Free Malware Removal Forum

by **arx** » July 24th, 2007, 8:26 pm

I have the virus below invite itself into my pc, can you advise me what to do, also if any real risk. Im new to this! :roll:

Thanxxxx

--- Search result list ---
Win32.ConHook.ah: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DNIdent

Log: Activity: COM+.log (Backup file, nothing done)
C:\WINDOWS\COM+.log

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log

Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log

Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log

Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log

Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log

Log: Install: svcpack.log (Backup file, nothing done)
C:\WINDOWS\svcpack.log

Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log

Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log

Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiadap.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

GetRight: Last downloaded file (Registry value, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Headlight\GetRight\FileQueue\FromNetscape

Internet Explorer: Typed URL list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\Download Directory!=

Internet Explorer: User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32)

MS Management Console: Recent command list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Media Player: Recent open directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir!=

MS Media Player: Search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\MediaPlayer\AutoComplete\MediaSearch

MS Media Player: Last playlist query (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistQuery!=

MS Media Player: Last selected node (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\MediaPlayer\MediaLibraryUI\MLLastSelectedNode!=

MS Media Player: Last CD record path (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\MediaPlayer\Preferences\CDRecordPath!=

MS Media Player: Client ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

MS Media Player: Client ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

MS Media Player: Client ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID!=

MS Media Player: Anonymous ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

MS Direct3D: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=

MS DirectDraw: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

MS Paint: Recent file list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

MS Wordpad: Recent file list (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

Windows.OpenWith: Open with list - .AUD extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AUD\OpenWithList

Windows.OpenWith: Open with list - .AVI extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: Open with list - .BMP extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: Open with list - .BPL extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BPL\OpenWithList

Windows.OpenWith: Open with list - .CAB extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CAB\OpenWithList

Windows Explorer: Recent wallpaper list (84 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: Run history (11 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: Stream history (20 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: User Assistant history IE (21 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: User Assistant history files (157 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: Last visited history (7 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: File search history (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: Last Copy/MoveTo folder (Registry value, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CopyMoveTo\LastFolder

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

WinRAR: Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\WinRAR\ArcHistory

WinRAR: Last used directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\WinRAR\General\LastFolder!=

WinRAR: Extraction directory history (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\WinRAR\DialogEditHistory\ExtrPath

WinZip: Recent wizard folder list (26 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Nico Mak Computing\WinZip\WIZDIR

WinZip: Recent extracted file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Nico Mak Computing\WinZip\extract

WinZip: Recent created file list (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Nico Mak Computing\WinZip\filemenu

WinZip: Number of times run (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Nico Mak Computing\WinZip\rrs\Opened!=

WinZip: Default directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Nico Mak Computing\WinZip\directories\DefDir!=

WinZip: Default directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Nico Mak Computing\WinZip\directories\zDefDir!=

WinZip: Add files directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Nico Mak Computing\WinZip\directories\AddDir!=

WinZip: Destination directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Nico Mak Computing\WinZip\directories\ExtractTo!=

WinZip: Add files directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Nico Mak Computing\WinZip\directories\gzAddDir!=

WinZip: Destination directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-1715567821-839522115-1003\Software\Nico Mak Computing\WinZip\directories\gzExtractTo!=

Cookie: Cookie (24) (Cookie, nothing done)

Cookie: Cookie (59) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2007-05-17 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-01-02 Tools.dll (2.0.1.0)
2007-05-23 advcheck.dll (1.5.3.0)
2007-07-11 Includes\Hijackers.sbi (*)
2007-07-11 Includes\Keyloggers.sbi (*)
2007-07-18 Includes\Malware.sbi (*)
2007-07-11 Includes\Spybots.sbi (*)
2007-07-18 Includes\Trojans.sbi (*)
2007-07-18 Includes\Cookies.sbi (*)
2007-07-18 Includes\Revision.sbi (*)
2007-07-11 Includes\PUPS.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2007-07-18 Includes\TrojansC.sbi (*)
2007-07-18 Includes\SpybotsC.sbi (*)
2007-07-18 Includes\SecurityC.sbi (*)
2007-07-18 Includes\PUPSC.sbi (*)
2007-07-18 Includes\MalwareC.sbi (*)
2007-07-18 Includes\KeyloggersC.sbi (*)
2007-07-18 Includes\HijackersC.sbi (*)
2007-07-18 Includes\DialerC.sbi (*)
2007-05-30 Includes\Dialer.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll

--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB884020
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917537)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926247)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931768)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Security Update for Windows XP (KB933566)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Security Update for Windows XP (KB939373)

--- Startup entries list ---
Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
size: 416256
MD5: 2200c98c049de1a7638ea0edba1c8882

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
size: 132496
MD5: 896e712a34d654a337c8cbb9deb07200

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: HK_CU:Run, msnmsgr
command: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
file: C:\Program Files\MSN Messenger\msnmsgr.exe
size: 5674352
MD5: c4281ad865739e71fd1e4dac19a68d60

Located: HK_CU:Run, SRS Audio Sandbox
command: "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
file:

Located: System.ini, crypt32chain
command:
file:

Located: System.ini, cryptnet
command:
file:

Located: System.ini, cscdll
command:
file:

Located: System.ini, ir5rse
command: ir5rse.dll
file: ir5rse.dll

Located: System.ini, ScCertProp
command:
file:

Located: System.ini, Schedule
command:
file:

Located: System.ini, sclgntfy
command:
file:

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

--- Browser helper object list ---

--- ActiveX list ---
{4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control)
DPF name:
CLSID name: FixController Control
Installer: C:\WINDOWS\Downloaded Program Files\HPInstallMgr_v01_5.inf
Codebase: http://h30155.www3.hp.com/ediags/dd/ins ... _v01_5.cab
Path: C:\Program Files\Hp\Common\
Long name: FixEngine.dll
Short name: FIXENG~1.DLL
Date (created): 2/28/2007 7:21:26 PM
Date (last access): 7/2/2007 5:15:36 PM
Date (last write): 2/28/2007 7:21:26 PM
Filesize: 448136
Attributes: archive
MD5: E2EF06D47244332D37B7B779231A7F5B
CRC32: 13B09225
Version: 1.0.2.13

{6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class)
DPF name:
CLSID name: HpProductDetection Class
Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
Codebase: http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
Path: C:\Program Files\HP\Common\
Long name: HPDeviceDetection.dll
Short name: HPDEVI~1.DLL
Date (created): 5/7/2007 11:53:44 AM
Date (last access): 7/2/2007 3:28:08 PM
Date (last write): 5/7/2007 11:53:44 AM
Filesize: 516664
Attributes: archive
MD5: 312C2C77595B224249D50CA278505432
CRC32: AD85C64C
Version: 4.0.2.0

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/fl ... rashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader)
DPF name:
CLSID name: VideoEgg ActiveX Loader
Installer:
Codebase: http://update.videoegg.com/Install/Wind ... lisher.exe
Path: C:\Documents and Settings\Arlene\Application Data\VideoEgg\Loader\4458\
Long name: npvideoegg-loader.dll
Short name: NPVIDE~1.DLL
Date (created): 5/31/2007 11:38:06 PM
Date (last access): 7/2/2007 2:41:10 PM
Date (last write): 5/31/2007 11:38:06 PM
Filesize: 132688
Attributes: archive
MD5: 445126DFB1C4642B05AEEF9D2CFB919B
CRC32: 8DDB4966
Version: 1.0.0.1

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Path: C:\Program Files\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 7/12/2007 2:22:38 AM
Date (last access): 7/12/2007 2:22:38 AM
Date (last write): 7/12/2007 4:00:36 AM
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

--- Process list ---
PID: 0 ( 0) [System]
PID: 1452 ( 4) \SystemRoot\System32\smss.exe
PID: 1592 (1452) \??\C:\WINDOWS\system32\csrss.exe
PID: 1616 (1452) \??\C:\WINDOWS\system32\winlogon.exe
PID: 1660 (1616) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 1672 (1616) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1844 (1660) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1912 (1660) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2032 (1660) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 256 (1660) C:\Program Files\Virgin Broadband\PCguard\fws.exe
size: 316920
MD5: 55167747659D26AE95887168959A5514
PID: 308 (1660) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 396 (1660) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 760 (1660) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 808 (1660) C:\WINDOWS\System32\SCardSvr.exe
size: 95744
MD5: 25D8DE134DF108E3DBC8D7D23B1AA58E
PID: 872 (1660) C:\WINDOWS\system32\msdtc.exe
size: 6144
MD5: C7C3D89EB0A6F3DBA622EA737FA335B1
PID: 960 (1660) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 972 (1660) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
size: 204800
MD5: E8FBDCC8D618D1BB84B828F247A6244B
PID: 992 (1660) C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
size: 353280
MD5: 5F4ED1DBA7E1EAECBA443A53DA176485
PID: 1012 (1660) C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
size: 49664
MD5: 30A14F65DB477DC00A64A5A24E96919C
PID: 1048 (1660) C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
size: 352768
MD5: F59C5100CB16DB794D5710E8B00629B1
PID: 1088 (1660) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: DD87DB7387B9EB441C5674888A0D840C
PID: 1148 (1660) C:\Program Files\Common Files\Command Software\dvpapi.exe
size: 147728
MD5: 38E1B09C8AA4785A9B11065499EB8B60
PID: 1256 (1660) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1272 (1660) C:\WINDOWS\system32\inetsrv\inetinfo.exe
size: 15872
MD5: 74B9FA2AFAF60B7F4E2A952E77B9DC6C
PID: 1440 (1660) C:\WINDOWS\system32\netdde.exe
size: 111104
MD5: 05AFB5AD06462257BEA7495283C86D50
PID: 1532 (1660) C:\WINDOWS\system32\HPZipm12.exe
size: 69632
MD5: 9D84376931440F3679BEEF2A414FA493
PID: 1580 (1660) C:\WINDOWS\system32\locator.exe
size: 75264
MD5: 793F04A09B15E7C6C11DBDFFAF06C0AB
PID: 284 (1660) C:\WINDOWS\system32\tcpsvcs.exe
size: 19456
MD5: 32933B07FC16D9F778BEE12545FA1B1A
PID: 432 (1660) C:\WINDOWS\System32\snmp.exe
size: 33280
MD5: 6FEB04DE6288F5466391E29057DC5B0E
PID: 448 (1660) C:\WINDOWS\System32\snmptrap.exe
size: 8704
MD5: 6F591DBEFD11F7697042907B516F1212
PID: 504 (1660) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 520 (1660) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: DD87DB7387B9EB441C5674888A0D840C
PID: 1864 (1660) C:\WINDOWS\system32\tlntsvr.exe
size: 73216
MD5: 37DB0A7D097310E8B4DE803FC3119C78
PID: 2072 (1660) C:\Program Files\MSN Messenger\usnsvc.exe
size: 97136
MD5: C5B70A6AA947667CE0E5FC84A05EC8B6
PID: 2156 (1660) C:\WINDOWS\system32\wbem\wmiapsrv.exe
size: 126464
MD5: BA8CECC3E813E1F7C441B20393D4F86C
PID: 2228 (1660) C:\WINDOWS\System32\dmadmin.exe
size: 224768
MD5: 554C7CB178FE3BD12450B81AD63ADBC3
PID: 2328 (1660) C:\WINDOWS\system32\mqsvc.exe
size: 4608
MD5: 72EF444E51025F389C6C232A28B7D736
PID: 1160 ( 344) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 2368 (1160) C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
size: 36975
MD5: BD902D0D7ED7C2D5FC327567CE96B97C
PID: 2640 (1160) C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
size: 416256
MD5: 2200C98C049DE1A7638EA0EDBA1C8882
PID: 2704 (1160) C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 3896 (1160) D:\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 1432 (1160) C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
size: 7637104
MD5: 77C6AB4E70E7FC35E17B8ED919408B62
PID: 776 (1660) C:\WINDOWS\system32\msiexec.exe
size: 78848
MD5: F5F0146580E7023ADB963879840777F8
PID: 628 (1844) C:\Program Files\MSN Messenger\msnmsgr.exe
size: 5674352
MD5: C4281AD865739E71FD1E4DAC19A68D60
PID: 4 ( 0) System

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 7/22/2007 5:39:10 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.virginmedia.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://www.google.com/

--- Winsock Layered Service Provider list ---
Protocol 9: MSAFD Pgm (RDM)
GUID: {DA4A835C-FAA2-469A-A48E-B1985E7DA0D0}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 10: MSAFD Pgm (Stream)
GUID: {DA4A835C-FAA2-469A-A48E-B1985E7DA0D0}
Filename: %SystemRoot%\system32\mswsock.dll

--- Uninstall list ---
Acoustica MP3 CD Burner 1.46 1.44 (Acoustica MP3 CD Burner 1.46)
uninstall cmd: C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
publisher: Acoustica
help link: http://www.cdburner.com

Advanced WindowsCare 2.51 Personal (Advanced WindowsCare V2 Personal_is1)
install date: 20070702
install location: C:\Program Files\IObit\Advanced WindowsCare V2\
uninstall cmd: "C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe"
publisher: IObit
help link: http://www.iobit.com

Associate This 1.3 1.3 (Associate This_is1)
uninstall cmd: "C:\Program Files\Spearit\Associate This\unins000.exe"
publisher: Spearit Software, Inc.
help link: http://www.spearit.com/support.html

Plus! MP3 Audio Converter LE (audcle)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall

Audio CD Maker (Audio CD Maker)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\Audio CD Maker\DeIsL1.isu" -c"C:\Program Files\Audio CD Maker\_ISREG32.DLL"

AVG 7.5 (AVG7Uninstall)
uninstall cmd: C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL

AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: http://www.grisoft.com

(Branding)

CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"

(Connection Manager)

(DXM_Runtime)

FileSpecs plug-in for Ad-Aware SE (FileSpecs plug-in for Ad-Aware SE)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\FILESP~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\FILESP~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

Virgin Broadband PCguard 5.5.2 (Freedom{890DC1F9-893B-4FD3-B4F8-476CA4F2777A})
version: 84213762
version (major): 5
version (minor): 5
install date: 20070514
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{890DC1F9-893B-4FD3-B4F8-476CA4F2777A}
publisher: Virgin Broadband
contact: Customer Support Department
help link: http://www.virginmedia.com/pcguard

GetRight (GetRight)
uninstall cmd: C:\Program Files\GetRight\GETRIGHT.EXE /UNINSTALL

HijackThis 1.99.1 1.99.1 (HijackThis)
publisher: Soeperman Enterprises Ltd.

HP Document Viewer 7.0 7.0 (HP Document Viewer)
uninstall cmd: D:\HP-all in one series\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
publisher: HP
help link: http://www.hp.com/support

HP Imaging Device Functions 7.0 7.0 (HP Imaging Device Functions)
uninstall cmd: D:\HP-all in one series\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
publisher: HP
help link: http://www.hp.com/support

HP Photosmart Premier Software 6.5 6.5 (HP Photo & Imaging)
uninstall cmd: D:\HP-all in one series\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
publisher: HP
help link: http://www.hp.com/support

HP Solution Center 7.0 7.0 (HP Solution Center & Imaging Support Tools)
uninstall cmd: D:\HP-all in one series\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
publisher: HP
help link: http://www.hp.com/support

HP Customer Participation Program 7.0 7.0 (HPExtendedCapabilities)
uninstall cmd: D:\HP-all in one series\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
publisher: HP
help link: http://www.hp.com/support

OCR Software by I.R.I.S 7.0 7.0 (HPOCR)
uninstall cmd: D:\HP-all in one series\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
publisher: HP
help link: http://www.hp.com/support

Ahead InCD (InCD!UninstallKey)
uninstall cmd: C:\WINDOWS\NuNInst.exe /UNINSTALL

(InstallShield Uninstall Information)

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

(KB884016)

Windows XP Hotfix - KB884020 20040813.164454 (KB884020)
uninstall cmd: C:\WINDOWS\$NtUninstallKB884020$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=884020

(KB884267)

(KB885353)

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

(KB886612)

(KB887078)

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

(KB887626)

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

(KB888656)

(KB889858)

Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20070514
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

(KB891122)

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

(KB892313)

(KB893240)

(KB893241)

Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
install date: 20070514
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

(KB895181)

(KB895316)

(KB895572)

Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

(KB897586)

Update for Windows XP (KB898461) 1 (KB898461)
install date: 20070514
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

(KB898549)

Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

(KB900399)

Update for Windows XP (KB900485) 2 (KB900485)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485

Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

(KB902344)

Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Security Update for Windows XP (KB904706) 2 (KB904706)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

(KB907658)

Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20070514
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Update for Windows XP (KB908531) 2 (KB908531)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Update for Windows XP (KB910437) 1 (KB910437)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Update for Windows XP (KB911280) 2 (KB911280)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280

Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564

(KB911565)

(KB911854)

Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927

Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580

Security Update for Windows XP (KB914388) 1 (KB914388)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914388

Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20070514
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389

Update for Windows XP (KB916595) 1 (KB916595)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916595

Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344

Security Update for Windows XP (KB917422) 1 (KB917422)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917422

Security Update for Windows XP (KB917537) 1 (KB917537)
install date: 20070604
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917537

Security Update for Windows Media Player 10 (KB917734) (KB917734_WMP10)
install date: 20070629
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734

Security Update for Windows Media Player 9 (KB917734) (KB917734_WMP9)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734

Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20070722
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953

Security Update for Windows XP (KB918118) 1 (KB918118)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918118

Security Update for Windows XP (KB918439) 1 (KB918439)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439

Security Update for Windows XP (KB919007) 1 (KB919007)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=919007

Security Update for Windows XP (KB920213) 1 (KB920213)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920213

Security Update for Windows XP (KB920670) 1 (KB920670)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920670

Security Update for Windows XP (KB920683) 1 (KB920683)
install date: 20070514
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920683

Security Update for Windows XP (KB920685) 1 (KB920685)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920685

Update for Windows XP (KB920872) 1 (KB920872)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920872

Update for Windows XP (KB922582) 1 (KB922582)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922582

Security Update for Windows XP (KB922819) 1 (KB922819)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922819

Security Update for Windows XP (KB923191) 1 (KB923191)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923191

Security Update for Windows XP (KB923414) 1 (KB923414)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923414

Security Update for Windows XP (KB923689) (KB923689)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923689

Security Update for Windows XP (KB923694) 1 (KB923694)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923694

Security Update for Windows XP (KB923980) 1 (KB923980)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923980

Security Update for Windows XP (KB924191) 1 (KB924191)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924191

Security Update for Windows XP (KB924270) 1 (KB924270)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924270

Security Update for Windows XP (KB924496) 1 (KB924496)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924496

Security Update for Windows XP (KB924667) 1 (KB924667)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924667

Security Update for Windows Media Player 6.4 (KB925398) (KB925398_WMP64)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=925398

Security Update for Windows XP (KB925902) 1 (KB925902)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925902

Hotfix for Windows XP (KB926239) 2 (KB926239)
install date: 20070619
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926239

Security Update for Windows XP (KB926247) 1 (KB926247)
install date: 20070514
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926247$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926247

Security Update for Windows XP (KB926255) 1 (KB926255)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926255

Security Update for Windows XP (KB926436) 1 (KB926436)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926436

Security Update for Windows XP (KB927779) 1 (KB927779)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927779

Security Update for Windows XP (KB927802) 1 (KB927802)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927802

Update for Windows XP (KB927891) 3 (KB927891)
install date: 20070522
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927891

Security Update for Windows XP (KB928255) 1 (KB928255)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928255

Security Update for Windows XP (KB928843) 1 (KB928843)
install date: 20070514
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928843

Security Update for Windows XP (KB929123) 1 (KB929123)
install date: 20070615
uninstall cmd: "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=929123

Hotfix for Windows Media Format 11 SDK (KB929399) (KB929399)
install date: 20070630
uninstall cmd: "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=929399

Security Update for Windows XP (KB929969) 1 (KB929969)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=929969

Security Update for Windows XP (KB930178) 1 (KB930178)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=930178

Update for Windows XP (KB930916) 1 (KB930916)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=930916

Security Update for Windows XP (KB931261) 1 (KB931261)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931261

Security Update for Windows XP (KB931768) 1 (KB931768)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931768

Security Update for Windows XP (KB931784) 1 (KB931784)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931784

Update for Windows XP (KB931836) 1 (KB931836)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931836

Security Update for CAPICOM (KB931906) 2.1.0.2 (KB931906)
uninstall cmd: MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931906

Security Update for Windows XP (KB932168) 1 (KB932168)
install date: 20070515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=932168

Security Update for Windows XP (KB933566) 1 (KB933566)
install date: 20070615
uninstall cmd: "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=933566

Security Update for Windows XP (KB935839) 1 (KB935839)
install date: 20070615
uninstall cmd: "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=935839

Security Update for Windows XP (KB935840) 1 (KB935840)
install date: 20070615
uninstall cmd: "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=935840

Update for Windows XP (KB936357) 1 (KB936357)
install date: 20070710
uninstall cmd: "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=936357

Security Update for Windows XP (KB939373) 1 (KB939373)
install date: 20070710
uninstall cmd: "C:\WINDOWS\$NtUninstallKB939373$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=939373

LimeWire PRO 4.13.4 4.13.4 (LimeWire)
uninstall cmd: "D:\LimeWire\uninstall.exe"
publisher: Lime Wire, LLC
help link: http://www.limewire.com/support

LSP Explorer plug-in for Ad-Aware SE (LSP Explorer plug-in for Ad-Aware SE)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\LSPEXP~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\LSPEXP~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

Movie Maker Background Music Files (mmmusic)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall

Movie Maker Sound Effects (mmsounds)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall

Movie Maker Title Images (mmtitle)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall

Mozilla Firefox (2.0.0.4) 2.0.0.4 (en-GB) (Mozilla Firefox (2.0.0.4))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox

(MPlayer2)

Windows Media Player Playlist Import to Excel Wizard (mpxlswiz.inf)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxlswiz.inf,DefaultUninstall

Windows Media Player Tray Control (mpxptray.inf)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxptray.inf,DefaultUninstall

Ahead InCD EasyWrite Reader (MRW!UninstallKey)
uninstall cmd: C:\WINDOWS\UNMrw.exe /UNINSTALL

Microsoft Compression Client Pack 1.0 for Windows XP 1 (MSCompPackV1)
install date: 20070619
uninstall cmd: "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=74087

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(MyCDPro.exe)
uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {8855FF30-19CE-4CB1-A654-87B38369CCE1}

Ahead Nero BurnRights (Nero BurnRights!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL

(NetMeeting)

NeroMediaPlayer (NMPUninstallKey)
uninstall cmd: C:\WINDOWS\UNNMP.exe /UNINSTALL

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

PCI Audio Driver (PCI Audio Driver)
uninstall cmd: cmuninst.exe

My PowerDesk (PowerDesk4.0)
uninstall cmd: C:\Program Files\Ontrack\PowerDesk\uninstal.exe C:\Program Files\Ontrack\PowerDesk

Windows Media Player Hotfix [See Q828026 for more information] (Q828026)
uninstall cmd: C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828026

Virgin Broadband advisor 1.5.10 1.5.10 (RadialpointClientGateway_is1)
install date: 20070518
install location: C:\Program Files\Virgin Broadband\advisor\
uninstall cmd: "C:\Program Files\Virgin Broadband\advisor\unins000.exe"
publisher: Virgin Broadband
help link: http://www.virginmedia.com

Recuva (remove only) (Recuva)
uninstall cmd: "C:\Program Files\Recuva\uninst.exe"

RegAlyzer 1.4 1.4 (RegAlyzer_is1)
install location: C:\Program Files\Safer Networking\RegAlyzer\
uninstall cmd: "C:\Program Files\Safer Networking\RegAlyzer\unins000.exe"
publisher: Safer Networking Limited Limited

Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
publisher: Adobe Systems
help link: http://www.adobe.com/go/flashplayer_support/

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: D:\Spybot - Search & Destroy\
uninstall cmd: "D:\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

SpywareBlaster v3.5.1 3.5.1 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC

Tweak-SE plug-in for Ad-Aware SE (Tweak-SE plug-in for Ad-Aware SE)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\tweakse\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\tweakse\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

VideoLAN VLC media player 0.8.6c 0.8.6c (VLC media player)
uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe
publisher: VideoLAN Team

Windows Media Player Skin Importer (wa2wmp)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wa2wmp.inf,DefaultUninstall

Windows Genuine Advantage Validation Tool (KB892130) 1.5.0530.0 (WGA)
install date: 20070604
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130

Windows Live OneCare safety scanner (Windows Live OneCare safety scanner)
uninstall cmd: RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows Media Format 11 runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
help link: http://go.microsoft.com/fwlink/?LinkId=62768

Windows Media Player 11 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

WinZip 9.0 (6028) (WinZip)
version (major): 9
install location: C:\PROGRA~1\WINZIP\
uninstall cmd: "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
publisher: WinZip Computing, Inc.
help link: http://www.winzip.com/xsupport.htm

Windows Media Bonus Pack for Windows XP (WMBK2)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall

(WMCSetup)

Windows Media Format 11 runtime (WMFDist11)
install date: 20070629
uninstall cmd: "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:

Windows Media Player 11 (wmp11)
install date: 20070629
uninstall

by **beynac** » July 25th, 2007, 10:21 am

Welcome to Malware Removal forum.

Please download HJTInstall.exe from here and save it to your desktop

Double click on the HJTInstall.exe icon on your desktop
Click I Accept
HijackThis will open
Click on the Do a system scan and save a log file button.
It will scan and then the log will open in notepad.
Paste the log as a reply to this thread.
Don't use the Analyse This button - its findings are dangerous if misinterpreted.

Do NOT have HijackThis fix anything yet.

Please post the HijackThis log, as a reply to this thread and also let me know what symptoms you are getting (e.g. popups).

by **arx** » July 25th, 2007, 12:05 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:11, on 25/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/ins ... _v01_5.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/gb/securityadvisor/pe ... stscan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9543505734
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/vi ... ebscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Wind ... lisher.exe
O20 - Winlogon Notify: ir5rse - ir5rse.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)

--
End of file - 7571 bytes

by **beynac** » July 25th, 2007, 1:32 pm

Good evening.

ComboFix by sUBs

I believe that you had problems last month and that you have used ComboFix. It is important that you delete any old versions on your computer and download the latest one.

Download this file - ComboFix.exe
Close all open windows.
Double click ComboFix.exe and follow the prompts.
When finished, it will produce a log for you. Please post that log in your next reply

Important: Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall

If necessary, please split the log into separate posts to ensure that they don't get cut off. It is important that I see the full log.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

------------------------------------

Please run another HijackThis scan and post the following, as a reply to this thread:

The ComboFix log
A new HiajckThis log

Please also let me know what symptoms you are getting.

by **arx** » July 25th, 2007, 3:06 pm

"Arlene" - 2007-07-25 19:43:25 - ComboFix 07-07-23.6 - Service Pack 2 NTFS

((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))

2007-07-25 18:16 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-07-25 17:11 <DIR> d-------- C:\DOCUME~1\Arlene\.housecall6.6
2007-07-25 16:57 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-25 01:50 <DIR> d-------- C:\Program Files\uTorrent
2007-07-22 22:27 18,040,176 --a------ C:\Program Files\Install_Messenger_nous.exe
2007-07-22 05:56 <DIR> d-------- C:\Program Files\IIS Resources
2007-07-22 05:55 <DIR> d-------- C:\Program Files\Windows Resource Kits
2007-07-22 01:53 <DIR> d-------- C:\Program Files\NC Software
2007-07-21 21:14 <DIR> d-------- C:\PerfLogs
2007-07-21 14:49 <DIR> d-------- C:\DOCUME~1\Arlene\APPLIC~1\uTorrent
2007-07-16 06:04 164 --a------ C:\install.dat
2007-07-13 17:56 <DIR> d-------- C:\Program Files\Motive
2007-07-13 17:56 <DIR> d-------- C:\Program Files\blueyonder IST
2007-07-11 21:36 3,096,576 --a------ C:\DOCUME~1\Arlene\ntuser.dat
2007-07-11 16:22 12,800 --a------ C:\WINDOWS\system32\drivers\aha154x.sys
2007-07-11 15:41 14,976 --a------ C:\WINDOWS\system32\drivers\cpqarray.sys
2007-07-11 14:36 <DIR> d-------- C:\vv
2007-07-11 02:48 <DIR> d-------- C:\DOCUME~1\Arlene\APPLIC~1\Printer Info Cache
2007-07-11 02:48 <DIR> d-------- C:\DOCUME~1\Arlene\APPLIC~1\Image Zone Express
2007-07-11 00:36 <DIR> d-------- C:\hp
2007-07-11 00:25 <DIR> d-------- C:\DOCUME~1\Arlene\APPLIC~1\Common Files
2007-07-10 23:44 12,808 --a------ C:\WindowsV5PlusUtils.dll
2007-07-09 15:00 <DIR> d-------- C:\Program Files\ACW
2007-07-09 03:35 312,928,648 --a------ C:\Program Files\AiO_071_000_201_000_CDA_Default-Full_Network_AmericasEuro1.exe
2007-07-08 23:40 <DIR> d-------- C:\DOCUME~1\Arlene\APPLIC~1\vlc
2007-07-06 02:14 <DIR> d-------- C:\Program Files\Digital Locker Assistant
2007-07-06 00:05 <DIR> d-------- C:\Databinding
2007-07-05 22:45 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-07-05 21:55 <DIR> d-------- C:\Program Files\Recuva
2007-07-05 21:54 15,360 --a------ C:\Program Files\NetMotCM.sys
2007-07-04 16:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-07-03 02:57 26,112 --a------ C:\WINDOWS\system32\nircmd.exe
2007-07-02 15:47 <DIR> d-------- C:\Program Files\VideoLAN
2007-07-02 14:55 <DIR> d-------- C:\Program Files\IObit
2007-07-01 09:10 <DIR> d-------- C:\Program Files\Share_Accelerator_MM
2007-07-01 09:09 434,252 --a------ C:\WINDOWS\system32\Msvcrtd.dll
2007-07-01 08:01 25,741,511 --a------ C:\Program Files\WDM_R170.exe
2007-06-30 08:39 <DIR> d-------- C:\DOCUME~1\Arlene\APPLIC~1\VideoEgg
2007-06-30 08:23 423,736 --a------ C:\Program Files\avgarkt-setup-1.1.0.42.exe
2007-06-30 07:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SRS Labs
2007-06-30 07:48 47,360 -ra------ C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
2007-06-30 07:48 46,592 -ra------ C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
2007-06-30 07:48 39,552 -ra------ C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
2007-06-30 07:48 37,248 -ra------ C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
2007-06-30 07:48 32,000 -ra------ C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
2007-06-30 07:37 5,932,784 --a------ C:\Program Files\SRS_Audio_Sandbox.exe
2007-06-30 06:46 1,187 --a------ C:\WINDOWS\wmplayer.reg
2007-06-30 06:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-28 21:58 17,896,352 --a------ C:\Program Files\aaw2007.exe
2007-06-28 17:04 1,308,216 --a------ C:\Program Files\HiJackThis_v2.exe
2007-06-27 23:31 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-06-27 01:33 <DIR> d-------- C:\HP-all in one series
2007-06-25 01:30 1,458 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-25 01:19 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-06-25 01:19 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-25 01:19 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe2007-07-25 15:17:44 98,304 ----a-w C:\WINDOWS\system32\cscript.exe
2007-07-25 14:48:04 8,192 ----a-w C:\WINDOWS\system32\cidaemon.exe
2007-07-25 14:38:48 580,608 ----a-w C:\WINDOWS\system32\autofmt.exe
2007-07-25 00:40:11 -------- d-----w C:\DOCUME~1\Arlene\APPLIC~1\LimeWire
2007-07-22 19:29:34 7,806 ----a-w C:\Program Files\hijackthis.log
2007-07-22 16:46:16 212,849 ----a-w C:\Program Files\hijackthis.zip
2007-07-22 12:04:18 -------- d-----w C:\Program Files\Common Files\Motive
2007-07-22 10:53:27 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-07-22 10:46:39 -------- d-----w C:\Program Files\InstallShield Installation Information
2007-07-22 09:22:09 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-07-21 13:47:57 5,199 ----a-w C:\Program Files\Internet_Explorer_7_Browser -_mininova[1].org_-.torrent
2007-07-21 12:28:58 -------- d-----w C:\Program Files\SpywareBlaster
2007-07-11 01:48:03 -------- d-----w C:\Program Files\HP
2007-07-06 01:11:00 881,664 ----a-w C:\Program Files\DigitalLockerAssistant_en.msi
2007-07-05 20:54:04 10,851,840 ----a-w C:\Program Files\MsatSetup.msi
2007-07-04 15:52:12 -------- d-----w C:\Program Files\Yahoo!
2007-07-03 01:53:58 -------- d-----w C:\Program Files\Analyse.EXE
2007-07-01 06:48:02 5,322,216 ----a-w C:\Program Files\sniffer.zip
2007-06-30 05:29:57 597 ----a-w C:\Program Files\-_mininova[1].org_- WinRAR v3.61 (Registered).torrent
2007-06-29 23:22:42 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-06-28 20:20:07 50,688 ----a-w C:\WINDOWS\system32\smss.exe
2007-06-27 00:28:39 -------- d-----w C:\Program Files\Safer Networking
2007-06-26 22:49:49 768 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-06-26 19:02:48 -------- d-----w C:\Program Files\GetRight
2007-06-23 00:07:36 -------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-06-22 00:50:49 -------- d-----w C:\Program Files\Windows Live Safety Center
2007-06-21 03:29:29 -------- d-----w C:\DOCUME~1\Arlene\APPLIC~1\Leadertech
2007-06-20 03:52:51 108,032 ----a-w C:\WINDOWS\system32\services.exe
2007-06-16 23:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-06-11 15:08:16 -------- d-----w C:\DOCUME~1\Arlene\APPLIC~1\GetRightToGo
2007-06-11 12:49:41 -------- d-----w C:\Program Files\Common Files\Real
2007-06-11 12:47:25 -------- d-----w C:\DOCUME~1\Arlene\APPLIC~1\Real
2007-06-11 12:44:18 -------- d-----w C:\Program Files\Online Services
2007-06-09 14:02:35 117,179 ----a-w C:\WINDOWS\hpoins11.dat
2007-06-08 19:59:55 -------- d-----w C:\DOCUME~1\Arlene\APPLIC~1\Snapfish
2007-06-08 19:59:36 2,265 ----a-w C:\WINDOWS\mozver.dat
2007-06-08 19:38:32 -------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-06-08 19:37:07 -------- d-----w C:\Program Files\Common Files\HP
2007-06-05 15:43:18 17,331 ----a-w C:\Program Files\UpdateScan.xml
2007-06-05 15:41:24 159,880 ----a-w C:\Program Files\Readme.rtf
2007-06-04 05:43:42 -------- d-----w C:\Program Files\Common Files\Command Software
2007-06-04 05:42:11 70,775 ----a-w C:\WINDOWS\hpqins06.dat
2007-06-04 04:34:29 -------- d-----w C:\DOCUME~1\Arlene\APPLIC~1\HP
2007-06-04 04:08:44 -------- d-----w C:\DOCUME~1\Arlene\APPLIC~1\Talkback
2007-06-04 04:07:38 0 ----a-w C:\WINDOWS\nsreg.dat
2007-06-03 19:56:05 589,776 ----a-w C:\plfilespecs.exe
2007-06-03 18:51:29 -------- d-----w C:\DOCUME~1\Arlene\APPLIC~1\Lavasoft
2007-06-03 16:52:54 -------- d-----w C:\Program Files\Lavasoft
2007-06-03 16:51:52 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-02 23:27:18 -------- d-----w C:\Program Files\CCleaner
2007-06-02 22:57:40 -------- d-----w C:\Program Files\Real
2007-05-30 12:19:38 -------- d-----w C:\Program Files\VirginBroadband
2007-05-29 18:46:09 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-29 16:37:03 -------- d-----w C:\Program Files\Common Files\PestPatrol
2007-05-28 22:03:17 -------- d-----w C:\Program Files\Hewlett-Packard
2007-05-28 21:59:08 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-05-27 23:54:27 -------- d-----w C:\Program Files\Spearit
2007-05-27 23:54:27 -------- d-----w C:\DOCUME~1\Arlene\APPLIC~1\Spearit
2007-05-27 02:21:40 -------- d-----w C:\DOCUME~1\Arlene\APPLIC~1\Uniblue
2007-05-27 01:00:55 20,992 ----a-w C:\default-to-filext.exe
2007-05-19 00:39:55 34,758 ----a-w C:\WINDOWS\system32\vturs.exe
2007-05-17 13:28:48 8,832 -c--a-w C:\Program Files\License.txt
2007-05-17 03:09:58 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-05-17 03:09:58 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 13:19:41 22,720 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-05-13 08:52:51 0 --sha-r C:\MSDOS.SYS
2007-05-13 08:52:51 0 --sha-r C:\IO.SYS
2007-05-13 08:52:51 0 ----a-w C:\CONFIG.SYS
2007-05-13 08:52:51 0 ----a-w C:\AUTOEXEC.BAT
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-20 09:38:18 241,664 -c--a-w C:\Program Files\UpdateScan.exe
2007-02-14 11:14:34 1,386,496 -c--a-w C:\Program Files\msvbvm60.dll
2006-02-07 21:24:40 25,764 ----a-w C:\Program Files\ns.mots

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-17 04:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ir5rse]
ir5rse.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
"setup"=rundll32.exe "C:\WINDOWS\iiifeb.dll",realset
"HP Software Update"=D:\HP-all in one series\HP Software Update\HPWuSchd2.exe

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;C:\WINDOWS\system32\DRIVERS\AvgArCln.sys
R1 Tcpip6;Microsoft IPv6 Protocol Driver;C:\WINDOWS\system32\DRIVERS\tcpip6.sys
R2 6to4;IPv6 Helper Service;C:\WINDOWS\system32\svchost.exe -k netsvcs
R2 CSS DVP;CSS DVP;C:\WINDOWS\system32\DRIVERS\css-dvp.sys
R2 FreeTdi;Radialpoint Filter (RPS-12798);C:\WINDOWS\system32\Drivers\FreeTdi.sys
R2 IISADMIN;IIS Admin;C:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 MSFtpsvc;FTP Publishing;C:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 MSMQ;Message Queuing;C:\WINDOWS\system32\mqsvc.exe
R2 SimpTcp;Simple TCP/IP Services;C:\WINDOWS\system32\tcpsvcs.exe
R2 SNMP;SNMP Service;C:\WINDOWS\System32\snmp.exe
R2 SNMPTRAP;SNMP Trap Service;C:\WINDOWS\System32\snmptrap.exe
R2 W3SVC;World Wide Web Publishing;C:\WINDOWS\system32\inetsrv\inetinfo.exe
R3 cmpci;C-Media PCI Audio Driver (WDM);C:\WINDOWS\system32\drivers\cmaudio.sys
R3 Freedom;Freedom Miniport;C:\WINDOWS\system32\DRIVERS\FREEDOM.SYS
R3 irsir;Microsoft Serial Infrared Driver;C:\WINDOWS\system32\DRIVERS\irsir.sys
R3 mgau;mgau;C:\WINDOWS\system32\DRIVERS\mgaum.sys
R3 MQAC;Message Queuing access control;\??\C:\WINDOWS\system32\drivers\mqac.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 PptpMiniport;WAN Miniport (PPTP);C:\WINDOWS\system32\DRIVERS\raspptp.sys
R3 RasPppoe;Remote Access PPPOE Driver;C:\WINDOWS\system32\DRIVERS\raspppoe.sys
R3 Raspti;Direct Parallel;C:\WINDOWS\system32\DRIVERS\raspti.sys
R3 RMCAST;Reliable Multicast Protocol driver;\??\C:\WINDOWS\system32\drivers\RMCast.sys
R3 RTL8023xp;TRENDnet TE100 PCBUSR PC Card;C:\WINDOWS\system32\DRIVERS\TE100XP.SYS
R3 tunmp;Microsoft Tun Miniport Adapter Driver;C:\WINDOWS\system32\DRIVERS\tunmp.sys
S2 ecure;FireDaemon Service: ecure;C:\WINDOWS\Temp\FireDaemon.EXE
S2 svchost1;FireDaemon Service: svchost1;C:\WINDOWS\Temp\FireDaemon.EXE
S3 CO_Mon;CO_Mon;\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys
S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver;C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys
S3 z520bus;Sony Ericsson 520 driver (WDM);C:\WINDOWS\system32\DRIVERS\z520bus.sys
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 19:45:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000b1

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-25 19:46:52
C:\ComboFix-quarantined-files.txt ... 2007-07-25 19:46

--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03, on 2007-07-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/ins ... _v01_5.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/gb/securityadvisor/pe ... stscan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9543505734
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/vi ... ebscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Wind ... lisher.exe
O20 - Winlogon Notify: ir5rse - ir5rse.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)

--
End of file - 7679 bytes

by **beynac** » July 25th, 2007, 4:36 pm

Good evening.

Your latest HijackThis log indicates that you have run a TrendMicro online scan since posting the previous log. Please do not run any scans or take any other action, other than the ones I request, while we are trying to sort this out. It can lead to confusion, as I need to know what is happening on the computer.

It looks as if most of the 'baddies' have gone. There is some tidying up to do first, then we'll make sure that there is nothing lurking.

------------------------------------------------

Stop and Delete Services

Select the contents of the Code Box below, right-click and copy it, then paste into Notepad.

Code: Select all

@echo off
sc stop "ecure"
sc delete "ecure"
sc stop "svchost1"
sc delete "svchost1"
reg export "HKLM\SOFTWARE\Microsoft\DNIdent" regcheck.txt
del beynac.bat
exit

Still in Notepad, go to Format (upper menu bar) and untick Word Wrap
Go to File (upper menu bar), and select: Save as
In the Save as prompt:
Save in: Desktop
File Name: beynac.bat
Save as Type: All files
Click: Save
Exit out of Notepad.

On the Desktop, double-click on beynac.bat. A window will open and close - this is normal. A text file (regcheck.txt) may be created on your Desktop. If it is, please post the contents of that file in your next post. If not, please let me know.

----------------------------------------------

Run HijackThis and click Scan and then check (tick) the following, if present (don't worry if any are missing):

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O20 - Winlogon Notify: ir5rse - ir5rse.dll (file missing)
O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)

Close down all programs, browsers and other open windows. Make sure that only the above items are checked and then click on Fix checked.

---------------------------------------------

Open Notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\d3d8caps.dat
C:\WINDOWS\system32\vturs.exe

Save this on your Desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe. ComboFix will then run. When finished, it will produce a log for you: C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.

--------------------------------------------

Please run another HijackThis scan and post the following, as a reply to this thread:

The contents of regcheck.txt (on your Desktop) - if present.
The ComboFix log
A new HijackThis log

by **arx** » July 25th, 2007, 11:22 pm

The log from combo did not appear on my desktop, but here is the logs from combo and hi"Arlene" - 2007-07-26 4:11:41 - ComboFix 07-07-23.6 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Arlene\Desktop\CFScript.txt

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\d3d8caps.dat
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\vturs.exe

((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 )))))))))))))))))))))))))))))))

2007-07-25 18:16 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-07-25 17:11 <DIR> d-------- C:\DOCUME~1\Arlene\.housecall6.6
2007-07-25 16:57 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-25 01:50 <DIR> d-------- C:\Program Files\uTorrent
2007-07-22 22:27 18,040,176 --a------ C:\Program Files\Install_Messenger_nous.exe
2007-07-22 05:56 <DIR> d-------- C:\Program Files\IIS Resources
2007-07-22 05:55 <DIR> d-------- C:\Program Files\Windows Resource Kits
2007-07-22 01:53 <DIR> d-------- C:\Program Files\NC Software
2007-07-21 21:14 <DIR> d-------- C:\PerfLogs
2007-07-21 14:49 <DIR> d-------- C:\DOCUME~1\Arlene\APPLIC~1\uTorrent
2007-07-16 06:04 164 --a------ C:\install.dat
2007-07-13 17:56 <DIR> d-------- C:\Program Files\Motive
2007-07-13 17:56 <DIR> d-------- C:\Program Files\blueyonder IST
2007-07-11 21:36 3,096,576 --a------ C:\DOCUME~1\Arlene\ntuser.dat
2007-07-11 16:22 12,800 --a------ C:\WINDOWS\system32\drivers\aha154x.sys
2007-07-11 15:41 14,976 --a------ C:\WINDOWS\system32\drivers\cpqarray.sys
2007-07-11 14:36 <DIR> d-------- C:\vv
2007-07-11 02:48 <DIR> d-------- C:\DOCUME~1\Arlene\APPLIC~1\Printer Info Cache
2007-07-11 02:48 <DIR> d-------- C:\DOCUME~1\Arlene\APPLIC~1\Image Zone Express
2007-07-11 00:36 <DIR> d-------- C:\hp
2007-07-11 00:25 <DIR> d-------- C:\DOCUME~1\Arlene\APPLIC~1\Common Files
2007-07-10 23:44 12,808 --a------ C:\WindowsV5PlusUtils.dll
2007-07-09 15:00 <DIR> d-------- C:\Program Files\ACW
2007-07-09 03:35 312,928,648 --a------ C:\Program Files\AiO_071_000_201_000_CDA_Default-Full_Network_AmericasEuro1.exe
2007-07-08 23:40 <DIR> d-------- C:\DOCUME~1\Arlene\APPLIC~1\vlc
2007-07-06 02:14 <DIR> d-------- C:\Program Files\Digital Locker Assistant
2007-07-06 00:05 <DIR> d-------- C:\Databinding
2007-07-05 22:45 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-07-05 21:55 <DIR> d-------- C:\Program Files\Recuva
2007-07-05 21:54 15,360 --a------ C:\Program Files\NetMotCM.sys
2007-07-04 16:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-07-03 02:57 26,112 --a------ C:\WINDOWS\system32\nircmd.exe
2007-07-02 15:47 <DIR> d-------- C:\Program Files\VideoLAN
2007-07-02 14:55 <DIR> d-------- C:\Program Files\IObit
2007-07-01 09:10 <DIR> d-------- C:\Program Files\Share_Accelerator_MM
2007-07-01 09:09 434,252 --a------ C:\WINDOWS\system32\Msvcrtd.dll
2007-07-01 08:01 25,741,511 --a------ C:\Program Files\WDM_R170.exe
2007-06-30 08:39 <DIR> d-------- C:\DOCUME~1\Arlene\APPLIC~1\VideoEgg
2007-06-30 08:23 423,736 --a------ C:\Program Files\avgarkt-setup-1.1.0.42.exe
2007-06-30 07:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SRS Labs
2007-06-30 07:48 47,360 -ra------ C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
2007-06-30 07:48 46,592 -ra------ C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
2007-06-30 07:48 39,552 -ra------ C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
2007-06-30 07:48 37,248 -ra------ C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
2007-06-30 07:48 32,000 -ra------ C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
2007-06-30 07:37 5,932,784 --a------ C:\Program Files\SRS_Audio_Sandbox.exe
2007-06-30 06:46 1,187 --a------ C:\WINDOWS\wmplayer.reg
2007-06-30 06:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-28 21:58 17,896,352 --a------ C:\Program Files\aaw2007.exe
2007-06-28 17:04 1,308,216 --a------ C:\Program Files\HiJackThis_v2.exe
2007-06-27 23:31 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-06-27 01:33 <DIR> d-------- C:\HP-all in one series

jack, thanx so much for the help :roll:

2007-07-25 15:17:44 98,304 ----a-w C:\WINDOWS\system32\cscript.exe
2007-07-25 14:48:04 8,192 ----a-w C:\WINDOWS\system32\cidaemon.exe
2007-07-25 14:38:48 580,608 ----a-w C:\WINDOWS\system32\autofmt.exe
2007-07-25 00:40:11 -------- d-----w C:\DOCUME~1\Arlene\APPLIC~1\LimeWire
2007-07-22 19:29:34 7,806 ----a-w C:\Program Files\hijackthis.log
2007-07-22 16:46:16 212,849 ----a-w C:\Program Files\hijackthis.zip
2007-07-22 12:04:18 -------- d-----w C:\Program Files\Common Files\Motive
2007-07-22 10:53:27 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-07-22 10:46:39 -------- d-----w C:\Program Files\InstallShield Installation Information
2007-07-21 13:47:57 5,199 ----a-w C:\Program Files\Internet_Explorer_7_Browser -_mininova[1].org_-.torrent
2007-07-21 12:28:58 -------- d-----w C:\Program Files\SpywareBlaster
2007-07-11 01:48:03 -------- d-----w C:\Program Files\HP
2007-07-06 01:11:00 881,664 ----a-w C:\Program Files\DigitalLockerAssistant_en.msi
2007-07-05 20:54:04 10,851,840 ----a-w C:\Program Files\MsatSetup.msi
2007-07-04 15:52:12 -------- d-----w C:\Program Files\Yahoo!
2007-07-03 01:53:58 -------- d-----w C:\Program Files\Analyse.EXE
2007-07-01 06:48:02 5,322,216 ----a-w C:\Program Files\sniffer.zip
2007-06-30 05:29:57 597 ----a-w C:\Program Files\-_mininova[1].org_- WinRAR v3.61 (Registered).torrent
2007-06-29 23:22:42 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-06-28 20:20:07 50,688 ----a-w C:\WINDOWS\system32\smss.exe
2007-06-27 00:28:39 -------- d-----w C:\Program Files\Safer Networking
2007-06-26 19:02:48 -------- d-----w C:\Program Files\GetRight
2007-06-25 00:32:56 1,458 ----a-w C:\WINDOWS\system32\tmp.reg
2007-06-23 00:07:36 -------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-06-22 00:50:49 -------- d-----w C:\Program Files\Windows Live Safety Center
2007-06-21 03:29:29 -------- d-----w C:\DOCUME~1\Arlene\APPLIC~1\Leadertech
2007-06-20 03:52:51 108,032 ----a-w C:\WINDOWS\system32\services.exe
2007-06-16 23:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-06-11 15:08:16 -------- d-----w C:\DOCUME~1\Arlene\APPLIC~1\GetRightToGo
2007-06-11 12:49:41 -------- d-----w C:\Program Files\Common Files\Real
2007-06-11 12:47:25 -------- d-----w C:\DOCUME~1\Arlene\APPLIC~1\Real
2007-06-11 12:44:18 -------- d-----w C:\Program Files\Online Services
2007-06-09 14:02:35 117,179 ----a-w C:\WINDOWS\hpoins11.dat
2007-06-08 19:59:55 -------- d-----w C:\DOCUME~1\Arlene\APPLIC~1\Snapfish
2007-06-08 19:59:36 2,265 ----a-w C:\WINDOWS\mozver.dat
2007-06-08 19:38:32 -------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-06-08 19:37:07 -------- d-----w C:\Program Files\Common Files\HP
2007-06-05 15:43:18 17,331 ----a-w C:\Program Files\UpdateScan.xml
2007-06-05 15:41:24 159,880 ----a-w C:\Program Files\Readme.rtf
2007-06-04 05:43:42 -------- d-----w C:\Program Files\Common Files\Command Software
2007-06-04 05:42:11 70,775 ----a-w C:\WINDOWS\hpqins06.dat
2007-06-04 04:34:29 -------- d-----w C:\DOCUME~1\Arlene\APPLIC~1\HP
2007-06-04 04:08:44 -------- d-----w C:\DOCUME~1\Arlene\APPLIC~1\Talkback
2007-06-04 04:07:38 0 ----a-w C:\WINDOWS\nsreg.dat
2007-06-03 19:56:05 589,776 ----a-w C:\plfilespecs.exe
2007-06-03 18:51:29 -------- d-----w C:\DOCUME~1\Arlene\APPLIC~1\Lavasoft
2007-06-03 16:52:54 -------- d-----w C:\Program Files\Lavasoft
2007-06-03 16:51:52 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-02 23:27:18 -------- d-----w C:\Program Files\CCleaner
2007-06-02 22:57:40 -------- d-----w C:\Program Files\Real
2007-05-30 12:19:38 -------- d-----w C:\Program Files\VirginBroadband
2007-05-29 18:46:09 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-29 16:37:03 -------- d-----w C:\Program Files\Common Files\PestPatrol
2007-05-28 22:03:17 -------- d-----w C:\Program Files\Hewlett-Packard
2007-05-28 21:59:08 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-05-27 23:54:27 -------- d-----w C:\Program Files\Spearit
2007-05-27 23:54:27 -------- d-----w C:\DOCUME~1\Arlene\APPLIC~1\Spearit
2007-05-27 02:21:40 -------- d-----w C:\DOCUME~1\Arlene\APPLIC~1\Uniblue
2007-05-27 01:00:55 20,992 ----a-w C:\default-to-filext.exe
2007-05-17 13:28:48 8,832 -c--a-w C:\Program Files\License.txt
2007-05-17 03:09:58 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-05-17 03:09:58 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 13:19:41 22,720 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-05-13 08:52:51 0 --sha-r C:\MSDOS.SYS
2007-05-13 08:52:51 0 --sha-r C:\IO.SYS
2007-05-13 08:52:51 0 ----a-w C:\CONFIG.SYS
2007-05-13 08:52:51 0 ----a-w C:\AUTOEXEC.BAT
2007-04-20 09:38:18 241,664 -c--a-w C:\Program Files\UpdateScan.exe
2007-02-14 11:14:34 1,386,496 -c--a-w C:\Program Files\msvbvm60.dll
2006-02-07 21:24:40 25,764 ----a-w C:\Program Files\ns.mots

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-17 04:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
"setup"=rundll32.exe "C:\WINDOWS\iiifeb.dll",realset
"HP Software Update"=D:\HP-all in one series\HP Software Update\HPWuSchd2.exe

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;C:\WINDOWS\system32\DRIVERS\AvgArCln.sys
R1 Tcpip6;Microsoft IPv6 Protocol Driver;C:\WINDOWS\system32\DRIVERS\tcpip6.sys
R2 6to4;IPv6 Helper Service;C:\WINDOWS\system32\svchost.exe -k netsvcs
R2 CSS DVP;CSS DVP;C:\WINDOWS\system32\DRIVERS\css-dvp.sys
R2 FreeTdi;Radialpoint Filter (RPS-12798);C:\WINDOWS\system32\Drivers\FreeTdi.sys
R2 IISADMIN;IIS Admin;C:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 MSFtpsvc;FTP Publishing;C:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 MSMQ;Message Queuing;C:\WINDOWS\system32\mqsvc.exe
R2 SimpTcp;Simple TCP/IP Services;C:\WINDOWS\system32\tcpsvcs.exe
R2 SNMP;SNMP Service;C:\WINDOWS\System32\snmp.exe
R2 SNMPTRAP;SNMP Trap Service;C:\WINDOWS\System32\snmptrap.exe
R2 W3SVC;World Wide Web Publishing;C:\WINDOWS\system32\inetsrv\inetinfo.exe
R3 cmpci;C-Media PCI Audio Driver (WDM);C:\WINDOWS\system32\drivers\cmaudio.sys
R3 Freedom;Freedom Miniport;C:\WINDOWS\system32\DRIVERS\FREEDOM.SYS
R3 irsir;Microsoft Serial Infrared Driver;C:\WINDOWS\system32\DRIVERS\irsir.sys
R3 mgau;mgau;C:\WINDOWS\system32\DRIVERS\mgaum.sys
R3 MQAC;Message Queuing access control;\??\C:\WINDOWS\system32\drivers\mqac.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 PptpMiniport;WAN Miniport (PPTP);C:\WINDOWS\system32\DRIVERS\raspptp.sys
R3 RasPppoe;Remote Access PPPOE Driver;C:\WINDOWS\system32\DRIVERS\raspppoe.sys
R3 Raspti;Direct Parallel;C:\WINDOWS\system32\DRIVERS\raspti.sys
R3 RMCAST;Reliable Multicast Protocol driver;\??\C:\WINDOWS\system32\drivers\RMCast.sys
R3 RTL8023xp;TRENDnet TE100 PCBUSR PC Card;C:\WINDOWS\system32\DRIVERS\TE100XP.SYS
R3 tunmp;Microsoft Tun Miniport Adapter Driver;C:\WINDOWS\system32\DRIVERS\tunmp.sys
S3 CO_Mon;CO_Mon;\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys
S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver;C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys
S3 z520bus;Sony Ericsson 520 driver (WDM);C:\WINDOWS\system32\DRIVERS\z520bus.sys
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-26 04:13:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-26 4:14:44
C:\ComboFix-quarantined-files.txt ... 2007-07-26 04:14
C:\ComboFix2.txt ... 2007-07-25 19:46

--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:15, on 2007-07-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/ins ... _v01_5.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/gb/securityadvisor/pe ... stscan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9543505734
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/vi ... ebscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Wind ... lisher.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe

--
End of file - 7277 bytes

Also the daemon files were no longer on the hijack log, were there on previous occasions???

by **beynac** » July 26th, 2007, 3:54 am

Good morning.

the daemon files were no longer on the hijack log, were there on previous occasions???

They would have gone when we deleted those services. The HijackThis fix was just a double-check.

----------------------------------------

The HijackThis log is looking good. There are a couple of items we need to tidy up.

Run HijackThis and click Scan and then check (tick) the following, if present (don't worry if any are missing):

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

Tick the following line if you have not used Spybot, or another program, to set restrictions on changes to Internet Explorer.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Close down all programs, browsers and other open windows. Make sure that only the above items are checked and then click on Fix checked.

------------------------------------------

AVG Anti-Spyware:

I see that you have AVG Anti-Spyware installed. Please update the program and check the following settings.

Click the Update icon at the top and under Manual Update click the Start update button.
The program will either update or inform you that no update was available.
It is essential that you get the update - keep trying until successful.

Please check the following settings:

Click the Shield icon at the top and under Resident shield is... make sure it shows inactive or not available in the free version.
Click the Update icon and untick the automatic update option.
Click on Scanner on the toolbar.
Click on the Settings tab.
- Under How to act? - make sure that Quarantine is selected.
- Under How to scan? - All checkboxes should be ticked.
- Under Possibly unwanted software - All checkboxes should be ticked.
- Under Reports - Select Do not automatically generate reports.
- Under What to scan? - Select Scan every file.

You can now close AVG Anti-Spyware. Do not scan yet.

---------------------------------------

ATF Cleaner by Atribune Â©

Download ATF Cleaner by Atribune Â© from here : http://www.atribune.org/ccount/click.php?id=1
This is a stand-alone program that does not need to be installed. Save it to a convenient location and make a shortcut on your desktop. Using this program will remove temporary files, temporary internet files and cookies from your system, which will mean that any scans will run faster.

Make sure that all browser windows are closed
Double-click the shortcut on your desktop to run the program.
Under Main, choose Select All
Untick Prefetch
Click Empty Selected
If you use Firefox browser,
- Click Firefox at the top and choose Select All
- Click on Empty Selected
- NOTE: If you would like to keep any saved passwords, please untick that option.
Click Exit to close.
If you use Opera browser,
- Click Opera at the top and choose Select All
- Click on Empty Selected
- NOTE: If you would like to keep any saved passwords, please untick that option.
Click Exit to close.

--------------------------------------

Boot to Safe Mode.

You will need to reboot your computer into Safe Mode for the next steps. It would be a good idea for you to print these instructions, as you will not have access to the internet.

Important: If you have an always on connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode. I suggest that you print out these instructions.

Restart your computer.
Continually tap the F8 button as your computer is booting (a menu appears).
Use up-arrow key to select Safe Mode and press Enter.

------------------------------------------------

Run AVG Anti-Spyware:

Close all open windows and then start AVG Anti-Spyware, which you downloaded earlier

Click on Scanner on the toolbar.
Click on Complete System Scan to start the scan process.
Let the program scan your computer.
When the scan has finished, follow the instructions below:
- Make sure that Set all elements to: shows Quarantine
- Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
- When the program has finished, it will display the message All actions have been applied.
- Then click the Save Scan Report button.
- Click the Save Report as button.
- Save the report to your Desktop.
Right-click the AVG Tray Icon and select Exit.

-----------------------------------------------------------------

Reboot in Normal Mode.

-----------------------------------------------------

Please post the following, as a reply to this thread:

The AVG Anti-Spyware report
A new HijackThis log

by **arx** » July 27th, 2007, 8:16 pm

- <history>
- 
- <rec time="2007/07/22 08:00:07" user="Arlene" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/07/22 08:35:01" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1069-1068;iavi:920-919;</attr>
</rec>
- <rec time="2007/07/22 12:51:32" user="Arlene" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/07/22 12:51:54" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1069-1059;iavi:920-904;</attr>
</rec>
- <rec time="2007/07/22 14:32:15" user="Arlene" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2007/07/25 00:31:57" user="Arlene" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/07/25 00:32:36" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1074-1069;iavi:925-920;</attr>
</rec>
- <rec time="2007/07/25 01:51:41" user="Arlene" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2007/07/25 08:00:08" user="Arlene" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/07/25 08:34:57" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1076-1074;iavi:927-925;</attr>
</rec>
- <rec time="2007/07/25 09:09:55" user="Arlene" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2007/07/25 17:14:49" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:928-927;</attr>
</rec>
- <rec time="2007/07/26 11:30:09" user="Arlene" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/07/26 12:01:47" user="Arlene" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2007/07/26 12:27:26" user="Arlene" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/07/26 12:27:30" user="Arlene" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2007/07/27 08:00:05" user="SYSTEM" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/07/27 08:57:39" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1079-1076;iavi:932-928;</attr>
</rec>
- <rec time="2007/07/27 09:24:34" user="SYSTEM" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2007/07/27 18:56:49" user="Arlene" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/07/27 18:57:20" user="Arlene" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2007/07/27 18:57:55" user="Arlene" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/07/27 18:58:02" user="Arlene" source="General">
<value>@HL_TestStopped</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2007/07/27 18:58:25" user="Arlene" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_09</attr>
</rec>
- <rec time="2007/07/27 18:58:53" user="Arlene" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINDOWS\system32\kernel32.dll</attr>
<attr name="action">@HL_ActQtValidated</attr>
</rec>
- <rec time="2007/07/27 18:59:04" user="Arlene" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_09</attr>
<attr name="infectedfiles">0</attr>
</rec>
- <rec time="2007/07/27 19:03:18" user="Arlene" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
- <rec time="2007/07/27 20:03:56" user="Arlene" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
</history>
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29, on 2007-07-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/def ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/ins ... _v01_5.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/gb/securityadvisor/pe ... stscan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9543505734
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/vi ... ebscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Wind ... lisher.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe

--
End of file - 7236 bytes :roll:

by **beynac** » July 28th, 2007, 5:38 am

Good morning.

I'm not sure what's happened here.

The HijackThis 'fix' doesn't seem to have worked
You have posted a report which is not from AVG Anti-Spyware. I think it is the log from AVG Anti-Virus.
You appear to have disabled something using MSConfig

Please could you repeat the actions in my previous post. If you have any questions or problems, please stop and let me know. To summarise the actions needed:

Run HijackThis and 'fix' the items shown
Update AVG Anti-Spyware and check the settings
Download and run ATF Cleaner
Boot to Safe Mode
Run AVG Anti-Spyware
Reboot to Normal Mode

The detailed instructions are in my previous post.

Please then run another HijackThis scan and post, as a reply to this thread:

The AVG Anti-Spyware report
A new HijackThis log

Please also let me know what changes you have made using MSConfig.

by **beynac** » August 4th, 2007, 6:18 am

It's been a week since I posted. Are you having a problem with my instructions? If so, please let me know.

Do you still want our help with this?

by **NonSuch** » August 8th, 2007, 3:18 am

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Free Malware Removal Forum

Can you give some advise plzzz

Can you give some advise plzzz

Hijack This Log

combo and hijack log

The Logs

LOGG thanx 4 all ur help

Who is online