trojans.sbi (*)

--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/917283
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)

--- Startup entries list ---
Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
size: 57344
MD5: 617fa5be646b5e8d6670fd4710acd2d3

Located: HK_LM:Run, ATICCC
command: "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
file: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
size: 45056
MD5: 64c4c17bf6a40ff1cd21205e6fd415b8

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 59040
MD5: 42d55a54df63361a3207f830508ba4a4

Located: HK_LM:Run, Logitech Hardware Abstraction Layer
command: KHALMNPR.EXE
file: C:\WINDOWS\KHALMNPR.EXE
size: 28160
MD5: f925daaa220b8533832ffd53f072e32e

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: c341ccfbe98bc7df6e0b856bb9fc265a

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1ac2c58b587c70de64582ad41ee79fba

Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09ca174a605b480318731e691dc98539

Located: HK_CU:Run, spywarebot
command: C:\Program Files\SpywareBot\SpywareBot.exe -boot
file:

Located: HK_CU:Run, Steam
command: "c:\program files\sierra on-line\valve\steam\steam.exe" -silent
file:

Located: System.ini, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

--- Browser helper object list ---

--- ActiveX list ---

--- Process list ---
PID: 0 ( 0) [System]
PID: 700 ( 4) \SystemRoot\System32\smss.exe
PID: 748 ( 700) \??\C:\WINDOWS\system32\csrss.exe
PID: 776 ( 700) \??\C:\WINDOWS\system32\winlogon.exe
PID: 820 ( 776) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 844 ( 776) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 996 ( 820) C:\WINDOWS\system32\Ati2evxx.exe
size: 401408
MD5: B2906F9E62A6AC6AD7F5F35DE9656098
PID: 1016 ( 820) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1104 ( 820) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1264 ( 820) C:\Program Files\Windows Defender\MsMpEng.exe
size: 14032
MD5: E7E81C6BCD697F5921DF6D6781D2673D
PID: 1304 ( 820) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1408 ( 820) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1616 ( 820) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1780 ( 820) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 181920
MD5: 103D570135D9AD6F99AAFB54B7323E99
PID: 1820 ( 820) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
size: 173160
MD5: 08FA56B7C13B4CBF0E5D351AECAD92B1
PID: 380 ( 820) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 198304
MD5: B0BEB1D0B3506919A56CDF04ACEA9F70
PID: 584 ( 820) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 904 ( 820) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
size: 1135728
MD5: 8FA646F0E639D9A8C8B98E217D471DC0
PID: 1056 ( 820) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
size: 100032
MD5: 1B58EE9929BAB30D06092E584F7D899F
PID: 1220 ( 820) C:\Program Files\ewido anti-spyware 4.0\guard.exe
size: 172032
MD5: F8D982556A9E0795829632FF0812DC2D
PID: 1252 ( 820) C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
size: 177264
MD5: 8FC8458BCB585617AAC9E17A558D9155
PID: 1336 ( 820) C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
size: 46704
MD5: 96DB6F2D69F787C61A46CC86D6CFE69F
PID: 1516 ( 820) C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
size: 95824
MD5: 52F62545B6EE3ABF9C9642B37D278CC7
PID: 1908 ( 820) C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
size: 176193
MD5: 5D8D2E9BD65450077D88DDD6AD4474E4
PID: 1944 ( 820) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2024 ( 820) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 833168
MD5: 0E37F1024B2775E7F9258435845D2426
PID: 2040 ( 820) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 148 ( 820) C:\WINDOWS\wanmpsvc.exe
size: 65536
MD5: EB9A99AB5D17B1727034FF191E6448D7
PID: 1752 ( 820) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 2636 ( 776) C:\WINDOWS\system32\Ati2evxx.exe
size: 401408
MD5: B2906F9E62A6AC6AD7F5F35DE9656098
PID: 2656 (2144) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 2372 (2656) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 59040
MD5: 42D55A54DF63361A3207F830508BA4A4
PID: 3276 (2656) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
size: 45056
MD5: 64C4C17BF6A40FF1CD21205E6FD415B8
PID: 3888 (3276) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
size: 45056
MD5: 64C4C17BF6A40FF1CD21205E6FD415B8
PID: 2736 (2656) C:\Program Files\mIRC\mirc.exe
size: 2109440
MD5: 222C98F9FAF7A0B283FD0736F0AB6C1A
PID: 960 (2656) C:\Program Files\Ventrilo\Ventrilo.exe
size: 983040
MD5: 97FF7619C235C7D79BA2BA335C0BE8AD
PID: 520 (3984) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1AC2C58B587C70DE64582AD41EE79FBA
PID: 564 (2656) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 9/30/2006 10:10:23 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.eightballclan.branzone.com/admi...ator/index2.php
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---

--- Uninstall list ---
Ad-Aware SE Personal (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

Adobe Download Manager 2.0 (Remove Only) 2.0 (AdobeESD)
uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"

ATI - Software Uninstall Utility 6.14.10.1014 (All ATI Software)
install location: C:\Program Files\ATI Technologies\UninstallAll
uninstall cmd: C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

America Online (Choose which version to remove) (America Online us)
uninstall cmd: C:\Program Files\Common Files\aolshare\Aolunins_us.exe

AOL Connectivity Services (AOL Connectivity Services)
uninstall cmd: C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c

AOL Explorer (AOL Explorer)
uninstall cmd: C:\Program Files\Common Files\AOL\1126634133\ee\services\browser\ver1_1_1042\uninst.exe

AOL Instant Messenger (AOL Instant Messenger)
uninstall cmd: C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=

AOL Spyware Protection 1.0.66 (AOL Spyware Protection)
uninstall cmd: C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
publisher: AOL Spyware Protection
comments: AOL Spyware Protection

AOL Coach Version 1.0(Build:20040229.1 en) (AOLCoach)
uninstall cmd: C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe

ATI Display Driver 8.273-060718a-035119C-ATI (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

(BackWeb-8876480 Uninstaller)

(Branding)

CheckIt Diagnostics 7.0 (CheckIt Diagnostics)
uninstall cmd: C:\PROGRA~1\CheckIt\DIAGNO~1\UNWISE.EXE C:\PROGRA~1\CheckIt\DIAGNO~1\INSTALL.LOG
publisher: Smith Micro Software, Inc.
help link: http://www.smithmicro.com/support

CleanUp! (CleanUp!)
uninstall cmd: C:\Program Files\CleanUp!\uninstall.exe

(Connection Manager)

(DODC)

ewido anti-spyware 4.0 (ewidoantispyware4)
install location: C:\Program Files\ewido anti-spyware 4.0
uninstall cmd: C:\Program Files\ewido anti-spyware 4.0\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

FileZilla (remove only) (FileZilla)
uninstall cmd: "C:\Program Files\FileZilla\uninstall.exe"

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\Randy\Desktop\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

HLSW v1.0.0.48 (HLSW_is1)
install location: C:\Program Files\HLSW\
uninstall cmd: "C:\Program Files\HLSW\unins000.exe"
publisher: Timo Stripf
help link: http://www.hlsw.net

Windows XP Hotfix - KB834707 20040929.110854 (KB834707)
uninstall cmd: C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=834707

Windows XP Hotfix - KB867282 20050127.090417 (KB867282)
uninstall cmd: C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=867282

Microsoft Data Access Components KB870669 (KB870669)
uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB870669

Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

Security Update for Windows XP (KB883939) 1 (KB883939)
install date: 20050616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883939

(KB884016)

Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20050616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890047 20041221.124506 (KB890047)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890047

Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20050412
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Windows XP Hotfix - KB890923 1 (KB890923)
install date: 20050412
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890923

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Windows XP Hotfix - KB893066 1 (KB893066)
install date: 20050412
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066

Windows XP Hotfix - KB893086 1 (KB893086)
install date: 20050412
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086

Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

Windows Installer 3.1 (KB893803) 3.1 (KB893803)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20050616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20050616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20051109
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20050616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Security Update for Windows XP (KB896688) 1 (KB896688)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896688

Update for Windows XP (KB896727) 1 (KB896727)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896727

Update for Windows XP (KB898461) 1 (KB898461)
install date: 20050629
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Security Update for Windows XP (KB899588) 1 (KB899588)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899588

Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

Update for Windows XP (KB900485) 2 (KB900485)
install date: 20060426
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485

Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20050713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Security Update for Windows XP (KB903235) 1 (KB903235)
install date: 20050713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903235

Security Update for Windows XP (KB904706) 1 (KB904706)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

Security Update for Windows XP (KB905915) 1 (KB905915)
install date: 20051215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915

Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Security Update for Windows XP (KB908531) 1 (KB908531)
install date: 20060414
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Update for Windows XP (KB910437) 1 (KB910437)
install date: 20051215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Security Update for Windows XP (KB911280) 1 (KB911280)
install date: 20060615
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280

Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20060414
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20060215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564

Security Update for Windows Media Player 10 (KB911565) (KB911565)
install date: 20060215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911565

Security Update for Windows XP (KB911567) 1 (KB911567)
install date: 20060414
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567

Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20060215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927

Security Update for Windows XP (KB912812) 1 (KB912812)
install date: 20060414
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912812

Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060106
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919

Security Update for Windows XP (KB913446) 1 (KB913446)
install date: 20060215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913446

Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20060510
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580

Security Update for Windows XP (KB914388) 1 (KB914388)
install date: 20060713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914388

Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20060615
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389

Security Update for Windows XP (KB916281) 1 (KB916281)
install date: 20060615
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916281

Update for Windows XP (KB916595) 1 (KB916595)
install date: 20060713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916595

Security Update for Windows XP (KB917159) 1 (KB917159)
install date: 20060713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917159

Security Update for Microsoft .NET Framework 2.0 (KB917283) 1 (KB917283.T1_1ToU93_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/917283

Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20060615
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344

Security Update for Windows XP (KB917422) 1 (KB917422)
install date: 20060810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917422

Security Update for Windows Media Player 10 (KB917734) (KB917734_WMP10)
install date: 20060615
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734

Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20060615
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953

Security Update for Windows XP (KB918439) 1 (KB918439)
install date: 20060615
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439

Security Update for Windows XP (KB918899) 1 (KB918899)
install date: 20060810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918899

Security Update for Windows XP (KB919007) 1 (KB919007)
install date: 20060912
uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=919007

Security Update for Windows XP (KB920214) 1 (KB920214)
install date: 20060810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920214

Security Update for Windows XP (KB920670) 1 (KB920670)
install date: 20060810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920670

Security Update for Windows XP (KB920683) 1 (KB920683)
install date: 20060810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920683

Security Update for Windows XP (KB920685) 1 (KB920685)
install date: 20060912
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920685

Update for Windows XP (KB920872) 1 (KB920872)
install date: 20060912
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920872

Security Update for Windows XP (KB921398) 1 (KB921398)
install date: 20060810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921398

Security Update for Windows XP (KB921883) 1 (KB921883)
install date: 20060809
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921883

Update for Windows XP (KB922582) 1 (KB922582)
install date: 20060912
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922582

Security Update for Windows XP (KB922616) 1 (KB922616)
install date: 20060810
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922616

Security Update for Windows XP (KB925486) 1 (KB925486)
install date: 20060927
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925486

LiveReg (Symantec Corporation) 3.1.0 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
publisher: Symantec Corporation

LiveUpdate 3.0 (Symantec Corporation) 3.0.0.160 (LiveUpdate)
install location: "C:\Program Files\Symantec\LiveUpdate"
uninstall cmd: "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
publisher: Symantec Corporation

Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework

guestolo · « **Reply #1 on:** September 30, 2006, 10:02:38 AM »

Can you do the following
From my signature below, download and save too a permanent folder of it's own onto your harddrive
Hijackthis 1.99.1
Open Hijackthis.exe

Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log here

Also, if you do have Smitfraudfix on this computer
Delete it please

Download the latest version of [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

[color=\"#3366FF\"]Note[/color] : [color=\"#FF0000\"]process.exe[/color] [color=\"#3366FF\"]is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.[/color]

Mr Bell · « **Reply #2 on:** September 30, 2006, 10:21:27 AM »

Here is the Hyjack report. Be right back with the smithfraud report:

Logfile of HijackThis v1.99.1
Scan saved at 10:32:57 AM, on 9/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\America Online 9.0a\wEmail Removedexe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Randy\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eightballclan.branzone.com/admi...ator/index2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Steam] "c:\program files\sierra on-line\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.eightballclan.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1945B1FE-C77A-448C-B29A-C64C0043CB9D}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{1945B1FE-C77A-448C-B29A-C64C0043CB9D}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

SmitFraudFix v2.102

Scan done at 11:20:03.62, Sat 09/30/2006
Run from C:\Documents and Settings\Randy\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Randy

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Randy\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Randy\FAVORI~1

C:\DOCUME~1\Randy\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

guestolo · « **Reply #3 on:** September 30, 2006, 10:35:10 AM »

Can you do the following for me
I see Spywarebot in your hijackthis log again, did you reinstall this?

If not,
Download and unzip to your desktop InstalledPrograms.zip
Double click on InstalledPrograms.vbs

Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents

Also
Create a .bat file for me please
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as find.bat

Save this file on the desktop

Code: [Select]

@echo off
cd C:\Program Files\Spywarebot
dir /s /a > C:\find.txt
notepad C:\find.txt
del /q C:\find.txt

Double click on find.bat, a text file will open, copy>Paste back the contents please

Mr Bell · « **Reply #4 on:** September 30, 2006, 11:25:39 AM »

Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)   Ver: 2.0
Adobe Flash Player 9 ActiveX   Ver: 9
Adobe Reader 7.0.7   Ver: 7.0.7   Installed: 4/18/2006
Adobe® Photoshop® Album Starter Edition 3.0   Ver: 3.00.000   Installed: 4/18/2006
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Explorer
AOL Instant Messenger
AOL Spyware Protection   Ver: 1.0.66
ATI - Software Uninstall Utility   Ver: 6.14.10.1014
ATI Catalyst Control Center   Ver: 1.2.2390.38630   Installed: 8/10/2006
ATI Display Driver   Ver: 8.273-060718a-035119C-ATI
Belkin Gigabit Ethernet   Ver: 1.00.0000
ccCommon   Ver: 103.0.3.8   Installed: 11/13/2005
CheckIt Diagnostics   Ver: 7.0
CleanUp!
ewido anti-spyware 4.0
FileZilla (remove only)
HijackThis 1.99.1   Ver: 1.99.1
HLSW v1.0.0.48
Internet Worm Protection   Ver: 11.0.9   Installed: 11/13/2005
J2SE Runtime Environment 5.0 Update 2   Ver: 1.5.0.20   Installed: 3/25/2005
J2SE Runtime Environment 5.0 Update 6   Ver: 1.5.0.60   Installed: 7/12/2006
J2SE Runtime Environment 5.0 Update 7   Ver: 1.5.0.70   Installed: 7/12/2006
Java 2 Runtime Environment, SE v1.4.2_05   Ver: 1.4.2_05   Installed: 8/7/2004
Java 2 Runtime Environment, SE v1.4.2_06   Ver: 1.4.2_06   Installed: 12/26/2004
Lernout & Hauspie TruVoice American English TTS Engine
LiveReg (Symantec Corporation)   Ver: 3.1.0
LiveUpdate 3.0 (Symantec Corporation)   Ver: 3.0.0.160
Logitech QuickCam   Ver: 8.41.0000
Logitech SetPoint   Ver: 2.31   Installed: 9/27/2005
Logitech® Camera Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1   Ver: 1.1.4322   Installed: 1/2/2006
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0   Ver: 2.0.50727   Installed: 8/6/2006
Microsoft Data Access Components KB870669
Microsoft Office 2000 SR-1 Disc 2   Ver: 9.00.3821   Installed: 6/7/2004
Microsoft Office 2000 SR-1 Professional   Ver: 9.00.3821   Installed: 6/7/2004
Microsoft Text-to-Speech Engine 4.0 (English)
mIRC   Ver: 6.2
MSN Music Assistant
MSRedist   Ver: 1.0.0.0   Installed: 11/13/2005
Musicmatch® Jukebox   Ver: 10.00.4015
Nero OEM
Norton AntiVirus 2005   Ver: 11.0.9   Installed: 11/13/2005
Norton AntiVirus Parent MSI   Ver: 10.0.0   Installed: 11/13/2005
Norton CleanSweep   Ver: 1.0.0   Installed: 7/2/2006
Norton SystemWorks   Ver: 1.0.0   Installed: 11/13/2005
Norton SystemWorks 2005   Ver: 8.03.15   Installed: 11/13/2005
Norton SystemWorks 2005 (Symantec Corporation)   Ver: 8.03.15
Norton Utilities   Ver: 18.0.0   Installed: 11/13/2005
Norton WMI Update   Ver: 2005.1.2.20   Installed: 11/13/2005
NSW_DRM_COLLECTION   Ver: 1.0.0   Installed: 11/13/2005
Quake III Arena
QuickTime
RealPlayer
Realtek AC'97 Audio
Security Update for Microsoft .NET Framework 2.0 (KB917283)   Ver: 1
Security Update for Windows Media Player (KB911564)      Installed: 2/15/2006
Security Update for Windows Media Player 10 (KB911565)      Installed: 2/15/2006
Security Update for Windows Media Player 10 (KB917734)      Installed: 6/15/2006
Security Update for Windows XP (KB883939)   Ver: 1   Installed: 6/16/2005
Security Update for Windows XP (KB890046)   Ver: 1   Installed: 6/16/2005
Security Update for Windows XP (KB893756)   Ver: 1   Installed: 8/13/2005
Security Update for Windows XP (KB896358)   Ver: 1   Installed: 6/16/2005
Security Update for Windows XP (KB896422)   Ver: 1   Installed: 6/16/2005
Security Update for Windows XP (KB896423)   Ver: 1   Installed: 8/13/2005
Security Update for Windows XP (KB896424)   Ver: 1   Installed: 11/9/2005
Security Update for Windows XP (KB896428)   Ver: 1   Installed: 6/16/2005
Security Update for Windows XP (KB896688)   Ver: 1   Installed: 10/15/2005
Security Update for Windows XP (KB899587)   Ver: 1   Installed: 8/13/2005
Security Update for Windows XP (KB899588)   Ver: 1   Installed: 8/13/2005
Security Update for Windows XP (KB899591)   Ver: 1   Installed: 8/13/2005
Security Update for Windows XP (KB900725)   Ver: 1   Installed: 10/15/2005
Security Update for Windows XP (KB901017)   Ver: 1   Installed: 10/15/2005
Security Update for Windows XP (KB901214)   Ver: 1   Installed: 7/13/2005
Security Update for Windows XP (KB902400)   Ver: 1   Installed: 10/15/2005
Security Update for Windows XP (KB903235)   Ver: 1   Installed: 7/13/2005
Security Update for Windows XP (KB904706)   Ver: 1   Installed: 10/15/2005
Security Update for Windows XP (KB905414)   Ver: 1   Installed: 10/15/2005
Security Update for Windows XP (KB905749)   Ver: 1   Installed: 10/15/2005
Security Update for Windows XP (KB905915)   Ver: 1   Installed: 12/15/2005
Security Update for Windows XP (KB908519)   Ver: 1   Installed: 1/11/2006
Security Update for Windows XP (KB908531)   Ver: 1   Installed: 4/14/2006
Security Update for Windows XP (KB911280)   Ver: 1   Installed: 6/15/2006
Security Update for Windows XP (KB911562)   Ver: 1   Installed: 4/14/2006
Security Update for Windows XP (KB911567)   Ver: 1   Installed: 4/14/2006
Security Update for Windows XP (KB911927)   Ver: 1   Installed: 2/15/2006
Security Update for Windows XP (KB912812)   Ver: 1   Installed: 4/14/2006
Security Update for Windows XP (KB912919)   Ver: 1   Installed: 1/6/2006
Security Update for Windows XP (KB913446)   Ver: 1   Installed: 2/15/2006
Security Update for Windows XP (KB913580)   Ver: 1   Installed: 5/10/2006
Security Update for Windows XP (KB914388)   Ver: 1   Installed: 7/13/2006
Security Update for Windows XP (KB914389)   Ver: 1   Installed: 6/15/2006
Security Update for Windows XP (KB916281)   Ver: 1   Installed: 6/15/2006
Security Update for Windows XP (KB917159)   Ver: 1   Installed: 7/13/2006
Security Update for Windows XP (KB917344)   Ver: 1   Installed: 6/15/2006
Security Update for Windows XP (KB917422)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB917953)   Ver: 1   Installed: 6/15/2006
Security Update for Windows XP (KB918439)   Ver: 1   Installed: 6/15/2006
Security Update for Windows XP (KB918899)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB919007)   Ver: 1   Installed: 9/12/2006
Security Update for Windows XP (KB920214)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB920670)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB920683)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB920685)   Ver: 1   Installed: 9/12/2006
Security Update for Windows XP (KB921398)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB921883)   Ver: 1   Installed: 8/9/2006
Security Update for Windows XP (KB922616)   Ver: 1   Installed: 8/10/2006
Security Update for Windows XP (KB925486)   Ver: 1   Installed: 9/27/2006
SPBBC   Ver: 1.00.0000   Installed: 11/13/2005
Spybot - Search & Destroy 1.4   Ver: 1.4
Steam
Symantec KB-DocID:2003093015493306   Ver: 1.0.0.1   Installed: 11/13/2005
Symantec Network Drivers Update   Ver: 5.5.1.6   Installed: 7/10/2005
Symantec Script Blocking Installer   Ver: 11.0.9   Installed: 11/13/2005
Symantec SCSSDist MSI   Ver: 1.0.0   Installed: 11/13/2005
SymNet   Ver: 5.4.2.17   Installed: 11/13/2005
TeamSpeak 2 RC2   Ver: 2.0.32.60
Update for Windows XP (KB894391)   Ver: 1   Installed: 8/13/2005
Update for Windows XP (KB896727)   Ver: 1   Installed: 8/13/2005
Update for Windows XP (KB898461)   Ver: 1   Installed: 6/29/2005
Update for Windows XP (KB900485)   Ver: 2   Installed: 4/26/2006
Update for Windows XP (KB910437)   Ver: 1   Installed: 12/15/2005
Update for Windows XP (KB916595)   Ver: 1   Installed: 7/13/2006
Update for Windows XP (KB920872)   Ver: 1   Installed: 9/12/2006
Update for Windows XP (KB922582)   Ver: 1   Installed: 9/12/2006
Ventrilo Client   Ver: 2.3.0.5   Installed: 7/29/2006
Viewpoint Media Player
WebFldrs XP   Ver: 9.50.6513   Installed: 6/1/2004
Windows Defender   Ver: 1.1.1347.6   Installed: 8/27/2006
Windows Defender Signatures   Ver: 1.20.0.0   Installed: 8/27/2006
Windows Genuine Advantage Notifications (KB905474)   Ver: 1.5.0540.0   Installed: 4/26/2006
Windows Genuine Advantage v1.3.0254.0   Ver: 1.3.0254.0   Installed: 10/10/2005
Windows Genuine Advantage Validation Tool      Installed: 4/26/2006
Windows Installer 3.1 (KB893803)   Ver: 3.1
Windows Installer 3.1 (KB893803)   Ver: 3.1
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707   Ver: 20040929.110854
Windows XP Hotfix - KB867282   Ver: 20050127.090417
Windows XP Hotfix - KB873333   Ver: 20050114.005213
Windows XP Hotfix - KB873339   Ver: 20041117.092459
Windows XP Hotfix - KB885250   Ver: 20050118.202711
Windows XP Hotfix - KB885835   Ver: 20041027.181713
Windows XP Hotfix - KB885836   Ver: 20041028.173203
Windows XP Hotfix - KB886185   Ver: 20041021.090540
Windows XP Hotfix - KB887472   Ver: 20041014.162858
Windows XP Hotfix - KB887742   Ver: 20041103.095002
Windows XP Hotfix - KB888113   Ver: 20041116.131036
Windows XP Hotfix - KB888302   Ver: 20041207.111426
Windows XP Hotfix - KB890047   Ver: 20041221.124506
Windows XP Hotfix - KB890175   Ver: 20041201.233338
Windows XP Hotfix - KB890859   Ver: 1   Installed: 4/12/2005
Windows XP Hotfix - KB890923   Ver: 1   Installed: 4/12/2005
Windows XP Hotfix - KB891781   Ver: 20050110.165439
Windows XP Hotfix - KB893066   Ver: 1   Installed: 4/12/2005
Windows XP Hotfix - KB893086   Ver: 1   Installed: 4/12/2005
Windows XP Service Pack 2   Ver: 20040803.231319
WinRAR archiver

Not sure on how to create .bat file

Volume in drive C has no label.
Volume Serial Number is 401F-84C8

Directory of C:\Documents and Settings\Randy\Desktop

09/30/2006 12:22 PM <DIR> .
09/30/2006 12:22 PM <DIR> ..
08/10/2006 01:29 PM 36,306,256 6-7_xp-2k_dd_ccc_wdm_enu_34826.exe
07/22/2006 08:12 AM 1,025,536 activesmart242.exe
08/31/2004 12:42 PM 841 Ad-Aware SE Personal.lnk
08/06/2006 10:34 AM <DIR> Cal
07/12/2006 03:14 PM 339,257 CleanUp452.exe
09/28/2006 08:39 AM 4,140 config.cfg
06/23/2005 07:02 AM 35,267 coollogocom1473933532yx[1].gif
07/09/2006 02:18 PM 260,419 dancing[1].gif
08/10/2006 01:28 PM 23,510,720 dotnetfx.exe
09/21/2006 09:50 AM 4,955,266 drweb-cureit.exe
07/12/2006 06:22 PM 8,404,736 ewido-setup_4.0.0.172b.exe
07/23/2006 01:23 AM 374 export.bat
05/27/2005 12:45 PM 1,564 FileZilla.lnk
09/30/2006 12:22 PM 107 find.bat
07/10/2006 09:11 PM 218,112 hijackthis.exe
09/30/2006 10:32 AM 8,177 hijackthis.log
04/17/2006 08:16 PM 626 HLSW.lnk
09/30/2006 12:08 PM 2,391 InstalledPrograms.zip
06/30/2005 02:10 AM 767 Internet Explorer.lnk
09/21/2006 05:19 PM 626 mIRC.lnk
09/30/2006 12:10 PM 9,186 MY-AEQ7YLJ6G47U_09302006_121013_Software.txt
07/02/2006 09:00 AM <DIR> NSW2005
11/13/2005 10:04 AM 55,669,519 NSW2005.exe
07/25/2006 01:00 AM 814 Shortcut to dod.lnk
09/30/2006 11:19 AM <DIR> SmitfraudFix
09/30/2006 11:14 AM 597,963 SmitfraudFix.zip
09/14/2006 06:21 PM 65,221 sprintpictures_09142006_1521.zip
01/20/2006 12:26 AM 963 Spybot - Search & Destroy.lnk
07/24/2006 09:27 PM 722 Steam.lnk
07/11/2005 08:56 AM 665 Teamspeak 2 RC2.lnk
08/15/2006 07:56 AM <DIR> Temp Maps
08/20/2006 10:19 AM <DIR> TPG
08/20/2006 08:09 PM <DIR> trace
08/06/2006 10:29 AM <DIR> Unused Desktop Shortcuts
09/28/2006 02:13 PM 4,323 userconfi.cfg
07/24/2006 03:35 PM 1,157,632 wally_155b.exe
08/27/2006 10:17 AM 5,763,072 windowsdefender.msi
11/25/2005 12:31 AM 66 Wizard Wars.url
09/30/2006 01:55 AM 1,035,090 wrar361.exe
32 File(s) 139,380,418 bytes

Directory of C:\Documents and Settings\Randy\Desktop\Cal

08/06/2006 10:34 AM <DIR> .
08/06/2006 10:34 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
12/13/2004 03:26 PM 132,720 ccGSE.dll
12/13/2004 03:35 PM 241,264 ccL30.dll
12/13/2004 03:27 PM 145,008 ccScan.dll
07/02/2006 08:59 AM <DIR> Checkit
08/13/2004 01:06 PM 709,728 DefUtDCD.dll
04/22/2004 05:22 PM 42,112 ecmldr32.DLL
01/24/2005 10:27 PM 493,176 ESDSTART.EXE
07/02/2006 09:00 AM <DIR> GoBack
03/18/2003 08:14 PM 499,712 msvcp71.dll
02/21/2003 04:42 AM 348,160 msvcr71.dll
07/02/2006 09:00 AM <DIR> NAV
07/02/2006 09:00 AM <DIR> NCS
07/02/2006 09:00 AM <DIR> NSW
01/24/2005 10:27 PM 1,263,232 nswsetup.exe
07/02/2006 09:00 AM <DIR> NU
01/10/2005 12:20 PM 198,256 probeGSE.dll
01/24/2005 10:15 PM 2,966 Readme.txt
07/02/2006 08:59 AM <DIR> Support
07/02/2006 09:00 AM <DIR> Virusdef
11 File(s) 4,076,334 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\Checkit

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
01/24/2005 10:13 PM 4,144,041 CheckIt.exe
1 File(s) 4,144,041 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\GoBack

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
12/21/2004 10:18 AM 17,329,664 NortonGoBack.msi
12/21/2004 10:18 AM 159,744 Setup.exe
2 File(s) 17,489,408 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NAV

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
07/02/2006 08:59 AM <DIR> External
11/14/2002 07:30 PM 616,128 Iamapp.dll
01/19/2005 03:05 PM 2,740 instopts.dat
07/02/2006 08:59 AM <DIR> IWP
01/19/2005 03:04 PM 2,192,896 IWP.MSI
01/24/2005 10:37 PM 1,129,984 NAV.msi
01/10/2005 12:20 PM 79,472 Omigrate.exe
01/24/2005 10:15 PM 668,672 parent.msi
12/03/2004 02:53 PM 732 SKU.dat
01/19/2005 02:44 PM 114 version.dat
8 File(s) 4,690,738 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NAV\External

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
07/02/2006 08:59 AM <DIR> CommonFi
07/02/2006 09:00 AM <DIR> NORTON
01/24/2005 10:37 PM <DIR> Symantec
07/02/2006 08:59 AM <DIR> System32
0 File(s) 0 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NAV\External\CommonFi

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
12/13/2004 03:26 PM 132,720 ccGSE.dll
07/02/2006 09:00 AM <DIR> SYMSHARE
1 File(s) 132,720 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NAV\External\CommonFi\SYMSHARE

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
07/02/2006 08:59 AM <DIR> CCPD-LC
06/04/2004 04:18 PM 54,432 SMNLnch.exe
07/02/2006 08:59 AM <DIR> SPBBC
12/20/2004 06:03 PM 157,288 SymAData.dll
09/09/2004 06:11 PM 140,440 SymBbaAx.ocx
3 File(s) 352,160 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NAV\External\CommonFi\SYMSHARE\CCPD-LC

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
09/03/2004 12:29 AM 245,408 unicows.dll
1 File(s) 245,408 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NAV\External\CommonFi\SYMSHARE\SPBBC

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
11/23/2004 04:45 PM 91,736 SPLVPlug.dll
1 File(s) 91,736 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NAV\External\NORTON

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
09/09/2004 06:11 PM 226,456 ActRes.DLL
07/02/2006 09:00 AM <DIR> APP
01/10/2005 12:20 PM 149,104 avcompbr.dll
01/10/2005 12:21 PM 575,088 AVRES.dll
01/10/2005 12:20 PM 149,104 BootWarn.exe
05/29/2002 10:53 AM 90 Branding.ini
09/09/2004 06:12 PM 132,248 CfgWiz.exe
09/09/2004 06:11 PM 169,112 DJSAlert.dll
09/09/2004 06:11 PM 22,168 LRSend.exe
09/09/2004 06:11 PM 74,904 LtChkRes.dll
04/20/2003 04:02 PM 0 NAVAPW32.exe
01/10/2005 12:21 PM 374,384 NAVOptRF.dll
09/09/2004 06:11 PM 156,824 SymLCUI.dll
09/09/2004 06:11 PM 656,536 SymUIHlp.dll
13 File(s) 2,686,018 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NAV\External\NORTON\APP

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
01/10/2005 12:20 PM 276,080 AboutPlg.dll
01/10/2005 12:20 PM 99,952 apwcmd9x.dll
01/10/2005 12:20 PM 349,808 apwcmdNT.dll
01/10/2005 12:20 PM 161,392 apwutil.dll
12/13/2004 03:26 PM 54,896 ccAVMail.dll
12/13/2004 03:26 PM 95,856 ccIMScan.dll
12/13/2004 03:30 PM 63,088 ccIMScn.exe
07/25/2004 08:16 PM 1,468 CfgWiz.dat
01/10/2005 12:20 PM 411,248 CfgWzRes.dll
08/20/2003 07:18 PM 3,943 COUNTRY.DAT
01/10/2005 12:20 PM 353,904 DefAlert.dll
08/12/2004 09:09 PM 13,475 end_user.txt
12/08/2003 04:22 PM 62,584 N32call.dll
01/10/2005 12:20 PM 38,000 N32Exclu.dll
12/10/2004 01:00 PM 120,544 Navap32.dll
01/10/2005 12:20 PM 75,376 NAVAPSCR.dll
01/10/2005 12:20 PM 177,264 navapsvc.exe
01/10/2005 12:20 PM 251,504 navapw32.dll
01/10/2005 12:20 PM 218,736 NAVCfgWz.dll
01/10/2005 12:20 PM 616,048 NAVComUI.dll
07/26/2002 11:13 AM 11,447 NAVDX.EXE
07/26/2002 11:13 AM 676,588 NAVDX.OVL
01/10/2005 12:20 PM 63,088 NAVError.dll
01/10/2005 12:20 PM 157,296 NAVEvent.dll
08/02/2002 06:48 PM 6,917 NAVKRNLO.VXD
01/10/2005 12:20 PM 198,256 Navlcom.dll
01/10/2005 12:20 PM 108,144 NAVLnch.dll
01/10/2005 12:20 PM 222,832 NAVLogV.dll
01/10/2005 12:20 PM 267,888 NAVLUCBK.dll
01/10/2005 12:20 PM 50,800 Navntutl.dll
08/02/2004 03:54 PM 6,940 navopts.dat
01/10/2005 12:20 PM 820,848 NAVOpts.dll
01/10/2005 12:20 PM 87,664 navprod.dll
06/16/2004 09:51 PM 1,350 navsess.tpl
06/01/2001 09:59 PM 0 navsess.txt
01/10/2005 12:20 PM 218,736 NAVShExt.dll
01/22/2001 07:25 PM 447 NAVSTART.DAT
01/10/2005 12:20 PM 239,216 NAVSTATS.dll
01/10/2005 12:20 PM 54,896 NAVStub.exe
01/10/2005 12:20 PM 169,584 NAVTasks.dll
01/10/2005 12:20 PM 247,408 NAVTskWz.dll
01/10/2005 12:20 PM 308,848 NAVUI.dll
03/07/2002 10:57 AM 16 navui.nsi
01/10/2005 12:20 PM 349,808 NAVUIHTM.dll
01/10/2005 12:20 PM 202,352 Navw32.exe
01/10/2005 12:20 PM 36,464 Navwnt.exe
12/08/2003 04:22 PM 50,808 NetBrExt.DLL
12/13/2004 03:27 PM 34,416 OEHeur.dll
12/13/2004 03:27 PM 58,992 OfficeAV.dll
12/13/2004 03:30 PM 71,280 OPScan.exe
07/23/2004 10:51 AM 26,208 patch25d.dll
01/10/2005 12:20 PM 198,256 probeGSE.dll
01/10/2005 12:20 PM 17,008 PtchInst.dll
01/10/2005 12:20 PM 71,280 qconres.dll
01/10/2005 12:20 PM 214,640 qconsole.exe
01/10/2005 12:20 PM 27,248 qspak32.dll
01/10/2005 12:20 PM 99,952 quar32.dll
03/19/1988 07:00 AM 612 QuarOpts.dat
08/04/2004 03:48 PM 11,974 README.TXT
06/06/2001 10:09 PM 0 resqloc.dat
12/08/2003 04:22 PM 84,600 S32integ.dll
12/08/2003 04:22 PM 473,720 S32NAVO.DLL
12/22/2004 11:01 AM 7,311 Savrt.cat
10/20/2004 12:33 PM 5,444 savrt.dat
12/22/2004 12:17 PM 617 Savrt.inf
12/10/2004 01:00 PM 336,008 savrt.sys
12/10/2004 12:53 PM 298,352 savrt.vxd
12/10/2004 01:00 PM 222,944 SavRT32.dll
12/22/2004 11:30 AM 7,317 Savrtpel.cat
12/22/2004 12:16 PM 633 Savrtpel.inf
12/10/2004 01:00 PM 50,312 Savrtpel.sys
12/10/2004 12:53 PM 23,827 savrtpel.vxd
12/10/2004 01:00 PM 198,368 SAVScan.exe
02/14/2001 07:00 AM 462 scancfg.dat
01/10/2005 12:20 PM 120,432 Scandlvr.dll
01/10/2005 12:20 PM 337,520 Scandres.dll
01/10/2005 12:20 PM 185,968 ScanMgr.dll
01/10/2005 12:20 PM 104,048 SDPCK32I.DLL
01/10/2005 12:20 PM 13,936 SDSND32I.DLL
01/10/2005 12:20 PM 13,936 SDSOK32I.DLL
01/10/2005 12:20 PM 54,896 SDSTP32I.DLL
01/10/2005 12:21 PM 153,200 Statushp.dll
08/02/2002 06:41 PM 343,504 SYMNAVO.DLL
03/06/2003 01:37 PM 76 THREXCL.DAT
03/06/2003 01:37 PM 76 THRLEXCL.DAT
08/02/2002 06:41 PM 5,696 TKNV16O.DLL
08/02/2002 06:40 PM 19,456 TKNV32O.DLL
07/26/2002 11:13 AM 44,955 UNDOBOOT.EXE
01/19/2005 02:44 PM 114 VERSION.DAT
01/22/2001 07:35 PM 10 VIRSCAN6.INI
07/02/2006 08:59 AM <DIR> WIN98NT
07/02/2006 08:59 AM <DIR> WINME
07/02/2006 08:59 AM <DIR> WINXP
90 File(s) 11,943,411 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NAV\External\NORTON\APP\WIN98NT

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
08/03/2002 06:52 PM 76 exclude.dat
06/20/2001 11:21 PM 76 excludel.dat
10/20/2004 12:33 PM 76 SRTLEXCL.DAT
10/20/2004 12:33 PM 76 srtsexcl.dat
4 File(s) 304 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NAV\External\NORTON\APP\WINME

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
07/26/2004 01:53 PM 276 exclude.dat
06/12/2001 11:57 AM 76 excludel.dat
10/20/2004 12:33 PM 76 SRTLEXCL.DAT
10/20/2004 12:33 PM 276 srtsexcl.dat
4 File(s) 704 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NAV\External\NORTON\APP\WINXP

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
08/03/2002 06:54 PM 76 exclude.dat
08/01/2001 02:17 PM 388 EXCLUDEL.DAT
10/20/2004 12:33 PM 388 SRTLEXCL.DAT
10/20/2004 12:33 PM 76 srtsexcl.dat
4 File(s) 928 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NAV\External\Symantec

01/24/2005 10:37 PM <DIR> .
01/24/2005 10:37 PM <DIR> ..
07/02/2006 08:59 AM <DIR> NORTON
0 File(s) 0 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NAV\External\Symantec\NORTON

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
07/02/2003 12:49 AM 172 alert.dat
07/02/2006 09:00 AM <DIR> Tasks
1 File(s) 172 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NAV\External\Symantec\NORTON\Tasks

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
05/11/2001 02:48 PM 420 drives.sca
05/11/2001 02:48 PM 420 files.sca
06/13/2001 10:38 PM 428 floppy.sca
05/11/2001 02:48 PM 420 folders.sca
05/11/2001 05:28 PM 428 mycomp.sca
05/11/2001 02:49 PM 436 rem.sca
6 File(s) 2,552 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NAV\External\System32

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
12/10/2004 12:59 PM 39,296 SAVRTGUI.DLL
1 File(s) 39,296 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NAV\IWP

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
07/02/2006 09:00 AM <DIR> App
07/02/2006 08:59 AM <DIR> COMMON
01/19/2005 03:04 PM 204,997 DefRules.dat
1 File(s) 204,997 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NAV\IWP\App

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
11/23/2004 04:44 PM 247,384 ACDisp.dll
11/23/2004 04:44 PM 140,888 ALECmpBR.dll
11/23/2004 11:16 AM 7,387,061 Ales.xml
11/23/2004 04:45 PM 19,544 ALEUpdat.exe
12/13/2004 03:26 PM 149,104 ccALE.dll
12/13/2004 03:26 PM 300,656 ccFWSetg.dll
12/13/2004 03:27 PM 177,776 ccRuleIO.dll
11/23/2004 04:45 PM 108,120 FREAles.dll
11/23/2004 04:45 PM 329,304 FREInteg.dll
11/23/2004 04:45 PM 87,640 FRERules.dll
11/23/2004 04:45 PM 927,320 fwUI.dll
11/23/2004 04:45 PM 75,352 HNetCore.dll
11/23/2004 04:45 PM 46,680 ICFMgr.dll
07/02/2006 09:00 AM <DIR> IDSDefs
11/23/2004 04:45 PM 198,232 ISLuCbk.dll
11/23/2004 04:45 PM 206,424 ISWrap.dll
01/10/2005 12:20 PM 308,848 IWP.dll
01/10/2005 12:21 PM 276,080 IWPLog.dll
01/10/2005 12:20 PM 58,992 IWPLUCbk.dll
11/23/2004 04:45 PM 308,824 niscmnht.dll
01/10/2005 12:20 PM 46,704 NPFMntor.exe
12/13/2004 03:27 PM 145,008 SymFwAgt.DLL
01/18/2005 05:38 PM 136,816 TLevel.dll
22 File(s) 11,682,757 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NAV\IWP\App\IDSDefs

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
08/31/2004 08:46 PM 443 CATALOG.DAT
11/22/2004 01:47 PM 25,656 Metadata.dat
12/09/2004 05:20 PM 269,424 SymIDSCo.sys
12/09/2004 05:17 PM 281,805 SymIDSCo.vxd
12/09/2004 05:20 PM 157,392 SymIDSI.dll
12/09/2004 05:20 PM 1,086 v.grd
12/09/2004 05:20 PM 2,225 v.sig
12/09/2004 05:20 PM 32 VIRSCAN1.DAT
08/31/2004 08:46 PM 224 zdone.dat
9 File(s) 738,287 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NAV\IWP\COMMON

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
01/24/2005 10:37 PM <DIR> SYMSHARE
0 File(s) 0 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NAV\IWP\COMMON\SYMSHARE

01/24/2005 10:37 PM <DIR> .
01/24/2005 10:37 PM <DIR> ..
07/02/2006 08:59 AM <DIR> SPBBC
0 File(s) 0 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NAV\IWP\COMMON\SYMSHARE\SPBBC

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
11/23/2004 04:45 PM 91,736 SPLVPlug.dll
1 File(s) 91,736 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NCS

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
07/02/2006 08:59 AM <DIR> APP
01/24/2005 04:35 PM 446,464 ncs.msi
1 File(s) 446,464 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NCS\APP

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
07/02/2006 09:00 AM <DIR> NCS
07/02/2006 08:59 AM <DIR> setup
07/02/2006 09:00 AM <DIR> System
07/02/2006 08:59 AM <DIR> System32
0 File(s) 0 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NCS\APP\NCS

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
01/24/2005 04:30 PM 75,344 BldDrvMp.exe
01/24/2005 04:30 PM 58,960 Ciltomdb.exe
01/24/2005 04:08 PM 2,843,297 clnsweep.cfg
01/24/2005 04:08 PM 100,160 CLNSWEEP.DAT
01/24/2005 04:08 PM 0 CLNSWEEP.GID
01/24/2005 04:13 PM 17,989 CLNSWEEP.HLP
01/24/2005 04:30 PM 243,280 cs32.dll
01/24/2005 04:30 PM 27,728 cs32.exe
01/24/2005 04:08 PM 16 cs32.nsi
01/24/2005 04:30 PM 1,599,056 cscore.dll
01/24/2005 04:30 PM 50,256 Csdll32.dll
01/24/2005 04:30 PM 104,016 Csdvmp32.dll
01/24/2005 04:20 PM 24,576 csinject.exe
01/24/2005 04:30 PM 214,608 Csinsm32.exe
01/24/2005 04:30 PM 218,704 CsinsmNT.exe
01/24/2005 04:08 PM 30,864 CSPRM16.DLL
01/24/2005 04:30 PM 50,768 Csprm32.dll
01/24/2005 04:30 PM 128,592 Cstree32.dll
01/24/2005 04:08 PM 182,784 ddao35.dll
01/24/2005 04:08 PM 96,768 DUNZIP32.DLL
01/24/2005 04:08 PM 124,928 DZIP32.DLL
01/24/2005 04:13 PM 20 FastSafe.gid
01/24/2005 04:08 PM 9,108 license.txt
01/24/2005 04:31 PM 20,560 Menuhdl.dll
01/24/2005 04:24 PM 49,152 migrate.dll
01/24/2005 04:27 PM 4,752 MONWOW.EXE
01/24/2005 04:27 PM 19,600 MONWOWD.DLL
01/24/2005 04:31 PM 91,728 N32UserL.dll
01/24/2005 04:31 PM 75,344 NCSAbout.dll
01/24/2005 04:34 PM 95,864 ncslic.dll
01/24/2005 04:31 PM 140,880 NCSLive.dll
01/24/2005 04:08 PM 263 ncslr.txt
01/24/2005 04:31 PM 37,968 QDCSFS.exe
01/24/2005 04:13 PM 8,006 QDCSFS.HLP
01/24/2005 04:31 PM 120,400 Qdcsint2.dll
01/24/2005 04:31 PM 3,003,984 QDCSUI.dll
01/24/2005 04:31 PM 52,360 Qdfsif.dll
01/24/2005 04:31 PM 71,248 QDFSSV.dll
01/24/2005 04:31 PM 83,536 QDQSSV.dll
01/24/2005 04:31 PM 296,528 QDQSUI.dll
01/24/2005 04:13 PM 20 QSafe.gid
01/24/2005 04:08 PM 5,023 readme.txt
01/24/2005 04:08 PM 212,992 REGENIE.MDB
01/24/2005 04:08 PM 58,168 siren.wav
01/24/2005 04:31 PM 145,056 SymExcpt.dll
45 File(s) 10,795,254 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NCS\APP\setup

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
01/24/2005 10:37 PM <DIR> msshared
07/02/2006 09:00 AM <DIR> SYMSHARE
0 File(s) 0 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NCS\APP\setup\msshared

01/24/2005 10:37 PM <DIR> .
01/24/2005 10:37 PM <DIR> ..
07/02/2006 09:00 AM <DIR> DAO
0 File(s) 0 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NCS\APP\setup\msshared\DAO

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
08/29/1999 03:50 AM 73,184 Dao2535.tlb
06/10/1999 07:34 AM 570,128 Dao350.dll
2 File(s) 643,312 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NCS\APP\setup\SYMSHARE

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
01/24/2005 04:08 PM 17,408 LUCB.DLL
07/24/2001 02:35 PM 545,992 NMain.exe
2 File(s) 563,400 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NCS\APP\System

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
01/24/2005 04:27 PM 15,441 CSHOOK.VXD
01/24/2005 04:19 PM 57,344 qdcspi.dll
01/24/2005 04:08 PM 17,920 stdole2.tlb
3 File(s) 90,705 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NCS\APP\System32

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
01/24/2005 04:08 PM 86,016 Apitrap.dll
07/02/2006 09:00 AM <DIR> Drivers
07/21/2000 09:05 AM 379,152 expsrv.dll
09/09/1999 08:06 PM 252,688 msexcl35.dll
09/28/1999 07:42 PM 1,050,896 msjet35.dll
06/10/1999 07:34 AM 123,664 msjint35.dll
06/10/1999 07:34 AM 24,848 msjter35.dll
09/09/1999 08:06 PM 168,720 msltus35.dll
06/07/1999 04:59 PM 250,128 mspdox35.dll
04/25/1999 03:00 PM 252,176 Msrd2x35.dll
08/25/1999 12:57 PM 415,504 msrepl35.dll
09/30/1999 05:21 PM 166,672 mstext35.dll
04/25/1999 03:00 PM 287,504 Msxbse35.dll
01/24/2005 04:19 PM 102,400 Qdcsinet.dll
01/24/2005 10:37 PM <DIR> Redist
07/21/2000 09:05 AM 30,992 vbajet32.dll
04/25/1999 03:00 PM 368,912 Vbar332.dll
15 File(s) 3,960,272 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NCS\APP\System32\Drivers

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
01/24/2005 04:28 PM 13,792 qdfsdrv.sys
1 File(s) 13,792 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NCS\APP\System32\Redist

01/24/2005 10:37 PM <DIR> .
01/24/2005 10:37 PM <DIR> ..
07/02/2006 08:59 AM <DIR> MS
0 File(s) 0 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NCS\APP\System32\Redist\MS

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
07/02/2006 08:59 AM <DIR> System
0 File(s) 0 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NCS\APP\System32\Redist\MS\System

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
04/06/2000 06:10 PM 278,581 msvcrt.dll
1 File(s) 278,581 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NSW

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
01/24/2005 10:37 PM 3,956 INSTOPTS.DAT
01/24/2005 10:37 PM 2,057,728 nsw.msi
01/24/2005 10:28 PM 1,819,648 NSWLT.msi
01/24/2005 10:15 PM 830 SCSSDist.INI
01/24/2005 10:27 PM 237,568 SCSSDist.MSI
07/02/2006 08:59 AM <DIR> setup
01/24/2005 10:37 PM <DIR> Windows
5 File(s) 4,119,730 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NSW\setup

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
07/02/2006 09:00 AM <DIR> NSW
07/02/2006 08:59 AM <DIR> Symantec
07/02/2006 09:00 AM <DIR> SYMSHARE
0 File(s) 0 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NSW\setup\NSW

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
01/24/2005 10:15 PM 0 comms.txt
01/24/2005 10:15 PM 30,312 DJSMAR00.dll
01/24/2005 10:15 PM 217 DJSMAR00.ini
01/24/2005 10:15 PM 1,645,320 gdiplus.dll
01/24/2005 10:27 PM 91,784 NSWAlert.dll
01/24/2005 10:15 PM 0 nswcfg.dat
01/24/2005 10:27 PM 128,664 NSWCfg.dll
01/24/2005 10:27 PM 530,064 NSWRes.dll
01/24/2005 10:27 PM 251,520 NSWSTE.dll
01/24/2005 10:27 PM 472,696 OBC.exe
01/24/2005 10:27 PM 71,288 OBCMgr.dll
01/24/2005 10:15 PM 2,966 readme.txt
01/24/2005 10:15 PM 50 Shop.url
01/24/2005 10:15 PM 59 support.url
01/24/2005 10:27 PM 280,192 SWAbout.dll
01/24/2005 10:27 PM 128,656 swlureg.dll
01/24/2005 10:27 PM 775,824 SWPlugin.dll
01/24/2005 10:15 PM 16 swplugin.nsi
01/24/2005 10:15 PM 0 SystemWorks8.Product
07/02/2006 09:00 AM <DIR> webclean
01/24/2005 10:27 PM 308,880 WSPlugin.dll
01/24/2005 10:15 PM 16 wsplugin.nsi
21 File(s) 4,718,524 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NSW\setup\NSW\webclean

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
09/09/2004 06:11 PM 226,456 ActRes.DLL
09/09/2004 06:12 PM 132,248 CfgWiz.exe
09/09/2004 06:11 PM 169,112 DJSAlert.dll
01/24/2005 10:15 PM 15,979 EULA.txt
09/09/2004 06:11 PM 22,168 LRSend.exe
09/09/2004 06:11 PM 74,904 LtChkRes.dll
01/24/2005 10:15 PM 0 nsw.dat
01/24/2005 10:27 PM 263,816 NSWProd.dll
01/24/2005 10:27 PM 16,504 PtchInst.dll
09/09/2004 06:11 PM 156,824 SymLCUI.dll
09/09/2004 06:11 PM 656,536 SymUIHlp.dll
01/24/2005 10:15 PM 45,815 SysOpt.chm
01/24/2005 10:15 PM 1,679,360 SysOpt.exe
13 File(s) 3,459,722 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NSW\setup\Symantec

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
07/02/2006 09:00 AM <DIR> WebTools
0 File(s) 0 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NSW\setup\Symantec\WebTools

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
01/18/2005 01:52 AM 235,136 CKA.exe
01/18/2005 01:46 AM 1,645,320 GDIPlus.dll
01/18/2005 01:52 AM 91,736 IEPlugIn.dll
01/18/2005 01:52 AM 75,344 MRUPlugin.dll
01/18/2005 01:52 AM 79,448 TFPlugin.dll
01/18/2005 01:52 AM 91,728 WCEngine.dll
01/18/2005 01:52 AM 362,072 wcIntro.dll
01/18/2005 01:52 AM 271,952 WCQuick.exe
01/18/2005 01:52 AM 382,552 WCViewer.exe
01/18/2005 01:52 AM 95,864 WTLIC.dll
01/18/2005 01:52 AM 226,896 WTPlug.dll
01/18/2005 01:46 AM 16 wtplug.nsi
12 File(s) 3,558,064 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NSW\setup\SYMSHARE

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
07/02/2006 08:59 AM <DIR> CCPD-LC
09/09/2004 05:59 PM 3,832 CfgWiz.tlb
01/24/2005 10:27 PM 108,168 CSFFCom.dll
01/24/2005 10:27 PM 153,224 NavPreC.dll
01/24/2005 04:54 PM 54,864 Ncomcat.dll
01/24/2005 10:15 PM 1,858 NSWSess.tpl
01/24/2005 04:54 PM 292,432 NWDENG.DLL
09/09/2004 06:11 PM 169,112 SLTCHK01.dll
12/20/2004 06:03 PM 157,288 SymAData.dll
09/09/2004 06:11 PM 140,440 SymBbaAx.ocx
01/18/2005 01:51 AM 29,184 SymDrmc.exe
09/09/2004 06:11 PM 87,192 SymLTCOM.dll
01/24/2005 10:27 PM 116,344 SymTray.exe
01/24/2005 10:21 PM 32,768 Symtrdr.exe
01/24/2005 10:27 PM 45,192 SymTrHk.dll
09/09/2004 06:11 PM 324,760 SymUIAx2.ocx
01/24/2005 10:27 PM 39,568 WDScnrLK.dll
01/24/2005 10:27 PM 140,936 WTCom.dll
17 File(s) 1,897,162 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NSW\setup\SYMSHARE\CCPD-LC

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
09/03/2004 12:29 AM 245,408 unicows.dll
1 File(s) 245,408 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NSW\Windows

01/24/2005 10:37 PM <DIR> .
01/24/2005 10:37 PM <DIR> ..
07/02/2006 08:59 AM <DIR> System32
0 File(s) 0 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NSW\Windows\System32

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
09/03/2004 12:29 AM 245,408 unicows.dll
1 File(s) 245,408 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NU

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
07/02/2006 08:59 AM <DIR> APP
01/24/2005 04:56 PM 647,168 NU.msi
1 File(s) 647,168 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NU\APP

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
07/02/2006 09:00 AM <DIR> NU
07/02/2006 08:59 AM <DIR> Profiles
07/02/2006 08:59 AM <DIR> setup
07/02/2006 08:59 AM <DIR> System32
0 File(s) 0 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NU\APP\NU

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
01/24/2005 04:53 PM 30,296 ACTEXT.DLL
01/24/2005 04:53 PM 263,760 ALARM.DLL
02/24/2000 05:07 PM 29,184 BACKLOG.EXE
02/24/2000 05:07 PM 28,796 BLUEROCK.BMP
01/24/2005 04:55 PM 63,056 BOOKMARK.OCX
01/24/2005 04:53 PM 34,392 CHKASSC.DLL
02/24/2000 05:07 PM 307,514 CLOUDS.BMP
01/24/2005 04:53 PM 104,016 COFRGTST.DLL
01/24/2005 04:53 PM 108,120 COFSTST.DLL
01/24/2005 04:53 PM 120,400 CONDDTST.DLL
01/24/2005 04:53 PM 75,352 COREGTST.DLL
01/24/2005 04:53 PM 95,824 CORSCTST.DLL
02/24/2000 05:07 PM 52,736 CPUUTIL.DLL
02/24/2000 05:07 PM 50,176 CSH.DLL
01/24/2005 04:53 PM 509,528 DDENGSC.DLL
08/10/2001 06:00 AM 677,872 DISKEDIT.EXE
08/10/2001 06:00 AM 96,117 DISKEDIT.HLP
08/10/2001 06:00 AM 766 DISKEDIT.ICO
01/24/2005 04:53 PM 58,960 DSCANATL.DLL
01/24/2005 04:53 PM 30,296 EVENTLG.DLL
03/16/2003 07:42 PM 459 EXCLUDE.REG
01/24/2005 04:53 PM 63,056 HTRKPAGE.DLL
01/24/2005 04:53 PM 231,000 IMAGE32.EXE
07/22/2003 10:45 PM 8,067 IMAGE32.HLP
02/24/2000 05:07 PM 65,278 MAG256.BMP
02/24/2000 05:07 PM 63,464 MARBLE_B.BMP
07/28/2000 04:09 PM 2 marker9x.txt
07/28/2000 04:09 PM 2 markerNT.txt
02/24/2000 05:07 PM 82,072 METAL_A.BMP
02/24/2000 05:07 PM 141,296 METAL_P.BMP
02/24/2000 05:07 PM 17,464 MOONROCK.BMP
02/24/2000 05:07 PM 9,022 MYSTERY.BMP
01/24/2005 04:53 PM 144,984 N32DLIST.DLL
01/24/2005 04:54 PM 194,128 N32DLSTU.DLL
01/24/2005 04:54 PM 34,392 N32USERL.DLL
01/24/2005 04:54 PM 157,272 NCOMPARE.EXE
10/31/2003 10:50 AM 8,817 NCOMPARE.HLP
07/28/2001 07:37 AM 650,208 NDD.EXE
08/10/2001 06:00 AM 28,634 NDD.HLP
01/24/2005 04:54 PM 337,496 NDD32.EXE
07/19/2003 01:36 PM 10,054 NDD32.HLP
01/24/2005 04:54 PM 517,712 NDDENG.DLL
01/24/2005 04:54 PM 108,120 NDDENGNT.DLL
01/24/2005 04:54 PM 79,440 NDRVEX.DLL
01/24/2005 04:54 PM 42,584 NINTROBJ.DLL
01/24/2005 04:54 PM 46,672 NORTON.EXE
01/24/2005 04:54 PM 42,584 NPComSvr.DLL
01/24/2005 04:54 PM 95,824 NPROTECT.EXE
01/24/2005 04:38 PM 28,269 NPROTECT.VXD
01/24/2005 04:54 PM 525,912 NREGEDIT.EXE
07/25/2003 04:31 PM 9,601 NREGEDIT.HLP
01/24/2005 04:54 PM 54,864 NREGXPRT.EXE
01/24/2005 04:54 PM 54,872 NSMPLOGR.DLL
01/24/2005 04:54 PM 38,480 NTABSHT.DLL
08/11/2003 04:54 PM 9,356 NU.HLP
01/24/2005 04:54 PM 95,832 NUABOUT.DLL
01/24/2005 04:54 PM 30,296 NUFONT.DLL
01/24/2005 04:54 PM 955,984 NUINTRO.DLL
01/24/2005 04:53 PM 83,576 NULIC.DLL
01/24/2005 04:54 PM 50,776 NULIVE.DLL
01/24/2005 04:55 PM 58,960 NULuReg.dll
01/24/2005 04:54 PM 46,672 NUMISC.DLL
07/02/2006 09:00 AM <DIR> NUNT
01/24/2005 04:54 PM 304,728 NUPLUGIN.DLL
01/15/2003 05:20 PM 16 NUPLUGIN.NSI
01/24/2005 04:54 PM 153,176 NUSPLASH.DLL
01/24/2005 04:54 PM 87,632 NUSPLOBJ.DLL
02/05/2002 06:03 AM 10,816 NUTHK16.DLL
01/24/2005 04:54 PM 34,392 NUTHK32.DLL
02/05/2002 06:03 AM 146,544 NWCALLS.DLL
02/24/2000 05:07 PM 90,348 OAK.BMP
01/24/2005 04:54 PM 472,664 OPTWIZ.EXE
07/21/2003 10:23 PM 7,759 OPTWIZ.HLP
02/24/2000 05:07 PM 16,914 PAPER_G.BMP
10/25/2002 01:35 PM 474,624 PGNORTON.DLL
06/27/2002 09:53 PM 4,187 README.TXT
01/24/2005 04:54 PM 210,512 REGEXT.DLL
01/24/2005 04:54 PM 341,584 REGTRK.EXE
07/25/2003 11:14 AM 8,582 REGTRK.HLP
01/24/2005 04:54 PM 26,200 REGWDOC.EXE
02/24/2000 05:07 PM 9,728 RNAPH.DLL
01/24/2005 04:55 PM 38,488 S32DMAPL.DLL
11/21/2001 03:23 PM 99,840 S32FATL.DLL
11/21/2001 03:28 PM 381,440 S32GUIL.DLL
11/21/2001 03:14 PM 207,872 S32KRNLL.DLL
11/21/2001 03:31 PM 11,264 S32MAILL.DLL
11/21/2001 03:31 PM 6,144 S32MTHKL.DLL
11/21/2001 03:31 PM 37,888 S32NPTL.DLL
11/21/2001 03:25 PM 39,936 S32SYSL.DLL
11/21/2001 03:23 PM 100,352 S32UTILL.DLL
02/05/2002 06:03 AM 4,688 SALTHK16.DLL
01/24/2005 04:55 PM 54,872 SALTHK32.DLL
07/02/2006 09:00 AM <DIR> SD
01/24/2005 04:54 PM 439,888 SD32.EXE
09/02/2003 06:02 PM 10,383 SD32.HLP
01/24/2005 04:54 PM 165,464 SD32ENG.DLL
01/24/2005 04:42 PM 10,355 SD32VXD.VXD
02/24/2000 05:07 PM 21,020 SEARCH.AVI
01/24/2005 04:54 PM 46,672 SECACL.DLL
01/24/2005 04:54 PM 1,336,920 SENSOR32.DLL
02/24/2000 05:07 PM 967 SETVER.PID
01/24/2005 04:54 PM 1,193,552 SI32.EXE
07/22/2003 10:40 PM 9,826 SI32.HLP
01/24/2005 04:54 PM 26,200 SIREGIST.EXE
04/26/2002 03:10 PM 94 sku.reg
02/24/2000 05:07 PM 71,078 SLATE.BMP
02/05/2002 06:03 AM 47,104 SPDSTART.EXE
02/05/2002 06:03 AM 33,447 SPDSTART.VXD
02/24/2000 05:07 PM 15,478 STONE_G.BMP
02/24/2000 05:07 PM 134,776 SUNSET.BMP
11/21/2001 03:17 PM 146,512 SYMKRNLL.DLL
11/21/2001 03:17 PM 14,738 SYMKRNLL.VXD
01/24/2005 04:55 PM 83,544 SYSDOC32.EXE
09/05/2003 11:57 AM 19,058 SYSDOC32.HLP
01/24/2005 04:44 PM 862,053 SYSINFO.VXD
11/21/2001 03:17 PM 5,664 TKKE16L.DLL
11/21/2001 03:14 PM 26,112 TKKE32L.DLL
01/24/2005 04:55 PM 112,208 TRKENG.DLL
01/24/2005 04:55 PM 370,264 UE32.EXE
07/10/2004 05:05 PM 8,534 UE32.HLP
01/24/2005 04:55 PM 190,032 UEBMP32.DLL
08/10/2001 06:00 AM 615,168 UNERASE.EXE
08/10/2001 06:00 AM 31,718 UNERASE.HLP
08/10/2001 06:00 AM 454,864 UNFORMAT.EXE
08/10/2001 06:00 AM 10,620 UNFORMAT.HLP
01/24/2005 04:55 PM 267,856 USHELLEX.DLL
01/24/2005 04:49 PM 4,998 VSENSOR.VXD
02/24/2000 05:07 PM 17,464 WALNUT.BMP
02/24/2000 05:07 PM 62,232 WATERFAL.BMP
01/24/2005 04:55 PM 34,392 WDSCAN.EXE
01/24/2005 04:55 PM 58,960 WFSHELEX.DLL
01/24/2005 04:55 PM 665,176 WINDOC.EXE
08/02/2004 05:22 PM 10,155 WINDOC.HLP
02/05/2002 06:03 AM 4,224 WINSOX16.DLL
01/24/2005 04:55 PM 30,288 WinSox32.dll
01/24/2005 04:55 PM 67,160 WIPEDLL.DLL
01/24/2005 04:55 PM 325,200 WIPEINFO.EXE
08/23/2003 03:53 PM 8,022 WIPEINFO.HLP
01/24/2005 04:55 PM 456,280 WIPINFNT.EXE
08/23/2003 04:40 PM 7,879 WIPINFNT.HLP
138 File(s) 19,878,503 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NU\APP\NU\NUNT

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
08/11/2003 11:01 AM 9,289 NU.HLP
1 File(s) 9,289 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NU\APP\NU\SD

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
01/24/2005 04:25 PM 225,350 AnalysisSI.DLL
01/24/2005 04:23 PM 192,578 BlkMap.DLL
01/24/2005 04:22 PM 143,427 DrvList.dll
01/24/2005 04:24 PM 229,449 MapViewSnapin.DLL
01/24/2005 04:20 PM 102,467 Message.dll
01/24/2005 04:19 PM 28,672 N32UserL.dll
09/27/1999 12:22 PM 563,324 NAVRPC.DLL
09/27/1999 12:22 PM 579,608 Nevent.dll
01/24/2005 04:20 PM 131,137 NIPDB.dll
01/24/2005 04:20 PM 176,193 NOPDB.exe
01/24/2005 04:20 PM 57,344 NOPDBInit.exe
09/19/2000 10:10 AM 287 Nsdsess.txt
01/24/2005 04:24 PM 139,341 OptionsViewSnapin.DLL
01/24/2005 04:24 PM 131,142 ScheduleSI.dll
01/24/2005 04:24 PM 106,563 SDAbout.dll
01/24/2005 04:23 PM 143,431 SDDocSnapin.DLL
01/24/2005 04:21 PM 835,649 SdEng.dll
01/24/2005 04:19 PM 49,223 SDException.dll
01/24/2005 04:25 PM 61,440 sdlive.dll
08/08/2003 09:46 AM 8,978 SDNT.HLP
01/24/2005 04:25 PM 135,233 SDNTC.EXE
01/24/2005 04:25 PM 49,152 sdntdolu.exe
01/24/2005 04:22 PM 626,755 sdntdrv.dll
01/24/2005 04:26 PM 77,909 sdntrun.exe
01/24/2005 04:20 PM 155,717 SDOptions.dll
01/24/2005 04:20 PM 106,565 SDResults.dll
01/24/2005 04:22 PM 41,028 SDUIUtil.dll
09/27/1999 12:22 PM 1,766 Services.ini
01/24/2005 04:19 PM 94,275 VolumeS.dll
01/24/2005 04:26 PM 143,360 _ISSD.dll
30 File(s) 5,337,363 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NU\APP\Profiles

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
07/02/2006 09:00 AM <DIR> SendTo
0 File(s) 0 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NU\APP\Profiles\SendTo

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
08/13/2003 07:09 PM 55 Wipe Info - Slack Space only.WipeSlack
08/13/2003 07:09 PM 38 Wipe Info.WipeInfo
2 File(s) 93 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NU\APP\setup

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
01/24/2005 10:37 PM <DIR> msshared
07/02/2006 09:00 AM <DIR> SYMSHARED
0 File(s) 0 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NU\APP\setup\msshared

01/24/2005 10:37 PM <DIR> .
01/24/2005 10:37 PM <DIR> ..
07/02/2006 09:00 AM <DIR> DAO
0 File(s) 0 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NU\APP\setup\msshared\DAO

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
08/29/1999 03:50 AM 73,184 Dao2535.tlb
06/10/1999 07:34 AM 570,128 Dao350.dll
2 File(s) 643,312 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NU\APP\setup\SYMSHARED

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
01/24/2005 04:53 PM 67,152 INSDiag.dll
01/24/2005 04:55 PM 104,016 LNKCOM.DLL
03/16/2003 07:42 PM 28,672 LogBook.exe
03/16/2003 07:42 PM 13,512 LOGBOOK.HLP
03/16/2003 07:42 PM 36,352 LOGGER.EXE
03/16/2003 07:42 PM 8,192 LOGGERPS.DLL
01/24/2005 04:55 PM 87,640 MDSCAN.DLL
01/24/2005 04:54 PM 54,864 NCOMCAT.DLL
01/24/2005 04:54 PM 292,432 NWDENG.DLL
01/24/2005 04:54 PM 149,080 REGOPT.DLL
01/24/2005 04:55 PM 169,552 RSCAN.DLL
01/24/2005 04:55 PM 38,488 RSUNDO.DLL
03/16/2003 07:42 PM 22,528 S32RASU.DLL
01/24/2005 04:55 PM 42,584 SYMGUNDO.DLL
07/26/2001 11:13 PM 45,056 SYMMIGR8.DLL
03/16/2003 07:42 PM 22,082 SYMMONIT.VXD
01/24/2005 04:55 PM 54,864 SYMPRREC.DLL
01/24/2005 04:55 PM 30,288 SYMUNDO.EXE
03/16/2003 07:45 PM 11,264 SYMUNDPS.DLL
19 File(s) 1,278,618 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NU\APP\System32

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
07/02/2006 09:00 AM <DIR> drivers
07/21/2000 09:05 AM 379,152 expsrv.dll
09/09/1999 08:06 PM 252,688 msexcl35.dll
09/28/1999 07:42 PM 1,050,896 msjet35.dll
06/10/1999 07:34 AM 123,664 msjint35.dll
06/10/1999 07:34 AM 24,848 msjter35.dll
09/09/1999 08:06 PM 168,720 msltus35.dll
06/07/1999 04:59 PM 250,128 mspdox35.dll
04/25/1999 03:00 PM 252,176 Msrd2x35.dll
08/25/1999 12:57 PM 415,504 msrepl35.dll
09/30/1999 05:21 PM 166,672 mstext35.dll
04/25/1999 03:00 PM 287,504 Msxbse35.dll
01/24/2005 10:37 PM <DIR> Redist
02/24/2000 05:07 PM 43,008 S32EVNT1.DLL
09/29/2000 03:29 PM 31,744 S32stat.DLL
07/21/2000 09:05 AM 30,992 vbajet32.dll
04/25/1999 03:00 PM 368,912 Vbar332.dll
15 File(s) 3,846,608 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NU\APP\System32\drivers

07/02/2006 09:00 AM <DIR> .
07/02/2006 09:00 AM <DIR> ..
01/24/2005 04:38 PM 81,748 NPDRIVER.SYS
01/24/2005 04:18 PM 90,272 SdDriver.SYS
2 File(s) 172,020 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NU\APP\System32\Redist

01/24/2005 10:37 PM <DIR> .
01/24/2005 10:37 PM <DIR> ..
07/02/2006 08:59 AM <DIR> MS
0 File(s) 0 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NU\APP\System32\Redist\MS

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
07/02/2006 08:59 AM <DIR> System
0 File(s) 0 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\NU\APP\System32\Redist\MS\System

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
04/06/2000 06:10 PM 278,581 msvcrt.dll
1 File(s) 278,581 bytes

Directory of C:\Documents and Settings\Randy\Desktop\NSW2005\Support

07/02/2006 08:59 AM <DIR> .
07/02/2006 08:59 AM <DIR> ..
07/02/2006 09:00 AM <DIR> ccCommon
07/02/2006 08:59 AM <DIR> ComCtl32
07/02/2006 09:00 AM <DIR> HelpMsi
07/02/2006 09:00 AM <DIR> LiveReg
07/02/2006 08:59 AM <DIR> LUpdate
07/02/2006 08:59 AM <DIR> MSI
07/02/2006 09:00 AM <DIR> MsRedist
07/02/2006 09:00 AM <DIR> Oleaut
07/02/2006 09:00 AM <DIR>

guestolo · « **Reply #5 on:** September 30, 2006, 11:37:17 AM »

Can you do the following
Disable Windows Defenders protections so it won't interfere with any of the below please

The .bat file didn't come up with the results I wanted
Open your Windows Control Panel and double click to open the Java Icon
Under the General tab>>Delete files
Leave all 3 selections checked and then click OK

Afterwards

Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement[/i]".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Don't install this yet

Access your add/remove programs via Control panel and remove the following
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06
Viewpoint Media Player

Reboot the computer into Safe mode
Sign in with your normal user account

Delete this folder if found
C:\Program Files\Spywarebot <-this folder, DON'T confuse it with Spybot - Search & Destroy

Open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process
I'll need to see these later, by default they are also saved at C:\rapport.txt

Reboot back to Normal windows if a reboot wasn't required

Install the latest version of Java from the installer you saved on the desktop
Follow the prompts, once you have it installed you can delete the installer

Post back the following please

1. Post a fresh hijackthis log
2. Post the report from Smitfraudfix>>C:\Rapport.txt

Mr Bell · « **Reply #6 on:** September 30, 2006, 01:07:58 PM »

SmitFraudFix v2.102

Scan done at 14:02:37.79, Sat 09/30/2006
Run from C:\Documents and Settings\Randy\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of HijackThis v1.99.1
Scan saved at 2:07:00 PM, on 9/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\America Online 9.0a\wEmail Removedexe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Documents and Settings\Randy\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Steam] "c:\program files\sierra on-line\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.eightballclan.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1945B1FE-C77A-448C-B29A-C64C0043CB9D}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{1945B1FE-C77A-448C-B29A-C64C0043CB9D}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Mr Bell · « **Reply #7 on:** September 30, 2006, 01:42:56 PM »

I remove spywarebot 04 entry, here is the newest Hyjack this report.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\sierra on-line\valve\steam\steam.exe" -silent
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.eightballclan.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1945B1FE-C77A-448C-B29A-C64C0043CB9D}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{1945B1FE-C77A-448C-B29A-C64C0043CB9D}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

guestolo · « **Reply #8 on:** September 30, 2006, 04:31:47 PM »

Looks good
How is everything?

Mr Bell · « **Reply #9 on:** September 30, 2006, 05:12:06 PM »

When I reboot it seems to take forever. It just sits there with the promt that says reboot with CD?

You had me do a system restore point just last week. Should I run that or should we do some sort of final clean up?

Note: I don't think I had windows in safe mode before when you ask me to do that one scan. Did I mess up?

guestolo · « **Reply #10 on:** September 30, 2006, 05:25:44 PM »

Quote

It just sits there with the promt that says reboot with CD

I don't know what you mean by that

Can you do the following, reboot the computer a couple more times
See if things improve

Afterwards, post back a fresh hijackthis log
Post the Whole log, you cut off the top part last time

Mr Bell · « **Reply #11 on:** September 30, 2006, 05:51:17 PM »

It just seems to take a long time to reboot. However, my computer usually stays running so maybe Its fine.

Here is a fresh hyjack log:

Logfile of HijackThis v1.99.1
Scan saved at 6:47:51 PM, on 9/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\America Online 9.0a\wEmail Removedexe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Documents and Settings\Randy\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Steam] "c:\program files\sierra on-line\valve\steam\steam.exe" -silent
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.eightballclan.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1945B1FE-C77A-448C-B29A-C64C0043CB9D}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{1945B1FE-C77A-448C-B29A-C64C0043CB9D}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

guestolo · « **Reply #12 on:** September 30, 2006, 05:57:08 PM »

You have Spybot running an autocheck on bootup
Can you do the following

Open Spybot>>Click on MODE>>Advanced Mode
Click on SETTINGS in the bottom left
Then click on Settings in the top left column
On the right hand side under Automation>>>System Start
What entries do you have selected?

Mr Bell · « **Reply #13 on:** September 30, 2006, 06:09:58 PM »

The following are checked:

No Automation

Run program once at system start up

Run check at system start

guestolo · « **Reply #14 on:** September 30, 2006, 06:20:58 PM »

Personally, this is what I would do to help speed things a bit
and protections
In Spybot, ensure it is right up to date
Then click on the Immunization button>>>OK>>Immunize again at the top green cross
Do that after every update

After every update run a scan with Spybot

Go back to the settings >>> Automation>>System Start
Uncheck Both
Run program once at system start up

Run check at Program start

After that, close Spybot
I find the Java updater not that good
Go into Windows control panel and open the java icon
Click on the update tab
UNCHECK>>Check for updates autmatically
NEVER at the prompt
Apply and ok out of there
Check for updates manually

Reboot your computer

NOTE: You appear to be an AOL subscriber
I'm not a big fan of there anti-spyware protection
Optionally, you can remove it from add/remove

Go back and reenable Windows Defender's protections

Post a new hijackthis log after the above, see if things improve
If you do remove AOL spyware protection, reboot your computer one more time before posting a new log please

Mr Bell · « **Reply #15 on:** September 30, 2006, 07:00:13 PM »

First off I hate Email Removed The only reason I have it is becuase of my gaming site and the fact that everyone knows and uses that email and IM. It would be a very big mess if I erased it completely.

However I removed that one program from AOL called anti spyware protection. But when I signed on it still said spyware zapper shows I'm good. I think that's just when you sign on though.

Also completed other instructions. So here is the new hyjack log:

Logfile of HijackThis v1.99.1
Scan saved at 7:52:33 PM, on 9/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0a\wEmail Removedexe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Documents and Settings\Randy\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eightballclan.branzone.com/administrator/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\sierra on-line\valve\steam\steam.exe" -silent
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.eightballclan.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1945B1FE-C77A-448C-B29A-C64C0043CB9D}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{1945B1FE-C77A-448C-B29A-C64C0043CB9D}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Things seem to be ok.....

guestolo · « **Reply #16 on:** September 30, 2006, 07:24:08 PM »

Sounds good, I'll lock this topic then as your problems appear resolved, take care

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: zlob trojon again (Mr Bell) (Read 2976 times)

Mr Bell

zlob trojon again (Mr Bell)

guestolo

zlob trojon again (Mr Bell)

Mr Bell

zlob trojon again (Mr Bell)

guestolo

zlob trojon again (Mr Bell)

Mr Bell

zlob trojon again (Mr Bell)

guestolo

zlob trojon again (Mr Bell)

Mr Bell

zlob trojon again (Mr Bell)

Mr Bell

zlob trojon again (Mr Bell)

guestolo

zlob trojon again (Mr Bell)

Mr Bell

zlob trojon again (Mr Bell)

guestolo

zlob trojon again (Mr Bell)

Mr Bell

zlob trojon again (Mr Bell)

guestolo

zlob trojon again (Mr Bell)

Mr Bell

zlob trojon again (Mr Bell)

guestolo

zlob trojon again (Mr Bell)

Mr Bell

zlob trojon again (Mr Bell)

guestolo

zlob trojon again (Mr Bell)