The computer in question has (or had) around ten or sixteen malware as follows:
I ran Search & Destroy, it reported the following
DSS Agent (1)
ABetterInternet.Aurora (1)
Alexa Related (1)
Mirar (10)
NoAware (1)
WildTangent (1)
Avenue A, Inc (1)
I removed these with S&D
I ran Ad-Aware SE Personal, it found "7 New Critical Objects"
Win32.TrojanClicker (2)
Alexa (3)
CoolWebsearch (2)
I have as many logs as I could make so far.
My first HTJ.
Logfile of HijackThis v1.99.1
Scan saved at 9:12:41 PM, on 11/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MYHPPA~1\Pavilion\XPHAPBF3EN\plugin\bin\PCHButton.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\anti-malware\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://au9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\MYHPPA~1\Pavilion\XPHAPBF3EN\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /M "Stylus C45" /EF "HKCU"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1106697520671
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://software.news...k1/isetupml.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
SpyBot SD Results
--- Search result list ---
Mirar: IE toolbar (Registry value, nothing done)
HKEY_USERS\S-1-5-21-753823785-3823736951-2842692284-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
Mirar: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta\http!=W=4
Mirar: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta\https!=W=4
Mirar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}
Mirar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}
Mirar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}
Mirar: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}
ABetterInternet.Aurora: Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}
Mirar: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\NN_Bar_Dummy.NN_BarDummy
Mirar: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\NN_Bar_Dummy.NN_BarDummy.1
Mirar: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}
NoAdware: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NoAdware_is1
WildTangent: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM\ClassPath=...;C:\Program Files\WildTangent\Apps\DRM0300Java.jar...
Alexa Related: Link (Replace file, nothing done)
C:\WINDOWS\Web\related.htm
DSSAgent: Global settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Broderbund software\dss
Avenue A, Inc.: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-12-11 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-12-08 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2006-12-08 Includes\DialerC.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2006-12-08 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-12-08 Includes\KeyloggersC.sbi (*)
2006-12-08 Includes\Malware.sbi (*)
2006-12-08 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-12-08 Includes\PUPSC.sbi (*)
2006-12-08 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2006-12-08 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-12-08 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-12-08 Includes\Trojans.sbi (*)
2006-12-08 Includes\TrojansC.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 1
/ Windows XP / SP2: Windows XP Hotfix - KB823980
/ Windows XP / SP2: Windows XP Hotfix - KB842773
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q327979
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329112
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See q329256 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) q329623
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329909
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q331958
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q811789
--- Startup entries list ---
Located: HK_LM:Run, AlcxMonitor
command: ALCXMNTR.EXE
file: C:\WINDOWS\ALCXMNTR.EXE
size: 50176
MD5: 2f0a3b80096ac30a3e300cce44cdb5dc
Located: HK_LM:Run, AutoTKit
command: C:\hp\bin\AUTOTKIT.EXE
file: C:\hp\bin\AUTOTKIT.EXE
size: 53248
MD5: 6d013ba4120ab87d8694aaf12bd5d1c1
Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 406016
MD5: ed0163acdb2834ac8f53b3265671fb1a
Located: HK_LM:Run, CamMonitor
command: c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
file: c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
size: 90112
MD5: c0de87745c950f2966394837c3683ae5
Located: HK_LM:Run, EPSON Stylus C45 Series
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
size: 99840
MD5: 059630aea8419531fb52834cbb3cae3e
Located: HK_LM:Run, Home Theater SchSvr
command: "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
file: C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
size: 155648
MD5: 5b3c0e93e30ce60449b6445677ff52c7
Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 114688
MD5: ee2ac08be7024a781df6f40870ed748d
Located: HK_LM:Run, HP Software Update
command: "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
file: c:\Program Files\HP\HP Software Update\HPWuSchd.exe
size: 49152
MD5: 8c94e9227522092dfd389b070a5ca7b0
Located: HK_LM:Run, HPHmon05
command: C:\WINDOWS\System32\hphmon05.exe
file: C:\WINDOWS\System32\hphmon05.exe
size: 483328
MD5: a36cab365f2942fa8be8658d176311ad
Located: HK_LM:Run, HPHUPD05
command: c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
file: c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
size: 49152
MD5: c3b064aa819c684cfec909f16779f836
Located: HK_LM:Run, hpsysdrv
command: c:\windows\system\hpsysdrv.exe
file: c:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06a1ecb63df139ec639e084d4ab3c9d7
Located: HK_LM:Run, IMJPMIG8.1
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208953
MD5: 90752037d2d633842a47eb9b7ef86be9
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: 00d20b701816bdd2cc2445e6c388ef70
Located: HK_LM:Run, mmtask
command: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
file: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
size: 53248
MD5: ef94c44103ab1bd4400f26c12ee443de
Located: HK_LM:Run, MSPY2002
command: C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
file: C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe
size: 59392
MD5: 1b17e09c1223f6d17336d2dd7a1af4f4
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 31744
MD5: 0fb22dd37c17f80ad71316049f725170
Located: HK_LM:Run, nwiz
command: nwiz.exe /installquiet /keeploaded /nodetect
file: C:\WINDOWS\system32\nwiz.exe
size: 323584
MD5: 99b4b415dd1be7325deda3b88df5938a
Located: HK_LM:Run, PHIME2002A
command: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6
Located: HK_LM:Run, PHIME2002ASync
command: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
file: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6
Located: HK_LM:Run, PS2
command: C:\WINDOWS\system32\ps2.exe
file: C:\WINDOWS\system32\ps2.exe
size: 81920
MD5: c4c523e78774e05d06efe3e10017cf6d
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: 383145864f6543c97a7e1b78505d2f1c
Located: HK_LM:Run, Recguard
command: C:\WINDOWS\SMINST\RECGUARD.EXE
file: C:\WINDOWS\SMINST\RECGUARD.EXE
size: 212992
MD5: d3cc7a3813123e955b3a497c04b404e2
Located: HK_LM:Run, Share-to-Web Namespace Daemon
command: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
file: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
size: 69632
MD5: 2f2bc80803f0638f6738e37f769e4bd0
Located: HK_LM:Run, StorageGuard
command: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
file: C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
size: 155648
MD5: 4d04efdcb8548fdb3b29ab9154480b7b
Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61a3a9d5d98bf0331df5b716144a8100
Located: HK_LM:Run, WinCinemaMgr
command: "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
file: C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
size: 159744
MD5: 2d2becf428b5085b7a43880a18fac7c8
Located: HK_CU:Run, Acme.PCHButton
command: C:\PROGRA~1\MYHPPA~1\Pavilion\XPHAPBF3EN\plugin\bin\PCHButton.exe
file: C:\PROGRA~1\MYHPPA~1\Pavilion\XPHAPBF3EN\plugin\bin\PCHButton.exe
size: 159744
MD5: 959152b06a66c092711a7990f69341c1
Located: HK_CU:Run, BackupNotify
command: c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
file: c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
size: 24576
MD5: d281419c4aa7583a4dc0f66b8fcfac09
Located: HK_CU:Run, EPSON Stylus C45 Series
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /M "Stylus C45" /EF "HKCU"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
size: 99840
MD5: 059630aea8419531fb52834cbb3cae3e
Located: HK_CU:Run, MoneyAgent
command: "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
file: C:\Program Files\Microsoft Money\System\mnyexpr.exe
size: 200767
MD5: 346a8b9510141c31ba57ee776a9d6cad
Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1511453
MD5: 1e455b08870d4ac3bb6ab5968603e8af
Located: HK_CU:Run, NVIEW
command: rundll32.exe nview.dll,nViewLoadHook
file: C:\WINDOWS\system32\rundll32.exe
size: 31744
MD5: 0fb22dd37c17f80ad71316049f725170
Located: Startup (common), Acrobat Assistant.lnk
command: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
file: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
size: 217193
MD5: 78bfe3201ada2fe02d1e35d2488e5f55
Located: Startup (common), HP Digital Imaging Monitor.lnk
command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
size: 233472
MD5: 5d0c4e90cdc747ce3adc50d2ffde4968
Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a
Located: Startup (common), Updates from HP.lnk
command: C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
file: C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
size: 16384
MD5: 708fc5318f6ab059104ffd415f146781
Located: Startup (common), WinZip Quick Pick.lnk
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 118784
MD5: bb272e4a58c563ebf40f8cb1173da1da
Located: Startup (user), MailWasherPro.lnk
command: C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
file: C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
size: 4901376
MD5: 3cecf6a625c352a0a0cf42173ecdf5b3
Located: Startup (user), OpenOffice.org 2.0.lnk
command: C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
file: C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
size: 61440
MD5: 5cb03ee68f33c0bdf5484d36ef7f1212
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{243B17DE-77C7-46BF-B94B-0B5F309A0E64} ()
BHO name:
CLSID name:
description: Microsoft Money
classification: Open for discussion
known filename: mnyside.dll
info link: http://www.microsoft...ney/default.asp
info source: TonyKlein
Path: C:\Program Files\Microsoft Money\System\
Long name: mnyside.dll
Short name:
Date (created): 17/07/2002 7:00:00 PM
Date (last access): 11/12/2006 11:42:54 PM
Date (last write): 17/07/2002 7:00:00 PM
Filesize: 163906
Attributes: archive
MD5: BEED9AE28E5696C7C2EEA11075E258CE
CRC32: D7C7E8B5
Version: 11.0.0.716
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
BHO name:
CLSID name: EpsonToolBandKicker Class
Path: C:\Program Files\EPSON\EPSON Web-To-Page\
Long name: EPSON Web-To-Page.dll
Short name: EPSONW~1.DLL
Date (created): 2/11/2005 12:28:52 PM
Date (last access): 11/12/2006 11:42:54 PM
Date (last write): 10/02/2004 2:08:58 PM
Filesize: 339968
Attributes: archive
MD5: 230F34EB9C919978C23E6939120DB35C
CRC32: D4C5D89F
Version: 1.0.0.0
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
BHO name:
CLSID name:
description: Microsoft Money
classification: Open for discussion
known filename: mnyviewer.dll
info link: http://www.microsoft...ney/default.asp
info source: TonyKlein
--- ActiveX list ---
{24311111-1111-1121-1111-111191113457} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\eied.inf
Codebase: file://c:\eied_s7.cab
description:
classification: Confirmed as malware
known filename:
info link:
info source: Safer Networking Ltd.
{33331111-1111-1111-1111-611111193457} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\start99.inf
Codebase: file://c:\ex.cab
description:
classification: Confirmed as malware
known filename:
info link:
info source: Safer Networking Ltd.
{33331111-1111-1111-1111-611111193458} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\start.INF
Codebase: file://c:\ex.cab
{33331111-1111-1111-1111-622221193458} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\start.INF
Codebase: file://c:\ex.cab
description:
classification: Confirmed as malware
known filename:
info link:
info source: Safer Networking Ltd.
{43331111-1111-1111-1111-611111195622} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\MirarSetup.inf
Codebase: file://c:\ex.cab
description:
classification: Confirmed as malware
known filename:
info link:
info source: Safer Networking Ltd.
{64311111-1111-1121-1111-111191113457} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\eied.inf
Codebase: file://c:\eied_s7.cab
description:
classification: Confirmed as malware
known filename:
info link:
info source: Safer Networking Ltd.
--- Process list ---
PID: 0 ( 0) [System]
PID: 408 ( 4) \SystemRoot\System32\smss.exe
PID: 464 ( 408) \??\C:\WINDOWS\system32\csrss.exe
PID: 488 ( 408) \??\C:\WINDOWS\system32\winlogon.exe
PID: 532 ( 488) C:\WINDOWS\system32\services.exe
size: 101376
MD5: E3DF4A0252D287C44606EE55355E1623
PID: 544 ( 488) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
PID: 704 ( 532) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 728 ( 532) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 856 ( 532) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1064 (1044) C:\WINDOWS\Explorer.EXE
size: 1004032
MD5: A82B28BFC2E4455FE43022A498C0EF0A
PID: 1096 ( 532) C:\WINDOWS\system32\spoolsv.exe
size: 51200
MD5: 9B4155BA58192D4073082B8FC5D42612
PID: 1240 ( 532) C:\WINDOWS\System32\alg.exe
size: 41984
MD5: 497AEAD5ECEF9512F6B364977A5308EE
PID: 1252 ( 532) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
size: 204800
MD5: E8FBDCC8D618D1BB84B828F247A6244B
PID: 1268 ( 532) C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
size: 343552
MD5: DD4DB777D2BA1E475F75015B90557795
PID: 1400 ( 532) C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
size: 49664
MD5: 30A14F65DB477DC00A64A5A24E96919C
PID: 1436 ( 532) C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 322560
MD5: 65278B092960662152A7CF1A2693B617
PID: 1504 ( 532) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1808 (1064) C:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06A1ECB63DF139EC639E084D4AB3C9D7
PID: 1820 (1064) C:\WINDOWS\System32\hkcmd.exe
size: 114688
MD5: EE2AC08BE7024A781DF6F40870ED748D
PID: 1848 (1064) C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
size: 90112
MD5: C0DE87745C950F2966394837C3683AE5
PID: 1868 (1064) C:\Program Files\HP\HP Software Update\HPWuSchd.exe
size: 49152
MD5: 8C94E9227522092DFD389B070A5CA7B0
PID: 1936 (1064) C:\WINDOWS\System32\hphmon05.exe
size: 483328
MD5: A36CAB365F2942FA8BE8658D176311AD
PID: 2044 (1064) C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
size: 159744
MD5: 2D2BECF428B5085B7A43880A18FAC7C8
PID: 152 (1064) C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
size: 155648
MD5: 5B3C0E93E30CE60449B6445677FF52C7
PID: 212 (1064) C:\WINDOWS\ALCXMNTR.EXE
size: 50176
MD5: 2F0A3B80096AC30A3E300CCE44CDB5DC
PID: 224 (1064) C:\WINDOWS\system32\ps2.exe
size: 81920
MD5: C4C523E78774E05D06EFE3E10017CF6D
PID: 304 (1064) C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
size: 53248
MD5: EF94C44103AB1BD4400F26C12EE443DE
PID: 352 (1064) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
size: 69632
MD5: 2F2BC80803F0638F6738E37F769E4BD0
PID: 364 (1064) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
size: 99840
MD5: 059630AEA8419531FB52834CBB3CAE3E
PID: 376 (1064) C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61A3A9D5D98BF0331DF5B716144A8100
PID: 392 ( 704) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
size: 77824
MD5: A302AE354F6A164DB1AE2A778EA48B9D
PID: 436 (1064) C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 406016
MD5: ED0163ACDB2834AC8F53B3265671FB1A
PID: 964 (1064) C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: 00D20B701816BDD2CC2445E6C388EF70
PID: 980 (1064) C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: 383145864F6543C97A7E1B78505D2F1C
PID: 1032 ( 532) C:\Program Files\iPod\bin\iPodService.exe
size: 323584
MD5: 4B532AD0D7614F701F2D29355D6321FB
PID: 1212 (1064) C:\PROGRA~1\MYHPPA~1\Pavilion\XPHAPBF3EN\plugin\bin\PCHButton.exe
size: 159744
MD5: 959152B06A66C092711A7990F69341C1
PID: 1320 (1064) C:\Program Files\Messenger\msmsgs.exe
size: 1511453
MD5: 1E455B08870D4AC3BB6AB5968603E8AF
PID: 1496 (1064) C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
size: 217193
MD5: 78BFE3201ADA2FE02D1E35D2488E5F55
PID: 1456 (1064) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
size: 233472
MD5: 5D0C4E90CDC747CE3ADC50D2FFDE4968
PID: 1776 (1064) C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
size: 16384
MD5: 708FC5318F6AB059104FFD415F146781
PID: 1880 (1064) C:\Program Files\WinZip\WZQKPICK.EXE
size: 118784
MD5: BB272E4A58C563EBF40F8CB1173DA1DA
PID: 2016 (1064) C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
size: 4901376
MD5: 3CECF6A625C352A0A0CF42173ECDF5B3
PID: 2132 (2088) C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
size: 2334720
MD5: 437BE7AEA02F15B334F3B318D529343A
PID: 2140 (2132) C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
size: 2478080
MD5: 306A82E4098D7C8928AADC7C1095D704
PID: 2336 ( 728) C:\WINDOWS\System32\wuauclt.exe
size: 124184
MD5: EBF1AB7E4FC05CABF2F4680D2A45F827
PID: 2368 (1064) C:\Program Files\Mozilla Firefox\firefox.exe
size: 7604331
MD5: CB49C8AE9B44535D2B6FCDE74C589AC9
PID: 3056 (3048) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11/12/2006 11:50:08 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...amp;ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.optusnet.com.au/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://au9.hpwis.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://au9.hpwis.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft...p...&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft...amp;ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm
--- Winsock Layered Service Provider list ---
--- Uninstall list ---
(AddressBook)
Adobe Acrobat 5.0 5.0 (Adobe Acrobat 5.0)
version (major): 5
install location: C:\Program Files\Adobe\Acrobat 5.0
install source: C:\Documents and Settings\Owner\Local Settings\Temp\pft100~tmp\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com...robat/main.html
AVG Free Edition (AVG7Uninstall)
uninstall cmd: C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: http://www.grisoft.com
(BackWeb- Uninstaller)
Updates from HP (BackWeb-137903 Uninstaller)
uninstall cmd: C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
BJC-4200 (CANONBJ_Deinstall_CNMCP0W.DLL)
uninstall cmd: C:\WINDOWS\System32\CNMCP0W.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon BJC-4200 Installer\Inst\DeIsL2.isu" -pCanon BJC-4200-c"C:\BJPrinter\CNMWINDOWS\Canon BJC-4200 Installer\Inst\bjinst.dll
(Connection Manager)
Crossword Forge 4.7.5 (Crossword Forge_is1)
uninstall cmd: "C:\Program Files\Crossword Forge\unins000.exe"
publisher: Sol Robots
D-Link DFM-562E External Modem (CXT0303)
uninstall cmd: C:\WINDOWS\System32\DRIVERS\UIUSETUP.EXE -U -IACFSerSK.INF
(DirectAnimation)
(DirectDrawEx)
e-tax 2005 (e-tax 2005)
uninstall cmd: C:\etax2005\e-tax 2005_uninstall.exe
e-tax 2006 (e-tax 2006)
uninstall cmd: C:\etax2006\e-tax 2006_uninstall.exe
Microsoft Encarta 97 Encyclopedia (Encarta97)
uninstall cmd: C:\WINDOWS\unenc97.exe
EPSON Printer Software (EPSON Printer and Utilities)
uninstall cmd: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ESC45 Reference Guide (ESC45 Reference Guide)
install location: C:\Program Files\EPSON\TPMANUAL\ESC45\REF_G
uninstall cmd: C:\Program Files\EPSON\TPMANUAL\ESC45\REF_G\DOCUNINS.EXE
ESC45 Software Guide (ESC45 Software Guide)
install location: C:\Program Files\EPSON\TPMANUAL\ESC45\PQU_G
uninstall cmd: C:\Program Files\EPSON\TPMANUAL\ESC45\PQU_G\DOCUNINS.EXE
(Fontcore)
GIMPshop 2.2.8 2.2.8 (GIMPshop)
uninstall cmd: C:\Program Files\GIMPshop\uninst.exe
publisher: The GIMP team (hack by Scott Moschella)
Hemera Products (Hemera Products)
uninstall cmd: C:\PROGRA~1\HEMERA~1\UNWISE.EXE C:\PROGRA~1\HEMERA~1\INSTALL.LOG
HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\anti-malware\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.
HP Photo & Imaging 3.0 3.0 (HP Photo & Imaging)
uninstall cmd: C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
publisher: HP
help link: http://www.hp.com/support
toolkit (HPTOOLKIT)
uninstall cmd: c:\Windows\HPTK\unhptkit.exe
(ICW)
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
(InstallShield Uninstall Information)
Easy Internet Sign-up FE UI-2.1.0.847 (InstallShield_{0613467F-A45E-4CB1-9ECE-1F3DD79FB927})
version: 33554432
version (major): 2
estimated size: 2896
install date: 20030728
install source: C:\hp\tmp\src\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1033
publisher: Hewlett-Packard
(InstallShield_{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1})
iTunes 6.0.5.20 (InstallShield_{54C0D94A-F467-4ABC-9D02-6E58748668D4})
version: 100663301
version (major): 6
estimated size: 35350
install date: 20061201
install location: C:\Program Files\iTunes\
install source: C:\WINDOWS\Downloaded Installations\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273
iPod for Windows 2006-06-28 4.7.0 (InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE})
version: 67567616
version (major): 4
version (minor): 7
estimated size: 69540
install date: 20061201
install location: C:\Program Files\iPod\
install source: C:\WINDOWS\Downloaded Installations\{88709841-CCE6-49D7-94D7-3A2096E694C8}\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare
help link: http://www.info.apple.com
readme: http://www.info.appl.../downloads.html
QuickTime 7.1 (InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31})
version: 117506048
version (major): 7
version (minor): 1
estimated size: 71611
install date: 20061201
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\_is9A\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273
Java Web Start (Java Web Start)
uninstall cmd: "C:\Program Files\Java Web Start\uninst-javaws.exe"
Windows XP Hotfix - KB823980 20030705.121219 (KB823980)
uninstall cmd: C:\WINDOWS\$NtUninstallKB823980$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=823980
Windows XP Hotfix - KB842773 20040805.140010 (KB842773)
uninstall cmd: C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=842773
LiveReg (Symantec Corporation) 2.2.5.1678 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
publisher: Symantec Corporation
LiveUpdate 1.80 (Symantec Corporation) 1.80.19.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation
MailWasher Pro (MailWasher Pro_is1)
uninstall cmd: "C:\Program Files\FireTrust\MailWasher Pro\unins000.exe"
publisher: FireTrust Limited
help link: http://www.firetrust.com/support/
(Microsoft Interactive Training)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
(Microsoft NetShow Player 2.0)
(MobileOptionPack)
Mozilla Firefox (2.0) 2.0 (en-US) (Mozilla Firefox (2.0))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
publisher: Mozilla
comments: Mozilla Firefox
(MPlayer2)
(MsJavaVM)
My HP Pavilion PC (My HP Pavilion PC)
uninstall cmd: C:\PROGRA~1\MYHPPA~1\UNWISE.EXE C:\PROGRA~1\MYHPPA~1\INSTALL.LOG
(NetMeeting)
NoAdware v3.0 (NoAdware_is1)
install location: C:\Program Files\NoAdware3\
uninstall cmd: "C:\Program Files\NoAdware3\unins000.exe"
NVIDIA Windows 2000/XP Display Drivers (NVIDIA)
uninstall cmd: rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
Open Clip Art Library 0.18 (openclipart)
install location: C:\Program Files\Open Clip Art Library
uninstall cmd: "C:\Program Files\Open Clip Art Library\Uninstall Open Clip Art Library.exe"
(OutlookExpress)
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
PS2 (PS2)
uninstall cmd: C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions (Python 2.2 combined Win32 extensions)
uninstall cmd: C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Windows XP Hotfix (SP2) Q327979 20021114.125755 (Q327979)
uninstall cmd: C:\WINDOWS\$NtUninstallQ327979$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q327979 at http://support.microsoft.com
Windows XP Hotfix (SP2) Q329112 20030303.122552 (Q329112)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329112$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=329112
Windows XP Hotfix (SP2) [See q329256 for more information] (q329256)
uninstall cmd: C:\WINDOWS\$NtUninstallq329256$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) q329623 20021126.192002 (q329623)
uninstall cmd: C:\WINDOWS\$NtUninstallq329623$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see q329623 at http://support.microsoft.com
Windows XP Hotfix (SP2) Q329909 20021107.233949 (Q329909)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329909$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q329909 at http://support.microsoft.com
Windows XP Hotfix (SP2) Q331958 20021029.122936 (Q331958)
uninstall cmd: C:\WINDOWS\$NtUninstallQ331958$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q331958 at http://support.microsoft.com
Windows XP Hotfix (SP2) Q811789 20030113.170849 (Q811789)
uninstall cmd: C:\WINDOWS\$NtUninstallQ811789$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q811789 at http://support.microsoft.com
(RecordNow.exe)
uninstall cmd: c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
RegAlyzer 1.4 1.4 (RegAlyzer_is1)
install location: C:\Program Files\Safer Networking\RegAlyzer\
uninstall cmd: "C:\Program Files\Safer Networking\RegAlyzer\unins000.exe"
publisher: Safer Networking Limited Limited
(SchedulingAgent)
(SGTRAY.EXE)
uninstall cmd: C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
Shockwave (Shockwave)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
(ShockwaveFlash)
Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
Where in the World is Carmen Sandiego? (Where in the World is Carmen Sandiego?)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Where in the World is Carmen Sandiego\Uninst.isu"
WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe
Microsoft Money 11.0.100 ({01A2E33A-8ADA-42D1-9173-8F65149E952F})
version: 184549476
version (major): 11
install date: 20030728
uninstall cmd: MsiExec.exe /I{01A2E33A-8ADA-42D1-9173-8F65149E952F}
publisher: Microsoft
comments: The Installation database contains the logic and data required to install Money
help link: http://support.microsoft.com
help telephone: (800) 936-5700
Microsoft Money System Pack 11.0.120 ({02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7})
version: 184549496
version (major): 11
install date: 20030728
uninstall cmd: MsiExec.exe /I{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}
publisher: Microsoft
comments: Installs system components used by Microsoft Money.
help link: http://www.microsoft.../support/money/
help telephone: (800) 936-5700
Microsoft Encarta Encyclopedia Standard - WE 2003 2003 ({035A0014-3975-4267-9F39-1DC4745090B7})
version (major): 2003
version (minor): 2003
install date: 20030728
uninstall cmd: MsiExec.exe /I{035A0014-3975-4267-9F39-1DC4745090B7}
publisher: Microsoft Corporation
help link: http://support.microsoft.com
Easy Internet Sign-up FE UI-2.1.0.847 ({0613467F-A45E-4CB1-9ECE-1F3DD79FB927})
version: 33554432
version (major): 2
estimated size: 2896
install date: 20030728
install source: C:\hp\tmp\src\
publisher: Hewlett-Packard
SkinsHP2 5.30.0.136 ({098637A9-C208-4398-8374-853151D35200})
version: 85852160
version (major): 5
version (minor): 30
estimated size: 7961
install date: 20030728
install source: c:\hp\drivers\hpimagezone\Setup\SkinsHP2\
publisher: Hewlett-Packard
Sonic Update Manager 2.80 ({09DA4F91-2A09-4232-AB8C-6BC740096DE3})
version: 38797312
version (major): 2
version (minor): 80
estimated size: 1751
install date: 20030728
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\VIES34AB\UM\
uninstall cmd: MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
publisher: Sonic Solutions
HPImageZone 1.03.00 ({11946FA8-329A-4DDF-B867-A32781FED8EE})
version: 16973824
version (major): 1
version (minor): 3
estimated size: 63873
install date: 20030728
install source: c:\hp\drivers\hpimagezone\Setup\CPC\
uninstall cmd: MsiExec.exe /X{11946FA8-329A-4DDF-B867-A32781FED8EE}
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0
InterVideo Home Theater ({12808370-8A8B-4A0A-8A96-385C309A58D6})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12808370-8A8B-4A0A-8A96-385C309A58D6}\setup.exe"
Microsoft Visual J# .NET Redistributable Package 1.1 1.1.4322 ({1A655D51-1423-48A3-B748-8F5A0BE294C8})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 13251
install date: 20030728
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Repairjshcore.htm
InterVideo WinDVDX ({1A91D1FA-B9B3-4556-9878-5C61059A19B2})
version (major): 4
install location: C:\Program Files\InterVideo\WinDVDX
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
publisher: InterVideo Inc.
PC-Doctor for Windows ({1F7CCFA3-D926-4882-B2A5-A0217ED25597})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
EPSON PRINT Image Framer Tool2.1 ({23B59ED4-C360-11D7-875B-0090CC005647})
uninstall cmd: RunDll32 C:\PROGRA~1\COMM