View Full Version : Vcodec and Spy Falcon, they just won't die.
popculturepooka
2006-03-21, 12:40
Hi.
I recently got vcodec on my machine via an act of rampant stupidity on my brother and his friends behalf.
Since then I have been having spy falcon continuously reinstall on here.
I have followed this guide:
http://www.short-media.com/forum/showthread.php?t=42678
And various others around the net that offer the same ideas, eg use smitrem, ewido, panda etc.
Done it numerous times and each time spyfalcon gets removed fine. Most of the guides however are about removing spy falcon, not the vcodec trojan itself.
But for some reason vcodec is still on my machine and refuses to leave. Spybot search and destroy continuously picks it up and other timesit seems to just activate and reinstall spy falcon.
Here are all the needed logs
Basically, how do I kill vcodec?
EDIT: Just a note. Because of some bizareness when I got my computer, my primary HD is H: not C:. Thanks.
Logfile of HijackThis v1.99.1
Scan saved at 5:26:45 PM, on 21/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Norton Internet Security\ISSVC.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\CTsvcCDA.EXE
H:\Program Files\ewido anti-malware\ewidoctrl.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\Program Files\ULI5289\ALi5289.exe
H:\Program Files\ULI5289\JMAP5289.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\rundll32.exe
H:\WINDOWS\system32\nvctrl.exe
H:\WINDOWS\system32\mssearchnet.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Mozilla Thunderbird\thunderbird.exe
H:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
H:\Program Files\SpyFalcon\spyfalcon.exe
H:\Program Files\SpyFalcon\spyfalcon.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - H:\WINDOWS\system32\hp537D.tmp
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - H:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ALi5289] H:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [JMAP5289] H:\Program Files\ULI5289\JMAP5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigPond] "G:\5100.exe" -r
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] H:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpyFalcon] H:\Program Files\SpyFalcon\SpyFalcon.exe /h
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://h:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://h:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///H:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://h:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://h:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://h:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://h:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///H:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///H:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///H:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - H:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - H:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - H:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - H:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - H:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - H:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
popculturepooka
2006-03-21, 12:41
SmitRem log:
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Tue 03/21/2006
The current time is: 17:45:48.90
Running from
H:\Program Files\smitRem\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
Online Security Guide.url
Online Security Guide.url
Security Troubleshooting.url
Security Troubleshooting.url
~~~ Favorites ~~~
~~~ system32 folder ~~~
1024 dir
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
hp***.tmp
logfiles
~~~ Icons in System32 ~~~
ts.ico
ot.ico
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 748 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN! :)
popculturepooka
2006-03-21, 12:45
Spybot Logs
--- Search result list ---
Smitfraud-C.: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\nvctrl.exe
PestTrap: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}
Elitum.EliteBar: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JM5289
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-12-21 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-03-10 Includes\Cookies.sbi (*)
2006-03-10 Includes\Dialer.sbi (*)
2006-03-10 Includes\Hijackers.sbi (*)
2006-03-10 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-03-10 Includes\Malware.sbi (*)
2006-03-10 Includes\PUPS.sbi (*)
2006-03-10 Includes\Revision.sbi (*)
2006-03-10 Includes\Security.sbi (*)
2006-03-10 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-03-10 Includes\Trojans.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
--- Startup entries list ---
Located: HK_LM:Run, ALi5289
command: H:\Program Files\ULI5289\ALi5289.exe
file: H:\Program Files\ULI5289\ALi5289.exe
size: 405504
MD5: d3220918715f33a0ef3af790d7e1e32b
Located: HK_LM:Run, ATIPTA
command: H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 339968
MD5: c4708c52ac71338b49334c972de96682
Located: HK_LM:Run, BigPond
command: "G:\5100.exe" -r
file:
Located: HK_LM:Run, ccApp
command: "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: H:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 58992
MD5: e5f9b0314442ea5816518c64b02f10a2
Located: HK_LM:Run, JMAP5289
command: H:\Program Files\ULI5289\JMAP5289.exe
file: H:\Program Files\ULI5289\JMAP5289.exe
size: 28672
MD5: 1555eb3704b4af074aa03a24e461861a
Located: HK_LM:Run, NeroFilterCheck
command: H:\WINDOWS\system32\NeroCheck.exe
file: H:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90
Located: HK_LM:Run, NWEReboot
command:
file:
Located: HK_LM:Run, QuickTime Task
command: "H:\Program Files\QuickTime\qttask.exe" -atboottime
file: H:\Program Files\QuickTime\qttask.exe
size: 155648
MD5: 216b3acc656cda8a5a0c3071ec0a408b
Located: HK_LM:Run, RemoteControl
command: "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
file: H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
size: 32768
MD5: 915a106a2fb87292cef0ad4f36adf313
Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: H:\WINDOWS\SOUNDMAN.EXE
size: 68096
MD5: f0eeed52fc29bec6e917cab2788148b2
Located: HK_LM:Run, SunJavaUpdateSched
command: H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61a3a9d5d98bf0331df5b716144a8100
Located: HK_LM:Run, Symantec NetDriver Monitor
command: H:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: H:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5
Located: Startup (common), Adobe Reader Speed Launch.lnk
command: H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0
popculturepooka
2006-03-21, 12:45
Located: System.ini, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} ()
BHO name:
CLSID name:
--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: H:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 3/20/2006 8:26:06 AM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: H:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab
description:
classification: Open for discussion
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: H:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 12/19/2005 1:35:32 PM
Date (last access): 3/21/2006 5:50:20 PM
Date (last write): 12/19/2005 1:35:32 PM
Filesize: 135168
Attributes: archive
MD5: 20C07B231040B49AFCE82397BFC35F9C
CRC32: 9301377D
Version: 58.4.0.0
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)
DPF name:
CLSID name: MsnMessengerSetupDownloadControl Class
Installer: H:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.inf
Codebase: http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
description:
classification: Legitimate
known filename: MsnMessengerSetupDownloader.ocx
info link:
info source: Safer Networking Ltd.
Path: H:\WINDOWS\Downloaded Program Files\
Long name: MsnMessengerSetupDownloader.ocx
Short name: MSNMES~1.OCX
Date (created): 8/14/2005 12:26:04 AM
Date (last access): 3/20/2006 8:30:36 AM
Date (last write): 8/14/2005 12:26:04 AM
Filesize: 113664
Attributes: archive
MD5: C403792A3FF639C215067D5AA680C482
CRC32: 7CD0769A
Version: 1.0.0.3
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: H:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 3/21/2006 5:53:00 PM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: H:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 3/21/2006 5:53:00 PM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: H:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: H:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8a.ocx
Short name:
Date (created): 1/2/2006 11:13:28 AM
Date (last access): 3/21/2006 5:48:46 PM
Date (last write): 1/2/2006 11:13:28 AM
Filesize: 1443464
Attributes: readonly archive
MD5: 3066BB99502AE33AE44F17954AF56B8F
CRC32: 658FAE72
Version: 8.0.24.0
--- Process list ---
PID: 0 ( 0) [System]
PID: 128 ( 4) \SystemRoot\System32\smss.exe
PID: 176 ( 128) \??\H:\WINDOWS\system32\csrss.exe
PID: 200 ( 128) \??\H:\WINDOWS\system32\winlogon.exe
PID: 244 ( 200) H:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 256 ( 200) H:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 400 ( 244) H:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 444 ( 244) H:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 484 ( 244) H:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 172 ( 896) H:\WINDOWS\explorer.exe
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 716 ( 172) H:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/21/2006 5:53:00 PM
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{81338BA4-E89C-4A3B-BE40-16C2907A2F89}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{81338BA4-E89C-4A3B-BE40-16C2907A2F89}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF89EB6C-6245-4368-B34C-52E7A37FCA60}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF89EB6C-6245-4368-B34C-52E7A37FCA60}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{36B7BE34-FB31-4861-89F5-9487FDCD83BA}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{36B7BE34-FB31-4861-89F5-9487FDCD83BA}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0D6247E-B359-4FAD-B63A-F2EE1BF1C8C3}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0D6247E-B359-4FAD-B63A-F2EE1BF1C8C3}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
popculturepooka
2006-03-21, 12:46
--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: H:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE H:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com
(AddressBook)
Adobe Photoshop CS2 9.0 (Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D})
version: 9
version (major): 9
install location: H:\Program Files\Adobe\Adobe Photoshop CS2\
uninstall cmd: msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
publisher: Adobe Systems, Inc.
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-555-555-4505
ALi mini IDE driver (ALiminiIDE)
uninstall cmd: H:\WINDOWS\System32\ALi5minst.exe H:\WINDOWS\inf\mshdc.inf PCI\VEN_10B9&DEV_5229 1
ATI - Software Uninstall Utility 6.14.10.1009 (All ATI Software)
uninstall cmd: H:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Allofmp3 Explorer 2.3.17.404 (Allofmp3 Explorer)
uninstall cmd: H:\PROGRA~1\MEDIAS~1\Allofmp3\UNWISE.EXE H:\PROGRA~1\MEDIAS~1\Allofmp3\INSTALL.LOG
publisher: MediaServices
help link: http://www.allofmp3.com/explorer.shtml
ATI Display Driver 8.03-040610a-016800C-Asus (ATI Display Driver)
uninstall cmd: rundll32 H:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
(Branding)
(CADI)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
CEP3 - Color Enable Package 3 3.3b (CEP3 - Colour Options for The Sims 2_is1)
uninstall cmd: "H:\WINDOWS\unins000.exe"
publisher: Numenor, for ModTheSims2
help link: http://www.modthesims2.com/showthread.php?t=92541
(Connection Manager)
(Creative Audio CD Ripper)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9 /remove
(Creative Audio Device Selection)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
(Creative Import Wizard)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x9 /remove
Creative Jukebox Driver (Creative Jukebox Driver)
uninstall cmd: H:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
(Creative MediaSource)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
(Creative MediaSource CD-ROM Burner Plugin)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
(Creative MediaSource Detector)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
(Creative MediaSource NOMAD Jukebox 2/3/Zen Plugin)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
(Creative MediaSource NOMAD MuVo Plugin)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
(Creative MediaSource Player Skin Pack)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
Creative Removable Disk Manager (Creative Removable Disk Manager)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
(Creative Sync Manager)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
(Creative Zen)
(DirectAnimation)
(DirectDrawEx)
(DXM_Runtime)
eMedia Codec 4.0 4.0 (eMedia Codec)
uninstall cmd: H:\Program Files\eMedia Codec\uninst.exe
publisher: eMedia Codec Software
ewido anti-malware (ewidoantimalware)
install location: H:\Program Files\ewido anti-malware
uninstall cmd: H:\Program Files\ewido anti-malware\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net
(Fontcore)
Google Video Player (GoogleVideoPlayer)
uninstall cmd: "H:\Program Files\Google\Google Video Player\Uninstall.exe"
HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: H:\Program Files\Hijackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.
Hijackthis 1.99.1 (Hijackthis_is1)
install location: H:\Program Files\Hijackthis\
uninstall cmd: "H:\Program Files\Hijackthis\unins000.exe"
publisher: Soeperman Enterprises Ltd
help link: http://www.merijn.org
(ICW)
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
(InstallShield Uninstall Information)
QuickTime 7.0.3 (InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083})
version: 117440515
version (major): 7
estimated size: 62919
install date: 20051220
install location: H:\Program Files\QuickTime\
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\_is28A\
uninstall cmd: H:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273
IrfanView (remove only) (IrfanView)
uninstall cmd: H:\Program Files\IrfanView\iv_uninstall.exe
Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: H:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339
(KB884016)
Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: H:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250
Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: H:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835
Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: H:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836
Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: H:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185
Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: H:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472
Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: H:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742
Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: H:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113
Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: H:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302
Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046
Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859
Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: H:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781
Security Update for Windows XP (KB893066) 2 (KB893066)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066
Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756
(KB893803)
Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "H:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467
Update for Windows XP (KB894391) 1 (KB894391)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391
Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358
Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422
Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423
Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424
Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428
Update for Windows XP (KB898461) 1 (KB898461)
install date: 20060209
uninstall cmd: "H:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461
Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587
Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591
Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725
Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017
Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214
Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400
Security Update for Windows XP (KB904706) 2 (KB904706)
install date: 20060211
uninstall cmd: "H:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706
Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414
Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749
Security Update for Windows XP (KB905915) 1 (KB905915)
install date: 20060211
uninstall cmd: "H:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915
Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060211
uninstall cmd: "H:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519
Update for Windows XP (KB910437) 1 (KB910437)
install date: 20060211
uninstall cmd: "H:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437
Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060211
uninstall cmd: "H:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919
Lame ACM MP3 Codec (LameACM)
uninstall cmd: H:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 H:\WINDOWS\INF\LameACM.inf
LiveReg (Symantec Corporation) 3.0.0 (LiveReg)
install location: H:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: H:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
publisher: Symantec Corporation
LiveUpdate 2.5 (Symantec Corporation) 2.5.55.0 (LiveUpdate)
install location: H:\Program Files\Symantec\LiveUpdate
uninstall cmd: H:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation
mIRC (mIRC)
uninstall cmd: "H:\Program Files\mIRC\mirc.exe" -uninstall
(MobileOptionPack)
popculturepooka
2006-03-21, 12:48
Mozilla Thunderbird (1.0.7) 1.0.7 (en) (Mozilla Thunderbird (1.0.7))
install location: H:\Program Files\Mozilla Thunderbird
uninstall cmd: H:\WINDOWS\UninstallThunderbird.exe /ua "1.0.7 (en)"
publisher: Mozilla
(MPlayer2)
(MSI30-Beta1)
(MSI30-Beta2)
(MSI30-KB884016)
(MSI30-RC1)
(MSI30-RC2)
(MSI30a-KB884016)
(MSI31-Beta)
(MSI31-RC1)
MSN Music Assistant (MSN Music Assistant)
uninstall cmd: rundll32 advpack.dll,LaunchINFSection H:\WINDOWS\INF\msninst.inf,Uninstall
(Nero - Burning Rom!UninstallKey)
uninstall cmd: H:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Suite (NeroMultiInstaller!UninstallKey)
uninstall cmd: H:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
(NetMeeting)
Netscape Browser (remove only) (Netscape Browser)
uninstall cmd: "H:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
(OutlookExpress)
Panda ActiveScan (Panda ActiveScan)
uninstall cmd: H:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
publisher: Panda Software S.L.
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 H:\WINDOWS\INF\PCHealth.inf
PowerArchiver 2006 v9.50 9.50 (PowerArchiver_is1)
install location: H:\Program Files\PowerArchiver\
uninstall cmd: "H:\Program Files\PowerArchiver\unins000.exe"
publisher: ConeXware, Inc.
help link: http://www.powerarchiver.com
QuadSucker/Web v3.0 3.0 (QuadSucker/Web_is1)
uninstall cmd: "H:\Program Files\QuadWeb\unins000.exe"
publisher: SB-Software
(SchedulingAgent)
(Sevinst)
Shareaza version 2.2.1.0 2.2.1.0 (Shareaza_is1)
install location: H:\Program Files\Shareaza\
uninstall cmd: "H:\Program Files\Shareaza\Uninstall\unins000.exe"
publisher: Shareaza Development Team
comments: Shareaza Ultimate File Sharing
help link: http://www.shareaza.com/?id=support
Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection H:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/
Sims2Pack Clean Installer (Sims2Pack Clean Installer )
uninstall cmd: H:\Program Files\Sims2Pack Clean Installer\uninstall.exe
Skype 2.0 2.0 (Skype_is1)
install location: H:\Program Files\Skype\Phone\
uninstall cmd: "H:\Program Files\Skype\Phone\unins000.exe"
publisher: Skype Software S.A.
help link: http://ui.skype.com/ui/0/2.0.0.69/en/help
Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: H:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "H:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
Norton Internet Security 2005 (Symantec Corporation) 8.0.0.64 (SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20})
install location: H:\Program Files\Norton Internet Security
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1
uninstall cmd: H:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
publisher: Symantec Corporation
Creative System Information (SysInfo)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Themexp.org File (Themexp.org File)
uninstall cmd: H:\PROGRA~1\themexp\THEMEX~1.ORG\UNWISE.EXE H:\PROGRA~1\themexp\THEMEX~1.ORG\INSTALL.LOG
Trillian (Trillian)
uninstall cmd: H:\Program Files\Trillian\trillian.exe /uninstall
UltraSucker/Web v3.0 3.0 (UltraSucker/Web_is1)
uninstall cmd: "H:\Program Files\UltraWeb\unins000.exe"
publisher: SB-Software
VGA USB Camera (VGA USB Camera)
uninstall cmd: H:\WINDOWS\CleanDev.exe H:\WINDOWS\ov519.TXT
Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "H:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 (Windows Media Player)
uninstall cmd: "H:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
World of Warcraft (World of Warcraft)
uninstall cmd: H:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! extras (Yahoo! Customizations)
uninstall cmd: H:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Internet Mail (Yahoo! Internet Mail)
uninstall cmd: H:\WINDOWS\system32\regsvr32 /u /s H:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger (Yahoo! Messenger)
uninstall cmd: H:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE H:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Install Manager (YInstHelper)
uninstall cmd: H:\WINDOWS\system32\regsvr32 /u H:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
(Zen Media Explorer)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9D35DFD7-DED3-4D49-8293-C9D82DA322FB}\setup.exe" -l0x9 /remove
Morrowind ({055A1919-3BBA-4BD5-8B3C-3851879AC185})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\Bethesda Softworks\Morrowind\MWUninstall\Setup.exe" -l0x9
3.00 ({0B095086-7205-4D48-90DF-DCD16613C6D4})
version: 50331648
install location: H:\Program Files\Creative\MediaSource\Detector
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
ATI Control Panel 6.14.10.5113 ({0BEDBD4E-2D34-47B5-9973-57E62B29307C})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ULi AGP Driver 2.20 ({0DD0650C-5113-4FEE-BDDA-AC0B76FD0BD1})
uninstall cmd: H:\WINDOWS\system32\UnAGP.EXE RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{0DD0650C-5113-4FEE-BDDA-AC0B76FD0BD1}\Setup.exe" -uninst
3.00 ({103BCDA0-E063-46AC-8028-64E78722ABA7})
version: 50331648
install location: H:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
popculturepooka
2006-03-21, 12:49
Norton Internet Security 8.0.0.64 ({12E2B9E9-05B1-407d-B0FD-B5F350535125})
version: 134217728
version (major): 8
estimated size: 13455
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
publisher: Symantec Corporation
ULi LAN Driver ({143BE018-D8F8-4014-8CB6-AF63F5799D21})
uninstall cmd: H:\WINDOWS\system32\UnLAN.EXE RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{143BE018-D8F8-4014-8CB6-AF63F5799D21}\Setup.exe" -uninst
AutoUpdate 1.1 ({18D10072035C4515918F7E37EAFAACFC})
install location: H:\Program Files\DivX
Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "h:\program files\google\googletoolbar2.dll"
Adobe Photoshop CS2 9.0 ({236BB7C4-4419-42FD-0409-1E257A25E34D})
version: 150994944
version (major): 9
estimated size: 639892
install date: 20060110
install location: H:\Program Files\Adobe\Adobe Photoshop CS2\
install source: H:\Program Files\photoshop\Photoshop CS2\Adobe(R) Photoshop(R) CS2\
publisher: Adobe Systems, Inc.
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-555-555-4505
1.10 ({2616B36E-38CE-4357-8AB5-8B3EE9B1C117})
version: 17432576
install location: H:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
SymNet 5.4.2.17 ({2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2})
version: 84148226
version (major): 5
version (minor): 4
estimated size: 2714
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\SymNet\
uninstall cmd: MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
publisher: Symantec Corporation
Creative MediaSource 3.00 ({2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC})
version: 50331648
install location: H:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove
help link: http://www.creative.com/support
J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 148501
install date: 20060207
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_06-b05/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: H:\Program Files\Java\jre1.5.0_06\README.txt
WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20051220
install source: H:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows
QuickTime 7.0.3 ({3868A8EE-5051-4DB0-8DF6-4F4B8A98D083})
version: 117440515
version (major): 7
estimated size: 62919
install date: 20051220
install location: H:\Program Files\QuickTime\
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\_is28A\
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273
Norton AntiSpam 2005.1.0.163 ({3B29A786-5803-4e9e-9B58-3014A5B4E519})
version (major): 2005
version (minor): 1
estimated size: 929
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
publisher: Symantec Corporation
ULi 5289 Driver ({432968D5-88FE-44B9-9168-B2806A9668E9})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{432968D5-88FE-44B9-9168-B2806A9668E9}\SETUP.exe"
Norton Internet Security 8.0.0.64 ({449F3A9E-9903-4a0d-A209-08030D45A935})
version: 134217728
version (major): 8
estimated size: 709
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
publisher: Symantec Corporation
MUSICMATCH® Jukebox ({45EBDA59-D33B-433A-956E-B2F236468B56})
uninstall cmd: H:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
Norton Internet Security 8.0.0.64 ({48185814-A224-447a-81DA-71BD20580E1B})
version: 134217728
version (major): 8
estimated size: 1304
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
publisher: Symantec Corporation
Norton Internet Security 8.0.0.64 ({526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F})
version: 134217728
version (major): 8
estimated size: 1081
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
publisher: Symantec Corporation
Norton AntiSpam 2005.1.0.163 ({5677563D-0CB1-485f-9E18-C5025306BB3F})
version (major): 2005
version (minor): 1
estimated size: 10139
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
publisher: Symantec Corporation
1.0 ({57FA4E0F-82C9-417D-87BC-0186D6CB7A44})
version: 16777216
install location: H:\Program Files\Creative\DiskManager
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
({5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977})
TES Construction Set ({605333A6-963F-480C-A358-1301CAA6CFF6})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
({62369F2F77534556AEF4C58152E3BDE5})
1.0 ({63A317D0-60A6-43FC-848A-9FE4A53B29CE})
version: 16777216
install location: H:\Program Files\Creative\Support\System Information
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
1.02 ({700932B3-A964-4878-82A2-96054622A1F7})
version: 16908288
install location: H:\Program Files\Creative\ShareDLL\CADI
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
SPBBC 1.00.0000 ({77772678-817F-4401-9301-ED1D01A8DA56})
version: 16777216
version (major): 1
estimated size: 1423
install date: 20051221
install location: H:\Program Files\Norton Internet Security\Norton AntiVirus\
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\SPBBC\
uninstall cmd: MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
publisher: Your Company Name
Adobe Stock Photos 1.0 001.000.000 ({786C5747-1033-0000-B58E-000000000001})
version: 16777216
version (major): 1
estimated size: 5397
install date: 20060110
install location: H:\Program Files\Adobe\Adobe Stock Photos\
install source: H:\Program Files\photoshop\Photoshop CS2\Adobe(R) Photoshop(R) CS2\Stock Photography\
uninstall cmd: MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com
help telephone: 1-555-555-4505
popculturepooka
2006-03-21, 12:50
DivX 6.1 ({7B63B2922B174135AFC0E1377DD81EC2})
install location: H:\Program Files\DivX
uninstall cmd: H:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
publisher: DivX, Inc.
3.00 ({836612F0-1571-4C65-A4B7-58A39AA578EE})
version: 50331648
install location: H:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
DJBCP Codec Pack Light 2.2.0.2004.12.01 2.2.0 ({874C4817-6E98-4FF9-BF54-134B2C118464})
version: 33685504
version (major): 2
version (minor): 2
estimated size: 14206
install date: 20060114
install source: H:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /I{874C4817-6E98-4FF9-BF54-134B2C118464}
publisher: DJBCP PROJECT TEAM
The Sims 2 ({8AB8D458-939E-403F-0097-9BA1C1F013D5})
uninstall cmd: H:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
DivX Player 6.0 ({8ADFC4160D694100B5B8A22DE9DCABD9})
install location: H:\Program Files\DivX
uninstall cmd: H:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
publisher: DivXNetworks, Inc.
Adobe Common File Installer 1.00.0000 ({8EDBA74D-0686-4C99-BFDD-F894678E5B39})
version: 16777216
version (major): 1
estimated size: 136561
install date: 20060110
install location: H:\Program Files\Common Files\Adobe\
install source: H:\Program Files\photoshop\Photoshop CS2\Adobe(R) Photoshop(R) CS2\commonfilesinstaller\
uninstall cmd: MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
publisher: Adobe System Incorporated
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com/help
help telephone: 1-555-555-4505
The Sims 2 University ({8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2})
uninstall cmd: H:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
Microsoft Office Professional Edition 2003 11.0.5614.0 ({90110409-6000-11D3-8CFE-0150048383C9})
version: 184554990
version (major): 11
estimated size: 653093
install date: 20060118
install location: H:\Program Files\Microsoft Office\
install source: H:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\
uninstall cmd: MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: H:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM
1.10 ({9744AE38-1CC6-414F-96CE-0643AEE30A9B})
version: 17432576
install location: H:\Program Files\Creative\Import Wizard
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x9
4.00 ({9AB14DF5-3B04-4E3B-9969-695DBA7F2008})
version: 67108864
install location: H:\Program Files\Creative\Sync Manager
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
Creative Zen 1.0 ({9BFB6F77-6E60-44F5-B737-4673362B28A8})
version: 16777216
install location: H:\Program Files\Creative\Creative Zen
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9BFB6F77-6E60-44F5-B737-4673362B28A8}\SETUP.EXE" -l0x9 /remove
4.10 ({9D35DFD7-DED3-4D49-8293-C9D82DA322FB})
version: 67764224
install location: H:\Program Files\Creative\Creative Zen
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9D35DFD7-DED3-4D49-8293-C9D82DA322FB}\setup.exe" -l0x9
1.10 ({9E54F486-CD4A-44A5-B041-16D4E1E56A53})
version: 17432576
install location: H:\Program Files\Creative\CD Ripping Wizard
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9
2.00 ({A82F10CB-18B5-4EAC-AEF2-FA49CD565626})
version: 33554432
install location: H:\Program Files\Creative\Shared Files
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
Norton Internet Security 8.0.0.64 ({A93C9E60-29B6-49da-BA21-F70AC6AADE20})
version: 134217728
version (major): 8
estimated size: 5537
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
publisher: Symantec Corporation
Adobe Reader 7.0.7 7.0.7 ({AC76BA86-7AD7-1033-7B44-A70500000002})
version: 117440519
version (major): 7
estimated size: 77703
install date: 20060221
install source: H:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig705\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: H:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm
Adobe Reader 7.0.5 Language Support 7.0.5 ({AC76BA86-7AD7-5464-3428-7050000000A7})
version: 117440517
version (major): 7
estimated size: 34373
install date: 20060222
install source: H:\Program Files\Adobe\Acrobat 7.0\Setup Files\SpellingDictionary\{E54EF49D-FCD5-4B3E-97B9-128D247834E1}\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
publisher: Adobe Systems
comments: This is a placeholder for ARP comments for Spelling Dictionaries for Adobe Reader 7.0
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-800-833-6687
({B13A7C41581B411290FBC0395694E2A9})
Adobe Bridge 1.0 001.000.000 ({B74D4E10-1033-0000-0000-000000000001})
version: 16777216
version (major): 1
estimated size: 64689
install date: 20060110
install location: H:\Program Files\Adobe\Adobe Bridge\
install source: H:\Program Files\photoshop\Photoshop CS2\Adobe(R) Photoshop(R) CS2\Bridge\
uninstall cmd: MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html
help telephone: 1-555-555-4505
MSRedist 1.0.0.0 ({B7C61755-DB48-4003-948F-3D34DB8EAF69})
version: 16777216
version (major): 1
estimated size: 4507
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\Redist\
uninstall cmd: MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
publisher: Symantec Corporation
Messenger Beta 8.0.0566.0 ({B835B495-9BE4-4C9F-929B-1DFEE3D189B3})
version: 134218294
version (major): 8
estimated size: 27329
install date: 20060312
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{B835B495-9BE4-4C9F-929B-1DFEE3D189B3}
publisher: Microsoft Corporation
Athlon 64 Processor Driver 1.1.0.14 ({C151CE54-E7EA-4804-854B-F515368B0798})
version: 16842752
install location: H:\Program Files\AMD\Athlon 64 Processor Driver
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
Norton AntiVirus 2005 11.0.2 ({C6F5B6CF-609C-428E-876F-CA83176C021B})
version: 184549378
version (major): 11
estimated size: 58544
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\NAV\
uninstall cmd: MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
publisher: Symantec Corporation
Norton Internet Security 8.0.0.64 ({C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF})
version: 134217728
version (major): 8
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
publisher: Symantec Corporation
Symantec Network Drivers Update 5.5.1.6 ({CA0A1E54-CE0F-4366-B09C-A87B61DC5633})
version: 84213761
version (major): 5
version (minor): 5
estimated size: 2754
install date: 20051221
install source: H:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\EXITEM~2.2_E\
publisher: Symantec Corporation
Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 37015
install date: 20060223
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
1.01 ({CB99E420-8071-48F9-9567-4A53BE7569C4})
version: 16842752
install location: H:\Program Files\Creative\MediaSource\Audio Device Selection
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
({CBBB5EED-CC92-49F2-A276-D5433F39D1EB})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{CBBB5EED-CC92-49F2-A276-D5433F39D1EB}\Setup.exe" -l0x9
Symantec Script Blocking Installer 11.0.2 ({D327AFC9-7BAA-473A-8319-6EB7A0D40138})
version: 184549378
version (major): 11
estimated size: 477
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\ScrBlock\
uninstall cmd: MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
publisher: Symantec
1.10 ({D524239C-FD5C-4183-A49C-7930915A9C0A})
version: 17432576
install location: H:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
CC_ccProxyExt 103.0.2.10 ({DA42FDCA-7C5A-43EF-9A05-CCE148ADF919})
version: 1728053250
version (major): 103
estimated size: 600
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\Proxy\
uninstall cmd: MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
publisher: Symantec
ccCommon 103.0.2.10 ({DC367608-64A7-4BF7-92F4-8BAA25BA02DB})
version: 1728053250
version (major): 103
estimated size: 5695
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\ccCommon\
uninstall cmd: MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
publisher: Symantec
1.00 ({DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C})
version: 16777216
install location: H:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
Norton Internet Security 1.0.0 ({E3EFA461-EB83-4C3B-9C47-2C1D58A01555})
version: 16777216
version (major): 1
estimated size: 1436
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\HelpMSI\
uninstall cmd: MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
publisher: Symantec Corp.
Norton Internet Security 8.0.0.64 ({E5EE9939-259F-4DE2-8023-5C49E16A4F43})
version: 134217728
version (major): 8
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\NAV\
uninstall cmd: MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
publisher: Symantec Corporation
Norton WMI Update 2005.1.0.111 ({E85FA9A1-C241-4698-893B-DD99509B8DB0})
version (major): 2005
version (minor): 1
estimated size: 613
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\SymSC\
uninstall cmd: MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
publisher: Symantec Corporation
Adobe Help Center 1.0 001.000.000 ({E9787678-1033-0000-8E67-000000000001})
version: 16777216
version (major): 1
estimated size: 21738
install date: 20060110
install location: H:\Program Files\Adobe\Adobe Help Center\
install source: H:\Program Files\photoshop\Photoshop CS2\Adobe(R) Photoshop(R) CS2\Help Center\
uninstall cmd: MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com
help telephone: 1-555-555-4505
Norton WMI Update 2005.1.0.111 ({F64306A5-4C32-41bb-B153-53986527FAB4})
version (major): 2005
version (minor): 1
estimated size: 613
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\SymSC\
uninstall cmd: MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
publisher: Symantec Corporation
The Sims 2 Nightlife ({F7529650-B9DB-481B-0089-A2AC3C2821C1})
uninstall cmd: H:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
Realtek AC'97 Audio ({FB08F381-6533-4108-B7DD-039E11FBC27E})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
ccPxyCore 103.0.2.10 ({FC08587A-4F01-4188-819F-F55880022917})
version: 1728053250
version (major): 103
estimated size: 2821
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\Proxy\
uninstall cmd: MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
publisher: Symantec
Norton Internet Security 8.0.0.64 ({FC2C0536-583C-46c0-844A-62CECAE01F22})
version: 134217728
version (major): 8
estimated size: 304
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
publisher: Symantec Corporation
Anarchy Online Classic Edition ({FF443E9E-AF54-42A5-85CE-20B4DEDCAFDA})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{FF443E9E-AF54-42A5-85CE-20B4DEDCAFDA}\setup.exe" UNINSTALL
popculturepooka
2006-03-21, 12:51
Sigh... Finally the Ewido log and Panda Active Scan log
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 6:26:25 PM, 3/21/2006
+ Report-Checksum: D4677809
+ Scan result:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} -> Adware.Generic : Cleaned with backup
::Report End
popculturepooka
2006-03-21, 12:52
Incident Status Location
Potentially unwanted tool:application/spyfalcon Not disinfected H:\Documents and Settings\Heath\Application Data\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\SpyFalcon 2.0.lnk
Adware:adware/emediacodec Not disinfected H:\WINDOWS\SYSTEM32\ncompat.tlb
Adware:adware/securityerror Not disinfected H:\Documents and Settings\Heath\Favorites\Antivirus Test Online.url
Spyware:Cookie/2o7 Not disinfected H:\Documents and Settings\Heath\Cookies\heath@2o7[2].txt
Spyware:Cookie/Com.com Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ad.sensismediasmart.com[1].txt
Spyware:Cookie/YieldManager Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected H:\Documents and Settings\Heath\Cookies\heath@adopt.hbmediapro[2].txt
Spyware:Cookie/PointRoll Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ads.pointroll[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected H:\Documents and Settings\Heath\Cookies\heath@adultfriendfinder[1].txt
Spyware:Cookie/Falkag Not disinfected H:\Documents and Settings\Heath\Cookies\heath@as-us.falkag[1].txt
Spyware:Cookie/Atwola Not disinfected H:\Documents and Settings\Heath\Cookies\heath@atwola[1].txt
Spyware:Cookie/Banner Not disinfected H:\Documents and Settings\Heath\Cookies\heath@banner[1].txt
Spyware:Cookie/Belnk Not disinfected H:\Documents and Settings\Heath\Cookies\heath@belnk[1].txt
Spyware:Cookie/Bs.serving-sys Not disinfected H:\Documents and Settings\Heath\Cookies\heath@bs.serving-sys[1].txt
Spyware:Cookie/GoStats Not disinfected H:\Documents and Settings\Heath\Cookies\heath@c2.gostats[2].txt
Spyware:Cookie/Casalemedia Not disinfected H:\Documents and Settings\Heath\Cookies\heath@casalemedia[1].txt
Spyware:Cookie/Ccbill Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ccbill[1].txt
Spyware:Cookie/Com.com Not disinfected H:\Documents and Settings\Heath\Cookies\heath@com[1].txt
Spyware:Cookie/did-it Not disinfected H:\Documents and Settings\Heath\Cookies\heath@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected H:\Documents and Settings\Heath\Cookies\heath@dist.belnk[2].txt
Spyware:Cookie/Com.com Not disinfected H:\Documents and Settings\Heath\Cookies\heath@gamearena.com[1].txt
Spyware:Cookie/go Not disinfected H:\Documents and Settings\Heath\Cookies\heath@go[1].txt
Spyware:Cookie/WUpd Not disinfected H:\Documents and Settings\Heath\Cookies\heath@revenue[1].txt
Spyware:Cookie/Rn11 Not disinfected H:\Documents and Settings\Heath\Cookies\heath@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected H:\Documents and Settings\Heath\Cookies\heath@searchportal.information[2].txt
Spyware:Cookie/Serving-sys Not disinfected H:\Documents and Settings\Heath\Cookies\heath@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected H:\Documents and Settings\Heath\Cookies\heath@statcounter[1].txt
Spyware:Cookie/Target Not disinfected H:\Documents and Settings\Heath\Cookies\heath@target[1].txt
Spyware:Cookie/Toplist Not disinfected H:\Documents and Settings\Heath\Cookies\heath@toplist[1].txt
Spyware:Cookie/Tribalfusion Not disinfected H:\Documents and Settings\Heath\Cookies\heath@tribalfusion[1].txt
Spyware:Cookie/Tucows Not disinfected H:\Documents and Settings\Heath\Cookies\heath@tucows[2].txt
Spyware:Cookie/Advnt Not disinfected H:\Documents and Settings\Heath\Cookies\heath@www.advnt01[1].txt
Spyware:Cookie/Xiti Not disinfected H:\Documents and Settings\Heath\Cookies\heath@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected H:\Documents and Settings\Heath\Cookies\heath@xmts[2].txt
Spyware:Cookie/Adserver Not disinfected H:\Documents and Settings\Heath\Cookies\heath@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected H:\Documents and Settings\Heath\Cookies\heath@zedo[2].txt
popculturepooka
2006-03-21, 12:53
Spyware:Cookie/Advnt Not disinfected H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt[]
Spyware:Cookie/2o7 Not disinfected H:\Documents and Settings\Heath\Cookies\heath@2o7[2].txt
Spyware:Cookie/Com.com Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ad.sensismediasmart.com[1].txt
Spyware:Cookie/YieldManager Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected H:\Documents and Settings\Heath\Cookies\heath@adopt.hbmediapro[2].txt
Spyware:Cookie/PointRoll Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ads.pointroll[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected H:\Documents and Settings\Heath\Cookies\heath@adultfriendfinder[1].txt
Spyware:Cookie/Falkag Not disinfected H:\Documents and Settings\Heath\Cookies\heath@as-us.falkag[1].txt
Spyware:Cookie/Atwola Not disinfected H:\Documents and Settings\Heath\Cookies\heath@atwola[1].txt
Spyware:Cookie/Banner Not disinfected H:\Documents and Settings\Heath\Cookies\heath@banner[1].txt
Spyware:Cookie/Belnk Not disinfected H:\Documents and Settings\Heath\Cookies\heath@belnk[1].txt
Spyware:Cookie/Bs.serving-sys Not disinfected H:\Documents and Settings\Heath\Cookies\heath@bs.serving-sys[1].txt
Spyware:Cookie/GoStats Not disinfected H:\Documents and Settings\Heath\Cookies\heath@c2.gostats[2].txt
Spyware:Cookie/Casalemedia Not disinfected H:\Documents and Settings\Heath\Cookies\heath@casalemedia[1].txt
Spyware:Cookie/Ccbill Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ccbill[1].txt
Spyware:Cookie/Com.com Not disinfected H:\Documents and Settings\Heath\Cookies\heath@com[1].txt
Spyware:Cookie/did-it Not disinfected H:\Documents and Settings\Heath\Cookies\heath@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected H:\Documents and Settings\Heath\Cookies\heath@dist.belnk[2].txt
Spyware:Cookie/Com.com Not disinfected H:\Documents and Settings\Heath\Cookies\heath@gamearena.com[1].txt
Spyware:Cookie/go Not disinfected H:\Documents and Settings\Heath\Cookies\heath@go[1].txt
Spyware:Cookie/WUpd Not disinfected H:\Documents and Settings\Heath\Cookies\heath@revenue[1].txt
Spyware:Cookie/Rn11 Not disinfected H:\Documents and Settings\Heath\Cookies\heath@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected H:\Documents and Settings\Heath\Cookies\heath@searchportal.information[2].txt
Spyware:Cookie/Serving-sys Not disinfected H:\Documents and Settings\Heath\Cookies\heath@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected H:\Documents and Settings\Heath\Cookies\heath@statcounter[1].txt
Spyware:Cookie/Target Not disinfected H:\Documents and Settings\Heath\Cookies\heath@target[1].txt
Spyware:Cookie/Toplist Not disinfected H:\Documents and Settings\Heath\Cookies\heath@toplist[1].txt
Spyware:Cookie/Tribalfusion Not disinfected H:\Documents and Settings\Heath\Cookies\heath@tribalfusion[1].txt
Spyware:Cookie/Tucows Not disinfected H:\Documents and Settings\Heath\Cookies\heath@tucows[2].txt
Spyware:Cookie/Advnt Not disinfected H:\Documents and Settings\Heath\Cookies\heath@www.advnt01[1].txt
Spyware:Cookie/Xiti Not disinfected H:\Documents and Settings\Heath\Cookies\heath@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected H:\Documents and Settings\Heath\Cookies\heath@xmts[2].txt
Spyware:Cookie/Adserver Not disinfected H:\Documents and Settings\Heath\Cookies\heath@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected H:\Documents and Settings\Heath\Cookies\heath@zedo[2].txt
Potentially unwanted tool:Application/Processor Not disinfected H:\Program Files\smitRem\smitRem\Process.exe
popculturepooka
2006-03-21, 12:56
And lastly, a HJT log after I did all these things
Logfile of HijackThis v1.99.1
Scan saved at 7:15:38 PM, on 21/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Norton Internet Security\ISSVC.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\CTsvcCDA.EXE
H:\Program Files\ewido anti-malware\ewidoctrl.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\Program Files\ULI5289\ALi5289.exe
H:\Program Files\ULI5289\JMAP5289.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Hijackthis\HijackThis.exe
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - H:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ALi5289] H:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [JMAP5289] H:\Program Files\ULI5289\JMAP5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigPond] "G:\5100.exe" -r
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] H:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://h:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://h:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///H:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://h:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://h:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://h:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://h:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///H:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///H:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///H:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - H:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - H:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - H:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - H:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - H:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - H:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
popculturepooka
2006-03-21, 13:45
One more thing
Of these files the guides say to remove:
C :\Windows\System32\dxmpp.dll
C:\Windows\System32\ginuerep.dll
C:\Program Files\SpyFalcon\
While in safe mode, the only one I get is ginurep.dll, which keeps coming back.
I do go into safe mode via administrator and have hidden files et al turned on.
CalamityJane
2006-03-23, 23:46
Hi popculturepooka,
I'm reviewing all your logs, but here are some things I'd like you to do if you haven't already:
If you had SpyFalcon, you will also need to download this file and save it to your desktop
Download FixSF.reg by right clicking here
http://www.bleepingcomputer.com/files/reg/FixSF.reg
and selecting "save target as" (or if using Firefox - "save link as")
Go to your desktop and double click on the FixSF.reg file that you downloaded earlier. When it asks if you would like to merge the information, press the Yes button and then the OK button.
.......................
The latest Spybot updates dated 3/19 included: SpyFalcon + Vcodec
Your run with Spybot was using the 3/10 updates.
Open Spybot and click on *Search for Updates* You should find new definitions available. Please download and install the updates. Reboot into safe mode. Run Spybot and let it *fix* any new problems found, if any.
Search for then see if you can delete:
C:\Windows\System32\ginuerep.dll
Reboot back into normal mode and post a fresh HijackThis log and let me know what problems you may see remaining?
popculturepooka
2006-03-24, 23:14
Hi popculturepooka,
I'm reviewing all your logs, but here are some things I'd like you to do if you haven't already:
If you had SpyFalcon, you will also need to download this file and save it to your desktop
Download FixSF.reg by right clicking here
http://www.bleepingcomputer.com/files/reg/FixSF.reg
and selecting "save target as" (or if using Firefox - "save link as")
Go to your desktop and double click on the FixSF.reg file that you downloaded earlier. When it asks if you would like to merge the information, press the Yes button and then the OK button.
.......................
The latest Spybot updates dated 3/19 included: SpyFalcon + Vcodec
Your run with Spybot was using the 3/10 updates.
Open Spybot and click on *Search for Updates* You should find new definitions available. Please download and install the updates. Reboot into safe mode. Run Spybot and let it *fix* any new problems found, if any.
Search for then see if you can delete:
C:\Windows\System32\ginuerep.dll
Reboot back into normal mode and post a fresh HijackThis log and let me know what problems you may see remaining?
Hey Jane.
Hmmm did all that. Everything seemed fine for most of yesterday.
Turned on this morning and instead of Spy Falcon, I now have Spyware Quake on here.
S&D even caught vcodec properly.
Logfile of HijackThis v1.99.1
Scan saved at 7:08:09 AM, on 25/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Norton Internet Security\ISSVC.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\CTsvcCDA.EXE
H:\Program Files\ewido anti-malware\ewidoctrl.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\Program Files\ULI5289\ALi5289.exe
H:\Program Files\ULI5289\JMAP5289.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
H:\WINDOWS\system32\mssearchnet.exe
H:\WINDOWS\system32\nvctrl.exe
H:\WINDOWS\system32\rundll32.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Hijackthis\HijackThis.exe
H:\Program Files\Messenger\msmsgs.exe
O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - H:\WINDOWS\system32\hp2AB.tmp
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - H:\Program
Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton
Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ALi5289] H:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [JMAP5289] H:\Program Files\ULI5289\JMAP5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigPond] "G:\5100.exe" -r
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] H:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpywareQuake] H:\Program Files\SpywareQuake\SpywareQuake.exe /h
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
/R
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0
\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://h:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://h:\program
files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///H:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://h:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://h:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11
\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://h:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://h:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///H:\Program Files\Yahoo!
\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///H:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///H:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - H:\Program
Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2
\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1
\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1
\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - H:\Program Files\Common
Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Program
Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32
\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - H:\Program Files\ewido anti-
malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program
Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - H:\Program Files\Norton Internet
Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation -
H:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - H:\Program Files\Norton Internet Security\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - H:\PROGRA~1\COMMON~1
\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Program
Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - H:\Program Files\Common
Files\Symantec Shared\SPBBC\SPBBCSvc.exe
CalamityJane
2006-03-25, 01:17
ARRG! :banghead:
Please run the Kaspersky free online scan (do a full system scan)
http://www.kaspersky.com/virusscanner
Save the log at the end and copy it back here. It's too large, please put the log into a zip file and attach the log to your reply (under *Additional Options* "manage attachments" in the reply screen - you'll have to scroll down to see it when preparing your reply)
KAV will not be able to clean it but the log will useful to identify what files it finds and we can go from there.
CalamityJane
2006-03-25, 01:18
Also, could you go ahead and attach the report from Spybot where it caught Vcodec? I'd like to see that
CalamityJane
2006-03-25, 01:55
Ooops, I meant to have you fix these in HijackThis:
O4 - HKLM\..\Run: [ALi5289] H:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [JMAP5289] H:\Program Files\ULI5289\JMAP5289.exe
Then go here and scan those two files. Copy the report at the end and post the results back here:
Jotti Malware Scan
http://virusscan.jotti.org/
or here:
Virus Total
http://www.virustotal.com/
popculturepooka
2006-03-25, 10:18
Ok... heres the results of the scans on those two files, which are part of my Ali Raid Manager software that my HD needs or something.
File: ALi5289.exe
Status: OK
MD5 d3220918715f33a0ef3af790d7e1e32b
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
This is a report processed by VirusTotal on 03/25/2006 at 09:12:57 (CET) after scanning the file "ALi5289.exe" file.
Antivirus Version Update Result
AntiVir 6.34.0.14 03.24.2006 no virus found
Avast 4.6.695.0 03.25.2006 no virus found
AVG 386 03.24.2006 no virus found
Avira 6.34.0.54 03.24.2006 no virus found
BitDefender 7.2 03.25.2006 no virus found
CAT-QuickHeal 8.00 03.24.2006 no virus found
ClamAV devel-20060202 03.24.2006 no virus found
DrWeb 4.33 03.25.2006 no virus found
eTrust-InoculateIT 23.71.111 03.25.2006 no virus found
eTrust-Vet 12.4.2133 03.24.2006 no virus found
Ewido 3.5 03.24.2006 no virus found
Fortinet 2.71.0.0 03.25.2006 no virus found
F-Prot 3.16c 03.23.2006 no virus found
Ikarus 0.2.59.0 03.24.2006 no virus found
Kaspersky 4.0.2.24 03.25.2006 no virus found
McAfee 4726 03.24.2006 no virus found
NOD32v2 1.1458 03.24.2006 no virus found
Norman 5.70.10 03.24.2006 no virus found
Panda 9.0.0.4 03.25.2006 no virus found
Sophos 4.04.0 03.24.2006 no virus found
Symantec 8.0 03.25.2006 no virus found
TheHacker 5.9.7.119 03.24.2006 no virus found
UNA 1.83 03.23.2006 no virus found
VBA32 3.10.5 03.24.2006 no virus found
File: JMAP5289.exe
Status: OK
MD5 1555eb3704b4af074aa03a24e461861a
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
This is a report processed by VirusTotal on 03/25/2006 at 09:16:32 (CET) after scanning the file "JMAP5289.exe" file.
Antivirus Version Update Result
AntiVir 6.34.0.14 03.24.2006 no virus found
Avast 4.6.695.0 03.25.2006 no virus found
AVG 386 03.24.2006 no virus found
Avira 6.34.0.54 03.24.2006 no virus found
BitDefender 7.2 03.25.2006 no virus found
CAT-QuickHeal 8.00 03.24.2006 no virus found
ClamAV devel-20060202 03.24.2006 no virus found
DrWeb 4.33 03.25.2006 no virus found
eTrust-InoculateIT 23.71.111 03.25.2006 no virus found
eTrust-Vet 12.4.2133 03.24.2006 no virus found
Ewido 3.5 03.24.2006 no virus found
Fortinet 2.71.0.0 03.25.2006 no virus found
F-Prot 3.16c 03.23.2006 no virus found
Ikarus 0.2.59.0 03.24.2006 no virus found
Kaspersky 4.0.2.24 03.25.2006 no virus found
McAfee 4726 03.24.2006 no virus found
NOD32v2 1.1458 03.24.2006 no virus found
Norman 5.70.10 03.24.2006 no virus found
Panda 9.0.0.4 03.25.2006 no virus found
Sophos 4.04.0 03.24.2006 no virus found
Symantec 8.0 03.25.2006 no virus found
TheHacker 5.9.7.119 03.24.2006 no virus found
UNA 1.83 03.23.2006 no virus found
VBA32 3.10.5 03.24.2006 no virus found
I'll have the search and destroy and Kapersky logs in a jiffy.
popculturepooka
2006-03-25, 12:35
Heres the Kapersky and Search And Destroy logs.
Even afte S&D scanned and removed Vcodec (needed a restart to do so), Spyware Quake 2.0 opened as soon as Windows logged in.
popculturepooka
2006-03-25, 16:46
I may have it under control.
I checked the files that the kapersky scan showed, fed them though viruscan and virustotal and they all had trojans in them.
Funilly, Spyware Quake, like Spy Falcon, tried to mask itself as a legit anti spyware program, and because of that, in its window it showed a list of 'infected' files and reg keys.
However, the infected files and reg keys matched what kapersky mentioned as well as confirming some odd registry things I noted a few days ago while reasearching this issue.
So I first downloaded Killbox.
Then went to safe mode, ran smit and S&D then went into H:/Windows/system32 and used killbox to nail dfrgsrv.exe.
Between S&D and smitrem, nvctrl.exe and mssearnet.exe were already gone.
Also uninstalled Spyware Quake.
On a restart I noticed that killbox nailed all the files I asked it too, but Quake still opened.
I went into regedit and deleted the reg keys that quake istelf gave out (they all matched bad reg edits that other solutions I've seen mentioned, as well as having descriptions refering to spy falcon, vcodec, spyware quake, nvctrl, mssearchnet and dfrgsrv. I deleted them all.
Also uninstalled netscape and deleted them temp files, as it was via netscape that my brother got vcodec.
Also used killbox to delete the other infected files that kapersky revealed.
Did a restart and Spyware Quake didn't open.
Did a once over with S&D and didn't get anything (this time vcodec didnt come up).
Looks clean right now and nothing else has revealed itself.
Might be good too go.
Hopefully.
CalamityJane
2006-03-25, 16:57
Ok, you beat me to it then...as I saw these need to be done:
Remove SpywareQuake in Add/Remove programs via the Control panel
Delete infected emails in Thunderbird inbox
Clear your cache in Netscape
Delete these files found infected on the KAV scan
H:\WINDOWS\system32\dfrgsrv.exe
H:\WINDOWS\system32\ldA604.tmp
H:\WINDOWS\system32\mssearchnet.exe
H:\Documents and Settings\Heath\My Documents\122903.exe
Repeat the Smitfraud removal instructions:
http://forums.spybot.info/showthread.php?t=1958
You are actively engaged in an identical thread at Short Media?
http://www.short-media.com/forum/showthread.php?t=43740
It's somewhat unproductive to be having two of us looking at the same thing. You will get different instructions and different tools mixed up. I can't keep up with what you are doing in two threads. What other forums have you posted all this in? And which one are you going stick with because it's waste of our time if you are following instructions elsewhere.
But I'm glad you think you have it resolved. Just please let other forums know so that it's not wasting our time all looking at the same thing.
CalamityJane
2006-03-25, 18:44
download Silent Runner's to get a log please.
http://www.silentrunners.org/Silent%20Runners.zip
* Save it to the desktop and unzip it.
* Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
* You will get a prompt asking about performing supplementary searches.
* Click "No" at that prompt.
* You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
* Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
CalamityJane
2006-03-25, 19:17
@shank_s, I have moved your post to it's own topic. We can't work more than one person's logs per topic as it would be too confusing. Click the following to find your new topic with your log:
http://forums.spybot.info/showthread.php?t=3227
You are actively engaged in an identical thread at Short Media?
http://www.short-media.com/forum/showthread.php?t=43740
It's somewhat unproductive to be having two of us looking at the same thing. You will get different instructions and different tools mixed up. I can't keep up with what you are doing in two threads. What other forums have you posted all this in? And which one are you going stick with because it's waste of our time if you are following instructions elsewhere.
But I'm glad you think you have it resolved. Just please let other forums know so that it's not wasting our time all looking at the same thing.
Indeed, and this topic is closed.