Author Topic: HJT log. adwares again.. (Read 1773 times)

miszila · « **on:** June 15, 2006, 11:13:22 PM »

i've got problems with my lappie again..
*sigh* i dont know what went wrong..
i follow as u said, clean up the lappie every week. scans n stuffs.
but it happens again.

hopefully u can help me again..
thanks..

Logfile of HijackThis v1.99.1
Scan saved at 12:11:34 PM, on 6/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

My HJT log..

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Acer\ePM\EPM-DM.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\ZiLa\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mofunzone.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mysingtel.com.sg
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\m0pola731d.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

guestolo · « **Reply #1 on:** June 17, 2006, 12:06:52 PM »

You have the same infection you had a couple months ago
Your revisting some crack site or downloading files from a filesharing program that aren't what they appear to be, you should be more careful

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'

\' />

I need you too disable some background protections so they won't interfere with the fix
Disable Norton's script blocking
1. Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
2. Click Options.
If you see a menu, click Norton AntiVirus.
3. In the left pane, click Script Blocking.
4. In the right pane, uncheck Enable Script Blocking (recommended).
5. Click OK.
Please leave this disabled until after we have you clean please

Disable Microsoft Anti-Spyware:
Open Microsoft AntiSpyware.
Click on Options>>Settings
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

Disable SpySweeper:
Any of the following that apply
Open it click >Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".

Reboot the computer afterwards to ensure that none are running
Download the latest version of Look2Me-Remover.exe by Atribune
and save it to your desktop

* Close all windows before continuing.
* Double-click Look2Me-Remover.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Remover will close and re-open in 1 minute. Click OK
* When Look2Me-Remover re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Remover will now shutdown your computer, click OK.
* Your computer will then shutdown.
* After it has completed the shutdown>>Turn your computer back on.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

Come back here and post the following
1. Post a fresh Hijackthis log
2. Post the report from Look2Me-Destroyer, which may be found on your desktop or at C:\Look2Me-Destroyer.txt

miszila · « **Reply #2 on:** June 17, 2006, 11:58:33 PM »

i know its the same adware. haha. is there any ways/softwares that can prevent them from being download to my comp? if it were to happen again, can i juz follow the steps here again?

n previously when i run Spybot Search & Destroy, i couldnt delete the Command service error. it will keep on showing that error everytime i scan..

Logfile of HijackThis v1.99.1
Scan saved at 12:55:08 PM, on 6/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Acer\ePM\EPM-DM.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\ZiLa\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mofunzone.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mysingtel.com.sg
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 6/18/2006 12:47:04 PM

Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015469.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015470.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015471.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015472.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015473.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015474.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015475.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015476.dll

Attempting to delete infected files...

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015469.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015469.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015470.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015470.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015471.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015471.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015472.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015472.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015473.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015473.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015474.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015474.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015475.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015475.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015476.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015476.dll Deleted successfully!

Making registry repairs.

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded

guestolo · « **Reply #3 on:** June 18, 2006, 09:33:57 AM »

Can you run another scan with Spybot
When it's done, right click in the results pane and save a full report to your desktop

Come back here and copy>>Paste the whole report please

miszila · « **Reply #4 on:** June 18, 2006, 11:00:27 AM »

here it is

--- Search result list ---
Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService

Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-08-30 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-06-16 Includes\Cookies.sbi (*)
2006-06-16 Includes\Dialer.sbi (*)
2006-06-16 Includes\Hijackers.sbi (*)
2006-06-16 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-06-16 Includes\Malware.sbi (*)
2006-06-16 Includes\PUPS.sbi (*)
2006-06-16 Includes\Revision.sbi (*)
2006-06-16 Includes\Security.sbi (*)
2006-06-16 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-06-16 Includes\Trojans.sbi (*)

--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)

--- Startup entries list ---
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88363
MD5: a7de471b5403dbf8afa4138a92b8012f

Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 339968
MD5: acc7b414ef1abea6aa654b74cc9a90cf

Located: HK_LM:Run, BluetoothAuthenticationAgent
command: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 58992
MD5: 35e1f41f9cea284f8484172180dc1012

Located: HK_LM:Run, EPM-DM
command: C:\Acer\ePM\EPM-DM.exe
file: C:\Acer\ePM\EPM-DM.exe
size: 163840
MD5: 2e448702a7276fa5316e3087bf8a3e79

Located: HK_LM:Run, ePowerManagement
command: C:\Acer\ePM\ePM.exe boot
file: C:\Acer\ePM\ePM.exe
size: 2883584
MD5: a35215003fed9e82681a6fb5e3d2eb88

Located: HK_LM:Run, eRecoveryService
command: C:\Windows\System32\Check.exe
file: C:\Windows\System32\Check.exe
size: 245760
MD5: 61142fe8173a8b244aa5bfafba34aa0b

Located: HK_LM:Run, gcasServ
command: "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
file: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 473928
MD5: e8177b5150cab1509d2e9807c3f6366c

Located: HK_LM:Run, IMJPMIG8.1
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208952
MD5: 7bbe4cf421aecc7f0226edd75f12079f

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: ff95f200b0cb3810382b355cf9f0bed9

Located: HK_LM:Run, LaunchApp
command: Alaunch
file: C:\WINDOWS\Alaunch.exe
size: 1703936
MD5: fcc604a58dd0d79c194bbcbe41f065a4

Located: HK_LM:Run, LManager
command: C:\Program Files\Launch Manager\QtZgAcer.EXE
file: C:\Program Files\Launch Manager\QtZgAcer.EXE
size: 303104
MD5: 2b377402d83e43cee4c66f60728fe9ee

Located: HK_LM:Run, LtMoh
command: C:\Program Files\ltmoh\Ltmoh.exe
file: C:\Program Files\ltmoh\Ltmoh.exe
size: 184320
MD5: ba7c19b88af7efab8f9d447fde02cea5

Located: HK_LM:Run, MessengerPlus3
command: "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
file: C:\Program Files\MessengerPlus! 3\MsgPlus.exe
size: 190024
MD5: b787d9a60fee9c3732c2e2d4571bb716

Located: HK_LM:Run, MSPY2002
command: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
file: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
size: 59392
MD5: 1b17e09c1223f6d17336d2dd7a1af4f4

Located: HK_LM:Run, PCSuiteTrayApplication
command: C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
file: C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
size: 237568
MD5: 47fe14fd96648ef07957b8cabf992313

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 155648
MD5: 216b3acc656cda8a5a0c3071ec0a408b

Located: HK_LM:Run, RemoteControl
command: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
file: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
size: 40960
MD5: 9cea6326d8e7c3ae994f23cd9e466605

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 67072
MD5: e622e1b8598029294312eeee9b02b699

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61a3a9d5d98bf0331df5b716144a8100

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 532480
MD5: e24641ebcd05f55825516f816bb29272

Located: HK_LM:Run, SynTPLpr
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 98304
MD5: 6dc4a31ec070a6696d4bdb351c336482

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1ac2c58b587c70de64582ad41ee79fba

Located: Startup (common), Adobe Gamma Loader.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

--- Browser helper object list ---

--- ActiveX list ---
{13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class)
DPF name:
CLSID name: Controller Class
Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
Codebase: https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
Path: C:\WINDOWS\system32\
Long name: WINSSWEBAGENT.DLL
Short name: WINSSW~1.DLL
Date (created): 3/15/2006 5:10:28 PM
Date (last access): 6/18/2006 3:26:20 AM
Date (last write): 3/15/2006 5:10:28 PM
Filesize: 551184
Attributes: archive
MD5: 43405522405440DAC6E7A36261B39D97
CRC32: C0C2BF1A
Version: 1.0.971.4

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
Path: C:\PROGRA~1\Java\JRE15~2.0_0\bin\
Long name: ssv.dll
Short name:
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 6/18/2006 1:57:10 PM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 6/18/2006 1:57:10 PM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object)
DPF name:
CLSID name: CGameManagerCtrl Object
Installer: C:\WINDOWS\Downloaded Program Files\DIGGameManager.inf
Codebase: https://disney.go.com/games/downloads/gamem...GameManager.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: DIGGameManager.dll
Short name: DIGGAM~1.DLL
Date (created): 1/6/2006 11:03:52 AM
Date (last access): 6/18/2006 11:49:16 PM
Date (last write): 1/6/2006 11:03:52 AM
Filesize: 229376
Attributes: archive
MD5: 9A89EA10A99937C46DF51A5A272987B7
CRC32: 8A23B774
Version: 1.2.0.13

--- Process list ---
PID: 0 ( 0) [System]
PID: 808 ( 4) \SystemRoot\System32\smss.exe
PID: 868 ( 808) \??\C:\WINDOWS\system32\csrss.exe
PID: 892 ( 808) \??\C:\WINDOWS\system32\winlogon.exe
PID: 936 ( 892) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 948 ( 892) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1112 ( 936) C:\WINDOWS\system32\Ati2evxx.exe
size: 389120
MD5: 4DEAA162480367B232F3EE3A6D34084B
PID: 1124 ( 936) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1204 ( 936) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1344 ( 936) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1396 ( 936) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1624 ( 936) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1916 ( 936) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 181872
MD5: 67DD2CF35CDB1864E06F10F1334C0C17
PID: 1928 ( 936) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
size: 206552
MD5: 443E397643965E08C5AB6A6CAA732B97
PID: 1948 ( 936) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
size: 173160
MD5: 08FA56B7C13B4CBF0E5D351AECAD92B1
PID: 1992 ( 936) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 198256
MD5: BEEE55546518F7010779A43F3ADFC3B3
PID: 460 ( 936) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 792 ( 936) C:\Acer\eManager\anbmServ.exe
size: 1287168
MD5: C10D0FAE427EA464EDEA2EE5DC40F056
PID: 1340 ( 936) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1412 ( 936) C:\WINDOWS\system32\cisvc.exe
size: 5632
MD5: 3192BD04D032A9C4A85A3278C268A13A
PID: 1472 ( 936) C:\Program Files\ewido anti-malware\ewidoctrl.exe
size: 13888
MD5: 26830B750372AB1BF29C95DEEBEB802F
PID: 1504 ( 936) C:\Program Files\Norton AntiVirus\navapsvc.exe
size: 177264
MD5: 8FC8458BCB585617AAC9E17A558D9155
PID: 1540 ( 936) C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
size: 46704
MD5: 96DB6F2D69F787C61A46CC86D6CFE69F
PID: 1772 ( 936) C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
size: 2123264
MD5: CE9ADF8CE48E902FAA8AD43A18386DC3
PID: 1276 (1164) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1640 ( 936) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 608 (1344) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 49911DD39E023BB6C45E4E436CFBD297
PID: 1136 (1276) C:\WINDOWS\SOUNDMAN.EXE
size: 67072
MD5: E622E1B8598029294312EEEE9B02B699
PID: 1256 (1276) C:\WINDOWS\AGRSMMSG.exe
size: 88363
MD5: A7DE471B5403DBF8AFA4138A92B8012F
PID: 800 (1276) C:\Program Files\ltmoh\Ltmoh.exe
size: 184320
MD5: BA7C19B88AF7EFAB8F9D447FDE02CEA5
PID: 1264 (1276) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 98304
MD5: 6DC4A31EC070A6696D4BDB351C336482
PID: 1272 (1276) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 532480
MD5: E24641EBCD05F55825516F816BB29272
PID: 1288 (1276) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
size: 40960
MD5: 9CEA6326D8E7C3AE994F23CD9E466605
PID: 2052 (1276) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 339968
MD5: ACC7B414EF1ABEA6AA654B74CC9A90CF
PID: 2132 (1276) C:\Acer\ePM\EPM-DM.exe
size: 163840
MD5: 2E448702A7276FA5316E3087BF8A3E79
PID: 2252 (1276) C:\Program Files\Launch Manager\QtZgAcer.EXE
size: 303104
MD5: 2B377402D83E43CEE4C66F60728FE9EE
PID: 2312 (1276) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 58992
MD5: 35E1F41F9CEA284F8484172180DC1012
PID: 2360 (1276) C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 2504 (1276) C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61A3A9D5D98BF0331DF5B716144A8100
PID: 2512 ( 936) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 2624 (1276) C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: FF95F200B0CB3810382B355CF9F0BED9
PID: 2656 (1276) C:\Program Files\QuickTime\qttask.exe
size: 155648
MD5: 216B3ACC656CDA8A5A0C3071EC0A408B
PID: 2716 (1276) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1AC2C58B587C70DE64582AD41EE79FBA
PID: 2796 (1276) C:\Program Files\MessengerPlus! 3\MsgPlus.exe
size: 190024
MD5: B787D9A60FEE9C3732C2E2D4571BB716
PID: 2872 ( 936) C:\Program Files\iPod\bin\iPodService.exe
size: 323584
MD5: 20AF3FDD673B9B4AE6FAE2C52598CC68
PID: 3196 (1124) C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
size: 756552
MD5: 6287BD6D1CE9CE18EA02908BF415BCB0
PID: 3500 ( 936) C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
size: 176640
MD5: BF1ADC427620E14F45BC00447524A1DC
PID: 3968 (1652) C:\Program Files\acer\eRecovery\Monitor.exe
size: 348160
MD5: A96E126037BEA5F2C23ADE704BBA31EB
PID: 2868 ( 936) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 3656 (1276) C:\Program Files\MSN Messenger\msnmsgr.exe
size: 7094272
MD5: B83E12B5341C5DCECC5C217A824FFEB1
PID: 4076 (1276) C:\Program Files\Maxthon\Maxthon.exe
size: 886272
MD5: 27431443D704D0526D3B8730D8964D4F
PID: 3312 (1412) C:\WINDOWS\system32\cidaemon.exe
size: 8192
MD5: 582304F6F1946FA5068CF143D729D7ED
PID: 848 ( 936) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 3868 (1276) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 1460 (1124) C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 4 ( 0) System

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 6/18/2006 11:57:30 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.mofunzone.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main\Default_Search_URL
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://ie.search.msn.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.mysingtel.com.sg
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---

--- Uninstall list ---
Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17) 04/06/2006 6.8.0.17 (010D072E91408D6B7C6FC65489B6D30C027605F5)
uninstall cmd: C:\PROGRA~1\DIFX\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_7F91C37896B530901B0665F9EF32E19FF06F5687\nokbtmdm.inf
publisher: Nokia

(Acer English Online Help Creator)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"

Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Agere Systems AC'97 Modem (Agere Systems Soft Modem)
uninstall cmd: agrsmdel

ATI - Software Uninstall Utility 6.14.10.1010 (All ATI Software)
install location: C:\Program Files\ATI Technologies\UninstallAll
uninstall cmd: C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Display Driver 8.051-040825a-018055C-Acer (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

(Branding)

Canon S200SP (CANONBJ_Deinstall_CNMCP3y.DLL)
uninstall cmd: C:\WINDOWS\system32\CNMCP3Y.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S200SP Installer\Inst\DeIsL1.isu" -pCanon S200SP-c"C:\BJPrinter\CNMWINDOWS\Canon S200SP Installer\Inst\bjinst.dll

CleanUp! (CleanUp!)
uninstall cmd: C:\Program Files\CleanUp!\uninstall.exe

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

ewido anti-malware (ewidoantimalware)
install location: C:\Program Files\ewido anti-malware
uninstall cmd: C:\Program Files\ewido anti-malware\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

FlashGet(JetCar) (FlashGet(JetCar))
uninstall cmd: C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG

(Fontcore)

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\ZiLa\Desktop\hijackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

QuickTime 7.0.3 (InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083})
version: 117440515
version (major): 7
estimated size: 62919
install date: 20051116
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\ZiLa\LOCALS~1\Temp\_is4EE\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

NTI Backup NOW! 3 3.0.53 (InstallShield_{4E68EAA3-775A-4542-A08A-47DB8E8E74A6})
version: 50331701
version (major): 3
estimated size: 12640
install date: 20040917
install location: C:\Progra~1\NewTech Infosystems\NTI Backup NOW! 3\
install source: C:\ACERNB\INSTALL\CDMAKER\BUN\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4E68EAA3-775A-4542-A08A-47DB8E8E74A6} /l1033 BUNText
publisher: NewTech Infosystems
comments: Your Comments
contact: Technical Support
help link: www.ntius.com
help telephone: 1-949-421-0720 ext. 224
readme: Readme.txt

Acer eManager for Notebook 1.0.17.28 (InstallShield_{827289F5-B44F-4E49-9993-840741585A62})
version: 16777233
version (major): 1
estimated size: 8452
install date: 20040917
install location: C:\Acer\eManager\
install source: C:\WINDOWS\Downloaded Installations\{68A3EB9A-955F-4203-B451-C0D2336352D9}\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
publisher: Acer Inc.
comments: Thank you for using this product
contact: Customer Support Department
help link: http://www.acer.com
help telephone: Please locate your local service center on our website

iTunes 6.0.1.3 (InstallShield_{872653C6-5DDC-488B-B7C2-CF9E4D9335E5})
version: 100663297
version (major): 6
estimated size: 32022
install date: 20051116
install location: C:\Program Files\iTunes\
install source: C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{872653C6-5DDC-488B-B7C2-CF9E4D9335E5} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

NTI CD & DVD-Maker Gold 6 (InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778})
version: 100663296
version (major): 6
estimated size: 41792
install date: 20040917
install location: C:\Progra~1\NewTech Infosystems\NTI CD-Maker\
install source: C:\acernb\Install\cdmaker\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1033 AnyText
publisher: NewTech Infosystems
comments: Your Comments
contact: Technical Support
help link: http://www.ntius.com
help telephone: 1-949-421-0720

Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

Security Update for Windows XP (KB883939) 1 (KB883939)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883939

(KB884016)

Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB885884 20040924.025457 (KB885884)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885884

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Security Update for Windows XP (KB893066) 2 (KB893066)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066

Windows XP Hotfix - KB893086 1 (KB893086)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086

Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
install date: 20050815
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20051109
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Security Update for Windows XP (KB896688) 1 (KB896688)
install date: 20051020
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896688

Update for Windows XP (KB896727) 1 (KB896727)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896727

Update for Windows XP (KB898461) 1 (KB898461)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Security Update for Windows XP (KB899588) 1 (KB899588)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899588

Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

Update for Windows XP (KB900485) 2 (KB900485)
install date: 20060426
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485

Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20051014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20051014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Security Update for Windows XP (KB901190) 1 (KB901190)
install date: 20060215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901190

Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20051014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Security Update for Windows XP (KB903235) 1 (KB903235)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903235

Security Update for Windows XP (KB904706) 1 (KB904706)
install date: 20051014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20051014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20051014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

Security Update for Windows XP (KB905915) 1 (KB905915)
install date: 20051215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915

Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060112
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Security Update for Windows XP (KB908531) 1 (KB908531)
install date: 20060414
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Update for Windows XP (KB910437) 1 (KB910437)
install date: 20051215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Security Update for Windows XP (KB911280) 1 (KB911280)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280

Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20060414
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20060215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564

Security Update for Windows Media Player 10 (KB911565) (KB911565)
install date: 20060215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911565

Security Update for Windows XP (KB911567) 1 (KB911567)
install date: 20060414
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567

Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20060215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927

Security Update for Windows XP (KB912812) 1 (KB912812)
install date: 20060414
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912812

Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060106
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919

Security Update for Windows XP (KB913446) 1 (KB913446)
install date: 20060215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913446

Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20060515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580

Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389

Security Update for Windows XP (KB916281) 1 (KB916281)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916281

Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344

Security Update for Windows Media Player 10 (KB917734) (KB917734_WMP10)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734

Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953

Security Update for Windows XP (KB918439) 1 (KB918439)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439

LiveReg (Symantec Corporation) 3.0.0 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
publisher: Symantec Corporation

LiveUpdate 2.6 (Symantec Corporation) 2.6.14.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

Launch Manager (LManager)
uninstall cmd: C:\WINDOWS\UnInst32.exe QtZgAcer.UNI

Macromedia Shockwave Player 10.1.0.11 (Macromedia Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Macromedia, Inc.
help link: http://www.macromedia.com/support/shockwave

Maxthon Browser (remove only) (Maxthon)
uninstall cmd: C:\Program Files\Maxthon\MaxthonUINST.exe

(MobileOptionPack)

(MPlayer2)

Ahead InCD EasyWrite Reader (MRW!UninstallKey)
uninstall cmd: C:\WINDOWS\unmrw.exe /UNINSTALL

Messenger Plus! 3 (MsgPlus! Plugin)
uninstall cmd: "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

MSN (MSNINST)
uninstall cmd: C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

(NetMeeting)

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Sandlot Games Client Services (Sandlot Games Client Services_is1)
install location: C:\Program Files\Common Files\Sandlot Shared\
uninstall cmd: "C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
publisher: Sandlot Games
help link: http://www.sandlotgames.com

(SchedulingAgent)

(Sevinst)

(Shockwave)

Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/

(SmartMovie Converter (for Symbian phones))

SmartMovie Converter (Series 60) (SmartMovie Converter (Series 60))
uninstall cmd: "C:\Program Files\Lonely Cat Games\SmartMovie Converter (Series 60)\IIUninst.exe" C:\Program Files\Lonely Cat Games\SmartMovie Converter (Series 60)\install.log

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

SpywareBlaster v3.5.1 3.5.1 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC

Starcraft (Starcraft)
uninstall cmd: C:\WINDOWS\scunin.exe C:\WINDOWS\scunin.dat

StuffPlug-NG (Messenger Plus! Plugins) 2.2.229 (StuffPlug-NG)
version (major): 2
version (minor): 2
install location: C:\Program Files\MessengerPlus! 3\Plugins\StuffPlug-NG
uninstall cmd: C:\Program Files\MessengerPlus! 3\Plugins\StuffPlug-NG\Uninstall.exe
publisher: TheBlasphemer

Norton AntiVirus 2005 (Symantec Corporation) 11.0.1 (SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B})
install location: C:\Program Files\Norton AntiVirus
install source: C:\DOCUME~1\FiZa\LOCALS~1\Temp\NORTON~1
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
publisher: Symantec Corporation

Synaptics Pointing Device Driver 7.10.12.0 (SynTPDeinstKey)
uninstall cmd: rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

The French Tutorial Personal Edition (The French Tutorial Personal Edition)
uninstall cmd: C:\Program Files\The French Tutorial Personal Edition\uninstall.exe

Microsoft Web Publishing Wizard 1.52 (WebPost)
uninstall cmd: RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall

WinAce Archiver 2.6 (WinAce Archiver)
uninstall cmd: C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
publisher: e-merge GmbH
help link: mailto:[email protected]

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Sony Ericsson Image Editor ({05E9F134-07C9-4249-9B80-EE5D975F201B})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Launc

guestolo · « **Reply #5 on:** June 18, 2006, 11:14:40 AM »

Ensure your spyware realtime protections are disabled!

Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
The icon should look like a few cubes if saved properly
Ensure to copy from REGEDIT4 and down in the code box

Code: [Select]

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService]

Go to START>>RUN
type in
cmd
Hit OK

Copy>>Paste to the prompt the following command in bold below

sc delete cmdService
Hit ENTER on your keyboard

Then type exit
Hit ENTER

Double click on fix.reg and allow to add/merge to the registry at the prompt

reboot your computer

Scan again with Spybot to ensure those entries are gone

Was that the end of the Spybot log?
Was there anything below this entry

Sony Ericsson Image Editor ({05E9F134-07C9-4249-9B80-EE5D975F201B})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Launc

If so, can you post the remainder of the log please

Is your version of SpySweeper the trial version of the full paid version?

miszila · « **Reply #6 on:** June 19, 2006, 09:35:11 AM »

i tried to disable it lotsa times.. but after it unchecked, it becomes check again.. how? i already try restarting my computer but the box is still checked after several times trying..

oh ya my spysweeper is the trial version. i dwnloaded it to prevent the Look2me ads from coming out.. shld i uninstall it?

guestolo · « **Reply #7 on:** June 19, 2006, 09:53:57 PM »

Quote

oh ya my spysweeper is the trial version. i dwnloaded it to prevent the Look2me ads from coming out.. shld i uninstall it?

If it's the trial version, it won't help with newer infections, no sense keeping it installed
Remove it and reboot your computer

If you didn't disable all background spyware protection programs running in the background
Chances are the fixes won't work

Did you even try anything I posted in my last reply?
I Need you to save that registry fix I posted
I need you to do the following I asked with the command prompt
If it didn't work in Normal mode, reboot into safe mode and try it
But DO what I posted earlier

miszila · « **Reply #8 on:** June 20, 2006, 11:01:03 AM »

oh im so sorry. i thought u going to give me additional steps to disable my antispyware.. i will try disable-ing it again, remove the spysweeper n fix the reg.. i'll post in the results in a few mins time ok?

(edited)
when i entered sc delete cmdService, it came out
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

how shld i proceed?

(edited)
i juz proceed on clicking in the fix.reg. n scan again.. however the command service is still there..

guestolo · « **Reply #9 on:** June 21, 2006, 07:55:38 AM »

Quote

i tried to disable it lotsa times.. but after it unchecked, it becomes check again.. how? i already try restarting my computer but the box is still checked after several times trying..

s
Your going to have to be more descriptive in what you respond back to me
I really have no idea what program your talking about in that response

Uninstall SpySweeper
Reboot the computer

Disable Mic. anti-spyware protections

Reboot into safe mode
Double click on fix.reg and merge to the registry

Reboot back to Normal mode
See if that helps

miszila · « **Reply #10 on:** June 21, 2006, 09:31:11 AM »

heya, sorry for not being clear. i was referring to my Microsoft Anti Spyware Only. the icon still appear at my taskbar despite several attempts to shut it down. however, its written there that "realtime protection(disabled)"..

i followed ur instructions to fix.reg in safe mode but the same thing happen again..

when i entered sc delete cmdService, it came out
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service

n when i proceed to clicking on the fix.reg, this came out...
Cannot import c:\Documents and Settings\Zila\Desktop\fix.reg
The specified file is not a registry script.

You can only import binary registry files from within the registry editor

i already double check to make sure that i copied the right thing for the fix.reg...

miszila · « **Reply #11 on:** June 23, 2006, 11:09:27 PM »

i seriously dont know where i went wrong.
just now, suddenly my comp turns blue..
& this came out..

STOP:c000021a {Fatal System Error}. the windows Logon Process system proces terminated unexpectedly with a status ...(?it ends there)
The system has been shut down.

and when i log on to the comp again.. this came out..
winlogon.exe encountered a problem and needed to close.

im so sorry to trouble u but this is the only forum which is willing to help me...

guestolo · « **Reply #12 on:** June 25, 2006, 01:41:39 AM »

What did you do before this happened, did you install anything?
Be precise please

When the computer starts, tap the F8 key on your keyboard
This should bring you to the Boot Menu
Select " Last Known Good configuration"

See if that helps
Can you get into Windows at all?

Have you tried booting to safe mode?

miszila · « **Reply #13 on:** June 25, 2006, 10:27:04 AM »

haiz.. i've done everything.. even in safe mode..(refering to the fix.reg)

i did not download anything before that.. it suddenly turns blue.. but i can access the windows again..

tell u wat, i'll try to redo everything from the start n will update u again if i can fix the fix.reg...

guestolo · « **Reply #14 on:** June 25, 2006, 12:03:49 PM »

Quote

Cannot import c:\Documents and Settings\Zila\Desktop\fix.reg
The specified file is not a registry script.

You can only import binary registry files from within the registry editor

You saved fix.reg wrong if that's the output you got when you double clicked on it

Delete fix.reg you made earlier
From the bottom of this reply box, download and save to destkop fix.zip
Choose SAVE rather than open

Once saved to desktop

Right click the fix.zip on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Highlight "Desktop"
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

Now you should have a new file on your desktop called fix.reg

Double click on fix.reg and allow to add/merge to the registry at the prompt

Reboot the computer

Come back here and post a fresh hijackthis log

miszila · « **Reply #15 on:** June 26, 2006, 09:49:55 AM »

i've manage to fix the fix.reg
i've run the spybot destroy n i manage to remove all the service command..

here's my latest hijack this

Logfile of HijackThis v1.99.1
Scan saved at 10:45:54 PM, on 6/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Acer\ePM\EPM-DM.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\ZiLa\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mofunzone.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mysingtel.com.sg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [defender] C:\\dfndra_1.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrd_1.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

guestolo · « **Reply #16 on:** June 26, 2006, 04:18:29 PM »

You have a new infection
Can you ensure that Norton's script blocking is disabled as well as your spyware protections

Please download [color=\"red\"]Brute Force Uninstaller[/color][/b] to your desktop. (rightclick on this link and choose save as, if using IE save target as)

Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

[color=\"#CC0000\"]RIGHT CLICK HERE[/color]
and choose "Save As" (in IE it's "Save Target As") in order to download [color=\"#3333FF\"]Alcanshorty.bfu[/color].
Save it in the folder you made earlier (c:\BFU)
So you now have C:\Bfu\alcanshorty.bfu

Your running an older version of Ewido
Can you access your add/remove programs and Remove Ewido
Reboot if prompted

If you have an older version of CleanUp!, remove it too
==Download and install Windows CleanUp! 4.5.1
Don't run this yet
NOTE: We are going to use this to cleanup your temp folders, prefetch, etc...
CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, make a backup of these before running CleanUp!

Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

Download the latest version of ewido anti-spyware from [color=\"#3333FF\"]HERE[/color] and save that file to your desktop.
[color=\"#33CC00\"]This is a 30 day trial of the program[/color]

Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
- Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
- Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
- Under "Reports"
  - Select "Automatically generate report after every scan"
  - Un-Select "Only if threats were found"
    
    Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  
  In safe mode
  
  =Open the C:\BFU folder
  Double click to run BFU.exe
  Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
  Navigate to alcanshorty.bfu in the C:\BFU folder
  Right click alcanshorty.bfu and choose Select
  In Brute Force Uninstaller select Execute
  Wait for the "complete script execution" box to pop up and press OK.
  Press exit to terminate the BFU program.
  
  ==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  Set the program up as follows:
  Click "Options..."
  Move the arrow down to "Custom CleanUp!"
  Put a check next to the following (Make sure nothing else is checked!):
  
  * Empty Recycle Bins
  * Delete Cookies
  * Delete Prefetch files
  * Cleanup! All Users
  
  Click OK
  Press the CleanUp! button to start the program.
  CleanUp, may prompt to run in Demo mode the first time ran, decline, we actually want to run the cleanup portion
  If you do first run in demo mode, ensure to rescan again in Clean Mode
  When it's done>>Click Close
  DECLINE to Log off or Restart the computer
  
  [color=\"#FF0000\"]IMPORTANT:[/color] Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  - Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  - Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  - ewido will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
- If you have any infections you will prompted, then select "Apply all actions"
- Next select the "Reports" icon at the top.
- Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
- Close ewido.
Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

O4 - HKLM\..\Run: [defender] C:\\dfndra_1.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrd_1.exe

After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot back to Normal mode

Post back all the following please

1. Post back a fresh hijackthis log
2. Post the whole report from Ewido's

miszila · « **Reply #17 on:** June 27, 2006, 07:45:19 AM »

ok done.. but i cldnt find these in my hijack this log..

O4 - HKLM\..\Run: [defender] C:\\dfndra_1.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrd_1.exe

here's my latest HJT log..
Logfile of HijackThis v1.99.1
Scan saved at 8:42:03 PM, on 6/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Acer\ePM\EPM-DM.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\ZiLa\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mofunzone.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mysingtel.com.sg
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

n here's my Ewido

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:30:04 PM 6/27/2006

+ Scan result:

C:\WINDOWS\RmlaYQ\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\RmlaYQ\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\warebundle.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\XPAgent.exe -> Downloader.Agent.acr : Cleaned with backup (quarantined).
C:\WINDOWS\ѕymbols\netdde.exe -> Downloader.PurityScan.cl : Cleaned with backup (quarantined).
C:\Downloads\Fastmp3_Setup.exe -> Downloader.Small.czv : Cleaned with backup (quarantined).
C:\Program Files\Snowball Wars\SnowballWars.exe -> Dropper.VB.mz : Cleaned with backup (quarantined).
C:\WINDOWS\system32\glmf32.exe -> Trojan.Agent.uy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kbdbene.exe -> Trojan.Agent.uy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wmpui.exe -> Trojan.Agent.uy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4023.tmp -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

guestolo · « **Reply #18 on:** June 27, 2006, 07:24:01 PM »

Access your add/remove programs and uninstall if found
Snowball Wars by OIN

Reboot your computer afterwards

Then find and delete these 2 folders if found
C:\WINDOWS\RmlaYQ <-this folder
C:\Program Files\Snowball Wars <-this folder

Let me know how everythings running please

miszila · « **Reply #19 on:** June 28, 2006, 06:12:52 AM »

im not able to locate C:\WINDOWS\RmlaYQ
but i manage to delete the snowball wars.

my comp is running smoothly... no more ads popping out..

but however there's a thin white line surrounding all my folders on the desktop..

http://i16.photobucket.com/albums/b18/misz...de/untitled.jpg

News:

Author Topic: HJT log. adwares again.. (Read 1773 times)