View Full Version : Smitfraud problem
So I got hijacked and I cannot get rid of it. Comp running terribly, can only open 1 IE page at a time.
Here are my logs. Looks like I have a bunch of garbage there. :sad:
Thanks so much!!!!!!!!!!!!!!
Logfile of HijackThis v1.99.1
Scan saved at 10:48:45 AM, on 4/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SMC\EZ Connect Turbo WLAN Adapter\SMCWLAN.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\freecell.exe
C:\Documents and Settings\Vanessa\My Documents\New Folder\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\tmpD52.tmp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {e690b0e6-223c-4502-aa69-aecc1053036b} - C:\WINDOWS\system32\atipasf.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\awtrqo.dll",setvm
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SMC EZ Connect Turbo WLAN Adapter.lnk = C:\Program Files\SMC\EZ Connect Turbo WLAN Adapter\SMCWLAN.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Texas Hold'em Poker by pogo - http://game4.pogo.com/applet-6.1.1.21/holdem/holdem-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121730763227
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: atipasf - C:\WINDOWS\SYSTEM32\atipasf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
Spybot log
--- Search result list ---
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX: DirectX Update 819696
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB883939
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB890923
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB896688
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB896727
/ Outlook Express 6 / SP1: Windows XP Hotfix - KB897715
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows Media Player 9 / SP0: Windows Media Player 9 Hotfix [See KB885492 for more information]
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Security Update for Windows XP (KB928090)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Update for Windows XP (KB929338)
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Update for Windows XP (KB931836)
--- Startup entries list ---
Located: HK_LM:Run, Apoint
command: C:\Program Files\Apoint\Apoint.exe
file: C:\Program Files\Apoint\Apoint.exe
size: 37407
MD5: ca588c5428113b76be642f20f660e125
Located: HK_LM:Run, ATIModeChange
command: Ati2mdxx.exe
file: C:\WINDOWS\system32\Ati2mdxx.exe
size: 28672
MD5: fae95d6d7651b5629c4e19adbc9a3863
Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 37407
MD5: ca588c5428113b76be642f20f660e125
Located: HK_LM:Run, CARPService
command: carpserv.exe
file: C:\WINDOWS\system32\carpserv.exe
size: 4608
MD5: d8eddab752d57a97b487e93795f292a7
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 37407
MD5: ca588c5428113b76be642f20f660e125
Located: HK_LM:Run, ccRegVfy
command: "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
size: 37407
MD5: ca588c5428113b76be642f20f660e125
Located: HK_LM:Run, ezShieldProtector for Px
command: C:\WINDOWS\System32\ezSP_Px.exe
file: C:\WINDOWS\System32\ezSP_Px.exe
size: 37407
MD5: ca588c5428113b76be642f20f660e125
Located: HK_LM:Run, HKSERV.EXE
command: C:\Program Files\Sony\HotKey Utility\HKserv.exe
file: C:\Program Files\Sony\HotKey Utility\HKserv.exe
size: 37407
MD5: ca588c5428113b76be642f20f660e125
Located: HK_LM:Run, Lexmark_X79-55
command: C:\WINDOWS\system32\lsasss.exe
file: C:\WINDOWS\system32\lsasss.exe
size: 37407
MD5: ca588c5428113b76be642f20f660e125
Located: HK_LM:Run, Mouse Suite 98 Daemon
command: ICO.EXE
file:
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 37407
MD5: ca588c5428113b76be642f20f660e125
Located: HK_LM:Run, SoundService
command: rundll32.exe "C:\WINDOWS\awtrqo.dll",setvm
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 37407
MD5: ca588c5428113b76be642f20f660e125
Located: HK_LM:Run, VAIO Recovery
command: C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
file: C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
size: 37407
MD5: ca588c5428113b76be642f20f660e125
Located: HK_LM:Run, ZTgServerSwitch
command: "c:\program files\support.com\client\bin\tgcmd.exe" /server
file: c:\program files\support.com\client\bin\tgcmd.exe
size: 37407
MD5: ca588c5428113b76be642f20f660e125
Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: HK_CU:Run, swg
command: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
size: 37407
MD5: ca588c5428113b76be642f20f660e125
Located: Startup (common), SMC EZ Connect Turbo WLAN Adapter.lnk
command: C:\Program Files\SMC\EZ Connect Turbo WLAN Adapter\SMCWLAN.EXE
file: C:\Program Files\SMC\EZ Connect Turbo WLAN Adapter\SMCWLAN.EXE
size: 237568
MD5: 76b28bea54c7f4cb650ede6b59432282
Located: System.ini, atipasf
command: atipasf.dll
file: atipasf.dll
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 5/15/2003 3:47:54 AM
Date (last access): 4/4/2007 10:23:38 AM
Date (last write): 5/15/2003 3:47:54 AM
Filesize: 50376
Attributes: archive
MD5: 0C0E1B2BCAED8DF401BE94D538BCB412
CRC32: 1D771322
Version: 6.0.0.878
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 7/19/2005 9:09:46 PM
Date (last access): 4/4/2007 10:20:02 AM
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0
{549B5CA7-4A86-11D7-A4DF-000874180BB3} ()
BHO name:
CLSID name:
{57E218E6-5A80-4f0c-AB25-83598F25D7E9} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: tmpD52.tmp.dll
Short name: TMPD52~1.DLL
Date (created): 4/3/2007 1:45:12 PM
Date (last access): 4/4/2007 10:23:38 AM
Date (last write): 4/3/2007 1:45:12 PM
Filesize: 37918
Attributes: archive
MD5: A440D0A6FBF6BA3E4E1EDC2EAA734A33
CRC32: 60389C62
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar3.dll
Short name: GOOGLE~3.DLL
Date (created): 2/6/2007 3:47:16 PM
Date (last access): 4/4/2007 10:21:58 AM
Date (last write): 1/20/2007 12:55:32 AM
Filesize: 2403392
Attributes: readonly archive
MD5: 6319F2D4708DBCAE37CFA03DA10782C0
CRC32: D51D8296
Version: 4.0.1601.4978
{BDF3E430-B101-42AD-A544-FADC6B084872} (NAV Helper)
BHO name: NAV Helper
CLSID name: CNavExtBho Class
description: Norton Antivirus
classification: Legitimate
known filename: NavShExt.dll
info link: http://www.symantec.com/nav/nav_9xnt/
info source: TonyKlein
Path: C:\Program Files\Norton AntiVirus\
Long name: NAVShExt.dll
Short name:
Date (created): 3/4/2003 3:58:04 PM
Date (last access): 4/4/2007 10:23:38 AM
Date (last write): 3/4/2003 3:58:04 PM
Filesize: 111784
Attributes: archive
MD5: 68DEC48A2B4B76E0E34FCF1349F98601
CRC32: 3B2AF77D
Version: 9.12.0.3
{e690b0e6-223c-4502-aa69-aecc1053036b} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: atipasf.dll
Short name:
Date (created): 4/2/2007 9:44:26 PM
Date (last access): 4/4/2007 10:21:58 AM
Date (last write): 4/2/2007 9:44:26 PM
Filesize: 19275
Attributes: archive
MD5: 004CE4A7BCE20D27621BFDB8D10B9B6D
CRC32: 9E7BCE37
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
BHO name:
CLSID name:
description: Microsoft Money
classification: Open for discussion
known filename: mnyviewer.dll
info link: http://www.microsoft.com/money/default.asp
info source: TonyKlein
--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
Texas Hold'em Poker by pogo (Texas Hold'em Poker by pogo)
DPF name: Texas Hold'em Poker by pogo
CLSID name:
Installer:
Codebase: http://game4.pogo.com/applet-6.1.1.21/holdem/holdem-ob-assets.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
Yahoo! Chat (Yahoo! Chat)
DPF name: Yahoo! Chat
CLSID name:
Installer:
Codebase: http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
Yahoo! Poker (Yahoo! Poker)
DPF name: Yahoo! Poker
CLSID name:
Installer:
Codebase: http://download.games.yahoo.com/games/clients/y/pt3_x.cab
description:
classification: Legitimate
known filename: IEAWSDC.DLL
info link:
info source: Safer Networking Ltd.
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=48835
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 1/12/2006 12:32:12 PM
Date (last access): 4/4/2007 9:49:40 AM
Date (last write): 3/15/2007 6:19:28 PM
Filesize: 1476992
Attributes: archive
MD5: D1CB99ADBA9397D7D02B0B2DCFE47F1A
CRC32: ED982FE3
Version: 1.7.18.5
{2B323CD9-50E3-11D3-9466-00A0C9700498} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\yacscom.inf
Codebase: http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
description: Yahoo Audio Conferencing
classification: Legitimate
known filename: YACSCOM.DLL
info link:
info source: Patrick M. Kolla
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121730763227
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: wuweb.dll
Short name:
Date (created): 5/26/2005 4:19:32 AM
Date (last access): 4/4/2007 9:50:42 AM
Date (last write): 5/26/2005 4:19:32 AM
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 5.8.0.2469
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_03)
DPF name: Java Runtime Environment 1.4.0_03
CLSID name: Java Plug-in 1.4.0_03
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.0_03\bin\
Long name: NPJPI140_03.dll
Short name: NPJPI1~1.DLL
Date (created): 8/1/2003 3:43:08 PM
Date (last access): 4/3/2007 9:15:54 PM
Date (last write): 11/1/2002 11:15:54 PM
Filesize: 86122
Attributes: archive
MD5: 55025C2CD54747690239BE771CBFB1E5
CRC32: 7DFDE8FA
Version: 1.4.0.30
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)
DPF name:
CLSID name: MsnMessengerSetupDownloadControl Class
Installer: C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.inf
Codebase: http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
description:
classification: Legitimate
known filename: MsnMessengerSetupDownloader.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnMessengerSetupDownloader.ocx
Short name: MSNMES~1.OCX
Date (created): 3/17/2005 2:48:34 PM
Date (last access): 4/3/2007 9:30:14 PM
Date (last write): 3/17/2005 2:48:34 PM
Filesize: 113152
Attributes: archive
MD5: 92D24B6643919005213F60D5B537196A
CRC32: 31684779
Version: 1.0.0.2
{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03)
DPF name: Java Runtime Environment 1.4.0_03
CLSID name: Java Plug-in 1.4.0_03
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab
description:
classification: Legitimate
known filename: npjpi140_03.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.0_03\bin\
Long name: NPJPI140_03.dll
Short name: NPJPI1~1.DLL
Date (created): 8/1/2003 3:43:08 PM
Date (last access): 4/4/2007 10:46:50 AM
Date (last write): 11/1/2002 11:15:54 PM
Filesize: 86122
Attributes: archive
MD5: 55025C2CD54747690239BE771CBFB1E5
CRC32: 7DFDE8FA
Version: 1.4.0.30
{
D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\Macromed\Flash\
Long name: Flash8.ocx
Short name:
Date (created): 8/27/2005 2:38:56 PM
Date (last access): 4/4/2007 10:28:14 AM
Date (last write): 8/27/2005 2:38:56 PM
Filesize: 1435272
Attributes: archive
MD5: 900373C059C2B51CA91BF110DBDECB33
CRC32: F19599BC
Version: 8.0.22.0
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class)
DPF name:
CLSID name: iTunesDetector Class
Installer: C:\WINDOWS\Downloaded Program Files\ITDetector.inf
Codebase: http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
description:
classification: Legitimate
known filename: ITDetector.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ITDetector.ocx
Short name: ITDETE~1.OCX
Date (created): 2/3/2004 10:26:38 AM
Date (last access): 4/3/2007 9:30:14 PM
Date (last write): 2/3/2004 10:26:38 AM
Filesize: 49152
Attributes: archive
MD5: C45D0B763A601B1EEF0573F99F1DD732
CRC32: 09E2233A
Version: 2.0.0.0
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5)
DPF name:
CLSID name: MSN Chat Control 4.5
Installer: C:\WINDOWS\Downloaded Program Files\MsnChat45.inf
Codebase: http://chat.msn.com/bin/msnchat45.cab
description:
classification: Legitimate
known filename: MSNChat45.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MSNChat45.ocx
Short name: MSNCHA~1.OCX
Date (created): 10/27/2003 12:35:44 PM
Date (last access): 4/3/2007 9:30:14 PM
Date (last write): 10/27/2003 12:35:44 PM
Filesize: 510552
Attributes: archive
MD5: 60FED272BDBAFA8214E40AD376C9987E
CRC32: 5EE901FC
Version: 9.2.310.2401
--- Process list ---
PID: 0 ( 0) [System]
PID: 448 ( 4) \SystemRoot\System32\smss.exe
PID: 504 ( 448) \??\C:\WINDOWS\system32\csrss.exe
PID: 528 ( 448) \??\C:\WINDOWS\system32\winlogon.exe
PID: 572 ( 528) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 584 ( 528) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 728 ( 572) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 784 ( 572) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 824 ( 572) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 872 ( 572) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 936 ( 572) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1028 ( 572) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1164 ( 572) C:\WINDOWS\System32\Ati2evxx.exe
size: 254039
MD5: BB91168A256EECA078566FDD9DDE9A0B
PID: 1208 ( 572) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
size: 100032
MD5: 7768CE75C5CBF0D8F441CE2BBD806B7F
PID: 1352 (1288) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1444 ( 572) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 316672
MD5: 7B385AC11023E2A679CF9B5CF62EEBD3
PID: 1496 ( 572) C:\Program Files\Norton AntiVirus\navapsvc.exe
size: 115872
MD5: 450B82DB9070BBB5B1C660DB1CF489EE
PID: 1512 ( 572) C:\Program Files\Norton Internet Security\NISUM.EXE
size: 140536
MD5: CB8A83CDE6575D834B571466677437D4
PID: 1824 ( 572) C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
size: 316544
MD5: 67C5AF84809468061121FBCBECB19285
PID: 376 ( 572) C:\Program Files\Norton Internet Security\ccPxySvc.exe
size: 34040
MD5: 8B8241298229DE4F7B72046A61940AEE
PID: 856 (1352) C:\WINDOWS\system32\carpserv.exe
size: 4608
MD5: D8EDDAB752D57A97B487E93795F292A7
PID: 992 (1352) C:\Program Files\Apoint\Apoint.exe
size: 37407
MD5: CA588C5428113B76BE642F20F660E125
PID: 1892 (1352) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 2016 (1352) C:\Program Files\SMC\EZ Connect Turbo WLAN Adapter\SMCWLAN.EXE
size: 237568
MD5: 76B28BEA54C7F4CB650EDE6B59432282
PID: 952 ( 824) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 49911DD39E023BB6C45E4E436CFBD297
PID: 260 ( 572) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 2560 ( 824) C:\WINDOWS\system32\wuauclt.exe
size: 124184
MD5: EBF1AB7E4FC05CABF2F4680D2A45F827
PID: 2728 (1352) C:\Program Files\Internet Explorer\iexplore.exe
size: 622080
MD5: 5334D4461AA92A7B008755FE6D13C5F2
PID: 3432 (1352) C:\WINDOWS\system32\freecell.exe
size: 55296
MD5: 4D9B5E540158BF8E9B1BCAC1AEDD8C60
PID: 676 (1352) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 3940 (1208) C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
size: 149184
MD5: 2ADEDFF13868ADD36CBF9511722F0036
PID: 3992 ( 572) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
size: 2119360
MD5: FB466FAA799EACE5075FC1DE269F0066
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 4/4/2007 10:46:50 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{877E5CE9-1E54-4EBA-924F-9DA2E3A3CC0A}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{877E5CE9-1E54-4EBA-924F-9DA2E3A3CC0A}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{62773963-03F6-46AA-925E-99F1778146A4}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{62773963-03F6-46AA-925E-99F1778146A4}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB348D57-C767-4DCD-9C5D-CFA13118D189}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB348D57-C767-4DCD-9C5D-CFA13118D189}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D6A61A7D-2207-43DA-8ABD-B86B71A6626A}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D6A61A7D-2207-43DA-8ABD-B86B71A6626A}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DEAE540B-CA32-4C87-B930-F20401BCFAD8}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DEAE540B-CA32-4C87-B930-F20401BCFAD8}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C450B402-F193-46E5-ABD4-DC5D8CB378DB}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C450B402-F193-46E5-ABD4-DC5D8CB378DB}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B9F311D2-58A8-4BB7-9E79-964D813F31D4}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B9F311D2-58A8-4BB7-9E79-964D813F31D4}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0C263DDF-CDDD-437E-AD4C-74B1C050CA6E}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0C263DDF-CDDD-437E-AD4C-74B1C050CA6E}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
--- Uninstall list ---
(AddressBook)
AOL Instant Messenger (AOL Instant Messenger)
uninstall cmd: D:\AIM95\uninstll.exe -LOG= D:\AIM95\install.log -OEM=
ATI Display Driver (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
SoftK56 Data Fax CARP (CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_8158104D)
uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_8158104D\HXFSETUP.EXE -U -IVEN_10B9&DEV_5457&SUBSYS_8158104D
(Connection Manager)
(DirectAnimation)
(DirectDrawEx)
(DXM_Runtime)
(Fontcore)
HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\Vanessa\My Documents\New Folder\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.
(ICW)
Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
(IE40)
(IE4Data)
(IE5BAKEX)
Windows Internet Explorer 7 20061107.210142 (ie7)
install date: 20070403
uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://www.microsoft.com/ie
(IEData)
(InstallShield Uninstall Information)
VAIO Registration 9.0.0 (InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5})
version: 150994944
version (major): 9
estimated size: 1805
install date: 20030801
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\_is19F\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
publisher: Sony Electronics
comments: Customer Support Department
contact: Customer Support Department
help link: http://www.sony.com/pcsupport
help telephone: 1-888-4-SONY-PC
readme: Readme.txt
VAIO Help and Support 8.01 (InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E})
version: 134283264
version (major): 8
version (minor): 1
estimated size: 1804
install date: 20030801
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\_is1E0\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
publisher: Sony Electronics
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0
Quicken 2003 New User Edition 12.00.0000 (InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD})
version: 201326592
version (major): 12
estimated size: 70936
install date: 20030801
install source: D:\0230101.ITU\DISK1\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F61F2821-694C-475F-99AB-6AF2EFDF40FD} anything
publisher: Intuit
comments: All URL's valid as of October 2001
contact: Customer Support Department
help link: http://www.intuit.com/support/quicken
help telephone: 1-900-555-4932
readme: Readme.txt
VAIO Survey Standalone 1.70 (InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE})
version: 21364736
version (major): 1
version (minor): 70
estimated size: 1087
install date: 20030801
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\_is1B2\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
publisher: Sony Electronics
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0
Java Web Start (Java Web Start)
uninstall cmd: "C:\Program Files\Java Web Start\uninst-javaws.exe"
Microsoft Data Access Components KB870669 (KB870669)
uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB870669
Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333
Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339
(KB884016)
Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250
Windows Media Player 9 Hotfix [See KB885492 for more information] (KB885492)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885492$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885492
Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835
Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836
Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185
Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472
Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113
Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302
Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20050719
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046
Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175
Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20050507
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859
Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781
Security Update for Windows XP (KB893066) 2 (KB893066)
install date: 20050507
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066
Windows XP Hotfix - KB893086 1 (KB893086)
install date: 20050507
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086
Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20050826
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756
(KB893803)
Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467
Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20050719
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358
Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20050719
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422
Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20050826
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423
Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20051120
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424
Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20050719
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428
Security Update for Step By Step Interactive Training (KB898458) 20050502.101010 (KB898458)
install date: 20050719
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/898458
Update for Windows XP (KB898461) 1 (KB898461)
install date: 20050719
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461
Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20050826
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587
Security Update for Windows XP (KB899588) 1 (KB899588)
install date: 20050826
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899588
Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20050826
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591
Update for Windows XP (KB900485) 2 (KB900485)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485
Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20051120
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725
Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20051120
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017
Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20050719
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214
Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20051120
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400
Security Update for Windows XP (KB904706) 2 (KB904706)
install date: 20070403
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706
Update for Windows XP (KB904942) 2 (KB904942)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904942
Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20051120
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414
Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20051120
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749
Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519
Update for Windows XP (KB908531) 2 (KB908531)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531
Update for Windows XP (KB910437) 1 (KB910437)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437
Update for Windows XP (KB911280) 2 (KB911280)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280
Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562
Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564
Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927
Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580
Security Update for Windows XP (KB914388) 1 (KB914388)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914388
Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389
Hotfix for Windows XP (KB914440) 12 (KB914440)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914440
Hotfix for Windows XP (KB915865) 10 (KB915865)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=915865
Update for Windows XP (KB916595) 1 (KB916595)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916595
Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344
Security Update for Windows XP (KB917422) 1 (KB917422)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917422
Security Update for Windows Media Player 9 (KB917734) (KB917734_WMP9)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734
Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953
Security Update for Windows XP (KB918118) 1 (KB918118)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918118
Security Update for Windows XP (KB918439) 1 (KB918439)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439
Security Update for Windows XP (KB919007) 1 (KB919007)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=919007
Security Update for Windows XP (KB920213) 1 (KB920213)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920213
Security Update for Windows XP (KB920670) 1 (KB920670)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920670
Security Update for Windows XP (KB920683) 1 (KB920683)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920683
Security Update for Windows XP (KB920685) 1 (KB920685)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920685
Update for Windows XP (KB920872) 1 (KB920872)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920872
Update for Windows XP (KB922582) 1 (KB922582)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922582
Security Update for Windows XP (KB922819) 1 (KB922819)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922819
Security Update for Windows XP (KB923191) 1 (KB923191)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923191
Security Update for Windows XP (KB923414) 1 (KB923414)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923414
Security Update for Windows XP (KB923689) (KB923689)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923689
Security Update for Windows XP (KB923694) 1 (KB923694)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923694
Security Update for Step By Step Interactive Training (KB923723) 20050502.101010 (KB923723)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/923723
Security Update for Windows XP (KB923980) 1 (KB923980)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923980
Security Update for Windows XP (KB924191) 1 (KB924191)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924191
Security Update for Windows XP (KB924270) 1 (KB924270)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924270
Security Update for Windows XP (KB924496) 1 (KB924496)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924496
Security Update for Windows XP (KB924667) 1 (KB924667)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924667
Security Update for Windows Media Player 6.4 (KB925398) (KB925398_WMP64)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=925398
Security Update for Windows XP (KB925902) 1 (KB925902)
install date: 20070404
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925902
Security Update for Windows XP (KB926255) 1 (KB926255)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926255
Security Update for Windows XP (KB926436) 1 (KB926436)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=926436
Security Update for Windows XP (KB927779) 1 (KB927779)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927779
Security Update for Windows XP (KB927802) 1 (KB927802)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=927802
Security Update for Windows XP (KB928090) 1 (KB928090)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928090
Security Update for Windows XP (KB928255) 1 (KB928255)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928255
Security Update for Windows XP (KB928843) 1 (KB928843)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=928843
Update for Windows XP (KB929338) 1 (KB929338)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=929338
Security Update for Windows XP (KB929969) 1 (KB929969)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=929969
Update for Windows XP (KB931836) 1 (KB931836)
install date: 20070311
uninstall cmd: "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=931836
LiveReg (Symantec Corporation) 2.2.5.1678 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
publisher: Symantec Corporation
LiveUpdate 3.0 (Symantec Corporation) 3.0.0.171 (LiveUpdate)
install location: "C:\Program Files\Symantec\LiveUpdate"
uninstall cmd: "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
publisher: Symantec Corporation
(Microsoft Interactive Training)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
(Microsoft NetShow Player 2.0)
(MobileOptionPack)
MoodLogic (MoodLogic)
uninstall cmd: C:\WINDOWS\ml-uninstall-v10.exe
Sony USB Mouse (MouseSuite98)
uninstall cmd: Pmuninst.exe MouseSuite98
(MPlayer2)
(MSI30-Beta1)
(MSI30-Beta2)
(MSI30-KB884016)
(MSI30-RC1)
(MSI30-RC2)
(MSI30a-KB884016)
(MSI31-Beta)
(MSI31-RC1)
(MsJavaVM)
(NetMeeting)
Microsoft National Language Support Downlevel APIs (NLSDownlevelMapping)
install date: 20070403
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
OpenMG Limited Patch 3.2-03-02-21-08 (OpenMG HotFix3.2-03-01-16-01)
uninstall cmd: C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-02-21-08\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.2-03-03-18-01 (OpenMG HotFix3.2-03-01-16-02)
uninstall cmd: C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-03-18-01\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.2-03-04-14-02 (OpenMG HotFix3.2-03-04-14-02)
uninstall cmd: C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-04-14-02\HotFixSetup\setup.exe /u
(OutlookExpress)
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Internet Explorer Q903235 (Q903235)
uninstall cmd: C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q903235.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903235
QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Radio@Netscape (Radio@Netscape)
uninstall cmd: D:\Netscape Radio\Radio@Netscape\Uninstall Radio@Netscape.exe
(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
RealOne Player (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
(SchedulingAgent)
(Sevinst)
Shockwave (Shockwave)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/
Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
VAIO Support (VAIO Support)
uninstall cmd: "c:\program files\support.com\client\bin\tgfix.exe" /rm /nq
Windows Genuine Advantage Validation Tool (KB892130) 1.5.0530.0 (WGA)
install date: 20070309
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130
Windows Genuine Advantage Notifications (KB905474) 1.7.0018.5 (WgaNotify)
install date: 20070404
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905474
Windows XP Service Pack 2 20040803.231319 (Windows XP Service Pack)
uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811113
ATI Control Panel ({0BEDBD4E-2D34-47B5-9973-57E62B29307C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
Norton WMI Update 2005.1.2.20 ({1526D87C-A955-4FAB-BF18-697BA457E352})
version (major): 2005
version (minor): 1
estimated size: 2080
install date: 20050115
install source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\EXITEM~2.1_E\
uninstall cmd: MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
publisher: Symantec Corporation
9.12.0 ({17BB7031-B6D9-4D27-A3A1-B0E672A0972C})
version: 151781376
version (major): 9
version (minor): 12
estimated size: 60925
install date: 20050107
install source: C:\DOCUME~1\Vanessa\LOCALS~1\Temp\NVAT\NIS\
uninstall cmd: MsiExec.exe /I{17BB7031-B6D9-4D27-A3A1-B0E672A0972C}
publisher: Symantec Corporation
Microsoft Money 2004 12.0.50 ({1D643CD7-4DD6-11D7-A4E0-000874180BB3})
version: 201326642
version (major): 12
estimated size: 142507
install date: 20050107
install location: C:\Program Files\Microsoft Money\
install source: C:\DOCUME~1\Vanessa\LOCALS~1\Temp\MONEY\
uninstall cmd: MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
publisher: Microsoft
comments: The Installation database contains the logic and data required to install Money 2004
help link: http://support.microsoft.com
help telephone: (800) 936-5700
VAIO Media 2.6 ({1EB317D8-8945-4FD6-B37F-DF470317C6AB})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\setup.exe" -l0x9 UNINSTALL
Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Memory Stick Formatter ({27337663-2619-11D4-99DC-0000F49094C7})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
VAIO Registration 9.0.0 ({315BA29D-2644-4760-B5FD-5AC04A52B8C5})
version: 150994944
version (major): 9
estimated size: 1805
install date: 20030801
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\_is19F\
publisher: Sony Electronics
comments: Customer Support Department
contact: Customer Support Department
help link: http://www.sony.com/pcsupport
help telephone: 1-888-4-SONY-PC
readme: Readme.txt
WebFldrs XP 9.50.6513 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2508
install date: 20030731
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows
Music Visualizer Library 1.4.00 ({3B24B725-D81F-442D-8CE5-2AF05A4A4CC9})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\setup.exe" -l0x9
RTC Client API v1.2 1.2.0000 ({44CDBD1B-89FB-4E02-8319-2A4C550F664A})
version: 16908288
version (major): 1
version (minor): 2
estimated size: 137
install date: 20050212
install source: C:\WINDOWS\Downloaded Installations\{8B8CC108-E0E3-483D-BCEB-A2739AF752B8}\
uninstall cmd: MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
publisher: Microsoft
comments: This program installs RTC API 1.2 libraries. It installs the rtcclnt.msm so that the Side by Side RTC Client API v1.2 DLLs are available for the samples inside RtcApiSDK.msi.
contact: Customer Support Department
help link: http://support.microsoft.com/
help telephone: 1-000-000-0000
VAIO BrightColor Wallpaper ({4D1D6640-CD43-4AD9-A52F-E48265DB28E0})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}\setup.exe" -l0x9
OpenMG Secure Module 3.2 ({62F33B80-6244-4A70-A233-0DA13B640364})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62F33B80-6244-4A70-A233-0DA13B640364}\Setup.exe" -l0x9 UNINSTALL
Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91})
version: 16974078
version (major): 1
version (minor): 3
estimated size: 519
install date: 20050826
install source: C:\DOCUME~1\Vanessa\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
publisher: Microsoft
comments: Your Comments
contact: Customer Support Department
help link: http://www.microsoft.com/genuine/downloads/whyValidate.aspx/help
help telephone: 1-425.882.8080
DVgate Plus ({685BCC47-B8EC-45EC-BBCE-77DF2451502C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\setup.exe"
Sony Video Shared Library ({6990A2BF-D1D2-11D3-81BC-00609789C908})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
VAIO Media Redistribution 2.6 ({7128C69B-8F7E-4336-8698-3FD3CDD955EC})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\setup.exe" -l0x9 UNINSTALL
SMC EZ Connect Turbo WLAN Adapter ({7183EABC-B6BC-4BC8-84EF-E47FDFC88814})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7183EABC-B6BC-4BC8-84EF-E47FDFC88814}\Setup.exe" -l0x9
SonicStage ({71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A})
Microsoft Works 7.0 07.02.0620 ({764D06D8-D8DE-411E-A1C8-D9E9380F8A84})
version: 117572204
version (major): 7
version (minor): 2
estimated size: 207882
install date: 20050107
install source: C:\PROGRA~1\MICROS~4\WORKSS~1\
uninstall cmd: MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
publisher: Microsoft Corporation
comments: Microsoft Works 7.0 installation.
help link: http://support.microsoft.com/support/works
help telephone:
VAIO Media Integrated Server 2.6 1.0.00 ({7A79D11B-FD82-4A5E-834F-20173515DD14})
version: 16777216
install location: C:\Program Files\Sony\VAIO Media Integrated Server
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9
PictureGear Studio 2.0 ({88DA0A52-3372-4803-971A-ADFB961707E8})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88DA0A52-3372-4803-971A-ADFB961707E8}\setup.exe"
Microsoft Money 2004 System Pack 12.0.80 ({8C64E145-54BA-11D6-91B1-00500462BE80})
version: 201326672
version (major): 12
estimated size: 2304
install date: 20050107
install location: C:\WINDOWS\System32\
install source: C:\DOCUME~1\Vanessa\LOCALS~1\Temp\MONEY\
uninstall cmd: MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
publisher: Microsoft
comments: Installs system components used by Microsoft Money 2004.
help link: http://support.microsoft.com
help telephone: (800) 936-5700
Sony Notebook Setup ({936FADC9-C609-471A-B6F2-A33E2E660D1A})
install location: C:\Program Files\SONY\Sony Notebook Setup
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{936FADC9-C609-471A-B6F2-A33E2E660D1A}\setup.exe" -l0x9
InterVideo WinDVD 4 ({98E8A2EF-4EAE-43B8-A172-74842B764777})
version (major): 4
install location: C:\Program Files\InterVideo\WinDVD4
uninstall cmd: "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
publisher: InterVideo Inc.
Java 2 Runtime Environment, SE v1.4.0_03 ({AC1E4C93-C1E7-11D6-9D10-00010240CE95})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC1E4C93-C1E7-11D6-9D10-00010240CE95}\Setup.exe" Anytext
Adobe Reader 6.0 6.0 ({AC76BA86-7AD7-1033-7B44-000000000001})
version: 100663296
version (major): 6
estimated size: 44697
install date: 20030801
install location: C:\Program Files\Adobe\Acrobat 6.0\Reader\
install source: C:\WINDOWS\Cache\Adobe Reader 6.0\ENUBIG\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
publisher: Adobe Systems Incorporated
comments:
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 6.0\Reader\Readme.htm
Norton Internet Security 6.0.4.0 ({AFD2C5B5-BF78-47B6-9569-755448C0D0EE})
version: 100663300
version (major): 6
estimated size: 211317
install date: 20050107
install source: C:\DOCUME~1\Vanessa\LOCALS~1\Temp\NVAT\NIS\
uninstall cmd: MsiExec.exe /I{AFD2C5B5-BF78-47B6-9569-755448C0D0EE}
publisher: Symantec Corporation
contact: (800) 441-7234
help link: http://www.symantec.com/techsupp
help telephone: (877) 832-2810
readme: C:\Program Files\Norton Internet Security\readme.txt
HotKey Utility ({BB311F54-39D6-4A03-8E18-053D1B2833D7})
install location: C:\Program Files\Sony\HotKey Utility
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\setup.exe" -l0x9
Symantec Network Drivers Update 5.5.1.6 ({CA0A1E54-CE0F-4366-B09C-A87B61DC5633})
version: 84213761
version (major): 5
version (minor): 5
estimated size: 2806
install date: 20050505
install source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\EXITEM~1.4_E\
publisher: Symantec Corporation
Sony Certificate PCH ({D0448678-1203-4158-A58F-B3D0B616BF9E})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Full Tilt Poker 3.23.2.0 ({D4C9692E-4EFA-4DA0-8B7F-9439466D9E31})
version: 51838978
install location: D:\FullTiltPoker
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -l0x9
VAIO Help and Support 8.01 ({E68B38DE-D7DD-4FB3-A453-3F03A947EA8E})
version: 134283264
version (major): 8
version (minor): 1
estimated size: 1804
install date: 20030801
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\_is1E0\
publisher: Sony Electronics
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0
Sony Utilities DLL ({EF3D45BB-2260-4008-88EA-492E7744A9DF})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9
SoundMAX 5.12.01.3620 ({F0A37341-D692-11D4-A984-009027EC0A9C})
install location: C:\Program Files\Analog Devices\SoundMAX
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
publisher: Analog Devices
Quicken 2003 New User Edition 12.00.0000 ({F61F2821-694C-475F-99AB-6AF2EFDF40FD})
version: 201326592
version (major): 12
estimated size: 70936
install date: 20030801
install source: D:\0230101.ITU\DISK1\
publisher: Intuit
comments: All URL's valid as of October 2001
contact: Customer Support Department
help link: http://www.intuit.com/support/quicken
help telephone: 1-900-555-4932
readme: Readme.txt
VAIO Survey Standalone 1.70 ({FA11D5B5-7D0A-43E8-88C4-960F97B194DE})
version: 21364736
version (major): 1
version (minor): 70
estimated size: 1087
install date: 20030801
install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\_is1B2\
publisher: Sony Electronics
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0
I saw on another thread the poster was asked to run Vundo and awf so I went ahead and did that to hopefully save time. Here are the logs:
VundoFix V6.3.19
Checking Java version...
Scan started at 9:41:13 AM 4/4/2007
Listing files found while scanning....
VundoFix V6.3.19
Checking Java version...
Scan started at 2:20:46 PM 4/4/2007
Listing files found while scanning....
C:\WINDOWS\system32\tmp13.tmp.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\tmp13.tmp.dll
C:\WINDOWS\system32\tmp13.tmp.dll Has been deleted!
Performing Repairs to the registry.
Done!
Find AWF report by noahdfear ©2006
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\APOINT\BAK
06/13/2003 06:52 PM 114,688 Apoint.exe
1 File(s) 114,688 bytes
Directory of C:\PROGRA~1\MICROS~2\BAK
11/15/2005 01:12 PM 473,928 gcasServ.exe
1 File(s) 473,928 bytes
Directory of C:\PROGRA~1\QUICKT~1\BAK
01/15/2005 07:11 PM 98,304 qttask.exe
1 File(s) 98,304 bytes
Directory of C:\PROGRA~1\SYMNET~1\BAK
05/05/2005 06:30 PM 100,056 SNDMon.exe
1 File(s) 100,056 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
08/20/2002 01:29 PM 40,960 ezSP_Px.exe
1 File(s) 40,960 bytes
Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK
08/22/2003 01:29 AM 323,584 atiptaxx.exe
1 File(s) 323,584 bytes
Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK
12/02/2003 05:11 PM 54,296 ccApp.exe
12/02/2003 05:11 PM 58,392 ccRegVfy.exe
2 File(s) 112,688 bytes
Directory of C:\PROGRA~1\SONY\HOTKEY~1\BAK
04/01/2003 01:00 PM 81,920 HKserv.exe
1 File(s) 81,920 bytes
Directory of C:\WINDOWS\SONYSYS\VAIORE~1\BAK
04/20/2003 01:08 AM 28,672 PartSeal.exe
1 File(s) 28,672 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\121128~1.546\BAK
02/06/2007 03:47 PM 171,448 GoogleToolbarNotifier.exe
1 File(s) 171,448 bytes
Directory of C:\PROGRA~1\SUPPORT.COM\CLIENT\BIN\BAK
06/23/2003 08:32 PM 1,409,024 tgcmd.exe
1 File(s) 1,409,024 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
37407 Mar 31 2007 "C:\Program Files\Apoint\Apoint.exe"
114688 Jun 13 2003 "C:\Program Files\Apoint\bak\Apoint.exe"
114688 Jun 13 2003 "C:\WINDOWS\Drivers\Mouse\Apoint.exe"
473928 Nov 15 2005 "C:\Program Files\Microsoft AntiSpyware\bak\gcasServ.exe"
37407 Mar 31 2007 "C:\Program Files\QuickTime\qttask.exe"
98304 Jan 15 2005 "C:\Program Files\QuickTime\bak\qttask.exe"
37407 Mar 31 2007 "C:\Program Files\SymNetDrv\SNDMon.exe"
100056 May 5 2005 "C:\Program Files\SymNetDrv\bak\SNDMon.exe"
37407 Mar 31 2007 "C:\WINDOWS\system32\ezSP_Px.exe"
40960 Aug 20 2002 "C:\WINDOWS\system32\bak\ezSP_Px.exe"
37407 Mar 31 2007 "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
323584 Aug 22 2003 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
37407 Mar 31 2007 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
54296 Dec 2 2003 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
37407 Mar 31 2007 "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
58392 Dec 2 2003 "C:\Program Files\Common Files\Symantec Shared\bak\ccRegVfy.exe"
37407 Mar 31 2007 "C:\Program Files\Sony\HotKey Utility\HKserv.exe"
81920 Apr 1 2003 "C:\Program Files\Sony\HotKey Utility\bak\HKserv.exe"
37407 Mar 31 2007 "C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe"
28672 Apr 20 2003 "C:\WINDOWS\SONYSYS\VAIO Recovery\bak\PartSeal.exe"
52272 Feb 6 2007 "C:\Program Files\Google\googletoolbar3user.exe"
138168 Feb 6 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
37407 Mar 31 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
171448 Feb 6 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
476304 Jan 22 2005 "D:\GoogleToolbarInstaller.exe"
37407 Mar 31 2007 "C:\Program Files\support.com\client\bin\tgcmd.exe"
1409024 Jun 23 2003 "C:\Program Files\support.com\client\bin\bak\tgcmd.exe"
end of report
Logfile of HijackThis v1.99.1
Scan saved at 2:53:06 PM, on 4/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SMC\EZ Connect Turbo WLAN Adapter\SMCWLAN.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Vanessa\My Documents\New Folder\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {e690b0e6-223c-4502-aa69-aecc1053036b} - C:\WINDOWS\system32\atipasf.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\fccdcc.dll",setvm
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SMC EZ Connect Turbo WLAN Adapter.lnk = C:\Program Files\SMC\EZ Connect Turbo WLAN Adapter\SMCWLAN.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Texas Hold'em Poker by pogo - http://game4.pogo.com/applet-6.1.1.21/holdem/holdem-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121730763227
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: atipasf - C:\WINDOWS\SYSTEM32\atipasf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
Hello and welcome to the Forums :)
You're badly infected, one of the infections replaces legitimate files with bad ones :sad:
You should print these instructions or save these to a text file. Follow these instructions carefully.
Go to Start >Run and type "Notepad" without the quotes
Copy the text from the quotebox to Notepad.
Go to the menu at the top of the Notepad file and Save as: Name the file replace.bat Save as Type: All files Select the desktop icon on the left to save it on the desktop.
Don't run it yet!
@echo off
copy /y "C:\Program Files\Apoint\bak\Apoint.exe" "C:\Program Files\Apoint"
copy /y "C:\Program Files\Microsoft AntiSpyware\bak\gcasServ.exe" "C:\Program Files\Microsoft AntiSpyware"
copy /y "C:\Program Files\QuickTime\bak\qttask.exe" "C:\Program Files\QuickTime"
copy /y "C:\Program Files\SymNetDrv\bak\SNDMon.exe" "C:\Program Files\SymNetDrv"
copy /y "C:\WINDOWS\system32\bak\ezSP_Px.exe" "C:\WINDOWS\system32"
copy /y "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe" "C:\Program Files\ATI Technologies\ATI Control Panel"
copy /y "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe" "C:\Program Files\Common Files\Symantec Shared"
copy /y "C:\Program Files\Common Files\Symantec Shared\bak\ccRegVfy.exe" "C:\Program Files\Common Files\Symantec Shared"
copy /y "C:\Program Files\Sony\HotKey Utility\bak\HKserv.exe" "C:\Program Files\Sony\HotKey Utility"
copy /y "C:\WINDOWS\SONYSYS\VAIO Recovery\bak\PartSeal.exe" "C:\WINDOWS\SONYSYS\VAIO Recovery"
copy /y "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe" "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462"
copy /y "C:\Program Files\support.com\client\bin\bak\tgcmd.exe" "C:\Program Files\support.com\client\bin"
Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Now run the replace.bat
Run a scan with Dr.Web CureIt Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable
After the scan, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot the computer in Normal Mode,
Post the Cure-it report and a fresh HijackThis log and with a fresh FindAWF log
:bigthumb:
nesssag posted here:
http://forums.spywareinfo.com/index.php?showtopic=96936&mode=linear
miekiemoes (http://forums.spybot.info/member.php?u=285) answered.
"BEFORE you POST" Mandatory Steps Before Requesting Assistance (http://forums.spybot.info/showthread.php?t=288)
Posters who start topics at multiple sites for their PC problem waste valuable volunteer resources, so please don't. Many of our volunteers are at several forums.