Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Razeware - my Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Razeware - my Log

Unread postby Hikaru » November 6th, 2005, 1:00 pm

Hi guys,
My desktop is red with a black box in the middle advertising for Razeware. I've looked up some information but I haven't managed to fix the thing yet....I have yet to notice my system lagging or any prevention of access to other things to date, at the time of writing. Well; here's my Hickjack this log...hope you can help fish me out of it =)

Logfile of HijackThis v1.99.1
Scan saved at 17:53:17, on 6-11-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
E:\Fraps\FRAPS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {3FC75855-CA93-4C52-81CA-E2B842CB0619} - C:\WINDOWS\adsldpbc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7A7E6D97-B492-4884-9ABB-C31281DCC4F2} - (no file)
O2 - BHO: (no name) - {8D82BB89-B58C-4F21-9C5D-377F65947806} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Fraps] E:\Fraps\FRAPS.EXE
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/as ... nstall.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.0.69.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8027033203
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99312C79-D439-473D-89CC-9CAA9D6F4542}: NameServer = 212.142.28.66,212.142.28.130
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe




If you have any further questions or suggestions, of course, toss a reply and I'll do what I can...I miss my beautiful desktop :(
Hikaru
Regular Member
 
Posts: 22
Joined: November 6th, 2005, 12:54 pm
Advertisement
Register to Remove

Unread postby amateur » November 6th, 2005, 3:10 pm

Hi Hikaru,

My code name is Amateur and I would like to help you. Researching the items in the log takes a considerable time. Please be patient and come back to this thread if you have any questions. I'll be notified by email. See you later. :)
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Hikaru » November 7th, 2005, 10:22 am

I should note this was made in Normal mode, in case you're wondering.

Edit:
Ran panda and followed a tip from a friend: had to get to the properties of my display and uncheck the web link thingy for my desktop...it was named Security. unchecked it, applied and my old desktop is back!

To make sure there's nothing leftover, here's the log for today that I ran after rebooting twice; no problems as of yet.


Logfile of HijackThis v1.99.1
Scan saved at 22:35:15, on 7-11-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
E:\Fraps\FRAPS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {3FC75855-CA93-4C52-81CA-E2B842CB0619} - C:\WINDOWS\adsldpbc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Fraps] E:\Fraps\FRAPS.EXE
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/as ... nstall.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.0.69.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://update.microsoft.com/windowsupda ... 8027033203
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99312C79-D439-473D-89CC-9CAA9D6F4542}: NameServer = 212.142.28.66,212.142.28.130
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: gg - C:\WINDOWS\adsldpbd.dll (file missing)
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe



Sorry for the trouble
Hikaru
Regular Member
 
Posts: 22
Joined: November 6th, 2005, 12:54 pm

Unread postby amateur » November 7th, 2005, 10:43 pm

Thanks for the log. :) It's different from the previous one. I'll have to consult my "guru". I'll get back to you.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby amateur » November 9th, 2005, 12:09 am

Hi Hikaru :) ,

I see that you now have Panda Platinium Antivirus installed. That's good. I also see some other items in your last log which were not there before like the "coolwebsearch.com" and "searchmeup.com" in your trusted zone. Did you add them there yourself? It's recommended that you have nothing in your trusted zone.

MessengerPlus 3, is a third party MSN Messenger extension that adds a number of useful features but also can bundle the hard to remove C2Media LOP adware. MessengerPlus 3 does offer you a choice during setup to make it possible to install MessengerPlus WITHOUT that "sponsor program"! I don't know if you installed it yourself and without that "sponsor program"? Therefore, I would recommend that you uninstall it:

Go Start>Control Panel>Add/Remove Programs>MessengerPlus 3 and click on uninstall/Remove button.

O17 - HKLM\System\CCS\Services\Tcpip\..\{99312C79-D439-473D-89CC-9CAA9D6F4542}: NameServer = 212.142.28.66,212.142.28.130 . Is this the address of your service provider?

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.


Now please download:

Ccleaner

Click on Options, Select Advanced Now UNCHECK "Only delete files in Windows Temp folders older than 48 hours"
Make sure the Cleaner block on the left is selected. (Do not use the "Issues" block) Choose the Windows tab.
Check everything EXCEPT cookies, the Autocomplete Form History and the Advanced part of the Menu.
Choose Run Cleaner. This process could take a while.
When CCleaner shows how much has been removed, cleaning is finished. Click Exit.

Adaware SE

1) Run Ad-Aware, and click Check for updates now.

2) Select Configurations (click the Gear wheel at the top) as follows:

  • General Button > Safety & Settings: Check (Green) all three.
  • Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Click Proceed.

Ewido Security Suit

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful") Do not run it yet.

Please reboot your computer into Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Instructions can also be found here

Run Ewido and Adaware .

Run Ewido Security Suit

Click on the Scanner button in the left menu, then click on Settings, and under "What to scan?", select "Every file" then click ok.
Then click on Complete System Scan. This scan can take quite a while to run.

If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.

When the scan finishes, click on "Save Report". This will create a text file. Make sure you save this file to your desktop for easy access. Do Not reboot yet.

Run Adaware SE

To start the scan, Click > "Scan Now" at left

  • Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
  • Select "Search for low-risk threats"
  • Select "Perform full system scan"
  • Click Next
When the scan has completed, select Next.

  • In the Scanning Results window, select the "Critical Objects" tab.
  • Right-click on the screen and choose "Select all objects"
  • Click Next to remove the infections found, and click OK to the prompt.
  • Restart the computer.

Run an online virus scan here Click on the "Scan Now" button in the middle of the page with a green cursor moving from side to side.

Post a new HijackThis log and, Ewido report and the result of the online scan
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Hikaru » November 9th, 2005, 1:33 pm

to quickly answer some of your questions before I start on these things:
Yes, I am aware that messenger plus can have bundled 'ware' with it, but no, I did not install the extra ware when I did, I have nohting of lop (I have experience with it before, got rid of it accordingly however this was ages ago)

O17 - HKLM\System\CCS\Services\Tcpip\..\{99312C79-D439-473D-89CC-9CAA9D6F4542}: NameServer = 212.142.28.66,212.142.28.130 . Is this the address of your service provider?

Yes, that should be my ip information.

Also, those first two items you mentioned such as coolwebsearch.com...no, I do not remember installing those. Assume that all of the things that were bad in the first log that are now gone was the work of Panda. Note: it's only the trial-ware so that I could get rid of the Razeware in the first place :)

When disabling the teaTimer, I also found this:


20-1-2005 3:53:09 Allowed value "DXDllRegExe" (new data: "") deleted in System Startup global entry!
20-1-2005 4:24:40 Allowed value "{6414512B-B978-451D-A0D8-FCFDF33E833C}" (new data: "") added in ActiveX Distribution Unit!
20-1-2005 22:20:21 Allowed value "{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}" (new data: "") added in ActiveX Distribution Unit!
20-1-2005 22:20:41 Allowed value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\System32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\KIM\LOCALS~1\Temp\IXP000.TMP\"") added in System Startup global entry!
20-1-2005 22:21:15 Allowed value "WinSideBySideSetupCleanup 1340943" (new data: "rundll32 sxs.dll,SxspRunDllDeleteDirectory C:\WINDOWS\WinSxS\InstallTemp\1340943") added in System Startup global entry!
20-1-2005 22:21:17 Allowed value "MsnMsgr" (new data: ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background") added in System Startup user entry!
20-1-2005 22:21:18 Allowed value "WinSideBySideSetupCleanup 1340943" (new data: "") deleted in System Startup global entry!
20-1-2005 22:21:24 Allowed value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!
20-1-2005 22:21:27 Allowed value "MSMSGS" (new data: "") deleted in System Startup user entry!
20-1-2005 22:22:59 Allowed value "MsnMsgr" (new data: "") deleted in System Startup user entry!
20-1-2005 22:24:59 Allowed value "MessengerPlus3" (new data: ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"") added in System Startup global entry!
21-1-2005 6:40:27 Allowed value "msnmsgr" (new data: ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background") added in System Startup user entry!
21-1-2005 7:39:45 Allowed value "KB840987" (new data: "rundll32.exe apphelp.dll,ShimFlushCache") added in System Startup global entry!
21-1-2005 8:11:27 Allowed value "msnmsgr" (new data: ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background") added in System Startup user entry!
23-1-2005 11:30:59 Allowed value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\System32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\KIM\LOCALS~1\Temp\IXP000.TMP\"") added in System Startup global entry!
23-1-2005 11:31:01 Allowed value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!
23-1-2005 11:54:03 Allowed value "NvCplDaemon" (new data: "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup") added in System Startup global entry!
23-1-2005 11:54:05 Allowed value "NvCplDaemon" (new data: "") deleted in System Startup global entry!
23-1-2005 12:30:53 Allowed value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\System32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\KIM\LOCALS~1\Temp\IXP000.TMP\"") added in System Startup global entry!
23-1-2005 12:30:57 Denied value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!
23-1-2005 17:50:10 Allowed value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!
23-1-2005 17:52:45 Allowed value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!
23-1-2005 18:47:07 Allowed value "{3334504D-9980-0010-8000-00AA00389B71}" (new data: "") added in ActiveX Distribution Unit!
24-1-2005 15:32:24 Allowed value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!
25-1-2005 18:09:55 Allowed value "Steam" (new data: "E:\Valve\Steam\Steam.exe -silent") added in System Startup user entry!
25-1-2005 18:45:42 Allowed value "NAV CfgWiz" (new data: "C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R") added in System Startup global entry!
25-1-2005 18:45:45 Allowed value "ccApp" (new data: ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"") added in System Startup global entry!
25-1-2005 18:45:46 Allowed value "ccRegVfy" (new data: ""C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"") added in System Startup global entry!
25-1-2005 18:45:46 Allowed value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") added in Global browser toolbar!
25-1-2005 18:45:47 Allowed value "{BDF3E430-B101-42AD-A544-FADC6B084872}" (new data: "") added in Browser Helper Object!
25-1-2005 18:53:54 Allowed value "LUSETUP-LT" (new data: "C:\PROGRA~1\Symantec\LIVEUP~1\LUSETU~1.EXE -s -a -q -log") added in System Startup global entry!
25-1-2005 18:56:49 Allowed value "MSMSGS" (new data: ""C:\Program Files\Messenger\msmsgs.exe" /background") added in System Startup user entry!
25-1-2005 19:00:14 Allowed value "RoxioEngineUtility" (new data: ""C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"") added in System Startup global entry!
25-1-2005 19:00:15 Allowed value "RoxAssistant" (new data: ""C:\Program Files\Common Files\Roxio Shared\Upgrade\RoxAssist.exe" /s") added in System Startup global entry!
25-1-2005 19:00:16 Allowed value "RoxioDragToDisc" (new data: ""C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"") added in System Startup global entry!
25-1-2005 19:00:17 Allowed value "ddvd.dll" (new data: ""C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Common Files\Roxio Shared\DLLShared\dvd.dll"") added in System Startup global entry!
25-1-2005 19:00:17 Allowed value "DVideoCD.dll" (new data: ""C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Common Files\Roxio Shared\DLLShared\VideoCD.dll"") added in System Startup global entry!
25-1-2005 19:00:17 Allowed value "DRMT.dll" (new data: ""C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Common Files\Roxio Shared\DLLShared\RMT.dll"") added in System Startup global entry!
25-1-2005 19:00:18 Allowed value "DCapture.dll" (new data: ""C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\Capture.dll"") added in System Startup global entry!
25-1-2005 19:00:18 Allowed value "DDVDDump.ax" (new data: ""C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\DVDDump.ax"") added in System Startup global entry!
25-1-2005 19:00:18 Allowed value "DDVFrameDet.ax" (new data: ""C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\DVFrameDet.ax"") added in System Startup global entry!
25-1-2005 19:00:18 Allowed value "DPreview.dll" (new data: ""C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\Preview.dll"") added in System Startup global entry!
25-1-2005 19:00:19 Allowed value "Dvergb24.ax" (new data: ""C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\vergb24.ax"") added in System Startup global entry!
25-1-2005 19:00:19 Allowed value "DVideoTransition.ax" (new data: ""C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\VideoTransition.ax"") added in System Startup global entry!
25-1-2005 19:00:19 Allowed value "DMultiFileReade" (new data: ""C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Common Files\Roxio Shared\DLLShared\MultiFileReader.ax"") added in System Startup global entry!
25-1-2005 19:00:19 Allowed value "DRxDump.ax" (new data: ""C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Common Files\Roxio Shared\DLLShared\RxDump.ax"") added in System Startup global entry!
25-1-2005 19:00:19 Allowed value "ACMWrapperV2.dll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CDEngine\ACMWrapperV2.dll"") added in System Startup global entry!
25-1-2005 19:00:20 Allowed value "MediaPlayerV2.dll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CDEngine\MediaPlayerV2.dll"") added in System Startup global entry!
25-1-2005 19:00:20 Allowed value "driversV2.dll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CDEngine\driversV2.dll"") added in System Startup global entry!
25-1-2005 19:00:20 Allowed value "Cdbootable.dll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CreatorAPI\Cdbootable.dll"") added in System Startup global entry!
25-1-2005 19:00:20 Allowed value "cdDataPS.dll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CreatorAPI\cdDataPS.dll"") added in System Startup global entry!
25-1-2005 19:00:20 Allowed value "cdExtra.dll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CreatorAPI\cdExtra.dll"") added in System Startup global entry!
25-1-2005 19:00:21 Allowed value "cdmp3.dll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CreatorAPI\cdmp3.dll"") added in System Startup global entry!
25-1-2005 19:00:21 Allowed value "database.dll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CreatorAPI\database.dll"") added in System Startup global entry!
25-1-2005 19:00:21 Allowed value "ISO9660.dll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CreatorAPI\ISO9660.dll"") added in System Startup global entry!
25-1-2005 19:00:21 Allowed value "Joliet.dll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CreatorAPI\Joliet.dll"") added in System Startup global entry!
25-1-2005 19:00:21 Allowed value "Udf.dll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CreatorAPI\Udf.dll"") added in System Startup global entry!
25-1-2005 19:00:21 Allowed value "creator.dll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CreatorAPI\creator.dll"") added in System Startup global entry!
25-1-2005 19:00:22 Allowed value "Translator.dll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CreatorAPI\Translator.dll"") added in System Startup global entry!
25-1-2005 19:00:22 Allowed value "CDEngine.dll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CDEngine\CDEngine.dll"") added in System Startup global entry!
25-1-2005 19:00:22 Allowed value "dvd.dll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\DLLShared\dvd.dll"") added in System Startup global entry!
25-1-2005 19:00:22 Allowed value "DvdVR.dll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\DLLShared\DvdVR.dll"") added in System Startup global entry!
25-1-2005 19:00:22 Allowed value "rmt.dll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\DLLShared\RMT.dll"") added in System Startup global entry!
25-1-2005 19:00:23 Allowed value "shellex" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll"") added in System Startup global entry!
25-1-2005 19:00:23 Allowed value "CDLabel.exe" (new data: ""C:\Program Files\Common Files\Roxio Shared\Label Creator\CDLabel.exe" /register") added in System Startup global entry!
25-1-2005 19:00:23 Allowed value "VideoCD.dll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\DLLShared\VideoCD.dll"") added in System Startup global entry!
25-1-2005 19:00:23 Allowed value "zDvFrameDectectorax" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\dvframedetector.ax"") added in System Startup global entry!
25-1-2005 19:00:23 Allowed value "zvergb24ax" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\vergb24.ax"") added in System Startup global entry!
25-1-2005 19:00:23 Allowed value "zRoxPrvwdll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\VideoTransition.ax"") added in System Startup global entry!
25-1-2005 19:00:24 Allowed value "zPreviewdll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\Preview.dll"") added in System Startup global entry!
25-1-2005 19:00:26 Allowed value "RxDumpax" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\DLLShared\RxDump.ax"") added in System Startup global entry!
25-1-2005 19:00:26 Allowed value "MultiFileReader" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\DLLShared\MultiFileReader.ax"") added in System Startup global entry!
25-1-2005 19:00:26 Allowed value "RxQuicktime" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\DLLShared\RXQuicktime.ax"") added in System Startup global entry!
25-1-2005 19:10:49 Allowed value "RoxAssistant" (new data: "") deleted in System Startup global entry!
25-1-2005 19:12:56 Allowed value "Steam" (new data: ""e:\valve\steam\steam.exe" -silent") changed in System Startup user entry!
26-1-2005 16:26:00 Allowed value "Steam" (new data: "") changed in System Startup user entry!
29-1-2005 14:24:02 Allowed value "DXDllRegExe" (new data: "C:\WINDOWS\System32\dxdllreg.exe ") added in System Startup global entry!
29-1-2005 14:25:21 Allowed value "DXDllRegExe" (new data: "") deleted in System Startup global entry!
1-2-2005 17:14:23 Allowed value "Symantec NetDriver Monitor" (new data: "C:\PROGRA~1\SYMNET~1\SNDMon.exe") added in System Startup global entry!
3-2-2005 18:01:44 Allowed value "WinSideBySideSetupCleanup 1012569" (new data: "rundll32 sxs.dll,SxspRunDllDeleteDirectory C:\WINDOWS\WinSxS\InstallTemp\1012569") added in System Startup global entry!
3-2-2005 18:01:46 Allowed value "WinSideBySideSetupCleanup 1012569" (new data: "") deleted in System Startup global entry!
6-2-2005 15:05:56 Allowed value "SbUsb AudCtrl" (new data: "RunDll32 sbusbdll.dll,RCMonitor") added in System Startup global entry!
6-2-2005 15:06:10 Allowed value "UpdReg" (new data: "C:\WINDOWS\UpdReg.EXE") added in System Startup global entry!
6-2-2005 15:06:40 Allowed value "Inetreg" (new data: "C:\Program Files\InstallShield Installation Information\{E2D27B84-6365-11D6-9BAF-0090271AF8A4}\Setup.exe /i_again -s") added in System Startup user entry!
6-2-2005 16:02:08 Allowed value "StartMS" (new data: ""C:\Program Files\Creative\Shared Files\Media Sniffer\StartMS.EXE" /s") added in System Startup user entry!
6-2-2005 16:02:28 Allowed value "Creative MediaSource Go" (new data: "C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe") added in System Startup user entry!
6-2-2005 16:02:52 Allowed value "RemoteCenter" (new data: "C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE") added in System Startup user entry!
6-2-2005 16:03:09 Allowed value "CMSRegOW.exe" (new data: ""C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r") added in System Startup user entry!
6-2-2005 16:03:26 Allowed value "Inetreg" (new data: "C:\Program Files\InstallShield Installation Information\{E2D27B84-6365-11D6-9BAF-0090271AF8A4}\Setup.exe /i_again -s") added in System Startup user entry!
6-2-2005 17:56:13 Allowed value "Creative MediaSource Go" (new data: "") deleted in System Startup user entry!
6-2-2005 17:58:01 Denied value "RemoteCenter" (new data: "C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe") changed in System Startup user entry!
6-2-2005 17:58:01 Denied value "RemoteControl" (new data: "") added in System Startup user entry!
6-2-2005 17:58:02 Denied value "RemoteCenter" (new data: "") added in System Startup global entry!
7-2-2005 10:16:21 Allowed value "Creative MediaSource Go" (new data: "") deleted in System Startup user entry!
7-2-2005 10:17:27 Allowed value "WinSideBySideSetupCleanup 220162" (new data: "rundll32 sxs.dll,SxspRunDllDeleteDirectory C:\WINDOWS\WinSxS\InstallTemp\220162") added in System Startup global entry!
7-2-2005 10:17:29 Allowed value "WinSideBySideSetupCleanup 220162" (new data: "") deleted in System Startup global entry!
7-2-2005 15:10:53 Allowed value "Creative MediaSource Go" (new data: "") deleted in System Startup user entry!
7-2-2005 18:24:15 Allowed value "Creative MediaSource Go" (new data: "") deleted in System Startup user entry!
9-2-2005 14:34:01 Allowed value "NetFxUpdate_v1.1.4322" (new data: ""C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 0 v1.1.4322 GAC + NI NID") added in System Startup global entry!
9-2-2005 14:34:12 Allowed value "NetFxUpdate_v1.1.4322" (new data: "") deleted in System Startup global entry!
10-2-2005 10:27:27 Allowed value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") deleted in Global browser toolbar!
10-2-2005 11:01:26 Allowed value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") deleted in Global browser toolbar!
10-2-2005 11:02:54 Allowed value "Symantec NetDriver Monitor" (new data: "") deleted in System Startup global entry!
10-2-2005 13:43:20 Allowed value "Symantec NetDriver Monitor" (new data: "") deleted in System Startup global entry!
10-2-2005 13:43:21 Allowed value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") deleted in Global browser toolbar!
11-2-2005 11:57:28 Allowed value "Symantec NetDriver Monitor" (new data: "") deleted in System Startup global entry!
11-2-2005 11:57:32 Allowed value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") deleted in Global browser toolbar!
11-2-2005 16:05:49 Denied value "Symantec NetDriver Monitor" (new data: "") deleted in System Startup global entry!
11-2-2005 16:05:51 Allowed value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") deleted in Global browser toolbar!
11-2-2005 16:05:56 Allowed value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
12-2-2005 10:14:03 Allowed value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
12-2-2005 10:14:03 Allowed value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") deleted in Global browser toolbar!
12-2-2005 10:34:23 Allowed value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
12-2-2005 10:34:23 Allowed value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") deleted in Global browser toolbar!
12-2-2005 12:08:50 Allowed value "Fraps" (new data: "E:\FRAPS\FRAPS.EXE") added in System Startup user entry!
12-2-2005 16:46:53 Allowed value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
12-2-2005 16:46:53 Allowed value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") deleted in Global browser toolbar!
13-2-2005 13:02:11 Allowed value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
13-2-2005 13:02:12 Allowed value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") deleted in Global browser toolbar!
13-2-2005 14:07:55 Allowed value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
13-2-2005 14:07:56 Allowed value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") deleted in Global browser toolbar!
14-2-2005 7:56:46 Allowed value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
14-2-2005 7:56:46 Allowed value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") deleted in Global browser toolbar!
14-2-2005 16:11:02 Allowed value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
14-2-2005 16:11:02 Allowed value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") deleted in Global browser toolbar!
14-2-2005 20:26:15 Allowed value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
14-2-2005 20:26:15 Allowed value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") deleted in Global browser toolbar!
15-2-2005 7:51:59 Denied value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
15-2-2005 7:51:59 Denied value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") deleted in Global browser toolbar!
19-2-2005 13:55:34 Allowed value "iTunesHelper" (new data: "C:\Program Files\iTunes\iTunesHelper.exe") added in System Startup global entry!
19-2-2005 13:55:37 Allowed value "QuickTime Task" (new data: ""C:\Program Files\QuickTime\qttask.exe" -atboottime") added in System Startup global entry!
23-2-2005 13:09:35 Allowed value "Norton SystemWorks" (new data: "C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}") added in System Startup user entry!
23-2-2005 13:09:35 Allowed value "NSWCfg.exe" (new data: ""C:\Program Files\Norton SystemWorks\NSWCfg.exe"") added in System Startup user entry!
23-2-2005 13:10:44 Allowed value "NAV CfgWiz" (new data: "C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"") added in System Startup global entry!
23-2-2005 13:10:53 Allowed value "BootWarn" (new data: "C:\Program Files\Norton SystemWorks\Norton Antivirus\BootWarn.exe /a") added in System Startup global entry!
23-2-2005 13:13:04 Allowed value "GhostStartTrayApp" (new data: "C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe") added in System Startup global entry!
23-2-2005 13:13:24 Allowed value "WinSideBySideSetupCleanup 1001430" (new data: "rundll32 sxs.dll,SxspRunDllDeleteDirectory C:\WINDOWS\WinSxS\InstallTemp\1001430") added in System Startup global entry!
23-2-2005 13:13:24 Allowed value "WinSideBySideSetupCleanup 1001549" (new data: "rundll32 sxs.dll,SxspRunDllDeleteDirectory C:\WINDOWS\WinSxS\InstallTemp\1001549") added in System Startup global entry!
23-2-2005 13:13:26 Allowed value "AcctMgr" (new data: "C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup") added in System Startup global entry!
23-2-2005 13:13:26 Allowed value "WinSideBySideSetupCleanup 1019565" (new data: "rundll32 sxs.dll,SxspRunDllDeleteDirectory C:\WINDOWS\WinSxS\InstallTemp\1019565") added in System Startup global entry!
23-2-2005 13:13:30 Allowed value "WinSideBySideSetupCleanup 1001430" (new data: "") deleted in System Startup global entry!
23-2-2005 13:13:30 Allowed value "WinSideBySideSetupCleanup 1001549" (new data: "") deleted in System Startup global entry!
23-2-2005 13:13:31 Allowed value "WinSideBySideSetupCleanup 1019565" (new data: "") deleted in System Startup global entry!
23-2-2005 13:15:44 Allowed value "NAV CfgWiz" (new data: "") deleted in System Startup global entry!
23-2-2005 13:16:21 Allowed value "Norton SystemWorks" (new data: "") deleted in System Startup user entry!
23-2-2005 13:17:40 Allowed value "LUSETUP-LT" (new data: "C:\PROGRA~1\Symantec\LIVEUP~1\LUSETU~1.EXE -s -a -q -log") added in System Startup global entry!
23-2-2005 13:19:04 Allowed value "C:\PROGRA~1\NORTON~1\PASSWO~1\ppWebWnd.dll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\PROGRA~1\NORTON~1\PASSWO~1\ppWebWnd.dll"") added in System Startup global entry!
23-2-2005 13:19:05 Allowed value "C:\PROGRA~1\COMMON~1\SYMANT~1\drWebWnd.dll" (new data: "C:\WINDOWS\System32\regsvr32.exe /s "C:\PROGRA~1\COMMON~1\SYMANT~1\drWebWnd.dll"") added in System Startup global entry!
23-2-2005 13:20:42 Allowed value "LUSETUP-LT" (new data: "") deleted in System Startup global entry!
23-2-2005 13:20:43 Allowed value "C:\PROGRA~1\NORTON~1\PASSWO~1\ppWebWnd.dll" (new data: "") deleted in System Startup global entry!
23-2-2005 13:20:44 Allowed value "C:\PROGRA~1\COMMON~1\SYMANT~1\drWebWnd.dll" (new data: "") deleted in System Startup global entry!
23-2-2005 15:23:24 Denied value "ALUAlert" (new data: "C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE") added in System Startup global entry!
23-2-2005 15:36:05 Denied value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") added in User-specific browser toolbar!
23-2-2005 18:23:20 Denied value "LUSETUP-LT" (new data: "") deleted in System Startup global entry!
23-2-2005 18:23:21 Denied value "C:\PROGRA~1\NORTON~1\PASSWO~1\ppWebWnd.dll" (new data: "") deleted in System Startup global entry!
23-2-2005 18:23:22 Denied value "C:\PROGRA~1\COMMON~1\SYMANT~1\drWebWnd.dll" (new data: "") deleted in System Startup global entry!
23-2-2005 19:28:48 Denied value "ALUAlert" (new data: "C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE") added in System Startup global entry!
24-2-2005 16:50:50 Allowed value "LUSETUP-LT" (new data: "") deleted in System Startup global entry!
24-2-2005 16:50:52 Allowed value "C:\PROGRA~1\NORTON~1\PASSWO~1\ppWebWnd.dll" (new data: "") deleted in System Startup global entry!
24-2-2005 16:50:53 Allowed value "C:\PROGRA~1\COMMON~1\SYMANT~1\drWebWnd.dll" (new data: "") deleted in System Startup global entry!
24-2-2005 16:54:03 Allowed value "GhostStartTrayApp" (new data: "") deleted in System Startup global entry!
24-2-2005 16:54:34 Allowed value "AcctMgr" (new data: "") deleted in System Startup global entry!
25-2-2005 6:57:48 Allowed value "GhostStartTrayApp" (new data: "") deleted in System Startup global entry!
25-2-2005 6:57:48 Allowed value "AcctMgr" (new data: "") deleted in System Startup global entry!
25-2-2005 6:57:51 Allowed value "LUSETUP-LT" (new data: "") deleted in System Startup global entry!
25-2-2005 6:57:52 Allowed value "C:\PROGRA~1\NORTON~1\PASSWO~1\ppWebWnd.dll" (new data: "") deleted in System Startup global entry!
25-2-2005 6:57:52 Allowed value "C:\PROGRA~1\COMMON~1\SYMANT~1\drWebWnd.dll" (new data: "") deleted in System Startup global entry!
25-2-2005 16:15:39 Allowed value "GhostStartTrayApp" (new data: "") deleted in System Startup global entry!
25-2-2005 16:15:39 Allowed value "AcctMgr" (new data: "") deleted in System Startup global entry!
25-2-2005 16:15:40 Allowed value "LUSETUP-LT" (new data: "") deleted in System Startup global entry!
25-2-2005 16:15:40 Allowed value "C:\PROGRA~1\NORTON~1\PASSWO~1\ppWebWnd.dll" (new data: "") deleted in System Startup global entry!
25-2-2005 16:15:40 Allowed value "C:\PROGRA~1\COMMON~1\SYMANT~1\drWebWnd.dll" (new data: "") deleted in System Startup global entry!
26-2-2005 10:28:39 Allowed value "GhostStartTrayApp" (new data: "") deleted in System Startup global entry!
26-2-2005 10:28:39 Allowed value "AcctMgr" (new data: "") deleted in System Startup global entry!
26-2-2005 10:28:40 Allowed value "LUSETUP-LT" (new data: "") deleted in System Startup global entry!
26-2-2005 10:28:41 Allowed value "C:\PROGRA~1\NORTON~1\PASSWO~1\ppWebWnd.dll" (new data: "") deleted in System Startup global entry!
26-2-2005 10:28:41 Allowed value "C:\PROGRA~1\COMMON~1\SYMANT~1\drWebWnd.dll" (new data: "") deleted in System Startup global entry!
26-2-2005 11:57:14 Allowed value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") deleted in Global browser toolbar!
26-2-2005 11:58:45 Allowed value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") deleted in Global browser toolbar!
26-2-2005 12:03:51 Allowed value "Symantec NetDriver Monitor" (new data: "") deleted in System Startup global entry!
26-2-2005 13:27:33 Allowed value "Symantec NetDriver Monitor" (new data: "") deleted in System Startup global entry!
26-2-2005 13:27:33 Allowed value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") deleted in Global browser toolbar!
26-2-2005 23:25:20 Allowed value "Symantec NetDriver Monitor" (new data: "") deleted in System Startup global entry!
26-2-2005 23:25:21 Allowed value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") deleted in Global browser toolbar!
27-2-2005 10:52:11 Allowed value "Symantec NetDriver Monitor" (new data: "") deleted in System Startup global entry!
27-2-2005 10:52:11 Allowed value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") deleted in Global browser toolbar!
27-2-2005 23:30:56 Allowed value "Symantec NetDriver Monitor" (new data: "") deleted in System Startup global entry!
27-2-2005 23:30:56 Allowed value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") deleted in Global browser toolbar!
28-2-2005 16:30:42 Denied value "Symantec NetDriver Monitor" (new data: "") deleted in System Startup global entry!
28-2-2005 16:30:45 Denied value "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (new data: "") deleted in Global browser toolbar!
17-3-2005 20:16:06 Allowed value "Steam" (new data: "") deleted in System Startup user entry!
17-3-2005 20:21:20 Allowed value "Steam" (new data: "") deleted in System Startup user entry!
18-3-2005 15:36:13 Denied value "Steam" (new data: "") deleted in System Startup user entry!
3-4-2005 1:31:20 Allowed value "RoxioEngineUtility" (new data: "") deleted in System Startup global entry!
3-4-2005 1:31:21 Allowed value "RoxioDragToDisc" (new data: "") deleted in System Startup global entry!
3-4-2005 17:41:20 Allowed value "RoxioEngineUtility" (new data: "") deleted in System Startup global entry!
3-4-2005 17:41:22 Allowed value "RoxioDragToDisc" (new data: "") deleted in System Startup global entry!
4-4-2005 2:56:42 Denied value "RoxioEngineUtility" (new data: "") deleted in System Startup global entry!
4-4-2005 2:56:44 Denied value "RoxioDragToDisc" (new data: "") deleted in System Startup global entry!
5-4-2005 16:24:33 Allowed value "HPDJ Taskbar Utility" (new data: "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe") added in System Startup global entry!
19-4-2005 20:27:35 Allowed value "{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}" (new data: "") added in ActiveX Distribution Unit!
27-4-2005 20:30:34 Allowed value "{C58EFA10-2CC0-4C50-8C77-B326555EC1B7}" (new data: "") added in ActiveX Distribution Unit!
27-4-2005 20:31:40 Allowed value "{1D185838-009D-47C8-824B-B65B4854430E}" (new data: "") added in ActiveX Distribution Unit!
6-6-2005 21:03:14 Allowed value "iTunesHelper" (new data: "") deleted in System Startup global entry!
7-6-2005 14:20:41 Denied value "iTunesHelper" (new data: "") deleted in System Startup global entry!
9-6-2005 22:04:47 Allowed value "MSPCLOCK" (new data: "RUNDLL32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}") added in System Startup global entry!
10-6-2005 21:33:08 Allowed value "dlmMgr" (new data: ""C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1") added in System Startup user entry!
10-6-2005 21:34:24 Allowed value "dlmMgr" (new data: "") deleted in System Startup user entry!
10-6-2005 21:35:39 Allowed value "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" (new data: "") added in Browser Helper Object!
15-6-2005 19:36:52 Allowed value "{8AD9C840-044E-11D1-B3E9-00805F499D93}" (new data: "") added in ActiveX Distribution Unit!
15-6-2005 19:36:53 Allowed value "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}" (new data: "") added in ActiveX Distribution Unit!
15-6-2005 19:36:56 Allowed value "SunJavaUpdateSched" (new data: "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe") added in System Startup global entry!
2-1-2003 19:52:21 Allowed value "MSPQM" (new data: "RUNDLL32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}") added in System Startup global entry!
2-1-2003 19:52:24 Allowed value "MSPQM" (new data: "") deleted in System Startup global entry!
27-7-2005 18:13:28 Allowed value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
27-7-2005 18:13:29 Allowed value "{8E718888-423F-11D2-876E-00A0C9082467}" (new data: "") deleted in Global browser toolbar!
27-7-2005 18:20:52 Allowed value "Local Page" (new data: "C:\WINDOWS\system32\blank.htm") changed in Browser page!
27-7-2005 18:27:57 Allowed value "Local Page" (new data: "C:\WINDOWS\system32\blank.htm") changed in Browser page!
28-7-2005 12:04:22 Allowed value "Local Page" (new data: "C:\WINDOWS\system32\blank.htm") changed in Browser page!
28-7-2005 16:07:41 Allowed value "Local Page" (new data: "C:\WINDOWS\system32\blank.htm") changed in Browser page!
28-7-2005 17:08:07 Denied value "Local Page" (new data: "C:\WINDOWS\system32\blank.htm") changed in Browser page!
16-8-2005 13:09:43 Allowed value "pccguide.exe" (new data: ""C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"") added in System Startup global entry!
16-8-2005 16:41:52 Allowed value "{F6ACF75C-C32C-447B-9BEF-46B766368D29}" (new data: "") deleted in ActiveX Distribution Unit!
16-8-2005 16:41:54 Allowed value "{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}" (new data: "") deleted in ActiveX Distribution Unit!
16-8-2005 16:41:56 Allowed value "{8AD9C840-044E-11D1-B3E9-00805F499D93}" (new data: "") deleted in ActiveX Distribution Unit!
16-8-2005 16:41:56 Allowed value "{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}" (new data: "") deleted in ActiveX Distribution Unit!
16-8-2005 16:41:57 Allowed value "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}" (new data: "") deleted in ActiveX Distribution Unit!
29-8-2005 16:24:19 Allowed value "SunJavaUpdateSched" (new data: "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe") changed in System Startup global entry!
29-8-2005 16:24:21 Allowed value "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}" (new data: "") added in ActiveX Distribution Unit!
29-8-2005 18:52:05 Allowed value "SunJavaUpdateSched" (new data: "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe") changed in System Startup global entry!
29-8-2005 21:43:42 Allowed value "SunJavaUpdateSched" (new data: "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe") changed in System Startup global entry!
30-8-2005 16:09:05 Denied value "SunJavaUpdateSched" (new data: "") deleted in System Startup global entry!
5-9-2005 19:02:46 Allowed value "wextract_cleanup0" (new data: "rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\KIM\LOCALS~1\Temp\IXP001.TMP\"") added in System Startup global entry!
5-9-2005 19:03:08 Allowed value "wextract_cleanup0" (new data: "") deleted in System Startup global entry!
11-9-2005 19:18:58 Allowed value "pccguide.exe" (new data: "") deleted in System Startup global entry!
17-9-2005 16:21:58 Allowed value "updateMgr" (new data: "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0") added in System Startup user entry!
17-9-2005 16:38:59 Allowed value "updateMgr" (new data: "") deleted in System Startup user entry!
18-9-2005 14:15:53 Allowed value "CaAvTray" (new data: ""C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"") added in System Startup global entry!
18-9-2005 14:15:53 Allowed value "CAVRID" (new data: ""C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"") added in System Startup global entry!
11-10-2005 15:27:38 Allowed value "SunJavaUpdateSched" (new data: "") deleted in System Startup global entry!
11-10-2005 15:27:39 Allowed value "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}" (new data: "") deleted in ActiveX Distribution Unit!
11-10-2005 15:27:41 Allowed value "SunJavaUpdateSched" (new data: "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe") added in System Startup global entry!
11-10-2005 16:02:34 Allowed value "SunJavaUpdateSched" (new data: "") deleted in System Startup global entry!
11-10-2005 18:19:34 Allowed value "SunJavaUpdateSched" (new data: "") deleted in System Startup global entry!
11-10-2005 19:20:49 Denied value "{11111111-2222-408A-9842-CDBE1C6D37EB}" (new data: "") added in Browser Helper Object!
11-10-2005 19:20:51 Denied value "{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}" (new data: "") added in Browser Helper Object!
12-10-2005 16:24:00 Allowed value "SunJavaUpdateSched" (new data: "") deleted in System Startup global entry!
12-10-2005 16:24:00 Allowed value "{3FC75855-CA93-4C52-81CA-E2B842CB0619}" (new data: "") added in Browser Helper Object!
12-10-2005 16:50:08 Allowed value "{00000000-0000-0000-0000-000000000000}" (new data: "") added in Browser Helper Object!
12-10-2005 19:23:26 Allowed value "{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}" (new data: "") added in Browser Helper Object!
12-10-2005 21:11:00 Allowed value "SunJavaUpdateSched" (new data: "") deleted in System Startup global entry!
13-10-2005 6:53:01 Allowed value "SunJavaUpdateSched" (new data: "") deleted in System Startup global entry!
13-10-2005 19:44:06 Allowed value "{8D82BB89-B58C-4F21-9C5D-377F65947806}" (new data: "") added in Browser Helper Object!
14-10-2005 20:58:26 Denied value "{16875E09-927B-4494-82BD-158A1CD46BA0}" (new data: "") added in Browser Helper Object!
15-10-2005 12:49:50 Allowed value "{00000000-0000-0000-0000-000000000000}" (new data: "") deleted in Browser Helper Object!
15-10-2005 12:52:35 Denied value "{00000000-0000-0000-0000-000000000000}" (new data: "") added in Browser Helper Object!
15-10-2005 13:14:50 Denied value "{00000000-0000-0000-0000-000000000000}" (new data: "") added in Browser Helper Object!
15-10-2005 13:16:13 Denied value "{00000000-0000-0000-0000-000000000000}" (new data: "") added in Browser Helper Object!
15-10-2005 13:23:39 Denied value "{00000000-0000-0000-0000-000000000000}" (new data: "") added in Browser Helper Object!
15-10-2005 17:10:22 Denied value "{00000000-0000-0000-0000-000000000000}" (new data: "") added in Browser Helper Object!
16-10-2005 14:07:53 Allowed value "DAEMON Tools-1033" (new data: ""C:\Program Files\D-Tools\daemon.exe" -lang 1033") added in System Startup global entry!
17-10-2005 16:40:18 Denied value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
17-10-2005 18:53:35 Allowed value "NvCplDaemon" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup") changed in System Startup global entry!
17-10-2005 18:53:36 Allowed value "NvMediaCenter" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit") changed in System Startup global entry!
18-10-2005 2:08:35 Allowed value "{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}" (new data: "") added in ActiveX Distribution Unit!
18-10-2005 2:26:29 Allowed value "NvCplDaemon" (new data: "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup") changed in System Startup global entry!
18-10-2005 2:26:29 Allowed value "NvMediaCenter" (new data: "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit") changed in System Startup global entry!
18-10-2005 21:46:52 Denied value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
18-10-2005 22:07:17 Denied value "NvCplDaemon" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup") changed in System Startup global entry!
18-10-2005 22:07:19 Denied value "NvMediaCenter" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit") changed in System Startup global entry!
18-10-2005 22:08:27 Allowed value "NvCplDaemon" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup") changed in System Startup global entry!
18-10-2005 22:08:28 Allowed value "NvMediaCenter" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit") changed in System Startup global entry!
18-10-2005 22:09:26 Allowed value "NvCplDaemon" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup") changed in System Startup global entry!
18-10-2005 22:09:26 Allowed value "NvMediaCenter" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit") changed in System Startup global entry!
18-10-2005 22:33:27 Allowed value "NvCplDaemon" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup") changed in System Startup global entry!
18-10-2005 22:33:27 Allowed value "NvMediaCenter" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit") changed in System Startup global entry!
19-10-2005 8:30:28 Allowed value "NvCplDaemon" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup") changed in System Startup global entry!
19-10-2005 8:30:29 Allowed value "NvMediaCenter" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit") changed in System Startup global entry!
19-10-2005 9:08:39 Allowed value "DAEMON Tools-1033" (new data: "") deleted in System Startup global entry!
19-10-2005 12:32:28 Allowed value "NvCplDaemon" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup") changed in System Startup global entry!
19-10-2005 12:32:31 Allowed value "NvMediaCenter" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit") changed in System Startup global entry!
19-10-2005 12:32:34 Allowed value "DAEMON Tools-1033" (new data: "") deleted in System Startup global entry!
20-10-2005 6:46:34 Allowed value "DAEMON Tools-1033" (new data: ""C:\Program Files\D-Tools\daemon.exe" -lang 1033") changed in System Startup global entry!
20-10-2005 10:53:50 Allowed value "DAEMON Tools-1033" (new data: ""C:\Program Files\D-Tools\daemon.exe" -lang 1033") changed in System Startup global entry!
22-10-2005 20:06:01 Allowed value "nwiz" (new data: "") deleted in System Startup global entry!
22-10-2005 20:06:36 Allowed value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
22-10-2005 20:11:38 Allowed value "nwiz" (new data: "nwiz.exe /install") added in System Startup global entry!
22-10-2005 20:11:44 Allowed value "NvCplDaemon" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup") added in System Startup global entry!
22-10-2005 20:11:48 Denied value "NvCplDaemon" (new data: "") deleted in System Startup global entry!
22-10-2005 20:13:02 Allowed value "NvCplDaemon" (new data: "") deleted in System Startup global entry!
22-10-2005 20:16:11 Allowed value "NvCplDaemon" (new data: "") deleted in System Startup global entry!
22-10-2005 20:21:39 Allowed value "NvCplDaemon" (new data: "") deleted in System Startup global entry!
23-10-2005 11:39:48 Allowed value "NvCplDaemon" (new data: "") deleted in System Startup global entry!
27-10-2005 16:40:23 Allowed value "SpybotSD TeaTimer" (new data: "") deleted in System Startup user entry!
27-10-2005 16:40:23 Allowed value "MessengerPlus3" (new data: "") deleted in System Startup user entry!
27-10-2005 16:40:24 Allowed value "RemoteCenter" (new data: "") deleted in System Startup user entry!
27-10-2005 16:40:25 Allowed value "Fraps" (new data: "") deleted in System Startup user entry!
27-10-2005 16:40:25 Allowed value "Steam" (new data: "") deleted in System Startup user entry!
27-10-2005 16:40:26 Allowed value "Cmaudio" (new data: "") deleted in System Startup global entry!
27-10-2005 16:40:26 Allowed value "MessengerPlus3" (new data: "") deleted in System Startup global entry!
27-10-2005 16:40:26 Allowed value "SbUsb AudCtrl" (new data: "") deleted in System Startup global entry!
27-10-2005 16:40:27 Allowed value "UpdReg" (new data: "") deleted in System Startup global entry!
27-10-2005 16:40:27 Allowed value "QuickTime Task" (new data: "") deleted in System Startup global entry!
27-10-2005 16:40:27 Allowed value "Symantec NetDriver Monitor" (new data: "") deleted in System Startup global entry!
27-10-2005 16:40:27 Allowed value "HPDJ Taskbar Utility" (new data: "") deleted in System Startup global entry!
27-10-2005 16:40:27 Allowed value "iTunesHelper" (new data: "") deleted in System Startup global entry!
27-10-2005 16:40:28 Allowed value "CaAvTray" (new data: "") deleted in System Startup global entry!
27-10-2005 16:40:28 Allowed value "CAVRID" (new data: "") deleted in System Startup global entry!
27-10-2005 16:40:28 Allowed value "nwiz" (new data: "") deleted in System Startup global entry!
27-10-2005 16:41:07 Allowed value "MSConfig" (new data: "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto") added in System Startup global entry!
27-10-2005 17:07:58 Allowed value "MessengerPlus3" (new data: "") deleted in System Startup user entry!
28-10-2005 18:02:24 Denied value "MessengerPlus3" (new data: "") deleted in System Startup user entry!
4-11-2005 7:16:31 Allowed value "Fraps" (new data: "E:\Fraps\FRAPS.EXE") changed in System Startup user entry!
4-11-2005 8:08:53 Allowed value "Fraps" (new data: "E:\Fraps\FRAPS.EXE") changed in System Startup user entry!
4-11-2005 15:21:15 Allowed value "Fraps" (new data: "E:\Fraps\FRAPS.EXE") changed in System Startup user entry!
4-11-2005 20:30:06 Allowed value "InstallShieldSetup" (new data: "C:\PROGRA~1\INSTAL~1\{DEBD7~1\Setup.exe -rebootC:\PROGRA~1\INSTAL~1\{DEBD7~1\reboot.ini -l0x13") added in System Startup global entry!
4-11-2005 20:30:30 Allowed value "InstallShieldSetup1" (new data: "C:\PROGRA~1\INSTAL~1\{5210E~1\Setup.exe -rebootC:\PROGRA~1\INSTAL~1\{5210E~1\reboot.ini -l0x13") added in System Startup global entry!
4-11-2005 20:31:27 Allowed value "MSPQM" (new data: "rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}") added in System Startup global entry!
4-11-2005 20:31:30 Allowed value "MSKSSRV" (new data: "rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}") added in System Startup global entry!
4-11-2005 20:31:38 Allowed value "WDM_SYSAUDIO" (new data: "rundll32.exe streamci.dll,StreamingDeviceSetup {A7C7A5B0-5AF3-11D1-9CED-00A024BF0407},{9B365890-165F-11D0-A195-0020AFD156E4},{A7C7A5B1-5AF3-11D1-9CED-00A024BF0407},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SYSAUDIO.Interface.Install") added in System Startup global entry!
4-11-2005 20:31:40 Allowed value "InstallShieldSetup" (new data: "") deleted in System Startup global entry!
4-11-2005 20:31:40 Allowed value "InstallShieldSetup1" (new data: "") deleted in System Startup global entry!
4-11-2005 20:31:41 Allowed value "MSPQM" (new data: "") deleted in System Startup global entry!
4-11-2005 20:31:42 Allowed value "MSKSSRV" (new data: "") deleted in System Startup global entry!
4-11-2005 20:31:43 Allowed value "WDM_SYSAUDIO" (new data: "") deleted in System Startup global entry!
4-11-2005 20:36:30 Allowed value "CTSU" (new data: ""C:\Program Files\Creative\Software Update\CTSURun.exe"") added in System Startup global entry!
4-11-2005 20:42:08 Allowed value "MSPQM" (new data: "rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}") added in System Startup global entry!
4-11-2005 20:42:14 Allowed value "MSKSSRV" (new data: "rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}") added in System Startup global entry!
4-11-2005 20:42:18 Allowed value "MSPQM" (new data: "") deleted in System Startup global entry!
4-11-2005 20:42:18 Allowed value "MSKSSRV" (new data: "") deleted in System Startup global entry!
4-11-2005 20:43:06 Allowed value "CTSU" (new data: ""C:\Program Files\Creative\Software Update\CTSURun.exe"") added in System Startup global entry!
4-11-2005 20:52:13 Allowed value "Creative MediaSource Go" (new data: "") deleted in System Startup user entry!
5-11-2005 9:47:24 Allowed value "AVG7_CC" (new data: "") deleted in System Startup global entry!
5-11-2005 9:48:53 Allowed value "AVG7_CC" (new data: "") deleted in System Startup global entry!
5-11-2005 10:48:24 Allowed value "AVG7_CC" (new data: "") deleted in System Startup global entry!
6-11-2005 12:43:38 Allowed value "NeroFilterCheck" (new data: "C:\WINDOWS\system32\NeroCheck.exe") added in System Startup global entry!
6-11-2005 17:47:10 Allowed value "msnmsgr" (new data: "") deleted in System Startup user entry!
6-11-2005 17:47:17 Allowed value "msnmsgr" (new data: ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background") added in System Startup user entry!
7-11-2005 6:55:54 Allowed value "msnmsgr" (new data: "") deleted in System Startup user entry!
7-11-2005 6:55:59 Allowed value "msnmsgr" (new data: ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background") added in System Startup user entry!
7-11-2005 6:58:56 Allowed value "msnmsgr" (new data: "") deleted in System Startup user entry!
7-11-2005 6:59:01 Allowed value "msnmsgr" (new data: ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background") added in System Startup user entry!
7-11-2005 15:21:03 Allowed value "msnmsgr" (new data: "") deleted in System Startup user entry!
7-11-2005 15:21:06 Allowed value "msnmsgr" (new data: ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background") added in System Startup user entry!
7-11-2005 16:58:30 Allowed value "msnmsgr" (new data: "") deleted in System Startup user entry!
7-11-2005 16:58:36 Allowed value "msnmsgr" (new data: ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background") added in System Startup user entry!
7-11-2005 18:32:25 Allowed value "msnmsgr" (new data: "") deleted in System Startup user entry!
7-11-2005 18:32:30 Allowed value "msnmsgr" (new data: ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background") added in System Startup user entry!
7-11-2005 21:05:16 Denied value "{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}" (new data: "") added in ActiveX Distribution Unit!
7-11-2005 21:46:03 Allowed value "CAVRID" (new data: "") deleted in System Startup global entry!
7-11-2005 21:46:04 Allowed value "CaAvTray" (new data: "") deleted in System Startup global entry!
7-11-2005 21:47:26 Allowed value "APVXDWIN" (new data: ""C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s") added in System Startup global entry!
7-11-2005 21:47:39 Allowed value "SinReiniciar" (new data: "") added in System Startup global entry!
7-11-2005 21:47:44 Allowed value "SinReiniciar" (new data: "") deleted in System Startup global entry!
7-11-2005 21:50:00 Allowed value "CAVRID" (new data: "") deleted in System Startup global entry!
7-11-2005 21:50:02 Allowed value "CaAvTray" (new data: "") deleted in System Startup global entry!
7-11-2005 21:50:19 Denied value "{826B2228-BC09-49F2-B5F8-42CE26B1B711}" (new data: "") added in Browser Helper Object!
7-11-2005 21:50:22 Denied value "{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}" (new data: "") added in Browser Helper Object!
7-11-2005 21:51:18 Denied value "{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:51:21 Denied value "{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:51:22 Denied value "{8D82BB89-B58C-4F21-9C5D-377F65947806}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:51:27 Denied value "{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:51:28 Denied value "{8D82BB89-B58C-4F21-9C5D-377F65947806}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:51:44 Denied value "{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:51:44 Denied value "{8D82BB89-B58C-4F21-9C5D-377F65947806}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:52:01 Denied value "{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:52:02 Denied value "{8D82BB89-B58C-4F21-9C5D-377F65947806}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:52:04 Denied value "{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:52:04 Denied value "{8D82BB89-B58C-4F21-9C5D-377F65947806}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:52:07 Denied value "{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:52:08 Denied value "{8D82BB89-B58C-4F21-9C5D-377F65947806}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:52:10 Denied value "{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:52:10 Denied value "{8D82BB89-B58C-4F21-9C5D-377F65947806}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:52:12 Denied value "{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:52:12 Denied value "{8D82BB89-B58C-4F21-9C5D-377F65947806}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:52:14 Denied value "{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:52:14 Denied value "{8D82BB89-B58C-4F21-9C5D-377F65947806}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:52:15 Denied value "{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:52:15 Denied value "{8D82BB89-B58C-4F21-9C5D-377F65947806}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:52:17 Denied value "{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:52:17 Denied value "{8D82BB89-B58C-4F21-9C5D-377F65947806}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:52:19 Allowed value "{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}" (new data: "") deleted in Browser Helper Object!
7-11-2005 21:52:20 Allowed value "{8D82BB89-B58C-4F21-9C5D-377F65947806}" (new data: "") deleted in Browser Helper Object!
7-11-2005 22:31:05 Allowed value "msnmsgr" (new data: "") deleted in System Startup user entry!
7-11-2005 22:31:08 Allowed value "msnmsgr" (new data: ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background") added in System Startup user entry!
8-11-2005 15:24:15 Allowed value "msnmsgr" (new data: "") deleted in System Startup user entry!
8-11-2005 15:24:16 Allowed value "msnmsgr" (new data: ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background") added in System Startup user entry!
8-11-2005 18:12:14 Allowed value "msnmsgr" (new data: "") deleted in System Startup user entry!
8-11-2005 18:12:15 Allowed value "msnmsgr" (new data: ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background") added in System Startup user entry!
8-11-2005 18:28:53 Allowed value "Panda_cleaner_179938" (new data: "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavdr.exe 179938") added in System Startup global entry!
8-11-2005 18:32:59 Allowed value "msnmsgr" (new data: "") deleted in System Startup user entry!
8-11-2005 18:33:01 Allowed value "msnmsgr" (new data: ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background") added in System Startup user entry!
9-11-2005 6:52:14 Allowed value "msnmsgr" (new data: "") deleted in System Startup user entry!
9-11-2005 6:52:18 Allowed value "msnmsgr" (new data: ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background") added in System Startup user entry!
9-11-2005 18:20:54 Allowed value "msnmsgr" (new data: "") deleted in System Startup user entry!
9-11-2005 18:20:57 Allowed value "msnmsgr" (new data: ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background") added in System Startup user entry!

Wow that's alot! Whenever my pc boots, I do notice that panda finds something and S&D allows two items to run automaticly...could be the tea timer and that other thingy listed in Resident....if you want more details of course ask away =)

Will now perform the tasks you listed. Wish me luck :)
Hikaru
Regular Member
 
Posts: 22
Joined: November 6th, 2005, 12:54 pm

Unread postby Hikaru » November 9th, 2005, 2:59 pm

ok, done it all. Before I post the log, when I rebooted, Panda launched another Bulletain saying that someone (or something) is trying to breach my pc or something like that....after I post the log and finish panda's scan and everything I will reboot and write a quote of what it says exactly....keep accidentialy clicking close on it :roll:
Hikaru
Regular Member
 
Posts: 22
Joined: November 6th, 2005, 12:54 pm

Unread postby Hikaru » November 9th, 2005, 3:21 pm

Here she is, this is the HJT Log:



Logfile of HijackThis v1.99.1
Scan saved at 20:18:55, on 9-11-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\system32\rundll32.exe
E:\Fraps\FRAPS.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {3FC75855-CA93-4C52-81CA-E2B842CB0619} - C:\WINDOWS\adsldpbc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Fraps] E:\Fraps\FRAPS.EXE
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.coolwebsearch.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/as ... nstall.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.0.69.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1470190796
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99312C79-D439-473D-89CC-9CAA9D6F4542}: NameServer = 212.142.28.66,212.142.28.130
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: gg - C:\WINDOWS\adsldpbd.dll (file missing)
O20 - Winlogon Notify: st3 - C:\WINDOWS\q3686296.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe





And here's Ediwo's log:


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 19:42:36, 9-11-2005
+ Report-Checksum: EC4B1698

+ Scan result:

HKU\S-1-5-21-796845957-343818398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
C:\Documents and Settings\KIM\Cookies\kim@adopt.euroclick[2].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\KIM\Cookies\kim@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\KIM\Cookies\kim@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\KIM\Cookies\kim@ads.com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\KIM\Cookies\kim@axa.addcontrol[2].txt -> Spyware.Cookie.Addcontrol : Cleaned with backup
C:\Documents and Settings\KIM\Cookies\kim@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\KIM\Cookies\kim@cz8.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\KIM\Cookies\kim@e-2dj6wgkockdjmgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\KIM\Cookies\kim@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\KIM\Cookies\kim@estat[1].txt -> Spyware.Cookie.Estat : Cleaned with backup
C:\Documents and Settings\KIM\Cookies\kim@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\KIM\Cookies\kim@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\KIM\Cookies\kim@popunder.paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\KIM\Cookies\kim@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\KIM\Cookies\kim@trafic[1].txt -> Spyware.Cookie.Trafic : Cleaned with backup
C:\WINDOWS\q10838640.dll -> TrojanDownloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q3669171.dll -> TrojanDownloader.Delf.zu : Cleaned with backup
C:\WINDOWS\q7240125.dll -> TrojanDownloader.Delf.zu : Cleaned with backup


::Report End



Hope that's sufficent. Also, the active online scan from panda found zilch (read ZERO) errors, spyware or viruses versus the previous 24 or so that it had found just before I managed to get rid of the Razeware desktop. I think I had only gotten rid of that part but not the internal bits of it.

Thank you so much for your help so far :) I will definitly recommend this method to friends if they have troubles!

-Hikaru
Hikaru
Regular Member
 
Posts: 22
Joined: November 6th, 2005, 12:54 pm

Unread postby Hikaru » November 9th, 2005, 4:08 pm

The error panda has been giving me is false, it says there's an invalid TCP combination but clicking on more information, it says I'm getting a diffrent ip address than my true ip...this is correct however, as I am working behind a router. the ip it mentions confirms this: 192.168.0.1 which matches what the router's ip is.

In S&D however I found something interesting. Under the tools tab in System Startup, I found:

Key - System.ini
Value - st3
Command Line - C:\Windows\q3686296

The action is set up to activate upon startup, I will disable this for now as I feel that it is a bad thing.

Is this normal or should I act somehow? It is an essence from that trojan I had not so long ago (it froze my desktop upon startup, after many a day I managed to fix it; I guess not completly).
Perhaps there is more to be found in this manner, what is your opinion?

Again, thanks for your time!

-Hikaru
Hikaru
Regular Member
 
Posts: 22
Joined: November 6th, 2005, 12:54 pm

Unread postby amateur » November 10th, 2005, 10:39 am

Hi Hikaru :) ,

You've done a good job. :D We still have some more to do though.
In S&D however I found something interesting. Under the tools tab in System Startup, I found:

Key - System.ini
Value - st3
Command Line - C:\Windows\q3686296
The action is set up to activate upon startup, I will disable this for now as I feel that it is a bad thing.

When did you find that out? Was it before or after you ran Ewido? That file doesn't exist anymore.

ok, done it all. Before I post the log, when I rebooted, Panda launched another Bulletain saying that someone (or something) is trying to breach my pc or something like that....after I post the log and finish panda's scan and everything I will reboot and write a quote of what it says exactly....keep accidentialy clicking close on it


That is your firewall giving you information. It's doing what it's supposed to do. You can either ignore them, or configure it to not to let you know everytime it does its job.

Disable the teatimer again following my earlier instructions.

Reboot in Safe Mode as you have done before.

Run HijackThis and put a checkmark against the following entries:

O2 - BHO: C:\WINDOWS\adsldpbc.dll - {3FC75855-CA93-4C52-81CA-E2B842CB0619} - C:\WINDOWS\adsldpbc.dll (file missing)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O15 - Trusted Zone: *.coolwebsearch.com
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
O20 - Winlogon Notify: gg - C:\WINDOWS\adsldpbd.dll (file missing)
O20 - Winlogon Notify: st3 - C:\WINDOWS\q3686296.dll (file missing)

Click "Fix Checked". Close HijackThis.

Make sure that you can see hidden files

Start>My Computer>Tools>Folder Options>View

Under the Hidden files and Folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Uncheck the Hide file extensions for known file types.
Click OK.

Navigate and delete the following file in bold, if present.

C:\WINDOWS\adsldpbc.dll

Still in Safe Mode navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box.
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.

Empty the Recycle Bin.

Reboot in Normal Mode.

The teatimer is prompting things that are deleted. Please go here and download "Reset Teatimer"which will give Teatimer a fresh start.

Open Spybot in advanced mode and click tool then view report. make sure all boxes are checkmarked except " Do not report disabled or known legitimate items" Then click view report. Then click export and save it to a place that is easy to retrieve. Post the report in the next reply. It may be too long to include in a post with other info, so put it in it's own post.

Run a new online Scan at Trend Micro.

So, I'll be waiting for a new HijackThis log, Trend Micro report and the Spybot report.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Hikaru » November 10th, 2005, 11:39 am

I found the q# file after everything that I previously did. S&D is still showing it, but I still have it set so that it no longer activates upon startup.

Will now perform your new tasks. Be back later =)

Thanks,
-Hikaru
Hikaru
Regular Member
 
Posts: 22
Joined: November 6th, 2005, 12:54 pm

Unread postby amateur » November 10th, 2005, 11:41 am

Good. I'll be waiting.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Hikaru » November 10th, 2005, 12:25 pm

House call log...dunno how those cookies got there, might be from my browsing...woops :(





Virus Scan 0 virus cleaned, 0 virus deleted


Results:
We have detected 0 infected file(s) with 0 virus(es) on your computer. Only 0 out of 0 infected files are displayed: - 0 virus(es) passed, 0 virus(es) no action available
- 0 virus(es) cleaned, 0 virus(es) uncleanable
- 0 virus(es) deleted, 0 virus(es) undeletable
- 0 virus(es) not found, 0 virus(es) unaccessible
Detected File Associated Virus Name Action Taken




Trojan/Worm Check 0 worm/Trojan horse deleted

What we checked:
Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer.
Results:
We have detected 0 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed: - 0 worm(s)/Trojan(s) passed, 0 worm(s)/Trojan(s) no action available
- 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s) undeletable
Trojan/Worm Name Trojan/Worm Type Action Taken




Spyware Check 0 spyware program removed

What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet.
Results:
We have detected 25 spyware(s) on your computer. Only 0 out of 0 spywares are displayed: - 25 spyware(s) passed, 0 spyware(s) no action available
- 0 spyware(s) removed, 0 spyware(s) unremovable
Spyware Name Spyware Type Action Taken
COOKIE_45 Cookie Pass
COOKIE_169 Cookie Pass
COOKIE_206 Cookie Pass
COOKIE_442 Cookie Pass
COOKIE_592 Cookie Pass
COOKIE_809 Cookie Pass
COOKIE_837 Cookie Pass
COOKIE_861 Cookie Pass
COOKIE_1314 Cookie Pass
COOKIE_1346 Cookie Pass
COOKIE_1523 Cookie Pass
COOKIE_1638 Cookie Pass
COOKIE_1661 Cookie Pass
COOKIE_1738 Cookie Pass
COOKIE_2095 Cookie Pass
COOKIE_2203 Cookie Pass
COOKIE_2513 Cookie Pass
COOKIE_3188 Cookie Pass
COOKIE_3196 Cookie Pass
COOKIE_3220 Cookie Pass
COOKIE_3224 Cookie Pass
COOKIE_3369 Cookie Pass
COOKIE_6855 Cookie Pass
COOKIE_3232 Cookie Pass
COOKIE_3235 Cookie Pass




Microsoft Vulnerability Check No vulnerability detected

What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix.
Results:
We have detected 0 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.
Risk Level Issue How to Fix
Hikaru
Regular Member
 
Posts: 22
Joined: November 6th, 2005, 12:54 pm

Unread postby Hikaru » November 10th, 2005, 12:26 pm

Logfile of HijackThis v1.99.1
Scan saved at 17:26:23, on 10-11-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
E:\Fraps\FRAPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Fraps] E:\Fraps\FRAPS.EXE
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.nl/quickfix2/as ... nstall.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.0.69.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1470190796
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99312C79-D439-473D-89CC-9CAA9D6F4542}: NameServer = 212.142.28.66,212.142.28.130
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
Hikaru
Regular Member
 
Posts: 22
Joined: November 6th, 2005, 12:54 pm

Unread postby Hikaru » November 10th, 2005, 12:27 pm

--- Search result list ---


--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 6 / SP0: Windows XP Hotfix - KB834707
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB867282
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB889293
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB890923
/ Outlook Express 6 / SP1: Windows XP Hotfix - KB887797
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB887797
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Update for Windows XP (KB900930)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)


--- Startup entries list ---
Located: HK_LM:Run, APVXDWIN
command: "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
file: C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
size: 299008
MD5: a7c63d0b99f814306f8655151244e701

Located: HK_LM:Run, Cmaudio
command: RunDll32 cmicnfg.cpl,CMICtrlWnd
file:

Located: HK_LM:Run, DAEMON Tools-1033
command: "C:\Program Files\D-Tools\daemon.exe" -lang 1033
file: C:\Program Files\D-Tools\daemon.exe
size: 81920
MD5: 804fbb66ec6ca862b840d173efc638a7

Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
file: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
size: 188416
MD5: 2cec0358aeaf3d34e7faee85ed55e9eb

Located: HK_LM:Run, iTunesHelper
command: C:\Program Files\iTunes\iTunesHelper.exe
file:

Located: HK_LM:Run, MessengerPlus3
command: "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
file: C:\Program Files\MessengerPlus! 3\MsgPlus.exe
size: 190024
MD5: a6939e0f389095a9c77e70604f24dd1f

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 921600
MD5: 96880791e6dde3fac08342c1d5b045ac

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76a3a30b58405c2c6d833895253a51a9

Located: HK_LM:Run, RoxioDragToDisc
command: "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
file:

Located: HK_LM:Run, RoxioEngineUtility
command: "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
file:

Located: HK_LM:Run, SbUsb AudCtrl
command: RunDll32 sbusbdll.dll,RCMonitor
file:

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
size: 36975
MD5: d3e445a99a1142c35d8d3100b5564591

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe
file:

Located: HK_LM:Run, UpdReg
command: C:\WINDOWS\UpdReg.EXE
file: C:\WINDOWS\UpdReg.EXE
size: 90112
MD5: c419df63e0121d72411285780c2fc6cc

Located: HK_CU:Run, Fraps
command: E:\Fraps\FRAPS.EXE
file: E:\Fraps\FRAPS.EXE
size: 2822144
MD5: d38d6f228d1715f986c18e60bfdaf9bc

Located: HK_CU:Run, MessengerPlus3
command: "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
file: C:\Program Files\MessengerPlus! 3\MsgPlus.exe
size: 190024
MD5: a6939e0f389095a9c77e70604f24dd1f

Located: HK_CU:Run, msnmsgr
command: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
file: C:\Program Files\MSN Messenger\msnmsgr.exe
size: 7086080
MD5: 55406c4b910c174cdf36f66afca1a18c

Located: HK_CU:Run, RemoteCenter
command: C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
file: C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
size: 143360
MD5: 7ddfad254c42b202dfda0822e29f6d15

Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496eee0ddbe485f658693826f44d38

Located: HK_CU:Run, Steam
command:
file:

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: System.ini, avldr
command: avldr.dll
file: avldr.dll

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, st3 (DISABLED)
command: C:\WINDOWS\q3686296.dll
file: C:\WINDOWS\q3686296.dll



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 14-12-2004 0:56:50
Date (last access): 10-11-2005 16:36:12
Date (last write): 14-12-2004 0:56:50
Filesize: 63136
Attributes: archive
MD5: 42729C3DE75A7A51FC6F9EF6546C9199
CRC32: 4D60BD07
Version: 7.0.0.1333

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 12-5-2004 1:03:00
Date (last access): 10-11-2005 16:36:12
Date (last write): 31-5-2005 1:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0



--- ActiveX list ---
{04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control)
DPF name:
CLSID name: HouseCall Control
Installer: C:\WINDOWS\Downloaded Program Files\xscan60.inf
Codebase: http://housecall60.trendmicro.com/housecall/xscan60.cab
description:
classification: Legitimate
known filename: xscan60.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: xscan60.ocx
Short name:
Date (created): 3-5-2005 11:45:54
Date (last access): 9-11-2005 20:06:22
Date (last write): 3-5-2005 11:45:54
Filesize: 475190
Attributes: archive
MD5: 145C288D55A91D6469223136EA93A406
CRC32: A36DBA2A
Version: 6.0.0.1261

{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate)
DPF name:
CLSID name: Creative Software AutoUpdate
Installer: C:\WINDOWS\Downloaded Program Files\CTSUEng.inf
Codebase: http://www.creative.com/su/ocx/15015/CTSUEng.cab
description:
classification: Open for discussion
known filename: CTSUEng.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: CTSUEng.ocx
Short name:
Date (created): 22-6-2005 18:37:28
Date (last access): 9-11-2005 20:06:22
Date (last write): 22-6-2005 18:37:28
Filesize: 225280
Attributes: archive
MD5: F78ACCCE90722CB62F2D3767BEEBA545
CRC32: 03683A52
Version: 1.50.12.0

{1D185838-009D-47C8-824B-B65B4854430E} (Installer Class)
DPF name:
CLSID name: Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\chelloInstall.INF
Codebase: http://quickfix2.chello.nl/quickfix2/as ... nstall.CAB
description:
classification: Open for discussion
known filename: chelloInstall.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: chelloInstall.dll
Short name: CHELLO~1.DLL
Date (created): 5-12-2003 10:54:56
Date (last access): 9-11-2005 21:11:52
Date (last write): 5-12-2003 10:54:56
Filesize: 40960
Attributes: archive
MD5: 00DC127B7710195B36C89935E160CD06
CRC32: 05D98177
Version: 1.0.0.1

{3334504D-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\mp43dmo.inf
Codebase: http://download.microsoft.com/download/ ... p43dmo.CAB
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class)
DPF name:
CLSID name: FilePlanet Download Control Class
Installer:
Codebase: http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.0.69.cab
description:
classification: Open for discussion
known filename: FilePlanetDownloadCtrl.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\FilePlanet\Download Manager\
Long name: FPDC.dll
Short name:
Date (created): 6-8-2005 1:28:22
Date (last access): 9-11-2005 20:02:38
Date (last write): 6-8-2005 1:28:22
Filesize: 337104
Attributes: archive
MD5: B49C4468303075DB75A8F7326BD0C082
CRC32: 175120F6
Version: 2.1.0.69

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupda ... 1470190796
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 26-5-2005 3:19:32
Date (last access): 9-11-2005 20:11:40
Date (last write): 26-5-2005 4:19:32
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 5.8.0.2469

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_04
Installer: C:\WINDOWS\Downloaded Program Files\jinstall-1_5_0_04.inf
Codebase: http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_04\bin\
Long name: NPJPI150_04.dll
Short name: NPJPI1~1.DLL
Date (created): 3-6-2005 2:52:58
Date (last access): 9-11-2005 20:02:54
Date (last write): 3-6-2005 3:09:54
Filesize: 69746
Attributes: archive
MD5: 8548FE98BD687F35AFD0AED9C2A2DEE3
CRC32: 4058FA1B
Version: 5.0.40.5

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: MsnMessengerSetupDownloader.ocx
info link:
info source: Safer Networking Ltd.

{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element)
DPF name:
CLSID name: ASquaredScanForm Element
Installer:
Codebase: http://www.windowsecurity.com/trojanscan/axscan.cab
Path: C:\WINDOWS\DOWNLO~1\
Long name: axscan.ocx
Short name:
Date (created): 26-9-2005 19:12:32
Date (last access): 9-11-2005 20:06:22
Date (last write): 26-9-2005 19:12:32
Filesize: 904192
Attributes: archive
MD5: DCC92BA029FAA598EE3958DC79FE2BB9
CRC32: 9B277B78
Version: 1.0.0.28

{C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class)
DPF name:
CLSID name: clsDefault Class
Installer: C:\WINDOWS\Downloaded Program Files\LaunchApp.INF
Codebase: http://quickfix2.chello.nl/quickfix2/asp/LaunchApp.CAB
description:
classification: Open for discussion
known filename: LaunchApp.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: LaunchApp.dll
Short name: LAUNCH~1.DLL
Date (created): 5-12-2003 12:08:40
Date (last access): 9-11-2005 21:11:52
Date (last write): 5-12-2003 12:08:40
Filesize: 40960
Attributes: archive
MD5: B6AC7CA7CA5639AAE7F5D20F587820A9
CRC32: 63124AE7
Version: 1.2.0.0

{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_04
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
description:
classification: Legitimate
known filename: npjpi150_04.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_04\bin\
Long name: NPJPI150_04.dll
Short name: NPJPI1~1.DLL
Date (created): 3-6-2005 2:52:58
Date (last access): 10-11-2005 17:05:20
Date (last write): 3-6-2005 3:09:54
Filesize: 69746
Attributes: archive
MD5: 8548FE98BD687F35AFD0AED9C2A2DEE3
CRC32: 4058FA1B
Version: 5.0.40.5

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shoc ... wflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8.ocx
Short name:
Date (created): 27-8-2005 12:38:56
Date (last access): 9-11-2005 21:25:48
Date (last write): 27-8-2005 12:38:56
Filesize: 1435272
Attributes: archive
MD5: 900373C059C2B51CA91BF110DBDECB33
CRC32: F19599BC
Version: 8.0.22.0

{E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class)
DPF name:
CLSID name: AcceptLang Class
Installer:
Codebase:
description:
classification: Open for discussion
known filename: setacceptlang.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: setacceptlang.dll
Short name: SETACC~1.DLL
Date (created): 28-6-2001 0:02:38
Date (last access): 9-11-2005 21:11:52
Date (last write): 28-6-2001 0:02:38
Filesize: 40960
Attributes: archive
MD5: 78D69713471201889366CAC519B02C36
CRC32: 1E18E9BE
Version: 1.0.0.1

{F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package)
DPF name:
CLSID name: Creative Software AutoUpdate Support Package
Installer: C:\WINDOWS\Downloaded Program Files\CTPID.inf
Codebase: http://www.creative.com/su/ocx/15016/CTPID.cab
description:
classification: Open for discussion
known filename: CTPID.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: CTPID.ocx
Short name:
Date (created): 19-8-2005 15:52:24
Date (last access): 9-11-2005 20:06:22
Date (last write): 19-8-2005 15:52:24
Filesize: 32768
Attributes: archive
MD5: 85037C17A443F5E7DBB278AF131538D5
CRC32: 038B7217
Version: 1.0.22.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 700 ( 4) \SystemRoot\System32\smss.exe
PID: 764 ( 700) \??\C:\WINDOWS\system32\csrss.exe
PID: 788 ( 700) \??\C:\WINDOWS\system32\winlogon.exe
PID: 832 ( 788) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 844 ( 788) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1012 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1084 ( 832) C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
size: 331776
MD5: 7728FE805210124426738477E5B93006
PID: 1216 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1356 ( 832) C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
size: 172032
MD5: 425AD8C1542A345CFC226B0F680F07BB
PID: 1452 (1356) C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
size: 98304
MD5: 5D7A365C849423F0E4463C1219BDD2B0
PID: 1612 (1572) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1764 ( 832) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1840 ( 832) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1960 ( 832) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 244 ( 832) c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
size: 540672
MD5: DCA0151DB8189DA7937A57B8B104CFF5
PID: 344 ( 832) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 644 ( 832) C:\WINDOWS\System32\CTSvcCDA.EXE
size: 44032
MD5: 3C8B6609712F4FF78E521F6DCFC4032B
PID: 692 ( 832) C:\Program Files\ewido\security suite\ewidoctrl.exe
size: 16448
MD5: 867D9D1FA818F8629BB7A4A26E94B06A
PID: 760 ( 832) C:\WINDOWS\system32\nvsvc32.exe
size: 131139
MD5: 0B24AB7CC5B7ED2AA7F438A4072459F4
PID: 1124 ( 832) C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
size: 143360
MD5: E4FD799DFB644C9B884E9BAAD92BA863
PID: 1204 ( 832) C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
size: 32768
MD5: 6F5049BD2E0944F20305F09D80BE272A
PID: 1316 ( 832) C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
size: 98304
MD5: 26EC1E65C7D27BE7DEE98D0858FC8201
PID: 1516 ( 832) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 1660 ( 832) C:\WINDOWS\System32\MsPMSPSv.exe
size: 53248
MD5: 668056D5C3C11AB7D266819A96B964E8
PID: 2272 (1124) C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
size: 299008
MD5: A7C63D0B99F814306F8655151244E701
PID: 2308 ( 832) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 2340 (1764) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 49911DD39E023BB6C45E4E436CFBD297
PID: 2352 (1612) C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
size: 36975
MD5: D3E445A99A1142C35D8D3100B5564591
PID: 2444 (1612) C:\WINDOWS\system32\RunDll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 2604 (1612) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 2668 (1612) C:\Program Files\MessengerPlus! 3\MsgPlus.exe
size: 190024
MD5: A6939E0F389095A9C77E70604F24DD1F
PID: 2708 (1612) C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
size: 188416
MD5: 2CEC0358AEAF3D34E7FAEE85ED55E9EB
PID: 2752 (2572) C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 2760 (1612) C:\Program Files\D-Tools\daemon.exe
size: 81920
MD5: 804FBB66EC6CA862B840D173EFC638A7
PID: 2820 (1612) C:\WINDOWS\system32\RunDll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 2856 (2272) C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
size: 69632
MD5: C79FA180370873F25DA7A60497F44704
PID: 3040 (1612) C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
size: 143360
MD5: 7DDFAD254C42B202DFDA0822E29F6D15
PID: 3220 (1612) E:\Fraps\FRAPS.EXE
size: 2822144
MD5: D38D6F228D1715F986C18E60BFDAF9BC
PID: 3440 (1612) C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: DEB88AEF013DD1EEFB462D7CAD642166
PID: 232 ( 832) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 256 (3292) C:\Program Files\MSN Messenger\msnmsgr.exe
size: 7086080
MD5: 55406C4B910C174CDF36F66AFCA1A18C
PID: 2240 (1612) C:\WINDOWS\system32\NOTEPAD.EXE
size: 69120
MD5: 388B8FBC36A8558587AFC90FB23A3B99
PID: 3000 (1612) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 3256 (1764) C:\WINDOWS\system32\wuauclt.exe
size: 124184
MD5: EBF1AB7E4FC05CABF2F4680D2A45F827
PID: 176 (3088) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496EEE0DDBE485F658693826F44D38
PID: 3932 ( 176) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 10-11-2005 17:05:18

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: PAV_LAYERED over [MSAFD Tcpip [TCP/IP]]
GUID: {0B641033-0B9B-4A63-A0BD-7F696088D208}
Filename: C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavlsp.dll

Protocol 1: PAV_LAYERED over [MSAFD Tcpip [UDP/IP]]
GUID: {0B641033-0B9B-4A63-A0BD-7F696088D208}
Filename: C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavlsp.dll

Protocol 2: PAV_LAYERED over [MSAFD Tcpip [RAW/IP]]
GUID: {0B641033-0B9B-4A63-A0BD-7F696088D208}
Filename: C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavlsp.dll

Protocol 3: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 5: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 6: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{99312C79-D439-473D-89CC-9CAA9D6F4542}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{99312C79-D439-473D-89CC-9CAA9D6F4542}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{84BAD33F-A56F-454B-8CD9-5CBE49E3FDB7}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{84BAD33F-A56F-454B-8CD9-5CBE49E3FDB7}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9132C7E-62EF-44B5-96A6-85696668739E}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9132C7E-62EF-44B5-96A6-85696668739E}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4F6E6137-F4B2-4975-8A7A-8DAD757709C2}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4F6E6137-F4B2-4975-8A7A-8DAD757709C2}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: PAV_LAYERED
GUID: {6B320271-E041-22D0-9A38-11BB1164A02D}
Filename: C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavlsp.dll

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace



--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Adobe Download Manager 2.0 (Remove Only) 2.0 (AdobeESD)
uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"

AIDA32 v3.80 (AIDA32_is1)
uninstall cmd: "C:\Program Files\AIDA32 - Enterprise System Information\unins000.exe"
publisher: Tamas Miklos
help link: http://www.aida32.hu

BitTornado 0.3.7 0.3.7 (BitTornado)
uninstall cmd: C:\Program Files\BitTornado\uninst.exe
publisher: John Hoffman

(Branding)

C-Media WDM Audio Driver (C-Media Audio Driver)
uninstall cmd: C:\WINDOWS\system32\cmirmdrv.exe

CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"

(Connection Manager)

(Creative MediaSource)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove

(Creative MediaSource CD-ROM Burner Plugin)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 /remove

(Creative MediaSource Detector)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove

(Creative MediaSource Go!)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove

(Creative MediaSource NOMAD Jukebox Plug-in)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\Setup.exe" -l0x13 /remove

(Creative MediaSource NOMAD MuVo Plugin)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove

(Creative MediaSource Player Skin Pack)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove

(Creative MediaSource RemoteControl Plugin)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9 /remove

Device Control (Device Control)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

Creative EAX Console (EAX)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\Setup.exe" -l0x13 /remove

ewido security suite (ewidosecuritysuite)
install location: C:\Program Files\ewido\security suite
uninstall cmd: C:\Program Files\ewido\security suite\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

Feurio! CD-Writer (Feurio)
uninstall cmd: "C:\Program Files\Feurio\Feurio_Uninstall.exe"

FilePlanet Download Manager 2.1 2.1 (FilePlanet Download Manager)
uninstall cmd: C:\Program Files\FilePlanet\Download Manager\uninst.exe
publisher: IGN Entertainment, Inc.

(Fontcore)

Fraps (remove only) (Fraps)
uninstall cmd: "E:\Fraps\uninstall.exe"

Guild Wars (Guild Wars)
uninstall cmd: "E:\Games\Guild Wars\Gw.exe" -uninstall

GunboundWC (GunboundWC_is1)
install location: E:\Games\Gunbound\softnyx\
uninstall cmd: "E:\Games\Gunbound\softnyx\unins000.exe"
publisher: Softnyx co.,ltd.
help link: http://www.gunbound.net

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Program Files\HijackThis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

hp deskjet 3320 series (Remove only) (hp deskjet 3320 series)
uninstall cmd: C:\Program Files\hp deskjet 3320 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=3320 -huninstall

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

Microsoft Data Access Components KB870669 (KB870669)
uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB870669

Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

Security Update for Windows XP (KB883939) 1 (KB883939)
install date: 20050727
uninstall cmd: "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883939

(KB884016)

Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Windows XP Hotfix - KB887797 20041018.133824 (KB887797)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887797

Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20050727
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890047 20041221.124506 (KB890047)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890047

Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20050727
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Windows XP Hotfix - KB893066 1 (KB893066)
install date: 20050727
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066

Windows XP Hotfix - KB893086 1 (KB893086)
install date: 20050727
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086

Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20050815
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

Windows Installer 3.1 (KB893803) 3.1 (KB893803)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
install date: 20050815
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

Hotfix for Windows XP (KB896344) 2 (KB896344)
install date: 20050816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896344

Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20050727
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20050727
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20050815
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20051109
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20050727
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Security Update for Windows XP (KB896688) 1 (KB896688)
install date: 20051018
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896688

Update for Windows XP (KB896727) 1 (KB896727)
install date: 20050815
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896727

Update for Windows XP (KB898461) 1 (KB898461)
install date: 20050727
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20050815
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Security Update for Windows XP (KB899588) 1 (KB899588)
install date: 20050815
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899588

Security Update for Windows XP (KB899589) 1 (KB899589)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899589

Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20050815
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Update for Windows XP (KB900930) 1 (KB900930)
install date: 20050816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900930$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900930

Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20050727
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Security Update for Windows XP (KB903235) 1 (KB903235)
install date: 20050727
uninstall cmd: "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903235

Security Update for Windows XP (KB904706) 1 (KB904706)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

LimeWire 4.9.30 4.9.30 (LimeWire)
uninstall cmd: "C:\Program Files\LimeWire\uninstall.exe"
publisher: Lime Wire, LLC
help link: http://www.limewire.com/support

Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

(MPlayer2)

Messenger Plus! 3 (MsgPlus! Plugin)
uninstall cmd: "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

Nero 6 Ultra Edition (Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Nero\nero\uninstall\UNNERO.exe /UNINSTALL

(NetMeeting)

NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\WINDOWS\system32\nvudisp.exe UninstallGUI

(OutlookExpress)

Panda ActiveScan (Panda ActiveScan)
uninstall cmd: C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
publisher: Panda Software S.L.

(Panda Antivirus)

(Panda Antivirus Lite)
uninstall cmd: .

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log

Real Alternative 1.29 1.29 (RealAlt_is1)
install location: C:\Program Files\Real Alternative\
uninstall cmd: "C:\Program Files\Real Alternative\unins000.exe"

RegistryFix v3.0 (RegistryFix_is1)
install location: C:\Program Files\RegistryFix\
uninstall cmd: "C:\Program Files\RegistryFix\unins000.exe"
publisher: RegistryFix
help link: http://www.RegistryFix.com

(SchedulingAgent)

Serious Sam 2 (SeriousSam2)
uninstall cmd: E:\Games\Serious Sam II\Bin\Uninstall.exe

(SeriousSam2Demo)

Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/

Creative Luidsprekerinstellingen (SPEAKER)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\Setup.exe" -l0x13 /remove

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

FreeDVD Codec Installer Version 1.0 (ST6UNST #1)
uninstall cmd: C:\WINDOWS\st6unst.exe -n "C:\Program Files\CodecInstaller\ST6UNST.LOG"

Steam (Steam)
uninstall cmd: C:\PROGRA~1\Valve\Steam\UNWISE.EXE C:\PROGRA~1\Valve\Steam\INSTALL.LOG

Creative System Information (SysInfo)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 /remove

TeamSpeak 2 RC2 2.0.32.60 (Teamspeak 2 RC2_is1)
uninstall cmd: "C:\Program Files\Teamspeak2_RC2\unins000.exe"
publisher: Dominating Bytes Design
help link: http://www.teamspeak.org

(USB Sound Blaster Audigy 2 NX)

(USB Sound Blaster Audigy 2 NX Windows Drivers)
uninstall cmd: "C:\Program Files\Creative\USB SBAudigy2 NX\Program\Ctzapxx.EXE" SBUSB.INI /U /S

VideoLAN VLC media player 0.8.2 0.8.2 (VLC media player)
uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe
publisher: VideoLAN Team

VIA Rhine-Family Fast Ethernet Adapter (VN_VUIns_Rhine_VIA)
uninstall cmd: Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows XP Service Pack 2 20040803.231319 (Windows XP Service Pack)
uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811113

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

World of Warcraft (World of Warcraft)
uninstall cmd: C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

MSXML4 Parser 1.0.0 ({01501EBA-EC35-4F9F-8889-3BE346E5DA13})
version: 16777216
version (major): 1
estimated size: 1289
install date: 20050203
install source: E:\Games\AoM\
uninstall cmd: MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
publisher: Microsoft Game Studios
contact: Microsoft Game Studios

Adobe Photoshop Album 2.0 Starter Edition 2.00.000 ({11B569C2-4BF6-4ED0-9D17-A4273943CB24})
version: 33554432
version (major): 2
estimated size: 15751
install date: 20050917
install source: C:\WINDOWS\Downloaded Installations\{30F65707-62BC-4443-BB21-86DA6E7F8A55}\
uninstall cmd: MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
publisher: Adobe Systems, Inc.
readme: C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\readme.txt

({1888DAFD-C634-4BC4-865C-3455E24F6177})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\Setup.exe" -l0x13

AutoUpdate 1.1 ({18D10072035C4515918F7E37EAFAACFC})
install location: C:\Program Files\DivX

J2SE Runtime Environment 5.0 Update 4 1.5.0.40 ({3248F0A8-6813-11D6-A77B-00B0D0150040})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 121261
install date: 20051011
install source: http://jdl.sun.com/webapps/download/Get ... ows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_04\README.txt

WebFldrs XP 9.50.5318 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154277062
version (major): 9
version (minor): 50
estimated size: 2524
install date: 20050119
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

DAEMON Tools 3.47.0 ({3DED3A72-61A8-4B87-98A5-EF0BC8038AA0})
version: 53411840
version (major): 3
version (minor): 47
estimated size: 601
install date: 20051016
install source: C:\WINDOWS\Downloaded Installations\DAEMON Tools 3.47\
uninstall cmd: MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
publisher: DAEMON'S HOME
contact: DAEMON'S HOME
help link: support@daemon-tools.cc

Microsoft Windows Journal Viewer 1.5.2315.3 ({43DCF766-6838-4F9A-8C91-D92DA586DFA7})
version: 17107211
version (major): 1
version (minor): 5
estimated size: 3703
install date: 20050123
install source: C:\DOCUME~1\KIM\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
publisher: Microsoft
comments: A viewer for Windows Journal documents.
contact: Microsoft

({46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9})

upapp 0.20.0000 ({4EF69D40-4DC9-485E-95D3-B1C22F218FC8})
version: 1310720
version (minor): 20
estimated size: 1213
install date: 20050405
install source: D:\upapp\
uninstall cmd: MsiExec.exe /I{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}
publisher: Hewlett-Packard
comments: Your Comments
contact: Customer Support Department
help link: http://www.yourcompany.com/help
help telephone: 1-555-555-4505
readme: Readme.txt

({5210ED6D-52A9-11D6-A285-00A0CC51B2FE})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\Setup.exe" -l0x13

Creative MediaSource ({56F3E1FF-54FE-4384-A153-6CCABA097814})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove

({5933921D-4253-40B6-B4D9-B7D680F1B6EC})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9

({5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x13

Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91})
version: 16974078
version (major): 1
version (minor): 3
estimated size: 519
install date: 20050727
install source: C:\DOCUME~1\KIM\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
publisher: Microsoft
comments: Your Comments
contact: Customer Support Department
help link: http://www.microsoft.com/genuine/downlo ... .aspx/help
help telephone: 1-425.882.8080

({67AEFC4C-69E4-11D7-85F4-00E018013273})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9

Ventrilo Client 2.3.0 ({789289CA-F73A-4A16-A331-54D498CE069F})
version: 33751040
version (major): 2
version (minor): 3
estimated size: 2392
install date: 20050814
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
publisher: Flagship Industries, Inc.
help link: http://www.ventrilo.com

({7A900EAB-DA37-4554-AF19-9C337476D05D})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9

DivX 5.2.1 ({7B63B2922B174135AFC0E1377DD81EC2})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
publisher: DivXNetworks, Inc.

({869D88A5-BD6C-4E39-8536-D95259EAD7E8})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9

({87499F38-FD69-4A2B-B41A-BAB8DE9B94FE})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9

DivX Player 2.6 ({8ADFC4160D694100B5B8A22DE9DCABD9})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
publisher: DivXNetworks, Inc.

1.00 ({9194237B-7B58-40B4-A739-184AD59531A2})
version: 16777216
install location: C:\Program Files\Creative\Device Control
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9

Panda Titanium 2006 Antivirus + Antispyware 5.01.00 ({98032D6F-3EE6-4646-B68C-40BF012AC89B})
version: 83951616
install date: 20051107
install location: C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\
install source: C:\DOCUME~1\KIM\LOCALS~1\Temp\WZSE0.TMP\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98032D6F-3EE6-4646-B68C-40BF012AC89B}\SETUP.exe" -l0x9 -removeonly
publisher: Panda Software

Guillemot Hardware Inspector ({ABF6506E-51C7-4485-A811-8E07851EBE86})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABF6506E-51C7-4485-A811-8E07851EBE86}\Setup.exe" -l0x9

Adobe Reader 7.0 7.0.0 ({AC76BA86-7AD7-1033-7B44-A70000000000})
version: 117440512
version (major): 7
estimated size: 62959
install date: 20050610
install location: C:\Program Files\Adobe\Acrobat 7.0\Reader\
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

Athlon 64 Processor Driver 1.1.0.14 ({C151CE54-E7EA-4804-854B-F515368B0798})
version: 16842752
install location: C:\Program Files\AMD\Athlon 64 Processor Driver
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9

({C6866B7D-ACFD-4C49-
Hikaru
Regular Member
 
Posts: 22
Joined: November 6th, 2005, 12:54 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 316 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware