PDA

View Full Version : Vcodec and Spy Falcon, they just won't die.



popculturepooka
2006-03-21, 12:40
Hi.
I recently got vcodec on my machine via an act of rampant stupidity on my brother and his friends behalf.

Since then I have been having spy falcon continuously reinstall on here.

I have followed this guide:
http://www.short-media.com/forum/showthread.php?t=42678
And various others around the net that offer the same ideas, eg use smitrem, ewido, panda etc.
Done it numerous times and each time spyfalcon gets removed fine. Most of the guides however are about removing spy falcon, not the vcodec trojan itself.


But for some reason vcodec is still on my machine and refuses to leave. Spybot search and destroy continuously picks it up and other timesit seems to just activate and reinstall spy falcon.

Here are all the needed logs

Basically, how do I kill vcodec?

EDIT: Just a note. Because of some bizareness when I got my computer, my primary HD is H: not C:. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 5:26:45 PM, on 21/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Norton Internet Security\ISSVC.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\CTsvcCDA.EXE
H:\Program Files\ewido anti-malware\ewidoctrl.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\Program Files\ULI5289\ALi5289.exe
H:\Program Files\ULI5289\JMAP5289.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\rundll32.exe
H:\WINDOWS\system32\nvctrl.exe
H:\WINDOWS\system32\mssearchnet.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Mozilla Thunderbird\thunderbird.exe
H:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
H:\Program Files\SpyFalcon\spyfalcon.exe
H:\Program Files\SpyFalcon\spyfalcon.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - H:\WINDOWS\system32\hp537D.tmp
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - H:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ALi5289] H:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [JMAP5289] H:\Program Files\ULI5289\JMAP5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigPond] "G:\5100.exe" -r
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] H:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpyFalcon] H:\Program Files\SpyFalcon\SpyFalcon.exe /h
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://h:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://h:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///H:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://h:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://h:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://h:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://h:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///H:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///H:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///H:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - H:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - H:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - H:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - H:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - H:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - H:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

popculturepooka
2006-03-21, 12:41
SmitRem log:


smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Tue 03/21/2006
The current time is: 17:45:48.90

Running from
H:\Program Files\smitRem\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url
Online Security Guide.url
Security Troubleshooting.url
Security Troubleshooting.url


~~~ Favorites ~~~



~~~ system32 folder ~~~

1024 dir
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
hp***.tmp
logfiles


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 748 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :)

popculturepooka
2006-03-21, 12:45
Spybot Logs



--- Search result list ---
Smitfraud-C.: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\nvctrl.exe

PestTrap: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}

Elitum.EliteBar: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JM5289


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-12-21 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-03-10 Includes\Cookies.sbi (*)
2006-03-10 Includes\Dialer.sbi (*)
2006-03-10 Includes\Hijackers.sbi (*)
2006-03-10 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-03-10 Includes\Malware.sbi (*)
2006-03-10 Includes\PUPS.sbi (*)
2006-03-10 Includes\Revision.sbi (*)
2006-03-10 Includes\Security.sbi (*)
2006-03-10 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-03-10 Includes\Trojans.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)


--- Startup entries list ---
Located: HK_LM:Run, ALi5289
command: H:\Program Files\ULI5289\ALi5289.exe
file: H:\Program Files\ULI5289\ALi5289.exe
size: 405504
MD5: d3220918715f33a0ef3af790d7e1e32b

Located: HK_LM:Run, ATIPTA
command: H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 339968
MD5: c4708c52ac71338b49334c972de96682

Located: HK_LM:Run, BigPond
command: "G:\5100.exe" -r
file:

Located: HK_LM:Run, ccApp
command: "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: H:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 58992
MD5: e5f9b0314442ea5816518c64b02f10a2

Located: HK_LM:Run, JMAP5289
command: H:\Program Files\ULI5289\JMAP5289.exe
file: H:\Program Files\ULI5289\JMAP5289.exe
size: 28672
MD5: 1555eb3704b4af074aa03a24e461861a

Located: HK_LM:Run, NeroFilterCheck
command: H:\WINDOWS\system32\NeroCheck.exe
file: H:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, NWEReboot
command:
file:

Located: HK_LM:Run, QuickTime Task
command: "H:\Program Files\QuickTime\qttask.exe" -atboottime
file: H:\Program Files\QuickTime\qttask.exe
size: 155648
MD5: 216b3acc656cda8a5a0c3071ec0a408b

Located: HK_LM:Run, RemoteControl
command: "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
file: H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
size: 32768
MD5: 915a106a2fb87292cef0ad4f36adf313

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: H:\WINDOWS\SOUNDMAN.EXE
size: 68096
MD5: f0eeed52fc29bec6e917cab2788148b2

Located: HK_LM:Run, SunJavaUpdateSched
command: H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61a3a9d5d98bf0331df5b716144a8100

Located: HK_LM:Run, Symantec NetDriver Monitor
command: H:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: H:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

popculturepooka
2006-03-21, 12:45
Located: System.ini, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} ()
BHO name:
CLSID name:



--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: H:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 3/20/2006 8:26:06 AM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: H:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab
description:
classification: Open for discussion
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: H:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 12/19/2005 1:35:32 PM
Date (last access): 3/21/2006 5:50:20 PM
Date (last write): 12/19/2005 1:35:32 PM
Filesize: 135168
Attributes: archive
MD5: 20C07B231040B49AFCE82397BFC35F9C
CRC32: 9301377D
Version: 58.4.0.0

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)
DPF name:
CLSID name: MsnMessengerSetupDownloadControl Class
Installer: H:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.inf
Codebase: http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
description:
classification: Legitimate
known filename: MsnMessengerSetupDownloader.ocx
info link:
info source: Safer Networking Ltd.
Path: H:\WINDOWS\Downloaded Program Files\
Long name: MsnMessengerSetupDownloader.ocx
Short name: MSNMES~1.OCX
Date (created): 8/14/2005 12:26:04 AM
Date (last access): 3/20/2006 8:30:36 AM
Date (last write): 8/14/2005 12:26:04 AM
Filesize: 113664
Attributes: archive
MD5: C403792A3FF639C215067D5AA680C482
CRC32: 7CD0769A
Version: 1.0.0.3

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: H:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 3/21/2006 5:53:00 PM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: H:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 3/21/2006 5:53:00 PM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: H:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: H:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8a.ocx
Short name:
Date (created): 1/2/2006 11:13:28 AM
Date (last access): 3/21/2006 5:48:46 PM
Date (last write): 1/2/2006 11:13:28 AM
Filesize: 1443464
Attributes: readonly archive
MD5: 3066BB99502AE33AE44F17954AF56B8F
CRC32: 658FAE72
Version: 8.0.24.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 128 ( 4) \SystemRoot\System32\smss.exe
PID: 176 ( 128) \??\H:\WINDOWS\system32\csrss.exe
PID: 200 ( 128) \??\H:\WINDOWS\system32\winlogon.exe
PID: 244 ( 200) H:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 256 ( 200) H:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 400 ( 244) H:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 444 ( 244) H:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 484 ( 244) H:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 172 ( 896) H:\WINDOWS\explorer.exe
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 716 ( 172) H:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/21/2006 5:53:00 PM

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{81338BA4-E89C-4A3B-BE40-16C2907A2F89}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{81338BA4-E89C-4A3B-BE40-16C2907A2F89}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF89EB6C-6245-4368-B34C-52E7A37FCA60}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF89EB6C-6245-4368-B34C-52E7A37FCA60}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{36B7BE34-FB31-4861-89F5-9487FDCD83BA}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{36B7BE34-FB31-4861-89F5-9487FDCD83BA}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0D6247E-B359-4FAD-B63A-F2EE1BF1C8C3}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0D6247E-B359-4FAD-B63A-F2EE1BF1C8C3}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

popculturepooka
2006-03-21, 12:46
--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: H:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE H:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Adobe Photoshop CS2 9.0 (Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D})
version: 9
version (major): 9
install location: H:\Program Files\Adobe\Adobe Photoshop CS2\
uninstall cmd: msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
publisher: Adobe Systems, Inc.
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-555-555-4505

ALi mini IDE driver (ALiminiIDE)
uninstall cmd: H:\WINDOWS\System32\ALi5minst.exe H:\WINDOWS\inf\mshdc.inf PCI\VEN_10B9&DEV_5229 1

ATI - Software Uninstall Utility 6.14.10.1009 (All ATI Software)
uninstall cmd: H:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

Allofmp3 Explorer 2.3.17.404 (Allofmp3 Explorer)
uninstall cmd: H:\PROGRA~1\MEDIAS~1\Allofmp3\UNWISE.EXE H:\PROGRA~1\MEDIAS~1\Allofmp3\INSTALL.LOG
publisher: MediaServices
help link: http://www.allofmp3.com/explorer.shtml

ATI Display Driver 8.03-040610a-016800C-Asus (ATI Display Driver)
uninstall cmd: rundll32 H:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

(Branding)

(CADI)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove

CEP3 - Color Enable Package 3 3.3b (CEP3 - Colour Options for The Sims 2_is1)
uninstall cmd: "H:\WINDOWS\unins000.exe"
publisher: Numenor, for ModTheSims2
help link: http://www.modthesims2.com/showthread.php?t=92541

(Connection Manager)

(Creative Audio CD Ripper)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9 /remove

(Creative Audio Device Selection)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove

(Creative Import Wizard)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x9 /remove

Creative Jukebox Driver (Creative Jukebox Driver)
uninstall cmd: H:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s

(Creative MediaSource)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove

(Creative MediaSource CD-ROM Burner Plugin)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove

(Creative MediaSource Detector)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove

(Creative MediaSource NOMAD Jukebox 2/3/Zen Plugin)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove

(Creative MediaSource NOMAD MuVo Plugin)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove

(Creative MediaSource Player Skin Pack)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove

Creative Removable Disk Manager (Creative Removable Disk Manager)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove

(Creative Sync Manager)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove

(Creative Zen)

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

eMedia Codec 4.0 4.0 (eMedia Codec)
uninstall cmd: H:\Program Files\eMedia Codec\uninst.exe
publisher: eMedia Codec Software

ewido anti-malware (ewidoantimalware)
install location: H:\Program Files\ewido anti-malware
uninstall cmd: H:\Program Files\ewido anti-malware\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

(Fontcore)

Google Video Player (GoogleVideoPlayer)
uninstall cmd: "H:\Program Files\Google\Google Video Player\Uninstall.exe"

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: H:\Program Files\Hijackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

Hijackthis 1.99.1 (Hijackthis_is1)
install location: H:\Program Files\Hijackthis\
uninstall cmd: "H:\Program Files\Hijackthis\unins000.exe"
publisher: Soeperman Enterprises Ltd
help link: http://www.merijn.org

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

QuickTime 7.0.3 (InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083})
version: 117440515
version (major): 7
estimated size: 62919
install date: 20051220
install location: H:\Program Files\QuickTime\
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\_is28A\
uninstall cmd: H:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

IrfanView (remove only) (IrfanView)
uninstall cmd: H:\Program Files\IrfanView\iv_uninstall.exe

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: H:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

(KB884016)

Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: H:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: H:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: H:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: H:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: H:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: H:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: H:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: H:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: H:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Security Update for Windows XP (KB893066) 2 (KB893066)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066

Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "H:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Update for Windows XP (KB898461) 1 (KB898461)
install date: 20060209
uninstall cmd: "H:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Security Update for Windows XP (KB904706) 2 (KB904706)
install date: 20060211
uninstall cmd: "H:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

Security Update for Windows XP (KB905915) 1 (KB905915)
install date: 20060211
uninstall cmd: "H:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915

Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060211
uninstall cmd: "H:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Update for Windows XP (KB910437) 1 (KB910437)
install date: 20060211
uninstall cmd: "H:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060211
uninstall cmd: "H:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919

Lame ACM MP3 Codec (LameACM)
uninstall cmd: H:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 H:\WINDOWS\INF\LameACM.inf

LiveReg (Symantec Corporation) 3.0.0 (LiveReg)
install location: H:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: H:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
publisher: Symantec Corporation

LiveUpdate 2.5 (Symantec Corporation) 2.5.55.0 (LiveUpdate)
install location: H:\Program Files\Symantec\LiveUpdate
uninstall cmd: H:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

mIRC (mIRC)
uninstall cmd: "H:\Program Files\mIRC\mirc.exe" -uninstall

(MobileOptionPack)

popculturepooka
2006-03-21, 12:48
Mozilla Thunderbird (1.0.7) 1.0.7 (en) (Mozilla Thunderbird (1.0.7))
install location: H:\Program Files\Mozilla Thunderbird
uninstall cmd: H:\WINDOWS\UninstallThunderbird.exe /ua "1.0.7 (en)"
publisher: Mozilla

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

MSN Music Assistant (MSN Music Assistant)
uninstall cmd: rundll32 advpack.dll,LaunchINFSection H:\WINDOWS\INF\msninst.inf,Uninstall

(Nero - Burning Rom!UninstallKey)
uninstall cmd: H:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Nero Suite (NeroMultiInstaller!UninstallKey)
uninstall cmd: H:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall

(NetMeeting)

Netscape Browser (remove only) (Netscape Browser)
uninstall cmd: "H:\Program Files\Netscape\Netscape Browser\NSUninst.exe"

(OutlookExpress)

Panda ActiveScan (Panda ActiveScan)
uninstall cmd: H:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
publisher: Panda Software S.L.

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 H:\WINDOWS\INF\PCHealth.inf

PowerArchiver 2006 v9.50 9.50 (PowerArchiver_is1)
install location: H:\Program Files\PowerArchiver\
uninstall cmd: "H:\Program Files\PowerArchiver\unins000.exe"
publisher: ConeXware, Inc.
help link: http://www.powerarchiver.com

QuadSucker/Web v3.0 3.0 (QuadSucker/Web_is1)
uninstall cmd: "H:\Program Files\QuadWeb\unins000.exe"
publisher: SB-Software

(SchedulingAgent)

(Sevinst)

Shareaza version 2.2.1.0 2.2.1.0 (Shareaza_is1)
install location: H:\Program Files\Shareaza\
uninstall cmd: "H:\Program Files\Shareaza\Uninstall\unins000.exe"
publisher: Shareaza Development Team
comments: Shareaza Ultimate File Sharing
help link: http://www.shareaza.com/?id=support

Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection H:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/

Sims2Pack Clean Installer (Sims2Pack Clean Installer )
uninstall cmd: H:\Program Files\Sims2Pack Clean Installer\uninstall.exe

Skype 2.0 2.0 (Skype_is1)
install location: H:\Program Files\Skype\Phone\
uninstall cmd: "H:\Program Files\Skype\Phone\unins000.exe"
publisher: Skype Software S.A.
help link: http://ui.skype.com/ui/0/2.0.0.69/en/help

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: H:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "H:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Norton Internet Security 2005 (Symantec Corporation) 8.0.0.64 (SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20})
install location: H:\Program Files\Norton Internet Security
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1
uninstall cmd: H:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
publisher: Symantec Corporation

Creative System Information (SysInfo)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove

Themexp.org File (Themexp.org File)
uninstall cmd: H:\PROGRA~1\themexp\THEMEX~1.ORG\UNWISE.EXE H:\PROGRA~1\themexp\THEMEX~1.ORG\INSTALL.LOG

Trillian (Trillian)
uninstall cmd: H:\Program Files\Trillian\trillian.exe /uninstall

UltraSucker/Web v3.0 3.0 (UltraSucker/Web_is1)
uninstall cmd: "H:\Program Files\UltraWeb\unins000.exe"
publisher: SB-Software

VGA USB Camera (VGA USB Camera)
uninstall cmd: H:\WINDOWS\CleanDev.exe H:\WINDOWS\ov519.TXT

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "H:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10 (Windows Media Player)
uninstall cmd: "H:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

World of Warcraft (World of Warcraft)
uninstall cmd: H:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

Yahoo! extras (Yahoo! Customizations)
uninstall cmd: H:\PROGRA~1\Yahoo!\Common\unyext.exe

Yahoo! Internet Mail (Yahoo! Internet Mail)
uninstall cmd: H:\WINDOWS\system32\regsvr32 /u /s H:\PROGRA~1\Yahoo!\Common\ymmapi.dll

Yahoo! Messenger (Yahoo! Messenger)
uninstall cmd: H:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE H:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

Yahoo! Install Manager (YInstHelper)
uninstall cmd: H:\WINDOWS\system32\regsvr32 /u H:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

(Zen Media Explorer)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9D35DFD7-DED3-4D49-8293-C9D82DA322FB}\setup.exe" -l0x9 /remove

Morrowind ({055A1919-3BBA-4BD5-8B3C-3851879AC185})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\Bethesda Softworks\Morrowind\MWUninstall\Setup.exe" -l0x9

3.00 ({0B095086-7205-4D48-90DF-DCD16613C6D4})
version: 50331648
install location: H:\Program Files\Creative\MediaSource\Detector
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9

ATI Control Panel 6.14.10.5113 ({0BEDBD4E-2D34-47B5-9973-57E62B29307C})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

ULi AGP Driver 2.20 ({0DD0650C-5113-4FEE-BDDA-AC0B76FD0BD1})
uninstall cmd: H:\WINDOWS\system32\UnAGP.EXE RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{0DD0650C-5113-4FEE-BDDA-AC0B76FD0BD1}\Setup.exe" -uninst

3.00 ({103BCDA0-E063-46AC-8028-64E78722ABA7})
version: 50331648
install location: H:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9

popculturepooka
2006-03-21, 12:49
Norton Internet Security 8.0.0.64 ({12E2B9E9-05B1-407d-B0FD-B5F350535125})
version: 134217728
version (major): 8
estimated size: 13455
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
publisher: Symantec Corporation

ULi LAN Driver ({143BE018-D8F8-4014-8CB6-AF63F5799D21})
uninstall cmd: H:\WINDOWS\system32\UnLAN.EXE RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{143BE018-D8F8-4014-8CB6-AF63F5799D21}\Setup.exe" -uninst

AutoUpdate 1.1 ({18D10072035C4515918F7E37EAFAACFC})
install location: H:\Program Files\DivX

Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "h:\program files\google\googletoolbar2.dll"

Adobe Photoshop CS2 9.0 ({236BB7C4-4419-42FD-0409-1E257A25E34D})
version: 150994944
version (major): 9
estimated size: 639892
install date: 20060110
install location: H:\Program Files\Adobe\Adobe Photoshop CS2\
install source: H:\Program Files\photoshop\Photoshop CS2\Adobe(R) Photoshop(R) CS2\
publisher: Adobe Systems, Inc.
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-555-555-4505

1.10 ({2616B36E-38CE-4357-8AB5-8B3EE9B1C117})
version: 17432576
install location: H:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9

SymNet 5.4.2.17 ({2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2})
version: 84148226
version (major): 5
version (minor): 4
estimated size: 2714
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\SymNet\
uninstall cmd: MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
publisher: Symantec Corporation

Creative MediaSource 3.00 ({2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC})
version: 50331648
install location: H:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove
help link: http://www.creative.com/support

J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 148501
install date: 20060207
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_06-b05/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: H:\Program Files\Java\jre1.5.0_06\README.txt

WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20051220
install source: H:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

QuickTime 7.0.3 ({3868A8EE-5051-4DB0-8DF6-4F4B8A98D083})
version: 117440515
version (major): 7
estimated size: 62919
install date: 20051220
install location: H:\Program Files\QuickTime\
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\_is28A\
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

Norton AntiSpam 2005.1.0.163 ({3B29A786-5803-4e9e-9B58-3014A5B4E519})
version (major): 2005
version (minor): 1
estimated size: 929
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
publisher: Symantec Corporation

ULi 5289 Driver ({432968D5-88FE-44B9-9168-B2806A9668E9})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{432968D5-88FE-44B9-9168-B2806A9668E9}\SETUP.exe"

Norton Internet Security 8.0.0.64 ({449F3A9E-9903-4a0d-A209-08030D45A935})
version: 134217728
version (major): 8
estimated size: 709
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
publisher: Symantec Corporation

MUSICMATCH® Jukebox ({45EBDA59-D33B-433A-956E-B2F236468B56})
uninstall cmd: H:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe

Norton Internet Security 8.0.0.64 ({48185814-A224-447a-81DA-71BD20580E1B})
version: 134217728
version (major): 8
estimated size: 1304
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
publisher: Symantec Corporation

Norton Internet Security 8.0.0.64 ({526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F})
version: 134217728
version (major): 8
estimated size: 1081
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
publisher: Symantec Corporation

Norton AntiSpam 2005.1.0.163 ({5677563D-0CB1-485f-9E18-C5025306BB3F})
version (major): 2005
version (minor): 1
estimated size: 10139
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
publisher: Symantec Corporation

1.0 ({57FA4E0F-82C9-417D-87BC-0186D6CB7A44})
version: 16777216
install location: H:\Program Files\Creative\DiskManager
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9

({5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977})

TES Construction Set ({605333A6-963F-480C-A358-1301CAA6CFF6})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9

({62369F2F77534556AEF4C58152E3BDE5})

1.0 ({63A317D0-60A6-43FC-848A-9FE4A53B29CE})
version: 16777216
install location: H:\Program Files\Creative\Support\System Information
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9

PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

1.02 ({700932B3-A964-4878-82A2-96054622A1F7})
version: 16908288
install location: H:\Program Files\Creative\ShareDLL\CADI
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9

SPBBC 1.00.0000 ({77772678-817F-4401-9301-ED1D01A8DA56})
version: 16777216
version (major): 1
estimated size: 1423
install date: 20051221
install location: H:\Program Files\Norton Internet Security\Norton AntiVirus\
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\SPBBC\
uninstall cmd: MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
publisher: Your Company Name

Adobe Stock Photos 1.0 001.000.000 ({786C5747-1033-0000-B58E-000000000001})
version: 16777216
version (major): 1
estimated size: 5397
install date: 20060110
install location: H:\Program Files\Adobe\Adobe Stock Photos\
install source: H:\Program Files\photoshop\Photoshop CS2\Adobe(R) Photoshop(R) CS2\Stock Photography\
uninstall cmd: MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com
help telephone: 1-555-555-4505

popculturepooka
2006-03-21, 12:50
DivX 6.1 ({7B63B2922B174135AFC0E1377DD81EC2})
install location: H:\Program Files\DivX
uninstall cmd: H:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
publisher: DivX, Inc.

3.00 ({836612F0-1571-4C65-A4B7-58A39AA578EE})
version: 50331648
install location: H:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9

DJBCP Codec Pack Light 2.2.0.2004.12.01 2.2.0 ({874C4817-6E98-4FF9-BF54-134B2C118464})
version: 33685504
version (major): 2
version (minor): 2
estimated size: 14206
install date: 20060114
install source: H:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /I{874C4817-6E98-4FF9-BF54-134B2C118464}
publisher: DJBCP PROJECT TEAM

The Sims 2 ({8AB8D458-939E-403F-0097-9BA1C1F013D5})
uninstall cmd: H:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe

DivX Player 6.0 ({8ADFC4160D694100B5B8A22DE9DCABD9})
install location: H:\Program Files\DivX
uninstall cmd: H:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
publisher: DivXNetworks, Inc.

Adobe Common File Installer 1.00.0000 ({8EDBA74D-0686-4C99-BFDD-F894678E5B39})
version: 16777216
version (major): 1
estimated size: 136561
install date: 20060110
install location: H:\Program Files\Common Files\Adobe\
install source: H:\Program Files\photoshop\Photoshop CS2\Adobe(R) Photoshop(R) CS2\commonfilesinstaller\
uninstall cmd: MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
publisher: Adobe System Incorporated
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com/help
help telephone: 1-555-555-4505

The Sims 2 University ({8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2})
uninstall cmd: H:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe

Microsoft Office Professional Edition 2003 11.0.5614.0 ({90110409-6000-11D3-8CFE-0150048383C9})
version: 184554990
version (major): 11
estimated size: 653093
install date: 20060118
install location: H:\Program Files\Microsoft Office\
install source: H:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\
uninstall cmd: MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: H:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM

1.10 ({9744AE38-1CC6-414F-96CE-0643AEE30A9B})
version: 17432576
install location: H:\Program Files\Creative\Import Wizard
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x9

4.00 ({9AB14DF5-3B04-4E3B-9969-695DBA7F2008})
version: 67108864
install location: H:\Program Files\Creative\Sync Manager
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9

Creative Zen 1.0 ({9BFB6F77-6E60-44F5-B737-4673362B28A8})
version: 16777216
install location: H:\Program Files\Creative\Creative Zen
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9BFB6F77-6E60-44F5-B737-4673362B28A8}\SETUP.EXE" -l0x9 /remove

4.10 ({9D35DFD7-DED3-4D49-8293-C9D82DA322FB})
version: 67764224
install location: H:\Program Files\Creative\Creative Zen
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9D35DFD7-DED3-4D49-8293-C9D82DA322FB}\setup.exe" -l0x9

1.10 ({9E54F486-CD4A-44A5-B041-16D4E1E56A53})
version: 17432576
install location: H:\Program Files\Creative\CD Ripping Wizard
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9

2.00 ({A82F10CB-18B5-4EAC-AEF2-FA49CD565626})
version: 33554432
install location: H:\Program Files\Creative\Shared Files
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9

Norton Internet Security 8.0.0.64 ({A93C9E60-29B6-49da-BA21-F70AC6AADE20})
version: 134217728
version (major): 8
estimated size: 5537
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
publisher: Symantec Corporation

Adobe Reader 7.0.7 7.0.7 ({AC76BA86-7AD7-1033-7B44-A70500000002})
version: 117440519
version (major): 7
estimated size: 77703
install date: 20060221
install source: H:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig705\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: H:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

Adobe Reader 7.0.5 Language Support 7.0.5 ({AC76BA86-7AD7-5464-3428-7050000000A7})
version: 117440517
version (major): 7
estimated size: 34373
install date: 20060222
install source: H:\Program Files\Adobe\Acrobat 7.0\Setup Files\SpellingDictionary\{E54EF49D-FCD5-4B3E-97B9-128D247834E1}\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
publisher: Adobe Systems
comments: This is a placeholder for ARP comments for Spelling Dictionaries for Adobe Reader 7.0
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-800-833-6687

({B13A7C41581B411290FBC0395694E2A9})

Adobe Bridge 1.0 001.000.000 ({B74D4E10-1033-0000-0000-000000000001})
version: 16777216
version (major): 1
estimated size: 64689
install date: 20060110
install location: H:\Program Files\Adobe\Adobe Bridge\
install source: H:\Program Files\photoshop\Photoshop CS2\Adobe(R) Photoshop(R) CS2\Bridge\
uninstall cmd: MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html
help telephone: 1-555-555-4505

MSRedist 1.0.0.0 ({B7C61755-DB48-4003-948F-3D34DB8EAF69})
version: 16777216
version (major): 1
estimated size: 4507
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\Redist\
uninstall cmd: MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
publisher: Symantec Corporation

Messenger Beta 8.0.0566.0 ({B835B495-9BE4-4C9F-929B-1DFEE3D189B3})
version: 134218294
version (major): 8
estimated size: 27329
install date: 20060312
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{B835B495-9BE4-4C9F-929B-1DFEE3D189B3}
publisher: Microsoft Corporation

Athlon 64 Processor Driver 1.1.0.14 ({C151CE54-E7EA-4804-854B-F515368B0798})
version: 16842752
install location: H:\Program Files\AMD\Athlon 64 Processor Driver
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9

Norton AntiVirus 2005 11.0.2 ({C6F5B6CF-609C-428E-876F-CA83176C021B})
version: 184549378
version (major): 11
estimated size: 58544
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\NAV\
uninstall cmd: MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
publisher: Symantec Corporation

Norton Internet Security 8.0.0.64 ({C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF})
version: 134217728
version (major): 8
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
publisher: Symantec Corporation

Symantec Network Drivers Update 5.5.1.6 ({CA0A1E54-CE0F-4366-B09C-A87B61DC5633})
version: 84213761
version (major): 5
version (minor): 5
estimated size: 2754
install date: 20051221
install source: H:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\EXITEM~2.2_E\
publisher: Symantec Corporation

Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 37015
install date: 20060223
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

1.01 ({CB99E420-8071-48F9-9567-4A53BE7569C4})
version: 16842752
install location: H:\Program Files\Creative\MediaSource\Audio Device Selection
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9

({CBBB5EED-CC92-49F2-A276-D5433F39D1EB})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{CBBB5EED-CC92-49F2-A276-D5433F39D1EB}\Setup.exe" -l0x9

Symantec Script Blocking Installer 11.0.2 ({D327AFC9-7BAA-473A-8319-6EB7A0D40138})
version: 184549378
version (major): 11
estimated size: 477
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\ScrBlock\
uninstall cmd: MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
publisher: Symantec

1.10 ({D524239C-FD5C-4183-A49C-7930915A9C0A})
version: 17432576
install location: H:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9

CC_ccProxyExt 103.0.2.10 ({DA42FDCA-7C5A-43EF-9A05-CCE148ADF919})
version: 1728053250
version (major): 103
estimated size: 600
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\Proxy\
uninstall cmd: MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
publisher: Symantec

ccCommon 103.0.2.10 ({DC367608-64A7-4BF7-92F4-8BAA25BA02DB})
version: 1728053250
version (major): 103
estimated size: 5695
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\ccCommon\
uninstall cmd: MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
publisher: Symantec

1.00 ({DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C})
version: 16777216
install location: H:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9

Norton Internet Security 1.0.0 ({E3EFA461-EB83-4C3B-9C47-2C1D58A01555})
version: 16777216
version (major): 1
estimated size: 1436
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\HelpMSI\
uninstall cmd: MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
publisher: Symantec Corp.

Norton Internet Security 8.0.0.64 ({E5EE9939-259F-4DE2-8023-5C49E16A4F43})
version: 134217728
version (major): 8
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\NAV\
uninstall cmd: MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
publisher: Symantec Corporation

Norton WMI Update 2005.1.0.111 ({E85FA9A1-C241-4698-893B-DD99509B8DB0})
version (major): 2005
version (minor): 1
estimated size: 613
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\SymSC\
uninstall cmd: MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
publisher: Symantec Corporation

Adobe Help Center 1.0 001.000.000 ({E9787678-1033-0000-8E67-000000000001})
version: 16777216
version (major): 1
estimated size: 21738
install date: 20060110
install location: H:\Program Files\Adobe\Adobe Help Center\
install source: H:\Program Files\photoshop\Photoshop CS2\Adobe(R) Photoshop(R) CS2\Help Center\
uninstall cmd: MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com
help telephone: 1-555-555-4505

Norton WMI Update 2005.1.0.111 ({F64306A5-4C32-41bb-B153-53986527FAB4})
version (major): 2005
version (minor): 1
estimated size: 613
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\SymSC\
uninstall cmd: MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
publisher: Symantec Corporation

The Sims 2 Nightlife ({F7529650-B9DB-481B-0089-A2AC3C2821C1})
uninstall cmd: H:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe

Realtek AC'97 Audio ({FB08F381-6533-4108-B7DD-039E11FBC27E})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE

ccPxyCore 103.0.2.10 ({FC08587A-4F01-4188-819F-F55880022917})
version: 1728053250
version (major): 103
estimated size: 2821
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\Proxy\
uninstall cmd: MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
publisher: Symantec

Norton Internet Security 8.0.0.64 ({FC2C0536-583C-46c0-844A-62CECAE01F22})
version: 134217728
version (major): 8
estimated size: 304
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
publisher: Symantec Corporation

Anarchy Online Classic Edition ({FF443E9E-AF54-42A5-85CE-20B4DEDCAFDA})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{FF443E9E-AF54-42A5-85CE-20B4DEDCAFDA}\setup.exe" UNINSTALL

popculturepooka
2006-03-21, 12:51
Sigh... Finally the Ewido log and Panda Active Scan log


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:26:25 PM, 3/21/2006
+ Report-Checksum: D4677809

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} -> Adware.Generic : Cleaned with backup


::Report End

popculturepooka
2006-03-21, 12:52
Incident Status Location

Potentially unwanted tool:application/spyfalcon Not disinfected H:\Documents and Settings\Heath\Application Data\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\SpyFalcon 2.0.lnk
Adware:adware/emediacodec Not disinfected H:\WINDOWS\SYSTEM32\ncompat.tlb
Adware:adware/securityerror Not disinfected H:\Documents and Settings\Heath\Favorites\Antivirus Test Online.url
Spyware:Cookie/2o7 Not disinfected H:\Documents and Settings\Heath\Cookies\heath@2o7[2].txt
Spyware:Cookie/Com.com Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ad.sensismediasmart.com[1].txt
Spyware:Cookie/YieldManager Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected H:\Documents and Settings\Heath\Cookies\heath@adopt.hbmediapro[2].txt
Spyware:Cookie/PointRoll Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ads.pointroll[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected H:\Documents and Settings\Heath\Cookies\heath@adultfriendfinder[1].txt
Spyware:Cookie/Falkag Not disinfected H:\Documents and Settings\Heath\Cookies\heath@as-us.falkag[1].txt
Spyware:Cookie/Atwola Not disinfected H:\Documents and Settings\Heath\Cookies\heath@atwola[1].txt
Spyware:Cookie/Banner Not disinfected H:\Documents and Settings\Heath\Cookies\heath@banner[1].txt
Spyware:Cookie/Belnk Not disinfected H:\Documents and Settings\Heath\Cookies\heath@belnk[1].txt
Spyware:Cookie/Bs.serving-sys Not disinfected H:\Documents and Settings\Heath\Cookies\heath@bs.serving-sys[1].txt
Spyware:Cookie/GoStats Not disinfected H:\Documents and Settings\Heath\Cookies\heath@c2.gostats[2].txt
Spyware:Cookie/Casalemedia Not disinfected H:\Documents and Settings\Heath\Cookies\heath@casalemedia[1].txt
Spyware:Cookie/Ccbill Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ccbill[1].txt
Spyware:Cookie/Com.com Not disinfected H:\Documents and Settings\Heath\Cookies\heath@com[1].txt
Spyware:Cookie/did-it Not disinfected H:\Documents and Settings\Heath\Cookies\heath@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected H:\Documents and Settings\Heath\Cookies\heath@dist.belnk[2].txt
Spyware:Cookie/Com.com Not disinfected H:\Documents and Settings\Heath\Cookies\heath@gamearena.com[1].txt
Spyware:Cookie/go Not disinfected H:\Documents and Settings\Heath\Cookies\heath@go[1].txt
Spyware:Cookie/WUpd Not disinfected H:\Documents and Settings\Heath\Cookies\heath@revenue[1].txt
Spyware:Cookie/Rn11 Not disinfected H:\Documents and Settings\Heath\Cookies\heath@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected H:\Documents and Settings\Heath\Cookies\heath@searchportal.information[2].txt
Spyware:Cookie/Serving-sys Not disinfected H:\Documents and Settings\Heath\Cookies\heath@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected H:\Documents and Settings\Heath\Cookies\heath@statcounter[1].txt
Spyware:Cookie/Target Not disinfected H:\Documents and Settings\Heath\Cookies\heath@target[1].txt
Spyware:Cookie/Toplist Not disinfected H:\Documents and Settings\Heath\Cookies\heath@toplist[1].txt
Spyware:Cookie/Tribalfusion Not disinfected H:\Documents and Settings\Heath\Cookies\heath@tribalfusion[1].txt
Spyware:Cookie/Tucows Not disinfected H:\Documents and Settings\Heath\Cookies\heath@tucows[2].txt
Spyware:Cookie/Advnt Not disinfected H:\Documents and Settings\Heath\Cookies\heath@www.advnt01[1].txt
Spyware:Cookie/Xiti Not disinfected H:\Documents and Settings\Heath\Cookies\heath@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected H:\Documents and Settings\Heath\Cookies\heath@xmts[2].txt
Spyware:Cookie/Adserver Not disinfected H:\Documents and Settings\Heath\Cookies\heath@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected H:\Documents and Settings\Heath\Cookies\heath@zedo[2].txt

popculturepooka
2006-03-21, 12:53
Spyware:Cookie/Advnt Not disinfected H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt[]
Spyware:Cookie/2o7 Not disinfected H:\Documents and Settings\Heath\Cookies\heath@2o7[2].txt
Spyware:Cookie/Com.com Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ad.sensismediasmart.com[1].txt
Spyware:Cookie/YieldManager Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected H:\Documents and Settings\Heath\Cookies\heath@adopt.hbmediapro[2].txt
Spyware:Cookie/PointRoll Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ads.pointroll[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected H:\Documents and Settings\Heath\Cookies\heath@adultfriendfinder[1].txt
Spyware:Cookie/Falkag Not disinfected H:\Documents and Settings\Heath\Cookies\heath@as-us.falkag[1].txt
Spyware:Cookie/Atwola Not disinfected H:\Documents and Settings\Heath\Cookies\heath@atwola[1].txt
Spyware:Cookie/Banner Not disinfected H:\Documents and Settings\Heath\Cookies\heath@banner[1].txt
Spyware:Cookie/Belnk Not disinfected H:\Documents and Settings\Heath\Cookies\heath@belnk[1].txt
Spyware:Cookie/Bs.serving-sys Not disinfected H:\Documents and Settings\Heath\Cookies\heath@bs.serving-sys[1].txt
Spyware:Cookie/GoStats Not disinfected H:\Documents and Settings\Heath\Cookies\heath@c2.gostats[2].txt
Spyware:Cookie/Casalemedia Not disinfected H:\Documents and Settings\Heath\Cookies\heath@casalemedia[1].txt
Spyware:Cookie/Ccbill Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ccbill[1].txt
Spyware:Cookie/Com.com Not disinfected H:\Documents and Settings\Heath\Cookies\heath@com[1].txt
Spyware:Cookie/did-it Not disinfected H:\Documents and Settings\Heath\Cookies\heath@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected H:\Documents and Settings\Heath\Cookies\heath@dist.belnk[2].txt
Spyware:Cookie/Com.com Not disinfected H:\Documents and Settings\Heath\Cookies\heath@gamearena.com[1].txt
Spyware:Cookie/go Not disinfected H:\Documents and Settings\Heath\Cookies\heath@go[1].txt
Spyware:Cookie/WUpd Not disinfected H:\Documents and Settings\Heath\Cookies\heath@revenue[1].txt
Spyware:Cookie/Rn11 Not disinfected H:\Documents and Settings\Heath\Cookies\heath@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected H:\Documents and Settings\Heath\Cookies\heath@searchportal.information[2].txt
Spyware:Cookie/Serving-sys Not disinfected H:\Documents and Settings\Heath\Cookies\heath@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected H:\Documents and Settings\Heath\Cookies\heath@statcounter[1].txt
Spyware:Cookie/Target Not disinfected H:\Documents and Settings\Heath\Cookies\heath@target[1].txt
Spyware:Cookie/Toplist Not disinfected H:\Documents and Settings\Heath\Cookies\heath@toplist[1].txt
Spyware:Cookie/Tribalfusion Not disinfected H:\Documents and Settings\Heath\Cookies\heath@tribalfusion[1].txt
Spyware:Cookie/Tucows Not disinfected H:\Documents and Settings\Heath\Cookies\heath@tucows[2].txt
Spyware:Cookie/Advnt Not disinfected H:\Documents and Settings\Heath\Cookies\heath@www.advnt01[1].txt
Spyware:Cookie/Xiti Not disinfected H:\Documents and Settings\Heath\Cookies\heath@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected H:\Documents and Settings\Heath\Cookies\heath@xmts[2].txt
Spyware:Cookie/Adserver Not disinfected H:\Documents and Settings\Heath\Cookies\heath@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected H:\Documents and Settings\Heath\Cookies\heath@zedo[2].txt
Potentially unwanted tool:Application/Processor Not disinfected H:\Program Files\smitRem\smitRem\Process.exe

popculturepooka
2006-03-21, 12:56
And lastly, a HJT log after I did all these things


Logfile of HijackThis v1.99.1
Scan saved at 7:15:38 PM, on 21/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Norton Internet Security\ISSVC.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\CTsvcCDA.EXE
H:\Program Files\ewido anti-malware\ewidoctrl.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\Program Files\ULI5289\ALi5289.exe
H:\Program Files\ULI5289\JMAP5289.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Hijackthis\HijackThis.exe

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - H:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ALi5289] H:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [JMAP5289] H:\Program Files\ULI5289\JMAP5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigPond] "G:\5100.exe" -r
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] H:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://h:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://h:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///H:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://h:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://h:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://h:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://h:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///H:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///H:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///H:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - H:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - H:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - H:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - H:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - H:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - H:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

popculturepooka
2006-03-21, 13:45
One more thing
Of these files the guides say to remove:


C :\Windows\System32\dxmpp.dll
C:\Windows\System32\ginuerep.dll
C:\Program Files\SpyFalcon\

While in safe mode, the only one I get is ginurep.dll, which keeps coming back.

I do go into safe mode via administrator and have hidden files et al turned on.

CalamityJane
2006-03-23, 23:46
Hi popculturepooka,

I'm reviewing all your logs, but here are some things I'd like you to do if you haven't already:

If you had SpyFalcon, you will also need to download this file and save it to your desktop
Download FixSF.reg by right clicking here
http://www.bleepingcomputer.com/files/reg/FixSF.reg
and selecting "save target as" (or if using Firefox - "save link as")

Go to your desktop and double click on the FixSF.reg file that you downloaded earlier. When it asks if you would like to merge the information, press the Yes button and then the OK button.
.......................
The latest Spybot updates dated 3/19 included: SpyFalcon + Vcodec

Your run with Spybot was using the 3/10 updates.

Open Spybot and click on *Search for Updates* You should find new definitions available. Please download and install the updates. Reboot into safe mode. Run Spybot and let it *fix* any new problems found, if any.

Search for then see if you can delete:
C:\Windows\System32\ginuerep.dll

Reboot back into normal mode and post a fresh HijackThis log and let me know what problems you may see remaining?

popculturepooka
2006-03-24, 23:14
Hi popculturepooka,

I'm reviewing all your logs, but here are some things I'd like you to do if you haven't already:

If you had SpyFalcon, you will also need to download this file and save it to your desktop
Download FixSF.reg by right clicking here
http://www.bleepingcomputer.com/files/reg/FixSF.reg
and selecting "save target as" (or if using Firefox - "save link as")

Go to your desktop and double click on the FixSF.reg file that you downloaded earlier. When it asks if you would like to merge the information, press the Yes button and then the OK button.
.......................
The latest Spybot updates dated 3/19 included: SpyFalcon + Vcodec

Your run with Spybot was using the 3/10 updates.

Open Spybot and click on *Search for Updates* You should find new definitions available. Please download and install the updates. Reboot into safe mode. Run Spybot and let it *fix* any new problems found, if any.

Search for then see if you can delete:
C:\Windows\System32\ginuerep.dll

Reboot back into normal mode and post a fresh HijackThis log and let me know what problems you may see remaining?
Hey Jane.

Hmmm did all that. Everything seemed fine for most of yesterday.

Turned on this morning and instead of Spy Falcon, I now have Spyware Quake on here.

S&D even caught vcodec properly.

Logfile of HijackThis v1.99.1
Scan saved at 7:08:09 AM, on 25/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Norton Internet Security\ISSVC.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\CTsvcCDA.EXE
H:\Program Files\ewido anti-malware\ewidoctrl.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\Program Files\ULI5289\ALi5289.exe
H:\Program Files\ULI5289\JMAP5289.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
H:\WINDOWS\system32\mssearchnet.exe
H:\WINDOWS\system32\nvctrl.exe
H:\WINDOWS\system32\rundll32.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Hijackthis\HijackThis.exe
H:\Program Files\Messenger\msmsgs.exe

O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - H:\WINDOWS\system32\hp2AB.tmp
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - H:\Program

Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton

Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program

files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ALi5289] H:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [JMAP5289] H:\Program Files\ULI5289\JMAP5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigPond] "G:\5100.exe" -r
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] H:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpywareQuake] H:\Program Files\SpywareQuake\SpywareQuake.exe /h
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

/R
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma

Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0

\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://h:\program

files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://h:\program

files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///H:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://h:\program

files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://h:\program

files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11

\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://h:\program

files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://h:\program

files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///H:\Program Files\Yahoo!

\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///H:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///H:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - H:\Program

Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2

\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1

\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1

\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - H:\Program Files\Common

Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Program

Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32

\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - H:\Program Files\ewido anti-

malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - H:\Program Files\Norton Internet

Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation -

H:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - H:\Program Files\Norton Internet Security\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - H:\PROGRA~1\COMMON~1

\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - H:\Program Files\Common

Files\Symantec Shared\SPBBC\SPBBCSvc.exe

CalamityJane
2006-03-25, 01:17
ARRG! :banghead:

Please run the Kaspersky free online scan (do a full system scan)
http://www.kaspersky.com/virusscanner

Save the log at the end and copy it back here. It's too large, please put the log into a zip file and attach the log to your reply (under *Additional Options* "manage attachments" in the reply screen - you'll have to scroll down to see it when preparing your reply)

KAV will not be able to clean it but the log will useful to identify what files it finds and we can go from there.

CalamityJane
2006-03-25, 01:18
Also, could you go ahead and attach the report from Spybot where it caught Vcodec? I'd like to see that

CalamityJane
2006-03-25, 01:55
Ooops, I meant to have you fix these in HijackThis:

O4 - HKLM\..\Run: [ALi5289] H:\Program Files\ULI5289\ALi5289.exe

O4 - HKLM\..\Run: [JMAP5289] H:\Program Files\ULI5289\JMAP5289.exe

Then go here and scan those two files. Copy the report at the end and post the results back here:

Jotti Malware Scan
http://virusscan.jotti.org/

or here:

Virus Total
http://www.virustotal.com/

popculturepooka
2006-03-25, 10:18
Ok... heres the results of the scans on those two files, which are part of my Ali Raid Manager software that my HD needs or something.

File: ALi5289.exe
Status: OK
MD5 d3220918715f33a0ef3af790d7e1e32b
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing



This is a report processed by VirusTotal on 03/25/2006 at 09:12:57 (CET) after scanning the file "ALi5289.exe" file.
Antivirus Version Update Result
AntiVir 6.34.0.14 03.24.2006 no virus found
Avast 4.6.695.0 03.25.2006 no virus found
AVG 386 03.24.2006 no virus found
Avira 6.34.0.54 03.24.2006 no virus found
BitDefender 7.2 03.25.2006 no virus found
CAT-QuickHeal 8.00 03.24.2006 no virus found
ClamAV devel-20060202 03.24.2006 no virus found
DrWeb 4.33 03.25.2006 no virus found
eTrust-InoculateIT 23.71.111 03.25.2006 no virus found
eTrust-Vet 12.4.2133 03.24.2006 no virus found
Ewido 3.5 03.24.2006 no virus found
Fortinet 2.71.0.0 03.25.2006 no virus found
F-Prot 3.16c 03.23.2006 no virus found
Ikarus 0.2.59.0 03.24.2006 no virus found
Kaspersky 4.0.2.24 03.25.2006 no virus found
McAfee 4726 03.24.2006 no virus found
NOD32v2 1.1458 03.24.2006 no virus found
Norman 5.70.10 03.24.2006 no virus found
Panda 9.0.0.4 03.25.2006 no virus found
Sophos 4.04.0 03.24.2006 no virus found
Symantec 8.0 03.25.2006 no virus found
TheHacker 5.9.7.119 03.24.2006 no virus found
UNA 1.83 03.23.2006 no virus found
VBA32 3.10.5 03.24.2006 no virus found




File: JMAP5289.exe
Status: OK
MD5 1555eb3704b4af074aa03a24e461861a
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing




This is a report processed by VirusTotal on 03/25/2006 at 09:16:32 (CET) after scanning the file "JMAP5289.exe" file.
Antivirus Version Update Result
AntiVir 6.34.0.14 03.24.2006 no virus found
Avast 4.6.695.0 03.25.2006 no virus found
AVG 386 03.24.2006 no virus found
Avira 6.34.0.54 03.24.2006 no virus found
BitDefender 7.2 03.25.2006 no virus found
CAT-QuickHeal 8.00 03.24.2006 no virus found
ClamAV devel-20060202 03.24.2006 no virus found
DrWeb 4.33 03.25.2006 no virus found
eTrust-InoculateIT 23.71.111 03.25.2006 no virus found
eTrust-Vet 12.4.2133 03.24.2006 no virus found
Ewido 3.5 03.24.2006 no virus found
Fortinet 2.71.0.0 03.25.2006 no virus found
F-Prot 3.16c 03.23.2006 no virus found
Ikarus 0.2.59.0 03.24.2006 no virus found
Kaspersky 4.0.2.24 03.25.2006 no virus found
McAfee 4726 03.24.2006 no virus found
NOD32v2 1.1458 03.24.2006 no virus found
Norman 5.70.10 03.24.2006 no virus found
Panda 9.0.0.4 03.25.2006 no virus found
Sophos 4.04.0 03.24.2006 no virus found
Symantec 8.0 03.25.2006 no virus found
TheHacker 5.9.7.119 03.24.2006 no virus found
UNA 1.83 03.23.2006 no virus found
VBA32 3.10.5 03.24.2006 no virus found






I'll have the search and destroy and Kapersky logs in a jiffy.

popculturepooka
2006-03-25, 12:35
Heres the Kapersky and Search And Destroy logs.

Even afte S&D scanned and removed Vcodec (needed a restart to do so), Spyware Quake 2.0 opened as soon as Windows logged in.

popculturepooka
2006-03-25, 16:46
I may have it under control.

I checked the files that the kapersky scan showed, fed them though viruscan and virustotal and they all had trojans in them.

Funilly, Spyware Quake, like Spy Falcon, tried to mask itself as a legit anti spyware program, and because of that, in its window it showed a list of 'infected' files and reg keys.

However, the infected files and reg keys matched what kapersky mentioned as well as confirming some odd registry things I noted a few days ago while reasearching this issue.

So I first downloaded Killbox.

Then went to safe mode, ran smit and S&D then went into H:/Windows/system32 and used killbox to nail dfrgsrv.exe.

Between S&D and smitrem, nvctrl.exe and mssearnet.exe were already gone.

Also uninstalled Spyware Quake.

On a restart I noticed that killbox nailed all the files I asked it too, but Quake still opened.

I went into regedit and deleted the reg keys that quake istelf gave out (they all matched bad reg edits that other solutions I've seen mentioned, as well as having descriptions refering to spy falcon, vcodec, spyware quake, nvctrl, mssearchnet and dfrgsrv. I deleted them all.

Also uninstalled netscape and deleted them temp files, as it was via netscape that my brother got vcodec.

Also used killbox to delete the other infected files that kapersky revealed.

Did a restart and Spyware Quake didn't open.

Did a once over with S&D and didn't get anything (this time vcodec didnt come up).


Looks clean right now and nothing else has revealed itself.

Might be good too go.

Hopefully.

CalamityJane
2006-03-25, 16:57
Ok, you beat me to it then...as I saw these need to be done:
Remove SpywareQuake in Add/Remove programs via the Control panel

Delete infected emails in Thunderbird inbox

Clear your cache in Netscape

Delete these files found infected on the KAV scan

H:\WINDOWS\system32\dfrgsrv.exe

H:\WINDOWS\system32\ldA604.tmp

H:\WINDOWS\system32\mssearchnet.exe

H:\Documents and Settings\Heath\My Documents\122903.exe

Repeat the Smitfraud removal instructions:
http://forums.spybot.info/showthread.php?t=1958


You are actively engaged in an identical thread at Short Media?
http://www.short-media.com/forum/showthread.php?t=43740

It's somewhat unproductive to be having two of us looking at the same thing. You will get different instructions and different tools mixed up. I can't keep up with what you are doing in two threads. What other forums have you posted all this in? And which one are you going stick with because it's waste of our time if you are following instructions elsewhere.

But I'm glad you think you have it resolved. Just please let other forums know so that it's not wasting our time all looking at the same thing.

CalamityJane
2006-03-25, 18:44
download Silent Runner's to get a log please.

http://www.silentrunners.org/Silent%20Runners.zip

* Save it to the desktop and unzip it.
* Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
* You will get a prompt asking about performing supplementary searches.
* Click "No" at that prompt.
* You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
* Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

CalamityJane
2006-03-25, 19:17
@shank_s, I have moved your post to it's own topic. We can't work more than one person's logs per topic as it would be too confusing. Click the following to find your new topic with your log:
http://forums.spybot.info/showthread.php?t=3227

tashi
2006-03-30, 20:16
You are actively engaged in an identical thread at Short Media?
http://www.short-media.com/forum/showthread.php?t=43740

It's somewhat unproductive to be having two of us looking at the same thing. You will get different instructions and different tools mixed up. I can't keep up with what you are doing in two threads. What other forums have you posted all this in? And which one are you going stick with because it's waste of our time if you are following instructions elsewhere.

But I'm glad you think you have it resolved. Just please let other forums know so that it's not wasting our time all looking at the same thing.

Indeed, and this topic is closed.