View Full Version : Please help!
LostinAsia
2007-03-05, 12:52
I have read and followed the directions from the sticky. Attached below is the log from the latest scan of HJT. FYI, after I scan my system with AVG, it shows the same TrackingCookie.Co recurring. From SpyBot S&D, I have recently been getting Nurech. I truly don't know why this is happening, and it seems that my computer is not as fast as it was before - especially when I first open IE...takes a couple minutes sometimes!!!
Thank you in advance....
Logfile of HijackThis v1.99.1
Scan saved at 7:20:28 PM, on 3/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\BitComet\BitComet.exe
C:\Program Files\HijackThis\HijackThis.exe
R3 - URLSearchHook: (no name) - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Documents and Settings\Mike\Local Settings\Temp\{F52924BD-9422-458D-9D0D-69D314B096CA}\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\NOVG.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to QQ Customized Emoticons - d:\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - D:\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - D:\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?738143df2d654e4993f90aea3497ca8b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?738143df2d654e4993f90aea3497ca8b
O8 - Extra context menu item: Send picture by MMS - D:\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - d:\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - D:\Tencent\QQ\AddToNetDisk.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [TBH] SOSO AddressBar Search
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162555012046
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C4336C0-E628-44E7-99D6-354D186B5175}: NameServer = 202.96.128.166 61.144.56.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C4336C0-E628-44E7-99D6-354D186B5175}: NameServer = 202.96.128.166 61.144.56.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
Previous topics:
http://forums.spybot.info/showthread.php?p=58142
http://forums.spybot.info/showthread.php?t=11720
Hi LostInAsia
Please post a fresh HijackThis log and spybot report :)
LostinAsia
2007-03-08, 12:51
Hi there,
Thanks for the reply. Below are the two logs that you requested. Please note that the latest SpyBot scan did not show any threats. However, as I mentioned, previous scans have showed Nurech. I also keep getting the same mal/spyware infection when I scan with AVG - TrackingCookie.Co. It baffles me why sometimes the scans show infection, yet other scans do not show any such infection.
I regularly (daily) update SpyBot, AVG, and McAfee. I also scan everyday. It would be so great if I could figure what is the root cause of the problems and learn how to prevent further problems. FYI, I do not go to X-Rated sites, nor do I download from sites that could potentially put my computer at risk (perhaps even trusted sites could put me at risk - I am far from an expert on this sort of stuff - But I am not an idiot either... :bigthumb:
Thanks...Or should I say "xie xie ni" Been in China tooooo long.....
Logfile of HijackThis v1.99.1
Scan saved at 7:21:57 PM, on 3/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
R3 - URLSearchHook: (no name) - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Documents and Settings\Mike\Local Settings\Temp\{F52924BD-9422-458D-9D0D-69D314B096CA}\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\NOVG.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to QQ Customized Emoticons - d:\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - D:\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - D:\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?738143df2d654e4993f90aea3497ca8b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?738143df2d654e4993f90aea3497ca8b
O8 - Extra context menu item: Send picture by MMS - D:\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - d:\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - D:\Tencent\QQ\AddToNetDisk.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [TBH] SOSO AddressBar Search
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162555012046
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C4336C0-E628-44E7-99D6-354D186B5175}: NameServer = 202.96.128.166 61.144.56.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C4336C0-E628-44E7-99D6-354D186B5175}: NameServer = 202.96.128.166 61.144.56.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
LostinAsia
2007-03-08, 12:56
_____________________________________________________________
Here is the scan report from SpyBot:
--- Search result list ---
Congratulations!: No immediate threats were found. ()
The scan report is massive...I guess I will have to send it over a few posts....
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-11-10 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-02 advcheck.dll (1.2.0.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-03-07 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-03-07 Includes\DialerC.sbi (*)
2007-02-07 Includes\Hijackers.sbi (*)
2007-03-07 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-03-07 Includes\KeyloggersC.sbi (*)
2007-02-14 Includes\Malware.sbi (*)
2007-03-07 Includes\MalwareC.sbi (*)
2007-01-19 Includes\PUPS.sbi (*)
2007-03-07 Includes\PUPSC.sbi (*)
2007-03-07 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-03-07 Includes\SecurityC.sbi (*)
2007-02-02 Includes\Spybots.sbi (*)
2007-03-07 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-03-07 Includes\Trojans.sbi (*)
2007-03-07 Includes\TrojansC.sbi (*)
LostinAsia
2007-03-08, 12:57
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922760)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925454)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Security Update for Windows XP (KB928090)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221
LostinAsia
2007-03-08, 12:58
--- Startup entries list ---
Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 69632
MD5: 8b4cbba1ea526830c7f97e7822e2493a
Located: HK_LM:Run, Apoint
command: C:\Program Files\Apoint\Apoint.exe
file: C:\Program Files\Apoint\Apoint.exe
size: 118784
MD5: 26187c6ce31b7730521936de2b6f293d
Located: HK_LM:Run, AzMixerSel
command: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
file: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
size: 53248
MD5: ae09a7fad521da4e5781cb93f594fd3c
Located: HK_LM:Run, High Definition Audio Property Page Shortcut
command: HDAShCut.exe
file: C:\WINDOWS\system32\HDAShCut.exe
size: 61952
MD5: 9c3b2302b60fb0efb13bc880a5e3e93e
Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: ac116f16a7716a720a45d7ea47cfd983
Located: HK_LM:Run, igfxhkcmd
command: C:\WINDOWS\system32\hkcmd.exe
file: C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: d9f3db62d1b361d82cd82a347ea6218d
Located: HK_LM:Run, igfxpers
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 118784
MD5: 32fb9368f485a7fe944eb6678b61734b
Located: HK_LM:Run, igfxtray
command: C:\WINDOWS\system32\igfxtray.exe
file: C:\WINDOWS\system32\igfxtray.exe
size: 94208
MD5: 54f1f98c4ad8f99bbbe8fbb62b38733f
Located: HK_LM:Run, IMJPMIG8.1
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208952
MD5: 7bbe4cf421aecc7f0226edd75f12079f
Located: HK_LM:Run, ISBMgr.exe
command: C:\Program Files\Sony\ISB Utility\ISBMgr.exe
file: C:\Program Files\Sony\ISB Utility\ISBMgr.exe
size: 32768
MD5: 93eefbc237adfc406f52ee56d97f784b
Located: HK_LM:Run, McAfeeUpdaterUI
command: "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
file: C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
size: 139320
MD5: e4a7b1aa1e40676153a824ac00ec3450
Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90
Located: HK_LM:Run, Network Associates Error Reporting Service
command: "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
file: C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
size: 147514
MD5: 78915c3ad0024bacd46f41bf02ee4415
Located: HK_LM:Run, PHIME2002A
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6
Located: HK_LM:Run, PHIME2002ASync
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6
Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 14743552
MD5: 17fa0988cce29f473ea8a83bab4676e7
Located: HK_LM:Run, ShStatEXE
command: "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
file: C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
size: 94208
MD5: 7fdd96f93adbe7e986aabae0ca446011
Located: HK_LM:Run, SonyPowerCfg
command: C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
file: C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
size: 184320
MD5: 5c6450eaafd24e5b416e29700452f385
Located: HK_LM:Run, StormCodec_Helper
command: "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
file: C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe
size: 96984
MD5: f8d47498a70320bdf39b5cd26103d214
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
file: C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
size: 49263
MD5: 409c45da1cfbc3fc19eec7cbfe9b2786
Located: HK_CU:Run,
command:
file:
Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496eee0ddbe485f658693826f44d38
Located: HK_CU:Run, SsAAD.exe
command: D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
file: D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
size: 81920
MD5: 5d5647c45b4a460765b1775ab628e954
Located: HK_CU:Run, swg
command: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
size: 171448
MD5: 0fa44ea8b03aba3e1d240b5a333d8e6a
Located: Startup (user), Delta Force-Black Hawk Down Team Sabre Registration.lnk
command: C:\Documents and Settings\Mike\Local Settings\Temp\{F52924BD-9422-458D-9D0D-69D314B096CA}\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\NOVG.EXE
file:
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, igfxcui
command: igfxdev.dll
file: igfxdev.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, VESWinlogon
command: VESWinlogon.dll
file: VESWinlogon.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
LostinAsia
2007-03-08, 12:59
--- Browser helper object list ---
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet ClickCapture)
BHO name: BitComet ClickCapture
CLSID name: BitComet Helper
Path: D:\Program Files\BitComet\tools\
Long name: BitCometBHO_1.1.2.7.dll
Short name: BITCOM~2.DLL
Date (created): 2/8/2007 1:04:02 PM
Date (last access): 3/8/2007 7:17:52 PM
Date (last write): 2/8/2007 1:04:02 PM
Filesize: 158272
Attributes: archive
MD5: F6FB4263C593BF2F795061895C99EC9F
CRC32: 382DB2D0
Version: 1.1.2.7
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~2\
Long name: SDHelper.dll
Short name:
Date (created): 11/10/2006 7:47:34 PM
Date (last access): 3/8/2007 7:16:58 PM
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: ssv.dll
Short name:
Date (created): 12/15/2006 3:09:16 AM
Date (last access): 3/8/2007 7:16:58 PM
Date (last write): 12/15/2006 3:23:24 AM
Filesize: 440056
Attributes: archive
MD5: 38C5BE22267A9236E79B1401B5D71D04
CRC32: 2D9C7143
Version: 5.0.110.3
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 7/7/2006 12:29:52 PM
Date (last access): 3/8/2007 7:16:58 PM
Date (last write): 7/7/2006 12:29:52 PM
Filesize: 324416
Attributes: archive
MD5: 52A70C80A446FA3BBCDAF59A9AB26AF4
CRC32: B1456034
Version: 4.0.249.1
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar3.dll
Short name: GOOGLE~3.DLL
Date (created): 1/26/2007 3:23:00 PM
Date (last access): 3/8/2007 7:16:58 PM
Date (last write): 1/19/2007 11:55:32 PM
Filesize: 2403392
Attributes: readonly archive
MD5: 6319F2D4708DBCAE37CFA03DA10782C0
CRC32: D51D8296
Version: 4.0.1601.4978
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
BHO name:
CLSID name: Windows Live Toolbar Helper
Path: C:\Program Files\Windows Live Toolbar\
Long name: msntb.dll
Short name:
Date (created): 10/10/2006 11:26:40 PM
Date (last access): 3/8/2007 7:17:50 PM
Date (last write): 10/10/2006 11:26:40 PM
Filesize: 544032
Attributes: archive
MD5: D638AFC241FCC42D15886CD26A3F1461
CRC32: EC0AD183
Version: 3.1.0.72
--- ActiveX list ---
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool)
DPF name:
CLSID name: Office Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\OGAControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=67633
Path: C:\WINDOWS\system32\
Long name: OGACheckControl.DLL
Short name: OGACHE~1.DLL
Date (created): 10/13/2006 11:30:10 AM
Date (last access): 3/8/2007 7:32:32 PM
Date (last write): 10/13/2006 11:30:10 AM
Filesize: 668976
Attributes: archive
MD5: 7A8B261883866E18006885FC9DB46E27
CRC32: 7562521A
Version: 1.6.18.0
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162555012046
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 11/1/2006 10:52:38 PM
Date (last access): 3/7/2007 7:45:04 AM
Date (last write): 5/26/2005 4:19:32 AM
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 5.8.0.2469
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 12/15/2006 3:09:16 AM
Date (last access): 3/6/2007 9:42:32 PM
Date (last write): 12/15/2006 3:23:26 AM
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_09
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_09.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_09\bin\
Long name: NPJPI150_09.dll
Short name: NPJPI1~1.DLL
Date (created): 10/12/2006 3:10:58 AM
Date (last access): 3/6/2007 9:42:32 PM
Date (last write): 10/12/2006 3:25:44 AM
Filesize: 69746
Attributes: archive
MD5: A3CDEB59B6B8C2EA81B9ED2D3EF4C95E
CRC32: 2A32A9A2
Version: 5.0.90.3
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 12/15/2006 3:09:16 AM
Date (last access): 3/8/2007 7:38:54 PM
Date (last write): 12/15/2006 3:23:26 AM
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 12/15/2006 3:09:16 AM
Date (last access): 3/8/2007 7:38:54 PM
Date (last write): 12/15/2006 3:23:26 AM
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9b.ocx
Short name:
Date (created): 11/9/2006 2:46:28 PM
Date (last access): 3/8/2007 3:01:20 PM
Date (last write): 11/9/2006 2:46:28 PM
Filesize: 2262648
Attributes: readonly archive
MD5: F3B3EE66CA76C94510555ABE9D00A353
CRC32: A51F3CB4
Version: 9.0.28.0
LostinAsia
2007-03-08, 13:00
--- Process list ---
PID: 0 ( 0) [System]
PID: 656 ( 4) \SystemRoot\System32\smss.exe
PID: 720 ( 656) \??\C:\WINDOWS\system32\csrss.exe
PID: 744 ( 656) \??\C:\WINDOWS\system32\winlogon.exe
PID: 792 ( 744) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 804 ( 744) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 956 ( 792) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1016 ( 792) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1116 ( 792) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1152 ( 792) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
size: 86016
MD5: AA1D9C4A2F997FEA8A4FB0929212EDA2
PID: 1208 ( 792) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
size: 372809
MD5: A57B20BB52B7C504B7A9FB4C82B639BA
PID: 1284 ( 792) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1384 ( 792) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1704 ( 792) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 196 ( 792) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
size: 204800
MD5: E8FBDCC8D618D1BB84B828F247A6244B
PID: 236 ( 792) C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
size: 102463
MD5: A80F0E7DC789150C3AE4F504E3B96B06
PID: 280 ( 792) C:\Program Files\Network Associates\VirusScan\Mcshield.exe
size: 221191
MD5: 319151AAE685CB6802D3822E36B9CC17
PID: 328 ( 956) C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
size: 237623
MD5: 331B69D20D0983B93BAF2F7E6DAEBB80
PID: 448 ( 792) C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
size: 29184
MD5: B01E179FEFF700AB54C1BE9E429B10C6
PID: 480 ( 792) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 540 ( 792) C:\WINDOWS\system32\HPZipm12.exe
size: 69632
MD5: 9D84376931440F3679BEEF2A414FA493
PID: 584 ( 792) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
size: 139264
MD5: E6CD560A4A16FEEE5503CB59A3E30A84
PID: 632 ( 792) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 712 ( 792) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
size: 176128
MD5: 1D5425783D92F34C63075FA0C4E2C3D5
PID: 1432 ( 956) C:\WINDOWS\system32\igfxext.exe
size: 94208
MD5: A4AE745EC6C1BC328A9B230DBFB19387
PID: 1468 ( 956) C:\WINDOWS\system32\igfxsrvc.exe
size: 163840
MD5: 23DAA38F8FF3F0B76F41463A49C65B5E
PID: 616 ( 792) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 2220 (2096) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 2416 (2220) C:\WINDOWS\system32\hkcmd.exe
size: 77824
MD5: D9F3DB62D1B361D82CD82A347EA6218D
PID: 2424 (2220) C:\WINDOWS\system32\igfxpers.exe
size: 118784
MD5: 32FB9368F485A7FE944EB6678B61734B
PID: 2432 (2220) C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
size: 94208
MD5: 7FDD96F93ADBE7E986AABAE0CA446011
PID: 2440 (2220) C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
size: 139320
MD5: E4A7B1AA1E40676153A824AC00EC3450
PID: 2448 (2220) C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
size: 147514
MD5: 78915C3AD0024BACD46F41BF02EE4415
PID: 2456 (2220) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: AC116F16A7716A720A45D7EA47CFD983
PID: 2484 (2220) C:\Program Files\Apoint\Apoint.exe
size: 118784
MD5: 26187C6CE31B7730521936DE2B6F293D
PID: 2508 (2220) C:\WINDOWS\RTHDCPL.EXE
size: 14743552
MD5: 17FA0988CCE29F473EA8A83BAB4676E7
PID: 2520 (2220) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
size: 184320
MD5: 5C6450EAAFD24E5B416E29700452F385
PID: 2528 (2220) C:\Program Files\Sony\ISB Utility\ISBMgr.exe
size: 32768
MD5: 93EEFBC237ADFC406F52EE56D97F784B
PID: 2556 (2220) C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
size: 49263
MD5: 409C45DA1CFBC3FC19EEC7CBFE9B2786
PID: 2604 (2220) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 2624 (2220) D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
size: 81920
MD5: 5D5647C45B4A460765B1775AB628E954
PID: 2640 (2220) C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
size: 171448
MD5: 0FA44EA8B03ABA3E1D240B5A333D8E6A
PID: 2648 (2220) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496EEE0DDBE485F658693826F44D38
PID: 2888 (2876) C:\Program Files\Apoint\Apntex.exe
size: 45056
MD5: 0AA31DE4E40861EAF259D194A58D4317
PID: 4040 (2220) C:\Program Files\Internet Explorer\IEXPLORE.EXE
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 172 (2220) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 852 (2220) D:\Program Files\Sony\SonicStage\Omgjbox.exe
size: 5498424
MD5: A818C8A66B6ECD7016EAACB751FC9371
PID: 3712 ( 956) C:\Program Files\Common Files\Sony Shared\AVLib\SsDbConnection.exe
size: 102400
MD5: 39FD260517AAD5A6A30FE2ADA50F3C3A
PID: 4 ( 0) System
LostinAsia
2007-03-08, 13:01
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/8/2007 7:38:55 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C8534B47-63C0-4814-B945-0C9B28D45B3F}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C8534B47-63C0-4814-B945-0C9B28D45B3F}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D21185C6-676D-4E8B-A625-659EF19AF807}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D21185C6-676D-4E8B-A625-659EF19AF807}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8CDEA94D-A95A-45E9-942B-353744158016}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8CDEA94D-A95A-45E9-942B-353744158016}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AD444A78-1455-4AEA-9EF2-223FD6B6B52B}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AD444A78-1455-4AEA-9EF2-223FD6B6B52B}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B0B30380-5044-4BFD-84FA-920CF5177520}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B0B30380-5044-4BFD-84FA-920CF5177520}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6E6403B6-7A73-482E-B374-251280A0428B}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6E6403B6-7A73-482E-B374-251280A0428B}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C01145FB-A94E-461A-BD7E-81D4D72C782F}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C01145FB-A94E-461A-BD7E-81D4D72C782F}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C4336C0-E628-44E7-99D6-354D186B5175}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4C4336C0-E628-44E7-99D6-354D186B5175}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
LostinAsia
2007-03-08, 13:06
--- Uninstall list ---
(AddressBook)
AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: http://www.grisoft.com
BitComet 0.84 0.84 (BitComet)
uninstall cmd: D:\Program Files\BitComet\uninst.exe
publisher: ~RnySmile~
(Branding)
HDAUDIO SoftV92 Data Fax Modem with SmartCP (CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003)
uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003\HXFSETUP.EXE -U -ISnyHDANk.inf
(Connection Manager)
Delta Force - Black Hawk Down (Delta Force - Black Hawk Down)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NovaLogic\Delta Force Black Hawk Down\Uninst.isu"
(DirectAnimation)
(DirectDrawEx)
(DXM_Runtime)
(Fontcore)
HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\DOCUME~1\Mike\LOCALS~1\Temp\Rar$EX00.562\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.
HP Imaging Device Functions 5.3 5.3 (HP Imaging Device Functions)
uninstall cmd: C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
publisher: HP
help link: http://www.hp.com/support
HP Solution Center & Imaging Support Tools 5.3 5.3 (HP Solution Center & Imaging Support Tools)
uninstall cmd: C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
publisher: HP
help link: http://www.hp.com/support
(ICW)
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
(InstallShield Uninstall Information)
OpenMG Secure Module 4.6.00 4.6.00.08110 (InstallShield_{D5654243-0EDC-4BE7-8353-16ECE4019CD1})
version: 67502080
version (major): 4
version (minor): 6
estimated size: 23025
install date: 20061217
install location: C:\Program Files\Sony Corporation\OpenMG Secure Module\
install source: F:\common\openmg\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{D5654243-0EDC-4BE7-8353-16ECE4019CD1} UNINSTALL
publisher: Sony Corporation
High Definition Audio Driver Package - KB835221 20040219.000000 (KB835221WXP)
uninstall cmd: C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB835221
Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339
(KB884016)
(KB884267)
(KB885353)
Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835
Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836
Windows XP Hotfix - KB885884 20040924.025457 (KB885884)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885884
Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185
(KB886612)
(KB887078)
Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472
(KB887626)
Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302
(KB888656)
(KB889858)
Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046
Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859
(KB891122)
Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781
(KB892313)
(KB893240)
(KB893241)
Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756
LostinAsia
2007-03-08, 13:08
(KB893803)
Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467
Update for Windows XP (KB894391) 1 (KB894391)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391
(KB895181)
(KB895316)
(KB895572)
Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358
Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423
Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424
Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428
(KB897586)
Update for Windows XP (KB898461) 1 (KB898461)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461
(KB898549)
Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587
Security Update for Windows XP (KB899589) 1 (KB899589)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899589
Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591
(KB900399)
Update for Windows XP (KB900485) 2 (KB900485)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485
Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725
Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017
Security Update for Windows XP (KB901190) 1 (KB901190)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901190
Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214
(KB902344)
Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400
Security Update for Windows XP (KB904706) 2 (KB904706)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706
Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414
Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749
(KB907658)
Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519
Update for Windows XP (KB908531) 2 (KB908531)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531
Update for Windows XP (KB910437) 1 (KB910437)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437
Update for Windows XP (KB911280) 2 (KB911280)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280
Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562
Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564
Security Update for Windows Media Player 10 (KB911565) (KB911565)
install date: 20061118
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911565
Security Update for Windows XP (KB911567) 1 (KB911567)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567
(KB911854)
Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927
Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919
Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580
Security Update for Windows XP (KB914388) 1 (KB914388)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914388
Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389
Update for Windows XP (KB916595) 1 (KB916595)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916595
Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344
Security Update for Windows XP (KB917422) 1 (KB917422)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917422
Security Update for Windows Media Player 9 (KB917734) (KB917734_WMP9)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734
Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953
Security Update for Windows XP (KB918118) 1 (KB918118)
install date: 20070216
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918118
Security Update for Windows XP (KB918439) 1 (KB918439)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439
Security Update for Windows XP (KB918899) 1 (KB918899)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918899
Security Update for Windows XP (KB919007) 1 (KB919007)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=919007
Security Update for Windows XP (KB920213) 1 (KB920213)
install date: 20061118
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920213
Security Update for Windows XP (KB920214) 1 (KB920214)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920214
Security Update for Windows XP (KB920670) 1 (KB920670)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920670
Security Update for Windows XP (KB920683) 1 (KB920683)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920683
Security Update for Windows XP (KB920685) 1 (KB920685)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920685
Update for Windows XP (KB920872) 1 (KB920872)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920872
Security Update for Windows XP (KB921398) 1 (KB921398)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921398
Security Update for Windows XP (KB921883) 1 (KB921883)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921883
Update for Windows XP (KB922582) 1 (KB922582)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922582
Security Update for Windows XP (KB922616) 1 (KB922616)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922616
Security Update for Windows XP (KB922760) 1 (KB922760)
install date: 20061118
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922760
Security Update for Windows XP (KB922819) 1 (KB922819)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922819
Security Update for Windows XP (KB923191) 1 (KB923191)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923191
Security Update for Windows XP (KB923414) 1 (KB923414)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923414
Security Update for Windows XP (KB923694) 1 (KB923694)
install date: 20061214
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923694
Security Update for Windows XP (KB923980) 1 (KB923980)
install date: 20061118
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923980
Security Update for Windows XP (KB924191) 1 (KB924191)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924191
Security Update for Windows XP (KB924270) 1 (KB924270)
install date: 20061118
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924270
Security Update for Windows XP (KB924496) 1 (KB924496)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924496
Security Update for Windows XP (KB924667) 1 (KB924667)
install date: 20070217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924667
Security Update for Windows Media Player 6.4 (KB925398) (KB925398_WMP64)
install date: 20061214
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=925398
Security Update for Windows XP (KB925454) 1 (KB925454)
install date: 20061217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925454
Security Update for Windows XP (KB925486) 1 (KB925486)
install date: 20061111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925486
Hotfix for Windows XP (KB926239) 2 (KB926239)
install date: 20061117
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926239
Security Update for Windows XP (KB926255) 1 (KB926255)
install date: 20061214
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926255
Security Update for Windows XP (KB926436) 1 (KB926436)
install date: 20070216
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926436
Security Update for Windows XP (KB927779) 1 (KB927779)
install date: 20070217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927779
Security Update for Windows XP (KB927802) 1 (KB927802)
install date: 20070217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927802
Security Update for Windows XP (KB928090) 1 (KB928090)
install date: 20070217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928090
LostinAsia
2007-03-08, 13:10
Security Update for Windows XP (KB928255) 1 (KB928255)
install date: 20070217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928255
Security Update for Windows XP (KB928843) 1 (KB928843)
install date: 20070217
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928843
Security Update for Windows XP (KB929969) 1 (KB929969)
install date: 20070112
uninstall cmd: "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=929969
Update for Windows XP (KB931836) 1 (KB931836)
install date: 20070216
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931836
Magic DVD Ripper V4.3.2 (Magic DVD Ripper_is1)
install location: D:\Program Files\MagicDVDRipper\
uninstall cmd: "D:\Program Files\MagicDVDRipper\unins000.exe"
publisher: Magic DVD Software, Inc.
help link: http://www.magicdvdripper.com
(MobileOptionPack)
(MPlayer2)
Microsoft Compression Client Pack 1.0 for Windows XP 1 (MSCompPackV1)
install date: 20061117
uninstall cmd: "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=74087
(MSI30-Beta1)
(MSI30-Beta2)
(MSI30-KB884016)
(MSI30-RC1)
(MSI30-RC2)
(MSI30a-KB884016)
(MSI31-Beta)
(MSI31-RC1)
MSN (MSNINST)
uninstall cmd: C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero 6 (Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
(NetMeeting)
OpenMG Limited Patch 4.6-06-09-04-01 (OpenMG HotFix4.6-06-09-04-01)
uninstall cmd: C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.6-06-09-04-01\HotFixSetup\setup.exe /u
(OutlookExpress)
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Intel(R) PROSet/Wireless Software (ProInst)
install location: C:\WINDOWS\Installer\iProInst.exe
uninstall cmd: C:\WINDOWS\Installer\iProInst.exe
publisher: Intel Corporation
(SchedulingAgent)
Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
publisher: Adobe Systems
help link: http://www.adobe.com/go/flashplayer_support/
Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
Storm Codec 6.10.00 (Storm Codec 5)
install location: C:\Program Files\Ringz Studio\Storm Codec
uninstall cmd: C:\Program Files\Ringz Studio\Storm Codec\uninst6.10.00.exe
publisher: lain
SOSO AddressBar Search 4.3.1.10 (Tencent Browser Helper)
install location: C:\Program Files\TENCENT\Adplus
uninstall cmd: C:\PROGRA~1\TENCENT\Adplus\stup.exe C:\PROGRA~1\TENCENT\Adplus\SSAddr1.dll Uninstall
publisher: Tencent Technology (Shenzhen)Company Limited
TVUPlayer 2.3.2.19 2.3.2.19 (TVUPlayer)
uninstall cmd: C:\Program Files\TVUPlayer\uninst.exe
publisher: TVU Networks, Inc.
Windows Live Toolbar 03.01.0072 (Windows Live Toolbar)
uninstall cmd: "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {9DA72A9F-4246-4C10-B0FA-D8C1037D45F8}
publisher: Microsoft Corporation
Windows Media Format 11 runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
help link: http://go.microsoft.com/fwlink/?LinkId=62768
Windows Media Player 11 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe
(WMCSetup)
Windows Media Format 11 runtime (WMFDist11)
install date: 20061117
uninstall cmd: "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:
Windows Media Player 11 (wmp11)
install date: 20061117
uninstall cmd: "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:
LostinAsia
2007-03-08, 13:12
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Wudf01000)
install date: 20061117
uninstall cmd: "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
comments: Build Number 5716
1200Trb 50.0.206.000 ({03843643-8B6C-49A3-B760-799340472BED})
version: 838861006
version (major): 50
estimated size: 721
install date: 20061102
install source: F:\Setup\AiOHelp\
publisher: Hewlett-Packard
CP_Package_Variety1 53.0.13.000 ({0611BD4E-4FE4-4a62-B0C0-18A4CC463428})
version: 889192461
version (major): 53
estimated size: 7401
install date: 20061102
install source: F:\setup\CP_Package_Variety1\
publisher: Hewlett-Packard
Destinations 53.0.13.000 ({09984AEC-6B9F-4ca7-B78D-CB44D4771DA3})
version: 889192461
version (major): 53
estimated size: 16085
install date: 20061102
install source: F:\setup\Destinations\
publisher: Hewlett-Packard
AiO_Scan 50.0.206.000 ({0B33B738-AD79-4E32-90C5-E67BFB10BBFF})
version: 838861006
version (major): 50
estimated size: 483
install date: 20061102
install source: F:\setup\AiO_Scan\
publisher: Hewlett-Packard
HP Software Update 3.0.5.001 ({15EE79F4-4ED1-4267-9B0F-351009325D7D})
version: 50331653
version (major): 3
estimated size: 3833
install date: 20061102
install source: F:\setup\HPSoftwareUpdate\
uninstall cmd: MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
publisher: HEWLET~1|Hewlett-Packard
contact: http://www.hp.com/support
Tabbed Browsing (Windows Live Toolbar) 03.01.0072 ({1707BF02-0F5C-4A6C-8F17-053BB73E443F})
version: 50397256
version (major): 3
version (minor): 1
estimated size: 1635
install date: 20061207
install source: C:\WINDOWS\TEMP\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{1707BF02-0F5C-4A6C-8F17-053BB73E443F}
publisher: Microsoft Corporation
CP_Package_Variety3 53.0.13.000 ({1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A})
version: 889192461
version (major): 53
estimated size: 8617
install date: 20061102
install source: F:\setup\CP_Package_Variety3\
publisher: Hewlett-Packard
Picture Package 1.00.000 ({1E2F8AE3-3437-44E6-BB75-E95751D6B83F})
version: 16777216
install location: C:\Program Files\Sony Corporation\Picture Package
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
Windows Live Sign-in Assistant 4.000.249.1 ({22B3CC30-77B8-419C-AA4B-F571FDF5D66D})
version: 67109113
version (major): 4
estimated size: 1112
install date: 20061205
install source: C:\DOCUME~1\Mike\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
publisher: Microsoft Corporation
Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
mProSafe 9.00.0000 ({23FB368F-1399-4EAC-817C-4B83ECBE3D83})
version: 150994944
version (major): 9
install date: 20061101
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
publisher: Intel
comments: Pseudo NCS Install
contact: Customer Support Department
help link: http://www.intel.com
help telephone: 1-555-555-4505
mDriver 1.31.0000 ({28DA872A-0848-48CF-B749-19A198157A2A})
version: 18808832
version (major): 1
version (minor): 31
estimated size: 8584
install date: 20061101
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
publisher: Intel
comments: Intel Wireless Adapter driver installation
contact: Customer Support Department
help link: http://www.intel.com
help telephone: 1-555-555-4505
Unload 5.0.0 ({2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C})
version: 83886080
version (major): 5
estimated size: 7950
install date: 20061102
install source: F:\setup\UnloadIntent\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0
TrayApp 53.0.13.000 ({30C19FF2-7FBA-4d09-B9DE-1659977F64F6})
version: 889192461
version (major): 53
estimated size: 698
install date: 20061102
install source: F:\setup\TrayApp\
publisher: Hewlett-Packard
J2SE Runtime Environment 5.0 Update 9 1.5.0.90 ({3248F0A8-6813-11D6-A77B-00B0D0150090})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 149061
install date: 20061105
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_09-b03/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_09\README.txt
J2SE Runtime Environment 5.0 Update 10 1.5.0.100 ({3248F0A8-6813-11D6-A77B-00B0D0150100})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 149217
install date: 20070121
install source: http://javadl.sun.com/webapps/download/GetFile/1.5.0_10-b03/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_10\README.txt
J2SE Runtime Environment 5.0 Update 11 1.5.0.110 ({3248F0A8-6813-11D6-A77B-00B0D0150110})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 149554
install date: 20070221
install source: http://javadl.sun.com/webapps/download/GetFile/1.5.0_11-b03/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_11\README.txt
WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20061101
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows
Windows Live Toolbar Extension (Windows Live Toolbar) 03.01.0072 ({3727B920-F5A3-46A4-AC02-94F421A039C7})
version: 50397256
version (major): 3
version (minor): 1
estimated size: 609
install date: 20061207
install source: C:\WINDOWS\TEMP\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
publisher: Microsoft Corporation
MSXML 4.0 SP2 (KB927978) 4.20.9841.0 ({37477865-A3F1-4772-AD43-AAFC6BCFF99F})
version: 68429425
version (major): 4
version (minor): 20
estimated size: 2625
install date: 20061118
install source: d:\2e79742216d865f68e1c890eeacf7c\
uninstall cmd: MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/927978
1200 50.0.206.000 ({38DB8EA5-07E7-4A54-99A4-3024586763F6})
version: 838861006
version (major): 50
install date: 20061102
install source: C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\Product\
publisher: Hewlett-Packard
Google Earth 4.0.2416 ({3DE5E7D4-7B88-403C-A3FD-2017A8240C5B})
version: 67111280
install date: 20061112
install location: C:\Program Files\Google\Google Earth
install source: C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\APVD9L9U\GoogleEarthWin[1].exe
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
publisher: Google
Macromedia Flash Player 7.0.14.0 ({4ecaf021-478c-40c1-b777-3368a15f9966})
version: 117440526
version (major): 7
estimated size: 969
install date: 20061102
install source: C:\DOCUME~1\Mike\LOCALS~1\Temp\{E31A9DF1-3E28-4675-B3EA-FB8717BFAECA}\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\
uninstall cmd: MsiExec.exe /X{4ecaf021-478c-40c1-b777-3368a15f9966}
publisher: Macromedia, Inc.
NewCopy 50.0.206.000 ({54E3707F-808E-4fd4-95C9-15D1AB077E5D})
version: 838861006
version (major): 50
estimated size: 816
install date: 20061102
install source: F:\setup\newcopy\
publisher: Hewlett-Packard
WebReg 53.0.13.000 ({56F8AFC3-FA98-4ff1-9673-8A026CBF85BE})
version: 889192461
version (major): 53
estimated size: 529
install date: 20061102
install source: F:\setup\WebReg\
publisher: Hewlett-Packard
HP PSC & OfficeJet 5.3.B ({5B79CFD1-6845-4158-9D7D-6BE89DF2C135})
uninstall cmd: "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
publisher: HP
help link: http://www.hp.com/support
Sony USB Driver ({5C29CB8B-AC1E-4114-8D68-9CD080140D4A})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
McAfee VirusScan Enterprise 8.0.0 ({5DF3D1BB-894E-4DCD-8275-159AC9829B43})
version: 134217728
version (major): 8
estimated size: 46580
install date: 20061101
install location: C:\Program Files\Network Associates\VirusScan\
install source: C:\DOCUME~1\Mike\LOCALS~1\Temp\McAfee VirusScan Enterprise 80\
uninstall cmd: MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
publisher: Network Associates
contact: Support
help link: https://mysupport.nai.com/redir/default.asp?pCode=VSE&sRef=app&sDest=FAQ
help telephone: +1 (408) 988-3832
LostinAsia
2007-03-08, 13:12
Delta Force Black Hawk Down Team Sabre 1.00.000 ({6164D2E7-986B-42F5-B3A6-64D5E53FB889})
version: 16777216
install location: C:\Program Files\NovaLogic\Delta Force Black Hawk Down
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\setup.exe" -l0x9 -uninst
Wireless LAN Starter ({61D6E4FB-1A62-4EB1-BE56-929B00C155CF})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}\Setup.exe" -l0x9
eSupportQFolder 1.00.0000 ({66E6CE0C-5A1E-430C-B40A-0C90FF1804A8})
version: 16777216
version (major): 1
install date: 20061102
install source: F:\setup\QFolder\
publisher: Hewlett-Packard
DocProc 5.2.0.0 ({6BB6627C-694F-4FDC-A3E5-C7F4BED4C724})
version: 84017152
version (major): 5
version (minor): 2
estimated size: 76186
install date: 20061102
install source: F:\setup\DocProc\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0
mCore 1.31.0000 ({6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A})
version: 18808832
version (major): 1
version (minor): 31
estimated size: 3795
install date: 20061101
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
1000Tour 50.0.206.000 ({71AA1805-536A-43CB-8FA7-B89EDB975D3C})
version: 838861006
version (major): 50
estimated size: 1
install date: 20061102
install source: F:\Setup\Tour\
publisher: Hewlett-Packard
({71d6ce84-b7dc-4166-8e0d-56c1c37bfb5a})
uninstall cmd: Dummy
AiOSoftware 50.0.206.000 ({7850A6D2-CBEA-4728-9877-F1BEDEA9F619})
version: 838861006
version (major): 50
estimated size: 5187
install date: 20061102
install source: F:\setup\AiOSoftware\
publisher: Hewlett-Packard
ProductContext 50.0.206.000 ({7C9B95B7-B598-4398-B30F-7F6827192E6C})
version: 838861006
version (major): 50
install date: 20061102
install source: C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\
publisher: Hewlett-Packard
PictureGear Studio 2.0 ({88DA0A52-3372-4803-971A-ADFB961707E8})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88DA0A52-3372-4803-971A-ADFB961707E8}\Setup.exe"
({88E5FCB8-5F25-11D5-B16F-0800460222F0})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
Intel(R) Graphics Media Accelerator Driver for Mobile 6.14.10.4543 ({8A708DD8-A5E6-11D4-A706-000629E95E20})
uninstall cmd: RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
mPfMgr 1.31.0000 ({8B928BA1-EDEC-4227-A2DA-DD83026C36F5})
version: 18808832
version (major): 1
version (minor): 31
estimated size: 728
install date: 20061101
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
Microsoft Office Professional Edition 2003 11.0.7969.0 ({90110409-6000-11D3-8CFE-0150048383C9})
version: 184557345
version (major): 11
estimated size: 641163
install date: 20070217
install source: D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\
uninstall cmd: MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM
Readme 50.0.206.000 ({923A7F5A-1E8C-4FBE-8DF6-85940A60A79F})
version: 838861006
version (major): 50
estimated size: 56
install date: 20061102
install source: F:\setup\readme\
publisher: Hewlett-Packard
Smart Menus (Windows Live Toolbar) 03.01.0072 ({95FC661A-A0C5-4B18-92CE-90347DA79CC9})
version: 50397256
version (major): 3
version (minor): 1
estimated size: 679
install date: 20061207
install source: C:\WINDOWS\TEMP\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
publisher: Microsoft Corporation
mXML 1.31.0000 ({9CC89556-3578-48DD-8408-04E66EBEF401})
version: 18808832
version (major): 1
version (minor): 31
estimated size: 28912
install date: 20061101
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
Windows Live Toolbar 03.01.0072 ({9DA72A9F-4246-4C10-B0FA-D8C1037D45F8})
version: 50397256
version (major): 3
version (minor): 1
estimated size: 9450
install date: 20061207
install source: C:\WINDOWS\TEMP\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{9DA72A9F-4246-4C10-B0FA-D8C1037D45F8}
publisher: Microsoft Corporation
VAIO Power Management 2.0.01.12200 ({9E319E96-ED8E-4B01-9775-C521A1869A25})
install location: C:\Program Files\Sony\VAIO Power Management
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E319E96-ED8E-4B01-9775-C521A1869A25}\Setup.exe" -l0x9 UNINSTALL
publisher: Sony Corporation
SonicStage 4.1 4.1 ({A0EB195B-5876-48E6-879D-33D4B2102610})
version: 67174400
install date: 20061217
install location: D:\Program Files\Sony\SonicStage
install source: F:\sonicstage\ss\english\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
publisher: Sony Corporation
ScannerCopy 5.2.0.0 ({A195B13E-A5E3-4BAF-A995-7F70F445CD06})
version: 84017152
version (major): 5
version (minor): 2
estimated size: 5017
install date: 20061102
install source: F:\setup\ScannerCopy\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0
DeviceManagementQFolder 1.00.0000 ({AB5D51AE-EBC3-438D-872C-705C7C2084B0})
version: 16777216
version (major): 1
install date: 20061102
install source: F:\setup\QFolder\
publisher: Hewlett-Packard
CP_Package_Variety2 53.0.13.000 ({B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA})
version: 889192461
version (major): 53
estimated size: 8617
install date: 20061102
install source: F:\setup\CP_Package_Variety2\
publisher: Hewlett-Packard
BufferChm 53.0.13.000 ({B996AE66-10DB-4ac5-B151-E8B4BFBC42FC})
version: 889192461
version (major): 53
estimated size: 4769
install date: 20061102
install source: F:\setup\BufferChm\
publisher: Hewlett-Packard
HotKey Utility ({BB311F54-39D6-4A03-8E18-053D1B2833D7})
install location: C:\Program Files\Sony\HotKey Utility
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\Setup.exe" -l0x9
Scan 5.2.0.0 ({C506A18C-1469-4678-B094-F4EC9DAE6DB7})
version: 84017152
version (major): 5
version (minor): 2
estimated size: 9128
install date: 20061102
install source: F:\setup\Scan\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0
LostinAsia
2007-03-08, 13:14
Delta Force Black Hawk Down Team Sabre 1.00.000 ({6164D2E7-986B-42F5-B3A6-64D5E53FB889})
version: 16777216
install location: C:\Program Files\NovaLogic\Delta Force Black Hawk Down
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\setup.exe" -l0x9 -uninst
Wireless LAN Starter ({61D6E4FB-1A62-4EB1-BE56-929B00C155CF})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}\Setup.exe" -l0x9
eSupportQFolder 1.00.0000 ({66E6CE0C-5A1E-430C-B40A-0C90FF1804A8})
version: 16777216
version (major): 1
install date: 20061102
install source: F:\setup\QFolder\
publisher: Hewlett-Packard
DocProc 5.2.0.0 ({6BB6627C-694F-4FDC-A3E5-C7F4BED4C724})
version: 84017152
version (major): 5
version (minor): 2
estimated size: 76186
install date: 20061102
install source: F:\setup\DocProc\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0
mCore 1.31.0000 ({6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A})
version: 18808832
version (major): 1
version (minor): 31
estimated size: 3795
install date: 20061101
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
1000Tour 50.0.206.000 ({71AA1805-536A-43CB-8FA7-B89EDB975D3C})
version: 838861006
version (major): 50
estimated size: 1
install date: 20061102
install source: F:\Setup\Tour\
publisher: Hewlett-Packard
({71d6ce84-b7dc-4166-8e0d-56c1c37bfb5a})
uninstall cmd: Dummy
AiOSoftware 50.0.206.000 ({7850A6D2-CBEA-4728-9877-F1BEDEA9F619})
version: 838861006
version (major): 50
estimated size: 5187
install date: 20061102
install source: F:\setup\AiOSoftware\
publisher: Hewlett-Packard
ProductContext 50.0.206.000 ({7C9B95B7-B598-4398-B30F-7F6827192E6C})
version: 838861006
version (major): 50
install date: 20061102
install source: C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\
publisher: Hewlett-Packard
PictureGear Studio 2.0 ({88DA0A52-3372-4803-971A-ADFB961707E8})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88DA0A52-3372-4803-971A-ADFB961707E8}\Setup.exe"
({88E5FCB8-5F25-11D5-B16F-0800460222F0})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
Intel(R) Graphics Media Accelerator Driver for Mobile 6.14.10.4543 ({8A708DD8-A5E6-11D4-A706-000629E95E20})
uninstall cmd: RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
mPfMgr 1.31.0000 ({8B928BA1-EDEC-4227-A2DA-DD83026C36F5})
version: 18808832
version (major): 1
version (minor): 31
estimated size: 728
install date: 20061101
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
Microsoft Office Professional Edition 2003 11.0.7969.0 ({90110409-6000-11D3-8CFE-0150048383C9})
version: 184557345
version (major): 11
estimated size: 641163
install date: 20070217
install source: D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\
uninstall cmd: MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM
Readme 50.0.206.000 ({923A7F5A-1E8C-4FBE-8DF6-85940A60A79F})
version: 838861006
version (major): 50
estimated size: 56
install date: 20061102
install source: F:\setup\readme\
publisher: Hewlett-Packard
Smart Menus (Windows Live Toolbar) 03.01.0072 ({95FC661A-A0C5-4B18-92CE-90347DA79CC9})
version: 50397256
version (major): 3
version (minor): 1
estimated size: 679
install date: 20061207
install source: C:\WINDOWS\TEMP\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
publisher: Microsoft Corporation
mXML 1.31.0000 ({9CC89556-3578-48DD-8408-04E66EBEF401})
version: 18808832
version (major): 1
version (minor): 31
estimated size: 28912
install date: 20061101
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
Windows Live Toolbar 03.01.0072 ({9DA72A9F-4246-4C10-B0FA-D8C1037D45F8})
version: 50397256
version (major): 3
version (minor): 1
estimated size: 9450
install date: 20061207
install source: C:\WINDOWS\TEMP\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{9DA72A9F-4246-4C10-B0FA-D8C1037D45F8}
publisher: Microsoft Corporation
VAIO Power Management 2.0.01.12200 ({9E319E96-ED8E-4B01-9775-C521A1869A25})
install location: C:\Program Files\Sony\VAIO Power Management
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E319E96-ED8E-4B01-9775-C521A1869A25}\Setup.exe" -l0x9 UNINSTALL
publisher: Sony Corporation
SonicStage 4.1 4.1 ({A0EB195B-5876-48E6-879D-33D4B2102610})
version: 67174400
install date: 20061217
install location: D:\Program Files\Sony\SonicStage
install source: F:\sonicstage\ss\english\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
publisher: Sony Corporation
ScannerCopy 5.2.0.0 ({A195B13E-A5E3-4BAF-A995-7F70F445CD06})
version: 84017152
version (major): 5
version (minor): 2
estimated size: 5017
install date: 20061102
install source: F:\setup\ScannerCopy\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0
DeviceManagementQFolder 1.00.0000 ({AB5D51AE-EBC3-438D-872C-705C7C2084B0})
version: 16777216
version (major): 1
install date: 20061102
install source: F:\setup\QFolder\
publisher: Hewlett-Packard
CP_Package_Variety2 53.0.13.000 ({B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA})
version: 889192461
version (major): 53
estimated size: 8617
install date: 20061102
install source: F:\setup\CP_Package_Variety2\
publisher: Hewlett-Packard
BufferChm 53.0.13.000 ({B996AE66-10DB-4ac5-B151-E8B4BFBC42FC})
version: 889192461
version (major): 53
estimated size: 4769
install date: 20061102
install source: F:\setup\BufferChm\
publisher: Hewlett-Packard
HotKey Utility ({BB311F54-39D6-4A03-8E18-053D1B2833D7})
install location: C:\Program Files\Sony\HotKey Utility
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\Setup.exe" -l0x9
Scan 5.2.0.0 ({C506A18C-1469-4678-B094-F4EC9DAE6DB7})
version: 84017152
version (major): 5
version (minor): 2
estimated size: 9128
install date: 20061102
install source: F:\setup\Scan\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0
LostinAsia
2007-03-08, 13:16
Fax 50.0.206.000 ({CE24344F-DFD8-40C8-8FD8-C9740B5F25AC})
version: 838861006
version (major): 50
estimated size: 17959
install date: 20061102
install source: F:\setup\fax\
publisher: Hewlett-Packard
Bluetooth Stack for Windows by Toshiba v4.00.31b(SO) ({CEBB6BFB-D708-4F99-A633-BC2600E01EF6})
version: 67108864
version (major): 4
estimated size: 29027
install date: 20061101
install location: C:\Program Files\Toshiba\Bluetooth Toshiba Stack\
install source: C:\DOCUME~1\Mike\LOCALS~1\Temp\pft10.tmp\
uninstall cmd: MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
1200_Help 50.0.206.000 ({D37CC59E-0A8B-4C15-A663-F613A1011E40})
version: 838861006
version (major): 50
estimated size: 353
install date: 20061102
install source: F:\Setup\AiOHelp\
publisher: Hewlett-Packard
OpenMG Secure Module 4.6.00 4.6.00.08110 ({D5654243-0EDC-4BE7-8353-16ECE4019CD1})
version: 67502080
version (major): 4
version (minor): 6
estimated size: 23025
install date: 20061217
install location: C:\Program Files\Sony Corporation\OpenMG Secure Module\
install source: F:\common\openmg\
publisher: Sony Corporation
({D76298C2-E532-4A11-BCFF-76F3F19DA84D})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
HPProductAssistant 53.0.13.000 ({E3F90083-80D4-4b5a-87C7-E97E12F5516D})
version: 889192461
version (major): 53
estimated size: 3115
install date: 20061102
install source: F:\setup\hpproductassistant\
publisher: Hewlett-Packard
SolutionCenter 50.0.152.000 ({EA103B64-C0E4-4C0E-A506-751590E1653D})
version: 838860952
version (major): 50
estimated size: 7456
install date: 20061102
install source: F:\setup\SolutionCenter\
publisher: Hewlett-Packard
Sony Utilities DLL ({EF3D45BB-2260-4008-88EA-492E7744A9DF})
version: 100925440
install date: 20061103
install location: C:\Program Files\Common Files\Sony Shared\Sony Utilities
install source: C:\DOCUME~1\Mike\LOCALS~1\Temp\pft4E.tmp\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9 -removeonly
PDF Manual NW-S600/S700F Series 1.0 ({EF71D37B-0CC7-4B8B-863C-FB23849A508E})
version: 16777216
install date: 20061217
install location: C:\Program Files\Common Files\Sony Shared\PD\NW-S600 S700F Series
install source: F:\device\pdf manual\nw-s600s700f series\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF71D37B-0CC7-4B8B-863C-FB23849A508E}\setup.exe" -l0x9 UNINSTALL -removeonly
publisher: Sony Corporation
mMHouse 1.31.0000 ({F0BFC7EF-9CF8-44EE-91B0-158884CD87C5})
version: 18808832
version (major): 1
version (minor): 31
estimated size: 1658
install date: 20061101
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373
VAIO Event Service ({F0D85ADD-DD61-4B43-87A0-6DA52A211A8B})
version: 33751040
install date: 20061103
install location: C:\Program Files\Sony\VAIO Event Service
install source: C:\DOCUME~1\Mike\LOCALS~1\Temp\pft32.tmp\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}\setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver 1.92 ({F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC})
version: 22806528
install date: 20061103
install location: C:\Program Files\Realtek\InstallShield\
install source: C:\DOCUME~1\Mike\LOCALS~1\Temp\Drivers\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
publisher: Realtek Semiconductor Corp.
Status 53.0.13.000 ({F4C2E5F5-2970-45f4-ABD3-C180C4D961C4})
version: 889192461
version (major): 53
estimated size: 1169
install date: 20061102
install source: F:\setup\Status\
publisher: Hewlett-Packard
VAIO Control Center ({FC37C108-821D-4EDE-8F40-D5B497586805})
install location: C:\Program Files\Sony\VAIO Control Center
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC37C108-821D-4EDE-8F40-D5B497586805}\Setup.exe" -l0x9
mWlsSafe 9.00.0000 ({FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4})
version: 150994944
version (major): 9
install date: 20061101
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
publisher: Intel
comments: Pseudo NCS Install
contact: Customer Support Department
help link: http://www.intel.com
help telephone: 1-555-555-4505
LAN-Express AS IEEE 802.11 Wireless LAN ({FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}\Setup.exe" -l0x9
Windows Live Messenger 8.0.0812.00 ({FCE50DB8-C610-4C42-BE5C-193F46C6F812})
version: 134218540
version (major): 8
estimated size: 28206
install date: 20061205
install source: C:\DOCUME~1\Mike\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
publisher: Microsoft Corporation
HP Image Zone Express 1.5.1.29 ({FE64AE29-0883-4C70-8388-DC026019C900})
version: 17104897
version (major): 1
version (minor): 5
estimated size: 9394
install date: 20061102
install location: C:\Program Files\HP\
install source: F:\setup\ImageZoneExpress\
uninstall cmd: MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
publisher: Hewlett-Packard
help link: http://www.hp.com
Hi
I see no Nurech on that spybot log. And that log looks good :)
I think that installing spywareblaster will block that tracking cookie from coming in the future, however before that let's run one online scan
Open HijackThis, click do a system scan only and checkmark these:
R3 - URLSearchHook: (no name) - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
Reboot
Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.
Post:
- a fresh HijackThis log
- kaspersky report
LostinAsia
2007-03-09, 00:46
Hey Shaba,
Just wondering, when I checkmark those items found in the HJT scan, should I click on "fix selected"?
I am going to scan using the online scanner later this afternoon. I will post the logs asap...
Thanks for your help....
LostinAsia
2007-03-09, 05:28
Hi Shaba,
Here are the two logs that you requested. Please note that the online scan shows that I am infected. The log from the online scan has revealed several infections. I am very concerned. I appreciate anything you can do to help me fix these infections.
Thanks.......
Logfile of HijackThis v1.99.1
Scan saved at 12:23:31 PM, on 3/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\HijackThis\HijackThis.exe
R3 - URLSearchHook: (no name) - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Documents and Settings\Mike\Local Settings\Temp\{F52924BD-9422-458D-9D0D-69D314B096CA}\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\NOVG.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to QQ Customized Emoticons - d:\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - D:\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - D:\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?738143df2d654e4993f90aea3497ca8b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?738143df2d654e4993f90aea3497ca8b
O8 - Extra context menu item: Send picture by MMS - D:\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - d:\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - D:\Tencent\QQ\AddToNetDisk.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [TBH] SOSO AddressBar Search
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162555012046
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C4336C0-E628-44E7-99D6-354D186B5175}: NameServer = 202.96.128.166 61.144.56.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C4336C0-E628-44E7-99D6-354D186B5175}: NameServer = 202.96.128.166 61.144.56.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
KASPERSKY ONLINE SCANNER REPORT
Friday, March 09, 2007 12:22:37 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 9/03/2007
Kaspersky Anti-Virus database records: 278791
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 61010
Number of viruses found 1
Number of infected objects 3 / 0
Number of suspicious objects 0
Duration of the scan process 00:40:29
Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20070309_Time-073958609_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20070309_Time-073958609_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_MIKE-C76A978975.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_MIKE-C76A978975.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mike\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\History\History.IE5\MSHist012007030920070310\index.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Temp\~DFAE52.tmp Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mike\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Mike\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{7EC03200-F229-4F68-B4A7-AEEA13C61B72}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\My Documents\Anti-Spyware\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\My Documents\Anti-Spyware\SmitfraudFix.zip ZIP: infected - 1 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Hi
You are not infected, those are part of smitfraudfix and legit files. Kaspersky marks them as risktool as reboot.exe can also be used for malicious purposes.
Yes, you should click fix selected, my bad :oops:
So please do this:
Open HijackThis, click do a system scan only and checkmark these:
R3 - URLSearchHook: (no name) - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
Close all windows including browser and press fix checked.
Reboot
Post a fresh HijackThis log
LostinAsia
2007-03-09, 12:04
Hey Shaba,
First of all, thanks a lot for your time. I am relieved that those were not actually infections. I have followed your instructions and posted a fresh HJT log below. When I fix selected the tea timer prompted me to accept or deny registry changes. I chose to accept, but I am not sure if this was the right choice. Please kindly advise....
Also, why is it that when I initally open IE it takes what seems like forever to open? (IE opens to blank) Also, under the favourites tab in IE I have many websites saved....sometimes I can see a small icon for those websites....but sometimes I cannot. Why is that?
Anyway, I am still thinking that in future scans using SpyBot I might encounter that Nurech thing....if I do....I guess I will post again and let you have a look....
Thanks again....hope you have a great weekend!!!
Logfile of HijackThis v1.99.1
Scan saved at 6:55:03 PM, on 3/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Documents and Settings\Mike\Local Settings\Temp\{F52924BD-9422-458D-9D0D-69D314B096CA}\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\NOVG.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to QQ Customized Emoticons - d:\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - D:\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - D:\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?738143df2d654e4993f90aea3497ca8b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?738143df2d654e4993f90aea3497ca8b
O8 - Extra context menu item: Send picture by MMS - D:\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - d:\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - D:\Tencent\QQ\AddToNetDisk.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [TBH] SOSO AddressBar Search
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162555012046
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C4336C0-E628-44E7-99D6-354D186B5175}: NameServer = 202.96.128.166 61.144.56.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C4336C0-E628-44E7-99D6-354D186B5175}: NameServer = 202.96.128.166 61.144.56.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
LostinAsia
2007-03-09, 13:03
Hi again,
Just wondering, I don't have QQ installed on my laptop, although I did a few months back. I deleted the software from my system, so why do I see the below entries in the HJT log? Shouldn't they be gone since I don't have any Tencent QQ software installed?
Cheers....
O8 - Extra context menu item: Add to QQ Customized Emoticons - d:\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - D:\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - D:\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Send picture by MMS - D:\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - d:\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - D:\Tencent\QQ\AddToNetDisk.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Tencent\QQ\QQ.EXE (file missing)
LostinAsia
2007-03-09, 13:25
I just deleted the windows live toolbar from my IE....not sure if I can also checkmark and fix some more entries found in the HJT log???
Hi
Yes, accepting is right :)
That Nurech is false positive from Spybot, link (http://forums.spybot.info/showthread.php?t=11940).
Small icon for websites disappearing is likely IE bug.
You have a lot of startup programs, that may also slowdown IE opening.
You can try also IE 7 installation.
You can also checkmark all QQ and live toolbar entries (check add/remove programs first that there's nothin QQ related, and if there's, uninstall it) if you like and after that please post a fresh HijackThis log :)
LostinAsia
2007-03-09, 14:28
Hi Shaba,
You're quite fast....nice....
I checkmarked all those QQ entries and fixed them. I uninstalled the Windows Live Toolbar from the control panel...I didn't see any entries in the HJT scan after the deletion. One entry that puzzles me a bit is this one:
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file). What is it and should I fix it?
I will reboot now and see how the IE is any faster opening.
Cheers....
Logfile of HijackThis v1.99.1
Scan saved at 9:25:00 PM, on 3/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] D:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Documents and Settings\Mike\Local Settings\Temp\{F52924BD-9422-458D-9D0D-69D314B096CA}\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\NOVG.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [TBH] SOSO AddressBar Search
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162555012046
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C4336C0-E628-44E7-99D6-354D186B5175}: NameServer = 202.96.128.166 61.144.56.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C4336C0-E628-44E7-99D6-354D186B5175}: NameServer = 202.96.128.166 61.144.56.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
Hi
About that entry, see here (http://www.castlecops.com/tk1052-msntb_dll.html)
It's just a leftover so you can fix it :)
Do you have any other problems?
LostinAsia
2007-03-10, 03:22
Hi Shaba,
I have finished everything....my system seems to be running fine.
Thank you very much for your help.
If I have any other problems I will post again....
Thanks again!!!
LostinAsia
2007-03-10, 05:28
Hi Shaba,
I have just installed the Sunbelt Kerio Firewall. It's the freeware version; full capabilities for the first 30 days - then some features disabled. I have one question, that is, when I turn on my laptop, I get the following error message:
Windows - Fatal Application Exit
The Sunbelt Kerio HIPS Driver found an incompatible DLL 'EntAPI.dll'. The HIPS Driver has been unloaded.
After I click 'ok', my laptop is fine....no problems in operation.....So, how can I solve this?
Thanks.......
LostinAsia
2007-03-10, 05:55
Hi Shaba,
I have checkmarked the following BHO and clicked the fix selected button....but after I reboot and run HJT, the same BHO is displayed. Why does it keep showing up? Also, when I load windows the tea timer displays small dialogue boxes that show the registry changes. When I right click the tea timer and then click on settings, there is a window that displays the allowed and denied registry changes. If I ckick the black X, will this stop those small dialogue windows from appearing each time I load windows?
Here is that BHO, it's the same one that I asked about earlier....
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file).
Hi
As for Kerio thing, see this (http://support.sunbelt-software.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_sid=ttoydp-h&p_lva=&p_faqid=1410) link
As for BHO, try to first disable teatimer:
# Run Spybot-S&D in Advanced Mode.
# If it is not already set to do this Go to the Mode menu select "Advanced Mode"
# On the left hand side, Click on Tools
# Then click on the Resident Icon in the List
# Uncheck "Resident TeaTimer" and OK any prompts.
# Restart your computer.
Then fix that line and re-enable teatimer.
Did those tips help?
LostinAsia
2007-03-11, 05:07
Hey Shaba,
That entry is now gone. Thanks. The firewall is causing one problem that I don't understand. I use BitComet to download, when the Kerio Firewall is installed on my system, I cannot use BitComet; it freezes and when I try to close it using the Task Manager, nothing happens. The only way I can exit the program is if I restart my laptop.
Cheers.......
Hi
Maybe you can try another torrent client, eg. utorrent?
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.