View Full Version : Help removing Vcodec and removing SpyFalcon Forever
Hi.
I recently got vcodec on my machine via an act of rampant stupidity on my brother and his friends behalf.
Since then I have been having spy falcon continuously reinstall on here.
I have followed this guide:
http://www.short-media.com/forum/showthread.php?t=42678
And various others around the net that offer the same ideas, eg use smitrem, ewido, panda etc.
Done it numerous times and each time spyfalcon gets removed fine. Most of the guides however are about removing spy falcon, not the vcodec trojan itself.
But for some reason vcodec is still on my machine and refuses to leave. Spybot search and destroy continuously picks it up and other timesit seems to just activate and reinstall spy falcon.
Here is the newest HJT log. I will also post the newest smitrem and spybot logs in a following post.
Basically, how do I kill vcodec?
EDIT: Just a note. Because of some bizareness when I got my computer, my primary HD is H: not C:. Thanks.
Logfile of HijackThis v1.99.1
Scan saved at 7:01:41 PM, on 19/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Norton Internet Security\ISSVC.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\CTsvcCDA.EXE
H:\Program Files\ewido anti-malware\ewidoctrl.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\Program Files\ULI5289\ALi5289.exe
H:\Program Files\ULI5289\JMAP5289.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - H:\Program
Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton
Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ALi5289] H:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [JMAP5289] H:\Program Files\ULI5289\JMAP5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigPond] "G:\5100.exe" -r
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] H:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
/R
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0
\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://h:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://h:\program
files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///H:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://h:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://h:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11
\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://h:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://h:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///H:\Program Files\Yahoo!
\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///H:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///H:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - H:\Program
Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2
\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1
\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1
\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - H:\Program Files\Common
Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Program
Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32
\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - H:\Program Files\ewido anti-
malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program
Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - H:\Program Files\Norton Internet
Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation -
H:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - H:\Program Files\Norton Internet Security\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - H:\PROGRA~1\COMMON~1
\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Program
Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - H:\Program Files\Common
Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Here is the most recent smitrem log:
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Sun 19/03/2006
The current time is: 18:10:31.06
Running from
H:\Documents and Settings\Heath\My Documents\Spyware\smitRem\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
Online Security Guide.url
Security Troubleshooting.url
~~~ Favorites ~~~
Antivirus Test Online.url
~~~ system32 folder ~~~
1024 dir
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
hp***.tmp
logfiles
~~~ Icons in System32 ~~~
ts.ico
ot.ico
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 712 'explorer.exe'
Killing PID 712 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN! :)
And the most recent ewido log:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 7:33:07 AM, 18/03/2006
+ Report-Checksum: 82DE2103
+ Scan result:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpyFalcon -> Adware.SpyFalcon : Cleaned with backup
HKU\S-1-5-21-823518204-1844237615-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Cleaned with backup
:mozilla.29:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.43:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.61:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.62:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.72:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.88:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.93:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.94:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.95:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.96:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.110:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.128:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.167:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.168:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.186:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.187:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.190:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.191:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.194:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.224:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.225:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.247:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Ne : Cleaned with backup
:mozilla.249:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Ne : Cleaned with backup
:mozilla.267:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.285:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.296:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.297:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.315:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.317:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.318:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.320:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.321:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.324:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.325:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.326:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.327:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.328:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.329:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.330:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.331:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.332:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.333:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.334:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.335:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.342:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.393:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.394:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.395:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.396:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.399:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.461:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup
:mozilla.512:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.518:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.593:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.594:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.619:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.620:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.681:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.691:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.696:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.697:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.707:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.716:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.742:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.748:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.754:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.755:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.761:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.762:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.783:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.784:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.785:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.788:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.789:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.790:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.791:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.793:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.811:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.815:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.816:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.817:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.818:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.819:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.820:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.821:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.822:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.823:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.824:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.825:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.826:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.827:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.828:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.829:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.838:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.839:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.841:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.843:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.844:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.845:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.849:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.855:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.858:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.859:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.860:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.861:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.862:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.863:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.867:H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@ads15.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@bigpond.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@cartoonnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@cnetasiapacific.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@cneteurope.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@com[2].txt -> TrackingCookie.Com : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wfkikncpwcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wfkiwhczklo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wfkogpcpoko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wfkygjdpsbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wfl4kmdzggq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wflicjd5aeo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wflicpdjmbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wfliuhdjiko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wflokhc5kao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wfmiujdjefo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wgk4qkdjodp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wgkoemcpwdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjk4anc5ilp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjk4gnc5maq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjk4kpdjcep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjkoolczocq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjkoqjdpwdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjkoqpd5eco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjkouicjmep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjkycid5wdo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjkyomcjabq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjkyslc5who.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjlicgc5ggo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjlieodjwgo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjlioocjmlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjliqidjwho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjlispcpseo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjloegczakp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjlogpcjafo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjlyand5ikq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjlygicpogp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjlywkczggp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjlywlajsap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjmiegazcdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjmiunajgcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjmyandjifp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjny-1sbzmf.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjnyohcpsep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@e-2dj6wjnywkajihp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@ford.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@gateway.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@maxis.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@meetupcom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@news.com[1].txt -> TrackingCookie.Com : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@valueclick.ne[2].txt -> TrackingCookie.Ne : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
H:\Documents and Settings\Heath\Cookies\heath@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
H:\Documents and Settings\Heath\My Documents\My Received Files\PowerArchiver\twk-powerarchiver95028final.exe -> Downloader.VB.ts : Cleaned with backup
H:\Documents and Settings\Heath\My Documents\My Received Files\PowerArchiver.zip/twk-powerarchiver95028final.exe -> Downloader.VB.ts : Cleaned with backup
H:\Program Files\PowerArchiver\twk-powerarchiver95028final.exe -> Downloader.VB.ts : Cleaned with backup
::Report End
No one can help me?
Is there anything else I should post?
The past few days I havent had spy falcon open, but still get a browser hijack taking me to http://www.securitysafeguards.net/ and also pop ups.
Anyone? Please?
Trogan
21 Mar 2006, 5:29pm
Sorry for the delay. Could you post a new HJT log please? Has SpyFalcon been removed?
Pooka
21 Mar 2006, 11:11pm
Surely can post a new one
With regards to Spy Falcon, each time I use the guides, it seems to be removed, but will occasionally reinstall itself as I use my computer.
Logfile of HijackThis v1.99.1
Scan saved at 9:09:35 AM, on 22/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Norton Internet Security\ISSVC.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\CTsvcCDA.EXE
H:\Program Files\ewido anti-malware\ewidoctrl.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\Program Files\ULI5289\ALi5289.exe
H:\Program Files\ULI5289\JMAP5289.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Hijackthis\HijackThis.exe
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - H:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ALi5289] H:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [JMAP5289] H:\Program Files\ULI5289\JMAP5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigPond] "G:\5100.exe" -r
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] H:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://h:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://h:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///H:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://h:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://h:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://h:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://h:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///H:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///H:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///H:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - H:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - H:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - H:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - H:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - H:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - H:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Trogan
22 Mar 2006, 1:32am
I would like you to upload the following file to Jotti so it can be scanned.
Please go to Jotti's malware scan (http://virusscan.jotti.org/)
Copy and paste the following file path into the "File to upload & scan" box on the top of the page:
G:\5100.exe
Click on the submit button
Please post the results in your next reply.
I would like you to upload the following file to Jotti so it can be scanned.
Please go to Jotti's malware scan (http://virusscan.jotti.org/)
Copy and paste the following file path into the "File to upload & scan" box on the top of the page:
G:\5100.exe
Click on the submit button
Please post the results in your next reply.
I can't seem to upload the file to that site.
However, I know what it is. Its a file from my ISP that their tech support had me download that installs their crappy connection shell that interferes with my router. Been there for months now.
My ISP is Telstra BigPond Cable, an australian company.
Trogan
22 Mar 2006, 4:38am
Alright! At least that file is not a baddie :D
Your log is clean.
Hopefully now SpyFalcon won't come back and should not come back. I would suggest visiting Windows Update and download any new updates that are available.
Apart from that, are you having any other problems?
Alright! At least that file is not a baddie :D
Your log is clean.
Hopefully now SpyFalcon won't come back and should not come back. I would suggest visiting Windows Update and download any new updates that are available.
Apart from that, are you having any other problems?
Haven't had any today. Was the first clean day.
Yesterday I didn't get Spy Falcon, but got some browser hi jacking.
Trogan
22 Mar 2006, 7:49pm
Want to post a new HJT log?
=====
To help protect your system from hostile ActiveX content, or special 'downloadable' files:
Download, install and keep updated, SpywareBlaster (http://www.javacoolsoftware.com/sbdownload.html). If you've installed it for the first time:
1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.
-
Note: Remember to regularly check for updates.
Pooka
23 Mar 2006, 12:26am
Hmm Spy Falcon came back again today. As soon as the computer turned on in fact.
Not sure what keeps reinstalling it.
Logfile of HijackThis v1.99.1
Scan saved at 10:25:52 AM, on 23/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Norton Internet Security\ISSVC.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\CTsvcCDA.EXE
H:\Program Files\ewido anti-malware\ewidoctrl.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\Program Files\ULI5289\ALi5289.exe
H:\Program Files\ULI5289\JMAP5289.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
H:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
H:\WINDOWS\system32\nvctrl.exe
H:\WINDOWS\system32\rundll32.exe
H:\WINDOWS\system32\mssearchnet.exe
H:\Program Files\SpyFalcon\SpyFalcon.exe
H:\Program Files\SpyFalcon\SpyFalcon.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - H:\WINDOWS\system32\hpA193.tmp
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - H:\Program
Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton
Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ALi5289] H:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [JMAP5289] H:\Program Files\ULI5289\JMAP5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigPond] "G:\5100.exe" -r
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] H:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpyFalcon] H:\Program Files\SpyFalcon\SpyFalcon.exe /h
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
/R
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0
\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://h:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://h:\program
files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///H:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://h:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://h:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11
\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://h:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://h:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///H:\Program Files\Yahoo!
\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///H:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///H:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - H:\Program
Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2
\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1
\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1
\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - H:\Program Files\Common
Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Program
Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32
\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - H:\Program Files\ewido anti-
malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program
Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - H:\Program Files\Norton Internet
Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation -
H:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - H:\Program Files\Norton Internet Security\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - H:\PROGRA~1\COMMON~1
\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Program
Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - H:\Program Files\Common
Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Trogan
23 Mar 2006, 2:01am
Could you follow the removal instructions again for SpyFalcon, please.
After that, visit Windows Update and make sure you download any available updates.
Please post the logs after removing SpyFalcon :)
Ok...
Done all that.
Heres the relevant logs:
SMITREM!
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Thu 03/23/2006
The current time is: 10:41:21.89
Running from
H:\Program Files\smitRem\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}"="Prestige Software"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
1024 dir
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
hp***.tmp
~~~ Icons in System32 ~~~
ts.ico
ot.ico
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 748 'explorer.exe'
Killing PID 748 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}"="Prestige Software"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN! :)
--- Search result list ---
Smitfraud-C.: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\nvctrl.exe
PestTrap: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}
Elitum.EliteBar: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JM5289
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-12-21 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-03-10 Includes\Cookies.sbi (*)
2006-03-10 Includes\Dialer.sbi (*)
2006-03-10 Includes\Hijackers.sbi (*)
2006-03-10 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-03-10 Includes\Malware.sbi (*)
2006-03-10 Includes\PUPS.sbi (*)
2006-03-10 Includes\Revision.sbi (*)
2006-03-10 Includes\Security.sbi (*)
2006-03-10 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-03-10 Includes\Trojans.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
--- Startup entries list ---
Located: HK_LM:Run, ALi5289
command: H:\Program Files\ULI5289\ALi5289.exe
file: H:\Program Files\ULI5289\ALi5289.exe
size: 405504
MD5: d3220918715f33a0ef3af790d7e1e32b
Located: HK_LM:Run, ATIPTA
command: H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 339968
MD5: c4708c52ac71338b49334c972de96682
Located: HK_LM:Run, BigPond
command: "G:\5100.exe" -r
file:
Located: HK_LM:Run, ccApp
command: "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: H:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 58992
MD5: e5f9b0314442ea5816518c64b02f10a2
Located: HK_LM:Run, JMAP5289
command: H:\Program Files\ULI5289\JMAP5289.exe
file: H:\Program Files\ULI5289\JMAP5289.exe
size: 28672
MD5: 1555eb3704b4af074aa03a24e461861a
Located: HK_LM:Run, NeroFilterCheck
command: H:\WINDOWS\system32\NeroCheck.exe
file: H:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90
Located: HK_LM:Run, NWEReboot
command:
file:
Located: HK_LM:Run, QuickTime Task
command: "H:\Program Files\QuickTime\qttask.exe" -atboottime
file: H:\Program Files\QuickTime\qttask.exe
size: 155648
MD5: 216b3acc656cda8a5a0c3071ec0a408b
Located: HK_LM:Run, RemoteControl
command: "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
file: H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
size: 32768
MD5: 915a106a2fb87292cef0ad4f36adf313
Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: H:\WINDOWS\SOUNDMAN.EXE
size: 68096
MD5: f0eeed52fc29bec6e917cab2788148b2
Located: HK_LM:Run, SunJavaUpdateSched
command: H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61a3a9d5d98bf0331df5b716144a8100
Located: HK_LM:Run, Symantec NetDriver Monitor
command: H:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: H:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5
Located: Startup (common), Adobe Reader Speed Launch.lnk
command: H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0
Located: System.ini, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} ()
BHO name:
CLSID name:
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: H:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 12/21/2005 8:22:18 AM
Date (last access): 3/23/2006 10:47:04 AM
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0
--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: H:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 3/21/2006 6:57:58 PM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: H:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab
description:
classification: Open for discussion
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: H:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 12/19/2005 1:35:32 PM
Date (last access): 3/23/2006 10:28:54 AM
Date (last write): 12/19/2005 1:35:32 PM
Filesize: 135168
Attributes: archive
MD5: 20C07B231040B49AFCE82397BFC35F9C
CRC32: 9301377D
Version: 58.4.0.0
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)
DPF name:
CLSID name: MsnMessengerSetupDownloadControl Class
Installer: H:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.inf
Codebase: http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
description:
classification: Legitimate
known filename: MsnMessengerSetupDownloader.ocx
info link:
info source: Safer Networking Ltd.
Path: H:\WINDOWS\Downloaded Program Files\
Long name: MsnMessengerSetupDownloader.ocx
Short name: MSNMES~1.OCX
Date (created): 8/14/2005 12:26:04 AM
Date (last access): 3/23/2006 10:28:54 AM
Date (last write): 8/14/2005 12:26:04 AM
Filesize: 113664
Attributes: archive
MD5: C403792A3FF639C215067D5AA680C482
CRC32: 7CD0769A
Version: 1.0.0.3
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: H:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 3/23/2006 10:53:52 AM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: H:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 3/23/2006 10:53:52 AM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: H:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: H:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8a.ocx
Short name:
Date (created): 1/2/2006 11:13:28 AM
Date (last access): 3/23/2006 10:44:08 AM
Date (last write): 1/2/2006 11:13:28 AM
Filesize: 1443464
Attributes: readonly archive
MD5: 3066BB99502AE33AE44F17954AF56B8F
CRC32: 658FAE72
Version: 8.0.24.0
--- Process list ---
PID: 0 ( 0) [System]
PID: 128 ( 4) \SystemRoot\System32\smss.exe
PID: 176 ( 128) \??\H:\WINDOWS\system32\csrss.exe
PID: 200 ( 128) \??\H:\WINDOWS\system32\winlogon.exe
PID: 244 ( 200) H:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 256 ( 200) H:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 400 ( 244) H:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 444 ( 244) H:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 484 ( 244) H:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2016 (1000) H:\WINDOWS\explorer.exe
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 608 (2016) H:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/23/2006 10:53:51 AM
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{81338BA4-E89C-4A3B-BE40-16C2907A2F89}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{81338BA4-E89C-4A3B-BE40-16C2907A2F89}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF89EB6C-6245-4368-B34C-52E7A37FCA60}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF89EB6C-6245-4368-B34C-52E7A37FCA60}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{36B7BE34-FB31-4861-89F5-9487FDCD83BA}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{36B7BE34-FB31-4861-89F5-9487FDCD83BA}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0D6247E-B359-4FAD-B63A-F2EE1BF1C8C3}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E0D6247E-B359-4FAD-B63A-F2EE1BF1C8C3}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: H:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE H:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com
(AddressBook)
Adobe Photoshop CS2 9.0 (Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D})
version: 9
version (major): 9
install location: H:\Program Files\Adobe\Adobe Photoshop CS2\
uninstall cmd: msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
publisher: Adobe Systems, Inc.
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-555-555-4505
ALi mini IDE driver (ALiminiIDE)
uninstall cmd: H:\WINDOWS\System32\ALi5minst.exe H:\WINDOWS\inf\mshdc.inf PCI\VEN_10B9&DEV_5229 1
ATI - Software Uninstall Utility 6.14.10.1009 (All ATI Software)
uninstall cmd: H:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Allofmp3 Explorer 2.3.17.404 (Allofmp3 Explorer)
uninstall cmd: H:\PROGRA~1\MEDIAS~1\Allofmp3\UNWISE.EXE H:\PROGRA~1\MEDIAS~1\Allofmp3\INSTALL.LOG
publisher: MediaServices
help link: http://www.allofmp3.com/explorer.shtml
ATI Display Driver 8.03-040610a-016800C-Asus (ATI Display Driver)
uninstall cmd: rundll32 H:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
(Branding)
(CADI)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
CEP3 - Color Enable Package 3 3.3b (CEP3 - Colour Options for The Sims 2_is1)
uninstall cmd: "H:\WINDOWS\unins000.exe"
publisher: Numenor, for ModTheSims2
help link: http://www.modthesims2.com/showthread.php?t=92541
(Connection Manager)
(Creative Audio CD Ripper)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9 /remove
(Creative Audio Device Selection)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
(Creative Import Wizard)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x9 /remove
Creative Jukebox Driver (Creative Jukebox Driver)
uninstall cmd: H:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
(Creative MediaSource)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
(Creative MediaSource CD-ROM Burner Plugin)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
(Creative MediaSource Detector)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
(Creative MediaSource NOMAD Jukebox 2/3/Zen Plugin)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
(Creative MediaSource NOMAD MuVo Plugin)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
(Creative MediaSource Player Skin Pack)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
Creative Removable Disk Manager (Creative Removable Disk Manager)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
(Creative Sync Manager)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
(Creative Zen)
(DirectAnimation)
(DirectDrawEx)
(DXM_Runtime)
eMedia Codec 4.0 4.0 (eMedia Codec)
uninstall cmd: H:\Program Files\eMedia Codec\uninst.exe
publisher: eMedia Codec Software
ewido anti-malware (ewidoantimalware)
install location: H:\Program Files\ewido anti-malware
uninstall cmd: H:\Program Files\ewido anti-malware\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net
(Fontcore)
Google Video Player (GoogleVideoPlayer)
uninstall cmd: "H:\Program Files\Google\Google Video Player\Uninstall.exe"
HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: H:\Program Files\Hijackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.
Hijackthis 1.99.1 (Hijackthis_is1)
install location: H:\Program Files\Hijackthis\
uninstall cmd: "H:\Program Files\Hijackthis\unins000.exe"
publisher: Soeperman Enterprises Ltd
help link: http://www.merijn.org
(ICW)
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
(InstallShield Uninstall Information)
QuickTime 7.0.3 (InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083})
version: 117440515
version (major): 7
estimated size: 62919
install date: 20051220
install location: H:\Program Files\QuickTime\
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\_is28A\
uninstall cmd: H:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273
IrfanView (remove only) (IrfanView)
uninstall cmd: H:\Program Files\IrfanView\iv_uninstall.exe
Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: H:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339
(KB884016)
Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: H:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250
Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: H:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835
Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: H:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836
Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: H:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185
Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: H:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472
Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: H:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742
Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: H:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113
Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: H:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302
Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046
Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859
Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: H:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781
Security Update for Windows XP (KB893066) 2 (KB893066)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066
Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756
(KB893803)
Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "H:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467
Update for Windows XP (KB894391) 1 (KB894391)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391
Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358
Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422
Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423
Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424
Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428
Update for Windows XP (KB898461) 1 (KB898461)
install date: 20060209
uninstall cmd: "H:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461
Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587
Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591
Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725
Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017
Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214
Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400
Security Update for Windows XP (KB904706) 2 (KB904706)
install date: 20060211
uninstall cmd: "H:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706
Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414
Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20060212
uninstall cmd: "H:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749
Security Update for Windows XP (KB905915) 1 (KB905915)
install date: 20060211
uninstall cmd: "H:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915
Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060211
uninstall cmd: "H:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519
Update for Windows XP (KB910437) 1 (KB910437)
install date: 20060211
uninstall cmd: "H:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437
Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060211
uninstall cmd: "H:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919
Lame ACM MP3 Codec (LameACM)
uninstall cmd: H:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 H:\WINDOWS\INF\LameACM.inf
LiveReg (Symantec Corporation) 3.0.0 (LiveReg)
install location: H:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: H:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
publisher: Symantec Corporation
LiveUpdate 2.5 (Symantec Corporation) 2.5.55.0 (LiveUpdate)
install location: H:\Program Files\Symantec\LiveUpdate
uninstall cmd: H:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation
mIRC (mIRC)
uninstall cmd: "H:\Program Files\mIRC\mirc.exe" -uninstall
(MobileOptionPack)
Mozilla Thunderbird (1.0.7) 1.0.7 (en) (Mozilla Thunderbird (1.0.7))
install location: H:\Program Files\Mozilla Thunderbird
uninstall cmd: H:\WINDOWS\UninstallThunderbird.exe /ua "1.0.7 (en)"
publisher: Mozilla
(MPlayer2)
(MSI30-Beta1)
(MSI30-Beta2)
(MSI30-KB884016)
(MSI30-RC1)
(MSI30-RC2)
(MSI30a-KB884016)
(MSI31-Beta)
(MSI31-RC1)
MSN Music Assistant (MSN Music Assistant)
uninstall cmd: rundll32 advpack.dll,LaunchINFSection H:\WINDOWS\INF\msninst.inf,Uninstall
(Nero - Burning Rom!UninstallKey)
uninstall cmd: H:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Suite (NeroMultiInstaller!UninstallKey)
uninstall cmd: H:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
(NetMeeting)
Netscape Browser (remove only) (Netscape Browser)
uninstall cmd: "H:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
(OutlookExpress)
Panda ActiveScan (Panda ActiveScan)
uninstall cmd: H:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
publisher: Panda Software S.L.
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 H:\WINDOWS\INF\PCHealth.inf
PowerArchiver 2006 v9.50 9.50 (PowerArchiver_is1)
install location: H:\Program Files\PowerArchiver\
uninstall cmd: "H:\Program Files\PowerArchiver\unins000.exe"
publisher: ConeXware, Inc.
help link: http://www.powerarchiver.com
QuadSucker/Web v3.0 3.0 (QuadSucker/Web_is1)
uninstall cmd: "H:\Program Files\QuadWeb\unins000.exe"
publisher: SB-Software
(SchedulingAgent)
(Sevinst)
Shareaza version 2.2.1.0 2.2.1.0 (Shareaza_is1)
install location: H:\Program Files\Shareaza\
uninstall cmd: "H:\Program Files\Shareaza\Uninstall\unins000.exe"
publisher: Shareaza Development Team
comments: Shareaza Ultimate File Sharing
help link: http://www.shareaza.com/?id=support
Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection H:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/
Sims2Pack Clean Installer (Sims2Pack Clean Installer )
uninstall cmd: H:\Program Files\Sims2Pack Clean Installer\uninstall.exe
Skype 2.0 2.0 (Skype_is1)
install location: H:\Program Files\Skype\Phone\
uninstall cmd: "H:\Program Files\Skype\Phone\unins000.exe"
publisher: Skype Software S.A.
help link: http://ui.skype.com/ui/0/2.0.0.69/en/help
Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: H:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "H:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
SpywareBlaster v3.5.1 3.5.1 (SpywareBlaster_is1)
install location: H:\Program Files\SpywareBlaster\
uninstall cmd: "H:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC
Norton Internet Security 2005 (Symantec Corporation) 8.0.0.64 (SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20})
install location: H:\Program Files\Norton Internet Security
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1
uninstall cmd: H:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
publisher: Symantec Corporation
Creative System Information (SysInfo)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Themexp.org File (Themexp.org File)
uninstall cmd: H:\PROGRA~1\themexp\THEMEX~1.ORG\UNWISE.EXE H:\PROGRA~1\themexp\THEMEX~1.ORG\INSTALL.LOG
Trillian (Trillian)
uninstall cmd: H:\Program Files\Trillian\trillian.exe /uninstall
UltraSucker/Web v3.0 3.0 (UltraSucker/Web_is1)
uninstall cmd: "H:\Program Files\UltraWeb\unins000.exe"
publisher: SB-Software
VGA USB Camera (VGA USB Camera)
uninstall cmd: H:\WINDOWS\CleanDev.exe H:\WINDOWS\ov519.TXT
Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "H:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 (Windows Media Player)
uninstall cmd: "H:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
World of Warcraft (World of Warcraft)
uninstall cmd: H:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! extras (Yahoo! Customizations)
uninstall cmd: H:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Internet Mail (Yahoo! Internet Mail)
uninstall cmd: H:\WINDOWS\system32\regsvr32 /u /s H:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger (Yahoo! Messenger)
uninstall cmd: H:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE H:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Install Manager (YInstHelper)
uninstall cmd: H:\WINDOWS\system32\regsvr32 /u H:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
(Zen Media Explorer)
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9D35DFD7-DED3-4D49-8293-C9D82DA322FB}\setup.exe" -l0x9 /remove
Morrowind ({055A1919-3BBA-4BD5-8B3C-3851879AC185})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\Bethesda Softworks\Morrowind\MWUninstall\Setup.exe" -l0x9
3.00 ({0B095086-7205-4D48-90DF-DCD16613C6D4})
version: 50331648
install location: H:\Program Files\Creative\MediaSource\Detector
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
ATI Control Panel 6.14.10.5113 ({0BEDBD4E-2D34-47B5-9973-57E62B29307C})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ULi AGP Driver 2.20 ({0DD0650C-5113-4FEE-BDDA-AC0B76FD0BD1})
uninstall cmd: H:\WINDOWS\system32\UnAGP.EXE RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{0DD0650C-5113-4FEE-BDDA-AC0B76FD0BD1}\Setup.exe" -uninst
3.00 ({103BCDA0-E063-46AC-8028-64E78722ABA7})
version: 50331648
install location: H:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
SPYBOY S&D PART 2
Norton Internet Security 8.0.0.64 ({12E2B9E9-05B1-407d-B0FD-B5F350535125})
version: 134217728
version (major): 8
estimated size: 13455
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
publisher: Symantec Corporation
ULi LAN Driver ({143BE018-D8F8-4014-8CB6-AF63F5799D21})
uninstall cmd: H:\WINDOWS\system32\UnLAN.EXE RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{143BE018-D8F8-4014-8CB6-AF63F5799D21}\Setup.exe" -uninst
AutoUpdate 1.1 ({18D10072035C4515918F7E37EAFAACFC})
install location: H:\Program Files\DivX
Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "h:\program files\google\googletoolbar2.dll"
Adobe Photoshop CS2 9.0 ({236BB7C4-4419-42FD-0409-1E257A25E34D})
version: 150994944
version (major): 9
estimated size: 639892
install date: 20060110
install location: H:\Program Files\Adobe\Adobe Photoshop CS2\
install source: H:\Program Files\photoshop\Photoshop CS2\Adobe(R) Photoshop(R) CS2\
publisher: Adobe Systems, Inc.
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-555-555-4505
1.10 ({2616B36E-38CE-4357-8AB5-8B3EE9B1C117})
version: 17432576
install location: H:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
SymNet 5.4.2.17 ({2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2})
version: 84148226
version (major): 5
version (minor): 4
estimated size: 2714
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\SymNet\
uninstall cmd: MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
publisher: Symantec Corporation
Creative MediaSource 3.00 ({2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC})
version: 50331648
install location: H:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove
help link: http://www.creative.com/support
J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 148501
install date: 20060207
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_06-b05/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: H:\Program Files\Java\jre1.5.0_06\README.txt
WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20051220
install source: H:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows
QuickTime 7.0.3 ({3868A8EE-5051-4DB0-8DF6-4F4B8A98D083})
version: 117440515
version (major): 7
estimated size: 62919
install date: 20051220
install location: H:\Program Files\QuickTime\
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\_is28A\
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273
Norton AntiSpam 2005.1.0.163 ({3B29A786-5803-4e9e-9B58-3014A5B4E519})
version (major): 2005
version (minor): 1
estimated size: 929
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
publisher: Symantec Corporation
ULi 5289 Driver ({432968D5-88FE-44B9-9168-B2806A9668E9})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{432968D5-88FE-44B9-9168-B2806A9668E9}\SETUP.exe"
Norton Internet Security 8.0.0.64 ({449F3A9E-9903-4a0d-A209-08030D45A935})
version: 134217728
version (major): 8
estimated size: 709
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
publisher: Symantec Corporation
MUSICMATCH® Jukebox ({45EBDA59-D33B-433A-956E-B2F236468B56})
uninstall cmd: H:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
Norton Internet Security 8.0.0.64 ({48185814-A224-447a-81DA-71BD20580E1B})
version: 134217728
version (major): 8
estimated size: 1304
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
publisher: Symantec Corporation
Norton Internet Security 8.0.0.64 ({526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F})
version: 134217728
version (major): 8
estimated size: 1081
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
publisher: Symantec Corporation
Norton AntiSpam 2005.1.0.163 ({5677563D-0CB1-485f-9E18-C5025306BB3F})
version (major): 2005
version (minor): 1
estimated size: 10139
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
publisher: Symantec Corporation
1.0 ({57FA4E0F-82C9-417D-87BC-0186D6CB7A44})
version: 16777216
install location: H:\Program Files\Creative\DiskManager
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
({5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977})
TES Construction Set ({605333A6-963F-480C-A358-1301CAA6CFF6})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
({62369F2F77534556AEF4C58152E3BDE5})
1.0 ({63A317D0-60A6-43FC-848A-9FE4A53B29CE})
version: 16777216
install location: H:\Program Files\Creative\Support\System Information
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
1.02 ({700932B3-A964-4878-82A2-96054622A1F7})
version: 16908288
install location: H:\Program Files\Creative\ShareDLL\CADI
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
SPBBC 1.00.0000 ({77772678-817F-4401-9301-ED1D01A8DA56})
version: 16777216
version (major): 1
estimated size: 1423
install date: 20051221
install location: H:\Program Files\Norton Internet Security\Norton AntiVirus\
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\SPBBC\
uninstall cmd: MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
publisher: Your Company Name
Adobe Stock Photos 1.0 001.000.000 ({786C5747-1033-0000-B58E-000000000001})
version: 16777216
version (major): 1
estimated size: 5397
install date: 20060110
install location: H:\Program Files\Adobe\Adobe Stock Photos\
install source: H:\Program Files\photoshop\Photoshop CS2\Adobe(R) Photoshop(R) CS2\Stock Photography\
uninstall cmd: MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com
help telephone: 1-555-555-4505
DivX 6.1 ({7B63B2922B174135AFC0E1377DD81EC2})
install location: H:\Program Files\DivX
uninstall cmd: H:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
publisher: DivX, Inc.
3.00 ({836612F0-1571-4C65-A4B7-58A39AA578EE})
version: 50331648
install location: H:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
DJBCP Codec Pack Light 2.2.0.2004.12.01 2.2.0 ({874C4817-6E98-4FF9-BF54-134B2C118464})
version: 33685504
version (major): 2
version (minor): 2
estimated size: 14206
install date: 20060114
install source: H:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /I{874C4817-6E98-4FF9-BF54-134B2C118464}
publisher: DJBCP PROJECT TEAM
The Sims 2 ({8AB8D458-939E-403F-0097-9BA1C1F013D5})
uninstall cmd: H:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
DivX Player 6.0 ({8ADFC4160D694100B5B8A22DE9DCABD9})
install location: H:\Program Files\DivX
uninstall cmd: H:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
publisher: DivXNetworks, Inc.
Adobe Common File Installer 1.00.0000 ({8EDBA74D-0686-4C99-BFDD-F894678E5B39})
version: 16777216
version (major): 1
estimated size: 136561
install date: 20060110
install location: H:\Program Files\Common Files\Adobe\
install source: H:\Program Files\photoshop\Photoshop CS2\Adobe(R) Photoshop(R) CS2\commonfilesinstaller\
uninstall cmd: MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
publisher: Adobe System Incorporated
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com/help
help telephone: 1-555-555-4505
The Sims 2 University ({8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2})
uninstall cmd: H:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
Microsoft Office Professional Edition 2003 11.0.5614.0 ({90110409-6000-11D3-8CFE-0150048383C9})
version: 184554990
version (major): 11
estimated size: 653093
install date: 20060118
install location: H:\Program Files\Microsoft Office\
install source: H:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\
uninstall cmd: MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: H:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM
1.10 ({9744AE38-1CC6-414F-96CE-0643AEE30A9B})
version: 17432576
install location: H:\Program Files\Creative\Import Wizard
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x9
4.00 ({9AB14DF5-3B04-4E3B-9969-695DBA7F2008})
version: 67108864
install location: H:\Program Files\Creative\Sync Manager
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
Creative Zen 1.0 ({9BFB6F77-6E60-44F5-B737-4673362B28A8})
version: 16777216
install location: H:\Program Files\Creative\Creative Zen
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9BFB6F77-6E60-44F5-B737-4673362B28A8}\SETUP.EXE" -l0x9 /remove
4.10 ({9D35DFD7-DED3-4D49-8293-C9D82DA322FB})
version: 67764224
install location: H:\Program Files\Creative\Creative Zen
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9D35DFD7-DED3-4D49-8293-C9D82DA322FB}\setup.exe" -l0x9
1.10 ({9E54F486-CD4A-44A5-B041-16D4E1E56A53})
version: 17432576
install location: H:\Program Files\Creative\CD Ripping Wizard
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9
2.00 ({A82F10CB-18B5-4EAC-AEF2-FA49CD565626})
version: 33554432
install location: H:\Program Files\Creative\Shared Files
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
Norton Internet Security 8.0.0.64 ({A93C9E60-29B6-49da-BA21-F70AC6AADE20})
version: 134217728
version (major): 8
estimated size: 5537
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
publisher: Symantec Corporation
Adobe Reader 7.0.7 7.0.7 ({AC76BA86-7AD7-1033-7B44-A70500000002})
version: 117440519
version (major): 7
estimated size: 77703
install date: 20060221
install source: H:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig705\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: H:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm
Adobe Reader 7.0.5 Language Support 7.0.5 ({AC76BA86-7AD7-5464-3428-7050000000A7})
version: 117440517
version (major): 7
estimated size: 34373
install date: 20060222
install source: H:\Program Files\Adobe\Acrobat 7.0\Setup Files\SpellingDictionary\{E54EF49D-FCD5-4B3E-97B9-128D247834E1}\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
publisher: Adobe Systems
comments: This is a placeholder for ARP comments for Spelling Dictionaries for Adobe Reader 7.0
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-800-833-6687
({B13A7C41581B411290FBC0395694E2A9})
Adobe Bridge 1.0 001.000.000 ({B74D4E10-1033-0000-0000-000000000001})
version: 16777216
version (major): 1
estimated size: 64689
install date: 20060110
install location: H:\Program Files\Adobe\Adobe Bridge\
install source: H:\Program Files\photoshop\Photoshop CS2\Adobe(R) Photoshop(R) CS2\Bridge\
uninstall cmd: MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html
help telephone: 1-555-555-4505
MSRedist 1.0.0.0 ({B7C61755-DB48-4003-948F-3D34DB8EAF69})
version: 16777216
version (major): 1
estimated size: 4507
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\Redist\
uninstall cmd: MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
publisher: Symantec Corporation
Messenger Beta 8.0.0566.0 ({B835B495-9BE4-4C9F-929B-1DFEE3D189B3})
version: 134218294
version (major): 8
estimated size: 27329
install date: 20060312
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{B835B495-9BE4-4C9F-929B-1DFEE3D189B3}
publisher: Microsoft Corporation
Athlon 64 Processor Driver 1.1.0.14 ({C151CE54-E7EA-4804-854B-F515368B0798})
version: 16842752
install location: H:\Program Files\AMD\Athlon 64 Processor Driver
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
Norton AntiVirus 2005 11.0.2 ({C6F5B6CF-609C-428E-876F-CA83176C021B})
version: 184549378
version (major): 11
estimated size: 58544
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\NAV\
uninstall cmd: MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
publisher: Symantec Corporation
Norton Internet Security 8.0.0.64 ({C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF})
version: 134217728
version (major): 8
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
publisher: Symantec Corporation
Symantec Network Drivers Update 5.5.1.6 ({CA0A1E54-CE0F-4366-B09C-A87B61DC5633})
version: 84213761
version (major): 5
version (minor): 5
estimated size: 2754
install date: 20051221
install source: H:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\EXITEM~2.2_E\
publisher: Symantec Corporation
Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 37015
install date: 20060223
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
1.01 ({CB99E420-8071-48F9-9567-4A53BE7569C4})
version: 16842752
install location: H:\Program Files\Creative\MediaSource\Audio Device Selection
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
({CBBB5EED-CC92-49F2-A276-D5433F39D1EB})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{CBBB5EED-CC92-49F2-A276-D5433F39D1EB}\Setup.exe" -l0x9
Symantec Script Blocking Installer 11.0.2 ({D327AFC9-7BAA-473A-8319-6EB7A0D40138})
version: 184549378
version (major): 11
estimated size: 477
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\ScrBlock\
uninstall cmd: MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
publisher: Symantec
1.10 ({D524239C-FD5C-4183-A49C-7930915A9C0A})
version: 17432576
install location: H:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
CC_ccProxyExt 103.0.2.10 ({DA42FDCA-7C5A-43EF-9A05-CCE148ADF919})
version: 1728053250
version (major): 103
estimated size: 600
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\Proxy\
uninstall cmd: MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
publisher: Symantec
ccCommon 103.0.2.10 ({DC367608-64A7-4BF7-92F4-8BAA25BA02DB})
version: 1728053250
version (major): 103
estimated size: 5695
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\ccCommon\
uninstall cmd: MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
publisher: Symantec
1.00 ({DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C})
version: 16777216
install location: H:\Program Files\Creative\MediaSource
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
Norton Internet Security 1.0.0 ({E3EFA461-EB83-4C3B-9C47-2C1D58A01555})
version: 16777216
version (major): 1
estimated size: 1436
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\HelpMSI\
uninstall cmd: MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
publisher: Symantec Corp.
Norton Internet Security 8.0.0.64 ({E5EE9939-259F-4DE2-8023-5C49E16A4F43})
version: 134217728
version (major): 8
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\NAV\
uninstall cmd: MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
publisher: Symantec Corporation
Norton WMI Update 2005.1.0.111 ({E85FA9A1-C241-4698-893B-DD99509B8DB0})
version (major): 2005
version (minor): 1
estimated size: 613
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\SymSC\
uninstall cmd: MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
publisher: Symantec Corporation
Adobe Help Center 1.0 001.000.000 ({E9787678-1033-0000-8E67-000000000001})
version: 16777216
version (major): 1
estimated size: 21738
install date: 20060110
install location: H:\Program Files\Adobe\Adobe Help Center\
install source: H:\Program Files\photoshop\Photoshop CS2\Adobe(R) Photoshop(R) CS2\Help Center\
uninstall cmd: MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com
help telephone: 1-555-555-4505
Norton WMI Update 2005.1.0.111 ({F64306A5-4C32-41bb-B153-53986527FAB4})
version (major): 2005
version (minor): 1
estimated size: 613
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\SymSC\
uninstall cmd: MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
publisher: Symantec Corporation
The Sims 2 Nightlife ({F7529650-B9DB-481B-0089-A2AC3C2821C1})
uninstall cmd: H:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
Realtek AC'97 Audio ({FB08F381-6533-4108-B7DD-039E11FBC27E})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
ccPxyCore 103.0.2.10 ({FC08587A-4F01-4188-819F-F55880022917})
version: 1728053250
version (major): 103
estimated size: 2821
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Support\Proxy\
uninstall cmd: MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
publisher: Symantec
Norton Internet Security 8.0.0.64 ({FC2C0536-583C-46c0-844A-62CECAE01F22})
version: 134217728
version (major): 8
estimated size: 304
install date: 20051221
install source: H:\DOCUME~1\Heath\LOCALS~1\Temp\NORTON~1\Setup\
uninstall cmd: MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
publisher: Symantec Corporation
Anarchy Online Classic Edition ({FF443E9E-AF54-42A5-85CE-20B4DEDCAFDA})
uninstall cmd: RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{FF443E9E-AF54-42A5-85CE-20B4DEDCAFDA}\setup.exe" UNINSTALL
FINALLY...
EWIDO AND ACTIVESCAN LOG
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 11:54:23 AM, 3/23/2006
+ Report-Checksum: 4E99EC4D
+ Scan result:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} -> Adware.Generic : Cleaned with backup
::Report End
Incident Status Location
Adware:adware/emediacodec Not disinfected H:\WINDOWS\SYSTEM32\dfrgsrv.exe
Adware:adware/securityerror Not disinfected H:\Documents and Settings\Heath\Favorites\Antivirus Test Online.url
Adware:adware/spyfalcon Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected H:\Documents and Settings\Heath\Cookies\heath@112.2o7[2].txt
Spyware:Cookie/Com.com Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ad.sensismediasmart.com[1].txt
Spyware:Cookie/YieldManager Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected H:\Documents and Settings\Heath\Cookies\heath@adopt.hbmediapro[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected H:\Documents and Settings\Heath\Cookies\heath@adultfriendfinder[1].txt
Spyware:Cookie/Atwola Not disinfected H:\Documents and Settings\Heath\Cookies\heath@atwola[1].txt
Spyware:Cookie/Banner Not disinfected H:\Documents and Settings\Heath\Cookies\heath@banner[1].txt
Spyware:Cookie/Belnk Not disinfected H:\Documents and Settings\Heath\Cookies\heath@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected H:\Documents and Settings\Heath\Cookies\heath@burstnet[2].txt
Spyware:Cookie/GoStats Not disinfected H:\Documents and Settings\Heath\Cookies\heath@c2.gostats[2].txt
Spyware:Cookie/Ccbill Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ccbill[1].txt
Spyware:Cookie/Com.com Not disinfected H:\Documents and Settings\Heath\Cookies\heath@com[1].txt
Spyware:Cookie/did-it Not disinfected H:\Documents and Settings\Heath\Cookies\heath@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected H:\Documents and Settings\Heath\Cookies\heath@dist.belnk[2].txt
Spyware:Cookie/Com.com Not disinfected H:\Documents and Settings\Heath\Cookies\heath@gamearena.com[1].txt
Spyware:Cookie/go Not disinfected H:\Documents and Settings\Heath\Cookies\heath@go[1].txt
Spyware:Cookie/Rn11 Not disinfected H:\Documents and Settings\Heath\Cookies\heath@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected H:\Documents and Settings\Heath\Cookies\heath@searchportal.information[2].txt
Spyware:Cookie/Target Not disinfected H:\Documents and Settings\Heath\Cookies\heath@target[1].txt
Spyware:Cookie/Toplist Not disinfected H:\Documents and Settings\Heath\Cookies\heath@toplist[1].txt
Spyware:Cookie/Tucows Not disinfected H:\Documents and Settings\Heath\Cookies\heath@tucows[2].txt
Spyware:Cookie/Advnt Not disinfected H:\Documents and Settings\Heath\Cookies\heath@www.advnt01[1].txt
Spyware:Cookie/Xiti Not disinfected H:\Documents and Settings\Heath\Cookies\heath@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected H:\Documents and Settings\Heath\Cookies\heath@xmts[2].txt
Spyware:Cookie/Advnt Not disinfected H:\Documents and Settings\Heath\Application Data\Netscape\NSB\Profiles\e1v0egyc.default\cookies.txt[]
Spyware:Cookie/2o7 Not disinfected H:\Documents and Settings\Heath\Cookies\heath@112.2o7[2].txt
Spyware:Cookie/Com.com Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ad.sensismediasmart.com[1].txt
Spyware:Cookie/YieldManager Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected H:\Documents and Settings\Heath\Cookies\heath@adopt.hbmediapro[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected H:\Documents and Settings\Heath\Cookies\heath@adultfriendfinder[1].txt
Spyware:Cookie/Atwola Not disinfected H:\Documents and Settings\Heath\Cookies\heath@atwola[1].txt
Spyware:Cookie/Banner Not disinfected H:\Documents and Settings\Heath\Cookies\heath@banner[1].txt
Spyware:Cookie/Belnk Not disinfected H:\Documents and Settings\Heath\Cookies\heath@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected H:\Documents and Settings\Heath\Cookies\heath@burstnet[2].txt
Spyware:Cookie/GoStats Not disinfected H:\Documents and Settings\Heath\Cookies\heath@c2.gostats[2].txt
Spyware:Cookie/Ccbill Not disinfected H:\Documents and Settings\Heath\Cookies\heath@ccbill[1].txt
Spyware:Cookie/Com.com Not disinfected H:\Documents and Settings\Heath\Cookies\heath@com[1].txt
Spyware:Cookie/did-it Not disinfected H:\Documents and Settings\Heath\Cookies\heath@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected H:\Documents and Settings\Heath\Cookies\heath@dist.belnk[2].txt
Spyware:Cookie/Com.com Not disinfected H:\Documents and Settings\Heath\Cookies\heath@gamearena.com[1].txt
Spyware:Cookie/go Not disinfected H:\Documents and Settings\Heath\Cookies\heath@go[1].txt
Spyware:Cookie/Rn11 Not disinfected H:\Documents and Settings\Heath\Cookies\heath@rn11[2].txt
Spyware:Cookie/Searchportal Not disinfected H:\Documents and Settings\Heath\Cookies\heath@searchportal.information[2].txt
Spyware:Cookie/Target Not disinfected H:\Documents and Settings\Heath\Cookies\heath@target[1].txt
Spyware:Cookie/Toplist Not disinfected H:\Documents and Settings\Heath\Cookies\heath@toplist[1].txt
Spyware:Cookie/Tucows Not disinfected H:\Documents and Settings\Heath\Cookies\heath@tucows[2].txt
Spyware:Cookie/Advnt Not disinfected H:\Documents and Settings\Heath\Cookies\heath@www.advnt01[1].txt
Spyware:Cookie/Xiti Not disinfected H:\Documents and Settings\Heath\Cookies\heath@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected H:\Documents and Settings\Heath\Cookies\heath@xmts[2].txt
Potentially unwanted tool:Application/Processor Not disinfected H:\Program Files\smitRem\smitRem\Process.exe
Adware:Adware/SecurityError Not disinfected H:\WINDOWS\system32\ld5917.tmp
Trogan
23 Mar 2006, 11:09pm
Do a scan with Ad-Aware first!
Please download Ad-Aware SE (http://www.short-media.com/download.php?d=301) and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.
1) Run Ad-Aware, and click Check for updates now.
2) Select Configurations (click the gold Gear wheel at the top) as follows:
General Button > Safety: Check (Green) all three.
Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
Click Proceed.
3) To start the scan, Click > "Scan Now" at left
Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
Select "Search for low-risk threats"
Select "Perform full system scan"
Click Next
4) When the scan has completed, select Next.
In the Scanning Results window, select the "Critical Objects" tab.
Right-click on the screen and choose "Select all objects"
Click Next to remove the infections found, and click OK to the prompt.
Restart the computer.
After scanning with Ad-Aware SE, please scan with Spybot - Search & Destroy.
Please download Spybot Search & Destroy from our security download section (http://short-media.com/download.php?d=390).
Download and Install Spybot S&D (if you haven't already), accept the Default Settings
In the Menu Bar at the top of the Spybot window you will see 'Mode'.
Make certain that 'default mode' has a check mark beside it.
Close ALL windows except Spybot S&D
Click the button to ‘Search for Updates’ then download and install the updates.
Next click the button ‘Check for Problems'
When Spybot is complete, it will be showing ‘RED’ entries, bold 'BLACK' entries and ‘GREEN’ entries in the window
Make certain there is a check mark beside all of the RED entries ONLY.
Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.
REBOOT normally to complete the scan and clear memory.
Please post a new HJT log :)
Hmmm did all taht. Everything seemed fine for most of yesterday.
Turned on this morning and instead of Spy Falcon, I now have Spyware Quake on here.
S&D even caught vcodec properly.
Logfile of HijackThis v1.99.1
Scan saved at 7:08:09 AM, on 25/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Norton Internet Security\ISSVC.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\CTsvcCDA.EXE
H:\Program Files\ewido anti-malware\ewidoctrl.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\Program Files\ULI5289\ALi5289.exe
H:\Program Files\ULI5289\JMAP5289.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
H:\Program Files\MSN Messenger\MsnMsgr.Exe
H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
H:\WINDOWS\system32\mssearchnet.exe
H:\WINDOWS\system32\nvctrl.exe
H:\WINDOWS\system32\rundll32.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Hijackthis\HijackThis.exe
H:\Program Files\Messenger\msmsgs.exe
O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - H:\WINDOWS\system32\hp2AB.tmp
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - H:\Program
Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Program Files\Norton
Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ALi5289] H:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [JMAP5289] H:\Program Files\ULI5289\JMAP5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigPond] "G:\5100.exe" -r
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] H:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpywareQuake] H:\Program Files\SpywareQuake\SpywareQuake.exe /h
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] H:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
/R
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0
\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://h:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://h:\program
files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///H:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://h:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://h:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11
\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://h:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://h:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///H:\Program Files\Yahoo!
\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///H:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///H:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - H:\Program
Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2
\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1
\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1
\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - H:\Program Files\Common
Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Program
Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32
\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - H:\Program Files\ewido anti-
malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program
Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - H:\Program Files\Norton Internet
Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation -
H:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - H:\Program Files\Norton Internet Security\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - H:\PROGRA~1\COMMON~1
\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Program
Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - H:\Program Files\Common
Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Trogan
25 Mar 2006, 2:15pm
DAMN! There at it again. It looks like SpywareQuake is the new rogue program from the creators of SpyAxe, who also created SpywareStriker and SpyFalcon.
A fix should be made soon. So, for now, be patient and il see whats happening for a fix and let you know :)
DAMN! There at it again. It looks like SpywareQuake is the new rogue program from the creators of SpyAxe, who also created SpywareStriker and SpyFalcon.
A fix should be made soon. So, for now, be patient and il see whats happening for a fix and let you know :)
Thanks.
It looks like I MAY have killed it by killboxing some nasty exe files in my system32 folder as well as deleting nasty reg keys.
Funnily enough, the 'scan' done by spyware quake listed the bad reg entries and exe files, and some google research confirmed they are bad.
Eg nvctrl.exe, dfrgsrv.exe and mssearchnet.exe, plus two dll files that I have unfortunately forgotten the name off.
A quick trip to safe mode, some regediting and a few once overs with S&D and things seem calmer than they have for a week.
Still not 100% sure its gone, but S&D is now coming up clean, not showing vcodec anymore, which is a good sign.
Thanking you for your great help.
Trogan
26 Mar 2006, 10:29pm
Glad you got it sorted.
Il leave this open and if there is a fix, il let you know incase you would like to try it :)
Trogan
27 Mar 2006, 3:58pm
A fix is available...you may want to try it out :)
Read it here (http://short-media.com/forum/showthread.php?t=44053)
vBulletin® v3.8.1, Copyright ©2000-2009, Jelsoft Enterprises Ltd.