View Full Version : [LOGS] Falcon / SpyAxe Malware I can't remove
Hi ,
I Malware that pops up on the bottom right of my screen saying: "System Alert: Spyware Detected" it also had some Application called SpyFalcon 2.0 that was installed.
I did as I was told in this thread: http://forums.spybot.info/showthread.php?t=1958 but the problem persists!
Here are the requested logs:
First HiJack log:
Logfile of HijackThis v1.99.1
Scan saved at 13:42:12, on 15/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Cerience\RepliGo\RepliGoMon.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\HUJI\HUJI VPN Client\cvpnd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.haaretz.co.il/
O1 - Hosts: 212.235.60.150 bloom-schorer2
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hpD285.tmp
O3 - Toolbar: &RepliGo - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [RepliGo Assistant] "C:\Program Files\Cerience\RepliGo\RepliGoMon.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpriteService] "C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe"
O4 - HKCU\..\Run: [Mobipocket Reader Notifications] C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm824YYIL
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - https://service.pelephone.co.il/WebPhone/jsp/Client/CfxIEAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120215849593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CBF2C04B-50B5-4C7B-8D49-ACB62582F8E6} (LauncherV1 Class) - http://chat-basic.nana.co.il/Cabs/launcher.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana.co.il/Cabs/launcher39.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\HUJI\HUJI VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleOraHome81Agent - Oracle Corporation - D:\oracle\ora81\bin\dbsnmp.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - D:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome81CMAdmin - Unknown owner - D:\oracle\ora81\BIN\CMADMIN.EXE
O23 - Service: OracleOraHome81CMan - Unknown owner - D:\oracle\ora81\BIN\CMGW.EXE
O23 - Service: OracleOraHome81DataGatherer - Oracle Corporation - D:\oracle\ora81\bin\vppdc.exe
O23 - Service: OracleOraHome81HTTPServer - Unknown owner - D:\oracle\ora81\Apache\Apache\Apache.exe
O23 - Service: OracleOraHome81PagingServer - Unknown owner - D:\oracle\ora81/bin/pagntsrv.exe
O23 - Service: OracleOraHome81TNSListener - Unknown owner - D:\oracle\ora81\BIN\TNSLSNR.exe
O23 - Service: OracleServiceSTUD - Oracle Corporation - d:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
too long, How do I continue? I will try with a reply to this thread...
thanks, noam
Spybot report:
--- Search result list ---
Smitfraud-C.: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\nvctrl.exe
Vcodec: Data (File, fixed)
C:\WINDOWS\system32\ncompat.tlb
Vcodec: Data (File, fixed)
C:\WINDOWS\system32\ts.ico
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-10-19 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-02-10 Includes\Cookies.sbi (*)
2006-02-10 Includes\Dialer.sbi (*)
2006-02-10 Includes\Hijackers.sbi (*)
2006-02-10 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-02-10 Includes\Malware.sbi (*)
2006-02-10 Includes\PUPS.sbi (*)
2006-02-10 Includes\Revision.sbi (*)
2006-02-10 Includes\Security.sbi (*)
2006-02-10 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-02-10 Includes\Trojans.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Internet Explorer 6 / SP0: Windows XP Hotfix - KB834707
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB887797
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Hotfix for Windows XP (KB909394)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
--- Startup entries list ---
Located: HK_LM:Run, {0228e555-4f9c-4e35-a3ec-b109a192b4c2}
command: C:\Program Files\Google\Gmail Notifier\gnotify.exe
file: C:\Program Files\Google\Gmail Notifier\gnotify.exe
size: 479232
MD5: 3df7ac30a381c57d0c70eaefee3c4ef2
Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 356352
MD5: 6492815fc67068a11420740637946b0e
Located: HK_LM:Run, AVG7_EMC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 280576
MD5: e431814c506fd4fd1df82d56f178b4a5
Located: HK_LM:Run, gcasServ
command: "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
file: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 473928
MD5: e8177b5150cab1509d2e9807c3f6366c
Located: HK_LM:Run, ICQ Lite
command: C:\Program Files\ICQLite\ICQLite.exe -minimize
file:
Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, NVRaidService
command: C:\WINDOWS\System32\nvraidservice.exe
file: C:\WINDOWS\System32\nvraidservice.exe
size: 83968
MD5: c8127232655a8869e808425cb7a916e8
Located: HK_LM:Run, NVRTCLK
command: C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
file: C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
size: 24576
MD5: c0547b578e7d4e413f1170ad00cd8e13
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 921600
MD5: 19bc8073d1dbfe4f69824463607383bf
Located: HK_LM:Run, Picasa Media Detector
command: C:\Program Files\Picasa2\PicasaMediaDetector.exe
file: C:\Program Files\Picasa2\PicasaMediaDetector.exe
size: 335872
MD5: 23de58a8d9ea168ab81ff5c1e59766bd
Located: HK_LM:Run, RepliGo Assistant
command: "C:\Program Files\Cerience\RepliGo\RepliGoMon.exe"
file: C:\Program Files\Cerience\RepliGo\RepliGoMon.exe
size: 167936
MD5: 5871a3e6ab7697d70d1cbc75d43638d6
Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 77824
MD5: ff86e640e4e0fd18cfb4696b38867222
Located: HK_CU:Run, CTFMON.EXE
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: HK_CU:Run, H/PC Connection Agent
command: "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
file: C:\Program Files\Microsoft ActiveSync\wcescomm.exe
size: 1200128
MD5: 0d667f8b21d7975c663f35d7af3c9bdb
Located: HK_CU:Run, Mobipocket Reader Notifications
command: C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe
file: C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe
size: 57344
MD5: 0d4c386018c15f1a73a723da6845f86b
Located: HK_CU:Run, MsnMsgr
command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
size: 7094272
MD5: b83e12b5341c5dcecc5c217a824ffeb1
Located: HK_CU:Run, PlaxoUpdate
command: C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe -a
file:
Located: HK_CU:Run, SpriteService
command: "C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe"
file: C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe
size: 516096
MD5: f1ccc6decc774509d91bdecd510c02d9
Located: HK_CU:RunOnce, ICQ Lite
command: C:\Program Files\ICQLite\ICQLite.exe -trayboot
file:
Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0
Located: Startup (common), Google Updater.lnk
command: C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe
file: C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe
size: 78336
MD5: 992df9bef455be55ebbfaddcefdb9919
Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a
Located: Startup (common), Post-it® Software Notes Lite.lnk
command: C:\Program Files\3M\PSNLite\PsnLite.exe
file: C:\Program Files\3M\PSNLite\PsnLite.exe
size: 1622016
MD5: 606dc8dd862921b7f6efb4d06256e809
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} (HomepageBHO)
BHO name:
CLSID name: HomepageBHO
Path: C:\WINDOWS\system32\
Long name: hpD285.tmp
Short name:
Date (created): 15/02/2006 13:19:18
Date (last access): 15/02/2006 13:19:18
Date (last write): 15/02/2006 13:19:18
Filesize: 24064
Attributes: archive
MD5: E1EC54A64FE45054F5F3812FA46EB7C6
CRC32: 736D45D1
--- ActiveX list ---
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer: C:\WINDOWS\Downloaded Program Files\QTPlugin.inf
Codebase: http://www.apple.com/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 21/12/2005 00:33:54
Date (last access): 15/02/2006 12:20:02
Date (last write): 21/12/2005 00:33:54
Filesize: 409600
Attributes: archive
MD5: D2B462A22F89C8A74B02EDDA130AF616
CRC32: 99C4835D
Version: 7.0.3.50
{08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class)
DPF name:
CLSID name: PlxInstall Class
Installer: C:\WINDOWS\Downloaded Program Files\PlaxoInstall.inf
Codebase: https://www.plaxo.com/down/latest/PlaxoInstall.cab
description:
classification: Open for discussion
known filename: PlaxoInstall.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: PlaxoInstall.dll
Short name: PLAXOI~1.DLL
Date (created): 09/12/2005 18:36:56
Date (last access): 15/02/2006 13:45:24
Date (last write): 09/12/2005 18:36:56
Filesize: 212608
Attributes: archive
MD5: FEBCDECCF6A68CBB6B111105079D7B68
CRC32: 7C7A362F
Version: 2.6.2.7
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 29/08/2005 13:27:12
Date (last access): 15/02/2006 12:20:02
Date (last write): 29/08/2005 13:27:12
Filesize: 520968
Attributes: archive
MD5: 679088DD42AFB105A6DA3F5E876D69B6
CRC32: 80D21320
Version: 1.3.272.0
{193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control)
DPF name:
CLSID name: ewidoOnlineScan Control
Installer:
Codebase: http://download.ewido.net/ewidoOnlineScan.cab
Path: C:\WINDOWS\DOWNLO~1\
Long name: ewidoOnlineScan.dll
Short name: EWIDOO~1.DLL
Date (created): 03/01/2006 09:20:34
Date (last access): 15/02/2006 13:45:24
Date (last write): 03/01/2006 09:20:34
Filesize: 327008
Attributes: archive
MD5: D40DBB08A55751B2A390813B0EA6955A
CRC32: 7D8648A3
Version: 1.0.0.1
{21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control)
DPF name:
CLSID name: ChartFX Internet Control
Installer: C:\WINDOWS\Downloaded Program Files\CfxIEAx.inf
Codebase: https://service.pelephone.co.il/WebPhone/jsp/Client/CfxIEAx.cab
description:
classification: Open for discussion
known filename: CfxIEAx.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: CfxIEAx.ocx
Short name:
Date (created): 25/11/2002 17:19:22
Date (last access): 15/02/2006 12:20:02
Date (last write): 25/11/2002 17:19:22
Filesize: 641094
Attributes: archive
MD5: 67721BB1781862419E1C991DFAA520BE
CRC32: 0BAA9B86
Version: 5.5.10.2
{33564D57-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf
Codebase: http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
description: Microsoft WMV Video Codec
classification: Legitimate
known filename: WMV9DMO.CAB
info link:
info source: Patrick M. Kolla
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase: http://office.microsoft.com/officeupdate/content/opuc3.cab
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 18/01/2005 01:07:18
Date (last access): 15/02/2006 13:47:00
Date (last write): 17/11/2005 23:12:26
Filesize: 533504
Attributes: archive
MD5: 24F3058766D5FC3FD0F37F6D6EE6FE9B
CRC32: F1FAEDE3
Version: 12.0.3208.1014
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120215849593
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: wuweb.dll
Short name:
Date (created): 03/08/2004 13:59:06
Date (last access): 15/02/2006 12:20:02
Date (last write): 26/05/2005 04:19:32
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 5.8.0.2469
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_07
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.2_07\bin\
Long name: NPJPI142_07.dll
Short name: NPJPI1~1.DLL
Date (created): 15/01/2069 12:24:24
Date (last access): 15/02/2006 12:20:02
Date (last write): 15/01/2005 12:24:14
Filesize: 65650
Attributes: archive
MD5: 3BBB2859FB15A362EEF593AD3E6BAF9C
CRC32: 5601F736
Version: 1.4.2.70
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab
description:
classification: Open for discussion
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 11/11/2005 08:28:22
Date (last access): 15/02/2006 13:13:06
Date (last write): 19/12/2005 13:35:32
Filesize: 135168
Attributes: archive
MD5: 20C07B231040B49AFCE82397BFC35F9C
CRC32: 9301377D
Version: 58.4.0.0
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)
DPF name:
CLSID name: MsnMessengerSetupDownloadControl Class
Installer: C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.inf
Codebase: http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
description:
classification: Legitimate
known filename: MsnMessengerSetupDownloader.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnMessengerSetupDownloader.ocx
Short name: MSNMES~1.OCX
Date (created): 05/11/2004 15:58:20
Date (last access): 15/02/2006 12:20:02
Date (last write): 14/08/2005 00:26:04
Filesize: 113664
Attributes: archive
MD5: C403792A3FF639C215067D5AA680C482
CRC32: 7CD0769A
Version: 1.0.0.3
{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_07
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
Path: C:\Program Files\Java\j2re1.4.2_07\bin\
Long name: NPJPI142_07.dll
Short name: NPJPI1~1.DLL
Date (created): 15/01/2069 12:24:24
Date (last access): 15/02/2006 13:50:04
Date (last write): 15/01/2005 12:24:14
Filesize: 65650
Attributes: archive
MD5: 3BBB2859FB15A362EEF593AD3E6BAF9C
CRC32: 5601F736
Version: 1.4.2.70
{CBF2C04B-50B5-4C7B-8D49-ACB62582F8E6} (LauncherV1 Class)
DPF name:
CLSID name: LauncherV1 Class
Installer:
Codebase: http://chat-basic.nana.co.il/Cabs/launcher.cab
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.2\
Long name: launcher.ocx
Short name:
Date (created): 15/01/2005 18:24:04
Date (last access): 15/02/2006 12:20:02
Date (last write): 15/01/2005 18:24:04
Filesize: 507904
Attributes: archive
MD5: 98A9705EED1EC4934EE3C0BF0D4F77BB
CRC32: 69512FB2
Version: 1.0.0.1
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8.ocx
Short name:
Date (created): 27/08/2005 13:38:56
Date (last access): 15/02/2006 13:12:38
Date (last write): 27/08/2005 13:38:56
Filesize: 1435272
Attributes: archive
MD5: 900373C059C2B51CA91BF110DBDECB33
CRC32: F19599BC
Version: 8.0.22.0
{D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class)
DPF name:
CLSID name: LauncherV1 Class
Installer:
Codebase: http://www.tapuz.co.il/irc/main/launcher.cab
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
Long name: launcher.ocx
Short name:
Date (created): 13/05/2005 21:34:16
Date (last access): 15/02/2006 12:20:02
Date (last write): 13/05/2005 21:34:16
Filesize: 552960
Attributes: archive
MD5: CBBB39F2233474E363870ED24E6E725C
CRC32: AEB5C16D
Version: 1.0.0.1
{F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class)
DPF name:
CLSID name: LauncherV1 Class
Installer:
Codebase: http://irc.nana.co.il/Cabs/launcher39.cab
description:
classification: Open for discussion
known filename: LAUNCHER.OCX
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: launcher.ocx
Short name:
Date (created): 12/11/2003 14:34:30
Date (last access): 15/02/2006 12:20:02
Date (last write): 12/11/2003 14:34:30
Filesize: 385154
Attributes: archive
MD5: B1DD27B9B1F8DD9BF74A822B1559F836
CRC32: 229F1D8A
Version: 1.0.0.1
--- Process list ---
PID: 0 ( 0) [System]
PID: 144 ( 4) \SystemRoot\System32\smss.exe
PID: 192 ( 144) \??\C:\WINDOWS\system32\csrss.exe
PID: 216 ( 144) \??\C:\WINDOWS\system32\winlogon.exe
PID: 260 ( 216) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 272 ( 216) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 424 ( 260) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 468 ( 260) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 508 ( 260) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 740 ( 720) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1028 ( 740) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 15/02/2006 13:50:02
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/keyword/%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.haaretz.co.il/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/keyword/%s
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]
Protocol 1: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 4: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E1705FA9-EAE7-4CFA-A156-1F054E81DDAD}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E1705FA9-EAE7-4CFA-A156-1F054E81DDAD}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6A69ED6D-83F6-499B-9899-6C94C79AAAA7}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6A69ED6D-83F6-499B-9899-6C94C79AAAA7}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{92ED6772-699E-44DE-99F4-086CEDEEF1A9}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{92ED6772-699E-44DE-99F4-086CEDEEF1A9}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{87C2BCB3-58CB-4460-A58E-0AF6A82E3CD8}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{87C2BCB3-58CB-4460-A58E-0AF6A82E3CD8}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{44D1B192-C6B3-42AE-AEF9-742A6F6CFC72}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{44D1B192-C6B3-42AE-AEF9-742A6F6CFC72}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
--- Uninstall list ---
@BIOS (@BIOS)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\BIOS\Uninst.isu"
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com
(AddressBook)
Adobe Download Manager 2.0 (הסרה בלבד) 2.0 (AdobeESD)
uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
AFPL Ghostscript 8.13 (AFPL Ghostscript 8.13)
uninstall cmd: c:\program files\gs\uninstgs.exe "c:\program files\gs\gs8.13\uninstal.txt"
AFPL Ghostscript Fonts (AFPL Ghostscript Fonts)
uninstall cmd: c:\program files\gs\uninstgs.exe "c:\program files\gs\fonts\uninstal.txt"
Apache Tomcat 5.0 (remove only) (Apache Tomcat 5.0)
uninstall cmd: "C:\Program Files\Apache Software Foundation\Tomcat 5.0\Uninstall.exe"
Arkaball (Arkaball)
uninstall cmd: C:\Program Files\Microsoft ActiveSync\Arkaball\Uninstall.exe Arkaball
AVG Free Edition (AVG7Uninstall)
uninstall cmd: C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
(Branding)
BSPlayer (BSPlayer1)
uninstall cmd: "C:\Program Files\Webteh\BSplayer\uninstall.exe"
(Connection Manager)
(DirectAnimation)
(DirectDrawEx)
MathType 5 5.0 (DSMT5)
uninstall cmd: "C:\Program Files\MathType\Setup.exe" -R
publisher: Design Science, Inc.
help link: http://www.dessci.com/support
(DXM_Runtime)
eMedia Codec 4.0 4.0 (eMedia Codec)
uninstall cmd: C:\Program Files\eMedia Codec\uninst.exe
publisher: eMedia Codec Software
ewido anti-malware (ewidoantimalware)
install location: C:\Program Files\ewido anti-malware
uninstall cmd: C:\Program Files\ewido anti-malware\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net
(Fontcore)
Google Pack Screensaver 1.0 (Google Pack Screensaver)
uninstall cmd: C:\WINDOWS\Google Pack Screensaver Uninstaller.exe
publisher: Google
help link: http://www.google.com/pack/support/
Google Updater 1.0 (Google Updater)
uninstall cmd: "C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe" -uninstall
publisher: Google Inc.
help link: http://pack.google.com/pack-support?hl=en
GSview 4.6 (GSview 4.6)
uninstall cmd: C:\Program Files\Ghostgum\gsview\uninstgs.exe "C:\Program Files\Ghostgum\gsview\uninstal.txt"
HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Program Files\Hijackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.
Hijackthis 1.99.1 (Hijackthis_is1)
install location: C:\Program Files\Hijackthis\
uninstall cmd: "C:\Program Files\Hijackthis\unins000.exe"
publisher: Soeperman Enterprises Ltd
help link: http://www.merijn.org
HTML-Kit 1.0 (HTMLKit_is1)
install location: C:\Program Files\Chami\HTML-Kit\
uninstall cmd: "C:\Program Files\Chami\HTML-Kit\unins000.exe"
publisher: Chami.com
comments: HTML-Kit
contact: HTML-Kit Support
help link: http://www.chami.com/html-kit/help/
readme: C:\Program Files\Chami\HTML-Kit\Readme.txt
ICQ 5 (ICQLite)
uninstall cmd: C:\Program Files\ICQLite\ICQLiteUninstall.EXE
(ICW)
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
(InstallShield Uninstall Information)
Adobe Reader for Pocket PC 2.0 2.0 (InstallShield_{291A772C-FFB9-4681-B720-AB2A0A620896})
version: 33554432
version (major): 2
estimated size: 21188
install date: 20060117
install source: F:\Temp\_is33\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{291A772C-FFB9-4681-B720-AB2A0A620896}
publisher: Adobe Systems
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-555-555-4505
QuickTime 7.0.3 (InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083})
version: 117440515
version (major): 7
estimated size: 62919
install date: 20051221
install location: C:\Program Files\QuickTime\
install source: F:\Temp\_is33\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273
iTunes 6.0.1.3 (InstallShield_{872653C6-5DDC-488B-B7C2-CF9E4D9335E5})
version: 100663297
version (major): 6
estimated size: 32026
install date: 20051026
install location: C:\Program Files\iTunes\
install source: C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{872653C6-5DDC-488B-B7C2-CF9E4D9335E5} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273
Windows XP Hotfix - KB867282 20050127.090417 (KB867282)
uninstall cmd: C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=867282
Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333
Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339
Security Update for Windows XP (KB883939) 1 (KB883939)
install date: 20050619
uninstall cmd: "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883939
(KB884016)
Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250
Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835
Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836
Windows XP Hotfix - KB885884 20040924.025457 (KB885884)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885884
Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185
Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472
Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742
Windows XP Hotfix - KB887797 20041018.133824 (KB887797)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887797
Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113
Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302
Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20050711
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046
Windows XP Hotfix - KB890047 20041221.124506 (KB890047)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890047
Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175
Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20050413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859
Windows XP Hotfix - KB890923 1 (KB890923)
install date: 20050413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890923
Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781
Windows XP Hotfix - KB893066 1 (KB893066)
install date: 20050413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066
Windows XP Hotfix - KB893086 1 (KB893086)
install date: 20050413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086
Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20050812
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756
Windows Installer 3.1 (KB893803) 3.1 (KB893803)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467
Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467
Update for Windows XP (KB894391) 1 (KB894391)
install date: 20050812
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391
Windows Media Player 10 Hotfix - KB894476 (KB894476)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894476
Hotfix for Windows XP (KB896344) 2 (KB896344)
install date: 20050711
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896344
Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20050619
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358
Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20050619
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422
Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20050812
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423
Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20051108
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424
Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20050619
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428
Security Update for Windows XP (KB896688) 1 (KB896688)
install date: 20051025
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896688
Update for Windows XP (KB896727) 1 (KB896727)
install date: 20050812
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896727
Update for Windows XP (KB898461) 1 (KB898461)
install date: 20050629
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461
Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20050812
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587
Security Update for Windows XP (KB899588) 1 (KB899588)
install date: 20050812
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899588
Security Update for Windows XP (KB899589) 1 (KB899589)
install date: 20051025
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899589
Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20050812
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591
Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20051025
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725
Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20051025
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017
Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20050713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214
Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20051025
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400
Security Update for Windows XP (KB903235) 1 (KB903235)
install date: 20050713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903235
Security Update for Windows XP (KB904706) 1 (KB904706)
install date: 20051025
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706
Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20051025
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414
Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20051025
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749
Security Update for Windows XP (KB905915) 1 (KB905915)
install date: 20051215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915
Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519
Hotfix for Windows XP (KB909394) 1 (KB909394)
install date: 20051221
uninstall cmd: "C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=909394
Update for Windows XP (KB910437) 1 (KB910437)
install date: 20051215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437
Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060105
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919
Lion Heart's Codec Pack (Lion Heart's Codec Pack1.3)
uninstall cmd: C:\WINDOWS\iun6002.exe "C:\Program Files\Lion Heart's Codec Pack\irunin.ini"
Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Macromedia Shockwave Player (Macromedia Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
(Microsoft NetShow Player 2.0)
(MobileOptionPack)
Mozilla Firefox (1.5.0.1) 1.5.0.1 (en-US) (Mozilla Firefox (1.5.0.1))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\WINDOWS\UninstallFirefox.exe /ua "1.5.0.1 (en-US)"
publisher: Mozilla
(MPlayer2)
(MSI30-Beta1)
(MSI30-Beta2)
(MSI30-KB884016)
(MSI30-RC1)
(MSI30-RC2)
(MSI30a-KB884016)
(MSI31-Beta)
(MSI31-RC1)
Search Assistant - My Search (MySearchSearchAssistant)
uninstall cmd: rundll32 C:\PROGRA~1\MySearch\SrchAstt\1.bin\mysrchas.dll,O
publisher: My Search
help link: http://help.mysearch.com/searchbar.html
NASA World Wind 1.3 (NASA World Wind 1.3)
uninstall cmd: "C:\Program Files\NASA\World Wind 1.3\Uninstall_1.3.exe"
Nero OEM (Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 SE (NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL
(NetMeeting)
Nero Media Player (NMPUninstallKey)
uninstall cmd: C:\WINDOWS\UNNMP.exe /UNINSTALL
NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Outlook Duplicates Remover 5.0 (Outlook Duplicates Remover 5.0)
uninstall cmd: C:\PROGRA~1\OUTLOO~2\UNWISE.EXE C:\PROGRA~1\OUTLOO~2\INSTALL.LOG
(OutlookExpress)
הפדאור החדש (PadorNew)
uninstall cmd: C:\WINDOWS\iun6002.exe "C:\Program Files\PadorNew\irunin.ini"
Panda ActiveScan (Panda ActiveScan)
uninstall cmd: C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
publisher: Panda Software S.L.
PCFriendly (PCFriendly)
uninstall cmd: C:\Program Files\PCFriendly\inuninst.exe
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Picasa 2 2.0 (Picasa2)
uninstall cmd: "C:\Program Files\Picasa2\Uninstall.exe"
publisher: Google, Inc.
help link: http://www.picasa.com/
Plaxo Toolbar for Outlook and Outlook Express (Plaxo)
install location: C:\Program Files\Plaxo\2.6.2.7
uninstall cmd: C:\Program Files\Plaxo\2.6.2.7\uninstall.exe
help link: http://www.plaxo.com/support/uninstall
Post-it® Software Notes Lite (PSN)
uninstall cmd: "C:\Program Files\3M\PSNLite\Uninstall.exe" -Prog"C:\Program Files\3M\PSNLite\PsnLite.exe" -INI"C:\Program Files\3M\PSNLite\uninst.ini"
RepliGo Desktop (remove only) (RepliGo)
uninstall cmd: "C:\Program Files\Cerience\RepliGo\uninst.exe"
RepliGo Viewer (remove only) (RepliGo Viewer)
uninstall cmd: "C:\Program Files\Cerience\RepliGo Viewer\uninst.exe"
(SchedulingAgent)
(Shockwave)
Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/
Skype (BETA) 2.0 (Skype_is1)
install location: C:\Program Files\Skype\Phone\
uninstall cmd: "C:\Program Files\Skype\Phone\unins000.exe"
publisher: Skype Software S.A.
help link: http://ui.skype.com/ui/0/2.0.0.43/en/help
Skype™ for Pocket PC 1.2 1.2 (Skype™ for Pocket PC_is1)
install location: C:\Program Files\Microsoft ActiveSync\Skype for Pocket PC\
uninstall cmd: "C:\Program Files\Microsoft ActiveSync\Skype for Pocket PC\unins000.exe"
publisher: Skype Technologies S.A.
help link: http://www.skype.com
Spb Diary (Spb Diary)
uninstall cmd: C:\Program Files\Microsoft ActiveSync\Spb Diary\Uninstall.exe Spb Diary
Spb Pocket Plus (Spb Pocket Plus)
uninstall cmd: C:\Program Files\Microsoft ActiveSync\Spb Pocket Plus\Uninstall.exe Spb Pocket Plus
Spb Weather (Spb Weather)
uninstall cmd: C:\Program Files\Microsoft ActiveSync\Spb Weather\Uninstall.exe Spb Weather
SpbTime (SpbTime)
uninstall cmd: C:\Program Files\Microsoft ActiveSync\Spb Time\Uninstall.exe SpbTime
Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
SpyFalcon 2.0 2.0 (SpyFalcon)
uninstall cmd: C:\Program Files\SpyFalcon\uninst.exe
publisher: SpyFalcon LLC
TCPMP (TCPMP)
uninstall cmd: C:\Program Files\Microsoft ActiveSync\TCPMP\Uninstall.exe TCPMP
Total Commander (Remove or Repair) (Totalcmd)
uninstall cmd: C:\Program Files\totalcmd\tcuninst.exe
Microsoft Visual Studio .NET Professional 2003 - English (Visual Studio .NET Professional 2003 - English)
install location: C:\Program Files\Microsoft Visual Studio .NET 2003\
uninstall cmd: "C:\Program Files\Microsoft Visual Studio .NET 2003\Setup\Visual Studio .NET Professional 2003 - English\setup.exe" /MaintMode
publisher: Microsoft
help link: http://support.microsoft.com/default.aspx?scid=FH;EN-US;vsnet&SD=GN&FR=0&LN=EN-US
readme: C:\Program Files\Microsoft Visual Studio .NET 2003\readme.htm
Voice Notes Recorder for Pocket PC 2003 (Voice Notes Recorder)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Alexander Zavorine\Voice Notes Recorder for Pocket PC 2003\Uninst.isu"
Windows Media Connect (Windows Media Connect)
uninstall cmd: msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 2 20040803.231319 (Windows XP Service Pack)
uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811113
WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe
ZIP 2 Secure EXE v8.1.0 (ZIP 2 Secure EXE)
uninstall cmd: "C:\Program Files\Chilkat Software, Inc.\ZIP 2 Secure EXE\ChilkatZipSE.exe" /uninstall
publisher: Chilkat Software, Inc.
help link: http://www.chilkatsoft.com
PDFCreator 0.8.0 ({0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D})
uninstall cmd: C:\Program Files\PDFCreator\unins000.exe
publisher: Frank Heindצrfer, Philip Chinery
help link: http://www.pdfcreator.de.vu
Chilkat Zip ActiveX 12.1.0 ({01E36643-19E6-4858-B93B-6A812198EA4E})
version: 201392128
version (major): 12
version (minor): 1
estimated size: 2080
install date: 20051215
install source: F:\Temporary Internet Files\Content.IE5\7TIOZ4SK\
uninstall cmd: MsiExec.exe /I{01E36643-19E6-4858-B93B-6A812198EA4E}
publisher: Chilkat Software Inc
comments: Chilkat Zip ActiveX Component
contact: Chilkat Software Inc
help link: http://www.chilkatsoft.com/support.asp
help telephone: 630-784-9670
Google Gmail Notifier ({0228e555-4f9c-4e35-a3ec-b109a192b4c2})
uninstall cmd: "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
publisher: Google Inc.
help link: http://mail.google.com/support
Gemara ({0AF9A122-18A5-11D5-85EB-444553540000})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0AF9A122-18A5-11D5-85EB-444553540000}\Setup.exe"
DjVu Control 4.5 ({105CFC7C-6992-11D5-BD9D-000102C10FD8})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x9
Adobe Photoshop Album 2.0 Starter Edition 2.00.100 ({11B569C2-4BF6-4ED0-9D17-A4273943CB24})
version: 33554532
version (major): 2
estimated size: 15497
install date: 20050403
install source: C:\WINDOWS\Downloaded Installations\{574598EF-8D3C-45D3-85AE-E15F91F27985}\
uninstall cmd: MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
publisher: Adobe Systems, Inc.
readme: C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\readme.txt
Microsoft FrontPage Client - English 7.00.9209 ({17B66E83-1BC9-11D5-A54A-0090278A1BB8})
version: 117449721
version (major): 7
estimated size: 1509
install date: 20050713
install source: h:\english\vs.net2003_prerequisites\
publisher: Microsoft
Microsoft Visual J# .NET Redistributable Package 1.1 1.1.4322 ({1A655D51-1423-48A3-B748-8F5A0BE294C8})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 11679
install date: 20050628
install source: F:\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Repairjshcore.htm
Visual Studio .NET Professional 2003 - English 7.1.3088 ({20610409-CA18-41A6-9E21-A93AE82EE7C5})
version: 117509136
version (major): 7
version (minor): 1
estimated size: 1092349
install date: 20050713
install location: C:\Program Files\Microsoft Visual Studio .NET 2003\
install source: h:\
publisher: Microsoft
Google Talk (remove only) ({226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk)
uninstall cmd: "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Adobe Reader for Pocket PC 2.0 2.0 ({291A772C-FFB9-4681-B720-AB2A0A620896})
version: 33554432
version (major): 2
estimated size: 21188
install date: 20060117
install source: F:\Temp\_is33\
publisher: Adobe Systems
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-555-555-4505
Data Lifeguard ({2C0A655C-61E7-428A-8ED2-23A3D20E7DD2})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
DirectX for Managed Code Update (December 2004) 9.03.91 ({339E14FF-8FDC-4809-AAF2-87BA22905C7F})
version: 151191643
version (major): 9
version (minor): 3
estimated size: 9545
install date: 20050408
install source: C:\WINDOWS\Temp\
publisher: Microsoft
WebFldrs XP 9.50.5318 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154277062
version (major): 9
version (minor): 50
estimated size: 2508
install date: 20050403
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows
Java 2 SDK, SE v1.4.2_07 1.4.2_07 ({35A3A4F4-B792-11D6-A78A-00B0D0142070})
version (major): 1
version (minor): 4
estimated size: 438888
install date: 20050403
install source: C:\Documents and Settings\Noam\Local Settings\Application Data\{35A3A4F2-B792-11D6-A78A-00B0D0142070}\
uninstall cmd: MsiExec.exe /I{35A3A4F4-B792-11D6-A78A-00B0D0142070}
publisher: Sun Microsystems, Inc.
comments: http://java.sun.com
contact: http://java.sun.com
help link: http://java.sun.com
help telephone: http://java.sun.com
QuickTime 7.0.3 ({3868A8EE-5051-4DB0-8DF6-4F4B8A98D083})
version: 117440515
version (major): 7
estimated size: 62919
install date: 20051221
install location: C:\Program Files\QuickTime\
install source: F:\Temp\_is33\
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273
Google Earth 3.0.0762 ({3DE5E7D4-7B88-403C-A3FD-2017A8240C5B})
version: 50332410
install date: 20060205
install location: C:\Program Files\Google\Google Earth
install source: F:\Temp\bye25.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
publisher: Google
Microsoft AntiSpyware 1.0 ({536F7C74-844B-4683-B0C5-EA39E19A6FE3})
version: 16777216
version (major): 1
estimated size: 17271
install date: 20051130
install source: C:\WINDOWS\Downloaded Installations\{C0FA7138-477B-4FEC-8F23-640C21C2287B}\
uninstall cmd: MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
publisher: Microsoft Corporation
contact: Microsoft Support
help link: http://www.microsoft.com
VPN Client ({5624C000-B109-11D4-9DB4-00E0290FCAC5})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
CmdHere Powertoy For Windows XP 1.00.0001 ({6855CCDD-BDF9-48E4-B80A-80DFB96FE36C})
version: 16777217
version (major): 1
estimated size: 5
install date: 20050403
install source: C:\WINDOWS\Downloaded Installations\
uninstall cmd: MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
publisher: Microsoft Corporation
comments: CmdHere Powertoy for XP
contact: Microsoft Corporation
help link: http://www.microsoft.com/directory
help telephone: (800) 426-9400
readme: http://www.microsoft.com/windowsxp
Java 2 Runtime Environment, SE v1.4.2_07 1.4.2_07 ({7148F0A8-6813-11D6-A77B-00B0D0142070})
version (major): 1
version (minor): 4
estimated size: 141056
install date: 20050403
install source: C:\Documents and Settings\Noam\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142070}\
uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142070}
publisher: Sun Microsystems, Inc.
comments: http://www.java.com
contact: http://www.java.com
help link: http://www.java.com
help telephone: http://www.java.com
readme: Readme.txt
MSXML 4.0 SP2 Parser and SDK 4.20.9818.0 ({716E0306-8318-4364-8B8F-0CC4E9376BAC})
version: 68429402
version (major): 4
version (minor): 20
estimated size: 1259
install date: 20050804
install source: C:\Program Files\InterVideo\DVD7\MsXML\
uninstall cmd: MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
publisher: Microsoft Corporation
help link: http://www.msdn.microsoft.com/xml
Mobipocket Reader 5.1 5.1.532 ({7953EDF5-EA47-4086-A251-2421663D1835})
version: 83952148
version (major): 5
version (minor): 1
estimated size: 10672
install date: 20060208
install source: F:\Temporary Internet Files\Content.IE5\3NTVBHWS\
uninstall cmd: MsiExec.exe /I{7953EDF5-EA47-4086-A251-2421663D1835}
publisher: Mobipocket.com
comments: eBook Reader
contact: Mobipocket.com
help link: http://www.mobipocket.com/support
iTunes 6.0.1.3 ({872653C6-5DDC-488B-B7C2-CF9E4D9335E5})
version: 100663297
version (major): 6
estimated size: 32062
install date: 20051026
install location: C:\Program Files\iTunes\
install source: C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273
Microsoft Office Professional Edition 2003 11.0.7969.0 ({9011040D-6000-11D3-8CFE-0150048383C9})
version: 184557345
version (major): 11
estimated size: 606190
install date: 20060116
install source: H:\Office2003\
uninstall cmd: MsiExec.exe /I{9011040D-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\OFFICE11\1037\OFREADME.HTM
Microsoft Office 2003 English User Interface Pack 11.0.7969.0 ({901E0409-6000-11D3-8CFE-0150048383C9})
version: 184557345
version (major): 11
estimated size: 191676
install date: 20060116
install source: H:\Office 2003 MUI\
uninstall cmd: MsiExec.exe /I{901E0409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\OFFICE11\MUIREAD.HTM
Microsoft Office XP Professional with FrontPage 10.0.6626.0 ({90280409-6000-11D3-8CFE-0050048383C9})
version: 167778786
version (major): 10
estimated size: 373743
install date: 20050711
install source: D:\
uninstall cmd: MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM
AvantGo Client 6.0 ({A90DCEC1-22DE-11D4-B8A9-0050DAB648C6})
version: 100663296
install location: C:\Program Files\AvantGo
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}\setup.exe" -l0x9 CP
Sprite Backup 3.5 ({ABC5404F-F0F3-4221-8DB9-5D34DD866E50})
version: 50659328
install location: C:\Program Files\Sprite Software\Sprite Backup
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABC5404F-F0F3-4221-8DB9-5D34DD866E50}\setup.exe" -l0x9
Adobe Reader 7.0.7 7.0.7 ({AC76BA86-7AD7-1033-7B44-A70000000000})
version: 117440519
version (major): 7
estimated size: 85079
install date: 20060214
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm
Microsoft ActiveSync 4.0 4.1.4841.0 ({B208806F-A231-4FA0-AB3F-5C1B8979223E})
version: 67179241
version (major): 4
version (minor): 1
estimated size: 14199
install date: 20051221
install source: C:\WINDOWS\Downloaded Installations\{8BB9063D-AC31-428D-8C46-E8ED667C2AE9}\
uninstall cmd: MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
publisher: Microsoft Corporation
Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 60751
install date: 20050404
install source: C:\DOCUME~1\Noam\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
MSN Messenger 7.5 7.5.0324.0 ({CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5})
version: 117768516
version (major): 7
version (minor): 5
estimated size: 15481
install date: 20060212
install source: F:\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
publisher: Microsoft Corporation
Visual Studio.NET Baseline - English 7.1.3088 ({D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A})
version: 117509136
version (major): 7
version (minor): 1
estimated size: 1787
install date: 20050713
install source: h:\english\vs.net2003_prerequisites\
publisher: Microsoft
Windows Media Connect 1.0.0.0 ({F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B})
version: 16777216
version (major): 1
estimated size: 8710
install date: 20050404
install source: C:\WINDOWS\Installer\
uninstall cmd: MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=9647
MSDN Library - October 2003 7.46.3234 ({F95B340A-67A5-419C-843B-949406A357D2})
version: 120458402
version (major): 7
version (minor): 46
estimated size: 1883764
install date: 20050713
install source: H:\
uninstall cmd: MsiExec.exe /I{F95B340A-67A5-419C-843B-949406A357D2}
publisher: Microsoft
Realtek AC'97 Audio ({FB08F381-6533-4108-B7DD-039E11FBC27E})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
HighMAT Extension to Microsoft Windows XP CD Writing Wizard 1.1.1905.1 ({FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F})
version: 16844657
version (major): 1
version (minor): 1
estimated size: 2182
install date: 20050404
install location: C:\Program Files\HighMAT CD Writing Wizard\
install source: C:\WINDOWS\Downloaded Installations\{2B9EEF6F-0848-4762-A2C6-D35D72523C8A}\
uninstall cmd: MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
publisher: Microsoft Corporation
readme: C:\Program Files\HighMAT CD Writing Wizard\1033\\HighMAT_readme.htm
({FD32EBD5-A526-44C0-8464-5BC3F4136F60})
The smitREm won't run I my computer for some reason (I have an AMD Athalon etc' if that might have to so with it?).
The Ewido Log:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 14:20:07, 15/02/2006
+ Report-Checksum: FFEFB859
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1801674531-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1801674531-1563985344-839522115-1003\Software\Classes\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D} -> Adware.SpyFalcon : Cleaned with backup
HKU\S-1-5-21-1801674531-1563985344-839522115-1003_Classes\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D} -> Adware.SpyFalcon : Cleaned with backup
[740] C:\WINDOWS\system32\dxmpp.dll -> Not-A-Virus.Hoax.Win32.Renos.bi : Cleaned with backup
C:\WINDOWS\system32\1024\ldCFC6.tmp -> Dropper.Small.amb : Cleaned with backup
C:\WINDOWS\system32\dxmpp.dll -> Not-A-Virus.Hoax.Win32.Renos.bi : Cleaned with backup
C:\WINDOWS\system32\mssearchnet.exe -> Hijacker.SpyAxe : Cleaned with backup
C:\WINDOWS\system32\nvctrl.exe -> Hijacker.SpyAxe : Cleaned with backup
::Report End
The Panda ActiveScan got stuck in the middle twice - I think because of the Malware
Second Hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 01:44:11, on 16/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Cerience\RepliGo\RepliGoMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\HUJI\HUJI VPN Client\cvpnd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.haaretz.co.il/
O1 - Hosts: 212.235.60.150 bloom-schorer2
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hpCE3F.tmp
O3 - Toolbar: &RepliGo - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [RepliGo Assistant] "C:\Program Files\Cerience\RepliGo\RepliGoMon.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpriteService] "C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe"
O4 - HKCU\..\Run: [Mobipocket Reader Notifications] C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm824YYIL
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - https://service.pelephone.co.il/WebPhone/jsp/Client/CfxIEAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120215849593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CBF2C04B-50B5-4C7B-8D49-ACB62582F8E6} (LauncherV1 Class) - http://chat-basic.nana.co.il/Cabs/launcher.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana.co.il/Cabs/launcher39.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\HUJI\HUJI VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleOraHome81Agent - Oracle Corporation - D:\oracle\ora81\bin\dbsnmp.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - D:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome81CMAdmin - Unknown owner - D:\oracle\ora81\BIN\CMADMIN.EXE
O23 - Service: OracleOraHome81CMan - Unknown owner - D:\oracle\ora81\BIN\CMGW.EXE
O23 - Service: OracleOraHome81DataGatherer - Oracle Corporation - D:\oracle\ora81\bin\vppdc.exe
O23 - Service: OracleOraHome81HTTPServer - Unknown owner - D:\oracle\ora81\Apache\Apache\Apache.exe
O23 - Service: OracleOraHome81PagingServer - Unknown owner - D:\oracle\ora81/bin/pagntsrv.exe
O23 - Service: OracleOraHome81TNSListener - Unknown owner - D:\oracle\ora81\BIN\TNSLSNR.exe
O23 - Service: OracleServiceSTUD - Oracle Corporation - d:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
Thank you soooo much, noam
Hello and sorry for the wait.
Please go here and post a link back to this topic to flag a helper.
If you have waited three days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)
LonnyRJones
2006-02-19, 08:12
The smitREm won't run I my computer for some reason (I have an AMD Athalon etc' if that might have to so with it?).
Explain in detail what happens when you tried to run it ?
Were you in safe mode at the time ?
It runs the Batch, in a CMD (Black) window. Then, it writes on te same window:
"
Sorry, this tool cannot be run on your system.
Press any key to close this window.
Press any key to continue . . ."
I was in safe mode.
I had SpyAxe once already 2 months ago and removed it succesfully without the SmitRem (it didn't work then either)
thanks, noam
LonnyRJones
2006-02-19, 08:42
Lets try sysclean in safe mode, afterwards while still in safe mode run SpyBiot, avg, ewido one at a time..
Sysclean a standalone scanner
Make a new folder called C:\Sysclean
Download Sysclean from http://www.trendmicro.com/download/dcs.asp
Click the sysclean.txt link to learn how to use it. Download the latest pattern file :
http://www.trendmicro.com/download/pattern.asp
lpt(xxxx).zip (AS/400, S/390, Windows)
Unzip it to the Sysclean folder.
Boot to Safe Mode. Scan the system with Sysclean. It will take awhile but
it is very thorough. When it's done, close Sysclean. restart back to a normal session.
I was clean for 3 minutes before it popped up again on the bottom right corner...
I did exactly as you instructed me and this is the Sysclean log:
/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/
2006-02-19, 10:25:26, Auto-clean mode specified.
2006-02-19, 10:25:26, Running scanner "C:\Sysclean\TSC.BIN"...
2006-02-19, 10:31:22, Scanner "C:\Sysclean\TSC.BIN" has finished running.
2006-02-19, 10:31:22, TSC Log:
Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows XP(Build 2600: Service Pack 2)
Start time : א פברואר 19 2006 10:25:26
Load Damage Cleanup Template (DCT) "C:\Sysclean\tsc.ptn" (version 708) [success]
Complete time : א פברואר 19 2006 10:31:22
Execute pattern count(4727), Virus found count(0), Virus clean count(0), Clean failed count(0)
2006-02-19, 10:33:46, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied.
2006-02-19, 10:33:46, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is denied.
2006-02-19, 10:33:46, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-02-19, 10:33:46, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-02-19, 10:33:46, An error occurred while scanning file "C:\Documents and Settings\Noam\NTUSER.DAT": Access is denied.
2006-02-19, 10:33:46, An error occurred while scanning file "C:\Documents and Settings\Noam\ntuser.dat.LOG": Access is denied.
2006-02-19, 10:34:15, An error occurred while scanning file "C:\Documents and Settings\Noam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-02-19, 10:34:15, An error occurred while scanning file "C:\Documents and Settings\Noam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-02-19, 10:43:22, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\ACRORD32.EXE-13285B88.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-013EA364.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-2ED3360E.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\AUTORUN.EXE-055703AF.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGCC.EXE-36A38F59.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGEMC.EXE-361B4758.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGINET.EXE-3038B75E.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\BSPLAYER.EXE-14B7F352.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\DXOLE32.EXE-1FB557AC.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\FIND.EXE-156A7762.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\GBSAVER.SCR-0241A8E5.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\GBSETUP.EXE-02B0DD98.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\GCASSERVALERT.EXE-23FC31BB.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\GCASSWUPDATER.EXE-06378256.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\GIANTANTISPYWAREUPDATER.EXE-01DFD337.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\GOOGLEUPDATER.EXE-046FE0A3.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-2AF68D7A.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\ICQLIT~2.EXE-176F103E.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\LDB335.TMP-073C968F.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\LDB420.TMP-1910D65B.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\LDB49D.TMP-32CD0FB7.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\LDB74C.TMP-08544E68.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\LDBAD6.TMP-019286BB.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\LDFA28.TMP-0F56AF78.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\LDFA37.TMP-0FF641E9.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\LDFD2B.TMP-1FA3C1CC.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\MSCORNET.EXE-07F16FE2.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\MSSEARCHNET.EXE-0AFC02C2.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\NERO.EXE-3017C357.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\NEROSTARTSMART.EXE-3289D1AD.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\NVCTRL.EXE-06D3483B.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\NVRAIDSERVICE.EXE-1C06C75A.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\OUTLOOK.EXE-106351DB.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\PDFCREATOR.EXE-09D304A3.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\PDFSPO~1.EXE-15C241AA.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\PDOR.EXE-1C3CB1D8.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\PHOTOED.EXE-0F3CAA01.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\PLX_LINK.EXE-1E9A123F.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\POWERDVD.EXE-13FC7432.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\POWERPNT.EXE-2F940E7E.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\READER.EXE-3A53D83C.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\READERNOTIFY.EXE-1136DEAC.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-140A8DAD.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-147710F4.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2972A39C.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2CD85FD3.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4A5A9D78.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\SECURITYSUITE.EXE-278F473B.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\SMITREM.EXE-359B1BC1.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\SPRITEDOCK.EXE-356C4C15.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\SPRITEUNDOCK.EXE-09EBD941.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1344276B.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYFALCON.EXE-2F2BF9C0.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.COM-2DBBA423.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.EXE-257D5B8E.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-2611013F.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\WCESMGR.EXE-2FB86E92.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\WINRAR.EXE-39C6DAD9.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\WINWORD.EXE-37F6AE09.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEF9C.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEF9D.pf": Access is denied.
2006-02-19, 10:45:39, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf": Access is denied.
2006-02-19, 10:46:34, An error occurred while scanning file "C:\WINDOWS\system32\config\default": Access is denied.
2006-02-19, 10:46:34, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Access is denied.
2006-02-19, 10:46:34, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Access is denied.
2006-02-19, 10:46:34, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Access is denied.
2006-02-19, 10:46:34, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Access is denied.
2006-02-19, 10:46:34, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied.
2006-02-19, 10:46:34, An error occurred while scanning file "C:\WINDOWS\system32\config\software": Access is denied.
2006-02-19, 10:46:34, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Access is denied.
2006-02-19, 10:46:34, An error occurred while scanning file "C:\WINDOWS\system32\config\system": Access is denied.
2006-02-19, 10:46:34, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Access is denied.
2006-02-19, 10:47:00, Running scanner "C:\Sysclean\VSCANTM.BIN"...
2006-02-19, 11:03:42, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 2/19/2006 10:47:01
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 219 (123436 Patterns) (2006/02/17) (321900)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Sysclean
C:\WINDOWS\system32\mssearchnet.exe [TROJ_ZLOB.FP]
85059 files have been read.
85059 files have been checked.
69671 files have been scanned.
180295 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/19/2006 11:03:42
---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-19, 11:03:42, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 2/19/2006 10:47:01
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 219 (123436 Patterns) (2006/02/17) (321900)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Sysclean
Success Clean [ TROJ_ZLOB.FP]( 1) from C:\WINDOWS\system32\mssearchnet.exe
85059 files have been read.
85059 files have been checked.
69671 files have been scanned.
180295 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/19/2006 11:03:42 16 minutes 41 seconds (1000.49 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-19, 11:03:42, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 2/19/2006 10:47:01
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 219 (123436 Patterns) (2006/02/17) (321900)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Sysclean
85059 files have been read.
85059 files have been checked.
69671 files have been scanned.
180295 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/19/2006 11:03:42 16 minutes 41 seconds (1000.49 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-19, 11:03:42, Scanner "C:\Sysclean\VSCANTM.BIN" has finished running.
2006-02-19, 11:07:23, An error was detected on "D:\no-sharedocs\Shared Music\ABBA - Waterloo 30th Aniversary Edition - ( 2004 )\Car?tulas\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-02-19, 11:11:39, An error was detected on "D:\no-sharedocs\Shared Music\Mustafa Sandal\?ste\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-02-19, 11:23:22, An error was detected on "D:\System Volume Information\*.*": Access is denied.
2006-02-19, 11:23:22, Running scanner "C:\Sysclean\VSCANTM.BIN"...
2006-02-19, 11:35:48, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 2/19/2006 11:23:23
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 219 (123436 Patterns) (2006/02/17) (321900)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Sysclean
69922 files have been read.
69922 files have been checked.
60573 files have been scanned.
129259 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/19/2006 11:35:48
---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-19, 11:35:48, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 2/19/2006 11:23:23
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 219 (123436 Patterns) (2006/02/17) (321900)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Sysclean
69922 files have been read.
69922 files have been checked.
60573 files have been scanned.
129259 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/19/2006 11:35:48 12 minutes 24 seconds (744.86 seconds) has elapsed.
to be continued...
---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-19, 11:35:48, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 2/19/2006 11:23:23
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 219 (123436 Patterns) (2006/02/17) (321900)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Sysclean
69922 files have been read.
69922 files have been checked.
60573 files have been scanned.
129259 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/19/2006 11:35:48 12 minutes 24 seconds (744.86 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-19, 11:35:48, Scanner "C:\Sysclean\VSCANTM.BIN" has finished running.
2006-02-19, 11:35:48, An error was detected on "E:\System Volume Information\*.*": Access is denied.
2006-02-19, 11:35:48, Running scanner "C:\Sysclean\VSCANTM.BIN"...
2006-02-19, 11:35:49, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 2/19/2006 11:35:49
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 219 (123436 Patterns) (2006/02/17) (321900)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Sysclean
3 files have been read.
3 files have been checked.
2 files have been scanned.
2 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/19/2006 11:35:49
---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-19, 11:35:49, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 2/19/2006 11:35:49
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 219 (123436 Patterns) (2006/02/17) (321900)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Sysclean
3 files have been read.
3 files have been checked.
2 files have been scanned.
2 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/19/2006 11:35:49 0.00 seconds has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-19, 11:35:49, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 2/19/2006 11:35:49
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 219 (123436 Patterns) (2006/02/17) (321900)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Sysclean
3 files have been read.
3 files have been checked.
2 files have been scanned.
2 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/19/2006 11:35:49 0.00 seconds has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-19, 11:35:49, Scanner "C:\Sysclean\VSCANTM.BIN" has finished running.
2006-02-19, 11:35:49, An error was detected on "F:\System Volume Information\*.*": Access is denied.
2006-02-19, 11:37:43, Running scanner "C:\Sysclean\VSCANTM.BIN"...
2006-02-19, 11:38:31, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 2/19/2006 11:37:43
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 219 (123436 Patterns) (2006/02/17) (321900)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=C:\Sysclean
4386 files have been read.
4386 files have been checked.
3312 files have been scanned.
6391 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/19/2006 11:38:31
---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-19, 11:38:31, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 2/19/2006 11:37:43
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 219 (123436 Patterns) (2006/02/17) (321900)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=C:\Sysclean
4386 files have been read.
4386 files have been checked.
3312 files have been scanned.
6391 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/19/2006 11:38:31 47 seconds (46.83 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-19, 11:38:31, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 2/19/2006 11:37:43
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 219 (123436 Patterns) (2006/02/17) (321900)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=C:\Sysclean
4386 files have been read.
4386 files have been checked.
3312 files have been scanned.
6391 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/19/2006 11:38:31 47 seconds (46.83 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-19, 11:38:31, Scanner "C:\Sysclean\VSCANTM.BIN" has finished running.
2006-02-19, 11:38:31, Running scanner "C:\Sysclean\VSCANTM.BIN"...
2006-02-19, 11:38:31, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 2/19/2006 11:38:31
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 219 (123436 Patterns) (2006/02/17) (321900)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 G:\*.* /P=C:\Sysclean
6 files have been read.
6 files have been checked.
2 files have been scanned.
2 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/19/2006 11:38:31
---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-19, 11:38:31, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 2/19/2006 11:38:31
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 219 (123436 Patterns) (2006/02/17) (321900)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 G:\*.* /P=C:\Sysclean
6 files have been read.
6 files have been checked.
2 files have been scanned.
2 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/19/2006 11:38:31 0.23 seconds has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-19, 11:38:31, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 2/19/2006 11:38:31
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 219 (123436 Patterns) (2006/02/17) (321900)
Command Line: C:\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 G:\*.* /P=C:\Sysclean
6 files have been read.
6 files have been checked.
2 files have been scanned.
2 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/19/2006 11:38:31 0.23 seconds has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-19, 11:38:31, Scanner "C:\Sysclean\VSCANTM.BIN" has finished running.
LonnyRJones
2006-02-19, 17:53
Lets use Attribunes tool (SpywareStrike 2.5 Removal )
http://www.atribune.org/
Dirrect download link http://www.atribune.org/ccount/click.php?id=3
umm... I did it but nothing really happens (?!).
even tried in safe mode but it finishes after a sec and when I reboot we're back to the normal SpyFalcon condition...
I'm attaching the HJT log again:
Logfile of HijackThis v1.99.1
Scan saved at 05:16:39, on 21/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Cerience\RepliGo\RepliGoMon.exe
C:\Program Files\HUJI\HUJI VPN Client\cvpnd.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe
C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvctrl.exe
C:\Program Files\SpyFalcon\SpyFalcon.exe
C:\Program Files\SpyFalcon\SpyFalcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.haaretz.co.il/
O1 - Hosts: 212.235.60.150 bloom-schorer2
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hpB5C6.tmp
O3 - Toolbar: &RepliGo - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [RepliGo Assistant] "C:\Program Files\Cerience\RepliGo\RepliGoMon.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpriteService] "C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe"
O4 - HKCU\..\Run: [Mobipocket Reader Notifications] C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm824YYIL
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - https://service.pelephone.co.il/WebPhone/jsp/Client/CfxIEAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120215849593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CBF2C04B-50B5-4C7B-8D49-ACB62582F8E6} (LauncherV1 Class) - http://chat-basic.nana.co.il/Cabs/launcher.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana.co.il/Cabs/launcher39.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\HUJI\HUJI VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleOraHome81Agent - Oracle Corporation - D:\oracle\ora81\bin\dbsnmp.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - D:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome81CMAdmin - Unknown owner - D:\oracle\ora81\BIN\CMADMIN.EXE
O23 - Service: OracleOraHome81CMan - Unknown owner - D:\oracle\ora81\BIN\CMGW.EXE
O23 - Service: OracleOraHome81DataGatherer - Oracle Corporation - D:\oracle\ora81\bin\vppdc.exe
O23 - Service: OracleOraHome81HTTPServer - Unknown owner - D:\oracle\ora81\Apache\Apache\Apache.exe
O23 - Service: OracleOraHome81PagingServer - Unknown owner - D:\oracle\ora81/bin/pagntsrv.exe
O23 - Service: OracleOraHome81TNSListener - Unknown owner - D:\oracle\ora81\BIN\TNSLSNR.exe
O23 - Service: OracleServiceSTUD - Oracle Corporation - d:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
thanks, noam
LonnyRJones
2006-02-21, 07:20
In windows addremove programs uninstall SpyFalcon
Download and run Silentrunners.Vbs post the log it creates please
http://www.silentrunners.org/sr_scriptuse.html click no to not skip the suplimentry searchs
Wait until there is a All Done message !!, Then open and post the log next to it.
Your antivirus script protection might interfear or alert, please allow it to run after a bit box will say done.
I removed Falcon (in Normal mode - not safe) and immidiatelly ran the script. Did I need to reboot first? I hope not...
Attached:
"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"PlaxoUpdate" = "C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe -a" ["Plaxo, Inc."]
"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\wcescomm.exe"" [MS]
"SpriteService" = ""C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe"" ["Sprite Software"]
"Mobipocket Reader Notifications" = "C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe" [null data]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ Lite" = "C:\Program Files\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"kernel32.dll" = "C:\WINDOWS\system32\mssearchnet.exe" [file not found]
"wininet.dll" = "mscornet.exe" [null data]
"nvctrl.exe" = "nvctrl.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NVRaidService" = "C:\WINDOWS\System32\nvraidservice.exe" ["NVIDIA Corporation"]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"NVRTCLK" = "C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe" [empty string]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"ICQ Lite" = "C:\Program Files\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."]
"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
"Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."]
"RepliGo Assistant" = ""C:\Program Files\Cerience\RepliGo\RepliGoMon.exe"" ["Cerience Corporation"]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = "C:\Program Files\Google\Gmail Notifier\gnotify.exe" ["Google Inc."]
HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}\(Default) = "HomepageBHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hpB5C6.tmp" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Wcesview.dll" [MS]
"{81F4066B-F330-4872-8094-3E9FBCCEC8C1}" = "&RepliGo"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll" ["Cerience Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Noam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\gbsaver.scr" ["Google"]
Startup items in "Noam" & "All Users" startup folders:
------------------------------------------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Google Updater" -> shortcut to: "C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe -systray -startup" [null data]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"Post-it® Software Notes Lite" -> shortcut to: "C:\Program Files\3M\PSNLite\PsnLite.exe -RegRun" ["3M"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 16
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
"{81F4066B-F330-4872-8094-3E9FBCCEC8C1}" = "&RepliGo" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll" ["Cerience Corporation"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{81F4066B-F330-4872-8094-3E9FBCCEC8C1}" = "&RepliGo" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll" ["Cerience Corporation"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
Explorer Bars
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\ = "&מחקר"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\INetRepl.dll" [MS]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Create Mobile Favorite..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\INetRepl.dll" [MS]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "מחקר"
{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Program Files\ICQLite\ICQLite.exe" ["ICQ Ltd."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
HOSTS file
----------
C:\WINDOWS\System32\drivers\etc\HOSTS
maps: 3 domain names to IP addresses,
1 of the IP addresses is *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
Cisco Systems, Inc. VPN Service, CVPND, ""C:\Program Files\HUJI\HUJI VPN Client\cvpnd.exe"" ["Cisco Systems, Inc."]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
PDFCreator\Driver = "pdfcmnnt.dll" [null data]
RepliGo\Driver = "RgoMon.dll" ["Cerience Corporation"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 122 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 7 seconds.
---------- (total run time: 154 seconds)
thanks, noam
and now, 3 minutes after removing the program it has installed itself again! I get a warning from the Microsoft antispyware application about it.
Hi Lonny, I played around with the smitRem script and got it to work. that's it, I'm clean for more than 14 hours!
BUT, I get an error message when I try to run WMPlayer. One of the messages said I am missing the msfeeds.dll file
any idea?
thanks again, noam
LonnyRJones
2006-02-22, 20:22
Show me what you changed in smitrem ?
I put "GOTO notice" instead of the folowing first lines:
VER|find "Microsoft Windows">NUL
IF NOT ERRORLEVEL 1 GOTO notice
VER|find "Windows 2000">NUL
IF NOT ERRORLEVEL 1 GOTO notice
VER|find "Windows XP">NUL
IF NOT ERRORLEVEL 1 GOTO notice
VER|find "Windows 95">NUL
IF NOT ERRORLEVEL 1 GOTO notice1
VER|find "Windows 98">NUL
IF NOT ERRORLEVEL 1 GOTO notice1
VER|find "Windows Millennium">NUL
IF NOT ERRORLEVEL 1 GOTO notice1
VER|find "Windows 2003">NUL
IF NOT ERRORLEVEL 1 GOTO notice
echo Unsupported Version
goto end
So the script start like this:
@echo off
GOTO notice
:notice
color 1F
cls
@echo off
echo.
echo.
echo.
echo ֹֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽ»
echo ÷ ÷
echo ÷ Trojan-Spy.HTML.smitfraud.c Killer ÷
echo ÷ ÷
echo ÷ by noahdfear ÷
echo ÷ ÷
echo ÷ version 2.8 © ÷
echo ÷ ÷
echo ָֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽֽ¼
echo.
echo This tool was tailored to remove smitfraud.c and variants
echo.
echo If you do not trust the source, close this window.
echo.
echo noahdfear does not assume any liability
echo.
echo for damage or loss from running this tool
echo.
echo Use at your own risk!!
echo.
echo.
echo.
echo.
pause
cls
@echo off
echo.
echo.
echo This tool will also clean out the contents of temp folders
echo.
echo and the Prefetch folder. It will also run disk cleanup
echo.
echo to clear the Temporary Internet Files on this user profile,
echo.
echo as well as empty the recycle bin.
echo.
and so on...
LonnyRJones
2006-02-23, 09:44
I hope all is well now.
Im asking the other's why those error levels commands arent working for your pc
I am clean now but can't play anything on my Windows Media Player.
I am using version 10 and this problem started only once I cleaned my computer...
thanks, noam
LonnyRJones
2006-02-25, 20:33
I would try System File Checker next
http://www.petri.co.il/what's_system_file_checker.htm
Although it wont help with the media player problems it might stop the problem thats cousing it
Still not working... any other idea?
thanks, noam
LonnyRJones
2006-02-28, 23:32
Windows media player is not one of my string point but maybe describing what happens exactly will help ?
Im curious, now that you have used system file checker if an un-edited smitrem will run ?
I get the normal "Windows Media Player has encountered a problem and needs to close. We are sorry for the inconvenience." message.
Some details:
When I send a report to Microsoft they reffer me to this page: http://oca.microsoft.com/en/response.aspx?...657b4b5&SID=204 but it doesn't help. I installed this just to see and it doesn't help.
Some trouble started with the BSPlayer the exact same time so I uninstalled it and reinstalled it again and now it seems to be ok.
Do you know if maybe I need to uninstall and reinstall the WMP? I tried reinstalling without uninstalling but that didn't help...
Regarding the SmitRem, it still doesn't work..
thanks, noam
LonnyRJones
2006-03-02, 13:04
"I get an error message when I try to run WMPlayer. One of the messages said I am missing the msfeeds.dll file"
Did you install or have at one time MS beta internet explorer 7
I hust managed installing IE7 2 days ago. I found something about it on the web... a small registry permission change was needed.
but nothing yet with the WMP10... :confused:
thanks, noam
LonnyRJones
2006-03-08, 11:28
You Might search google groups and ask there, probaly something a beta did..
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let Me or Tashi know.