PDA

View Full Version : w32.Myzor.FK@yf problem



user1
2006-06-10, 20:35
here is the HJT log
Logfile of HijackThis v1.99.1
Scan saved at 03:25:03, on 11/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
D:\MX\Downloads\Ad Aware\hijackthis\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &All by FD - file://C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
O8 - Extra context menu item: Download with &FD - file://C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files\Invitrogen\Vector NTI Advance 10\Ncbi.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

this is the scan log


Incident Status Location

Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\MX\Cookies\mx@adopt.hbmediapro[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\MX\Cookies\mx@adtech[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\MX\Cookies\mx@as-eu.falkag[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\MX\Cookies\mx@cgi-bin[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\MX\Cookies\mx@com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\MX\Cookies\mx@de.uol.com[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\MX\Cookies\mx@terra.com[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\MX\Cookies\mx@xiti[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\MX\Desktop\SmitfraudFix\Process.exe

LonnyRJones
2006-06-12, 19:36
Welcome to the forum

Follow the instructions here
http://forums.spybot.info/showthread.php?t=4015
If you have any questions ask before getting started

user1
2006-06-14, 07:20
Here is part of the spyboot report


--- Search result list ---
Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-06-10 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-06-10 Includes\Cookies.sbi (*)
2006-06-10 Includes\Dialer.sbi (*)
2006-06-10 Includes\Hijackers.sbi (*)
2006-06-10 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-06-10 Includes\Malware.sbi (*)
2006-06-10 Includes\PUPS.sbi (*)
2006-06-10 Includes\Revision.sbi (*)
2006-06-10 Includes\Security.sbi (*)
2006-06-10 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-06-10 Includes\Trojans.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP OOB / SP10: High Definition Audio Driver Package - KB835221


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:

Located: HK_LM:Run, {0228e555-4f9c-4e35-a3ec-b109a192b4c2}
command: C:\Program Files\Google\Gmail Notifier\gnotify.exe
file: C:\Program Files\Google\Gmail Notifier\gnotify.exe
size: 479232
MD5: 3df7ac30a381c57d0c70eaefee3c4ef2

Located: HK_LM:Run, Acrobat Assistant 7.0
command: "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
file: C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
size: 483328
MD5: fbd06a45db2d543efd932768029ec5f2

Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 65536
MD5: 7ac6357a4e86d134aeedf1cd6a93da12

Located: HK_LM:Run, AlcWzrd
command: ALCWZRD.EXE
file: C:\WINDOWS\ALCWZRD.EXE
size: 2805248
MD5: 0c3dc2c7af8b395ee43300b6ccf7029c

Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 357888
MD5: 679093afd939b3c1b88110ebf859984d

Located: HK_LM:Run, DU Meter
command: C:\Program Files\DU Meter\DUMeter.exe
file: C:\Program Files\DU Meter\DUMeter.exe
size: 1469952
MD5: f123d04b93fc612fe759ecee406990e8

Located: HK_LM:Run, EOUApp
command: C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
file: C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
size: 356352
MD5: 1afe29c82ed39a48fec9e747b356c87c

Located: HK_LM:Run, HControl
command: C:\WINDOWS\ATK0100\HControl.exe
file: C:\WINDOWS\ATK0100\HControl.exe
size: 102400
MD5: fd27fb79911ab95635aa20e867c0a18d

Located: HK_LM:Run, High Definition Audio Property Page Shortcut
command: HDAudPropShortcut.exe
file: C:\WINDOWS\system32\HDAudPropShortcut.exe
size: 61952
MD5: bdb806c747c5257b9919e1a64b2db67b

Located: HK_LM:Run, pccguide.exe
command: "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
file: C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
size: 819262
MD5: bd4fd7a06d998b0ecbe6ae4f8ab97dfe

Located: HK_LM:Run, Persistence
command: C:\WINDOWS\system32\igfxpers.exe
file: C:\WINDOWS\system32\igfxpers.exe
size: 114688
MD5: 2d838f01650a630ae7a78c864315fbdc

Located: HK_LM:Run, Power_Gear
command: C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
file:

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76a3a30b58405c2c6d833895253a51a9

Located: HK_LM:Run, RemoteControl
command: "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
file: C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
size: 32768
MD5: 8fb740d758b14b1bc950cc347c21e461

Located: HK_LM:Run, SpySweeper
command: "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
file: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
size: 3525632
MD5: 21020afbc436b219e1fb1377b3c05fd4

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 688218
MD5: 5989c65bb5070261517a2e99d4722adf

Located: HK_LM:Run, SynTPLpr
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 98394
MD5: 404152f22bf272874735ac8a749bc11d

Located: HK_LM:RunOnce, WIAWizardMenu
command: RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, igfxcui
command: igfxdev.dll
file: igfxdev.dll

Located: System.ini, IntelWireless
command: C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
file: C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
size: 110592
MD5: 55603ff4362cd416c21ae95ec39b5aa5

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WRNotifier
command: WRLogonNTF.dll
file: WRLogonNTF.dll



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 14/12/2004 01:56:50
Date (last access): 14/06/2006 13:54:16
Date (last write): 14/12/2004 01:56:50
Filesize: 63136
Attributes: archive
MD5: 42729C3DE75A7A51FC6F9EF6546C9199
CRC32: 4D60BD07
Version: 7.0.0.1333

{206E52E0-D52E-11D4-AD54-0000E86C26F6} ()
BHO name:
CLSID name:
description: Fresh Devices
classification: Legitimate
known filename: Fdiehlp.dll<br>fdcatch.dll
info link: http://www.freshdevices.com/freshdown.html
info source: TonyKlein
Path: C:\PROGRA~1\FRESHD~1\FRESHD~1\
Long name: fdcatch.dll
Short name:
Date (created): 07/01/2006 01:02:02
Date (last access): 14/06/2006 13:54:16
Date (last write): 22/03/2005 10:36:54
Filesize: 207360
Attributes: archive
MD5: E6A82A4362CBC436E320635CBC060C9C
CRC32: 0CE6BE30
Version: 3.5.0.0

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 10/06/2006 18:04:14
Date (last access): 14/06/2006 13:54:16
Date (last write): 31/05/2005 01:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 01/03/2006 19:48:32
Date (last access): 14/06/2006 13:54:16
Date (last write): 14/02/2006 20:05:30
Filesize: 1191424
Attributes: readonly archive
MD5: 677C42CD9FE9C13B4B7B601A2E4065B0
CRC32: 58231F90
Version: 3.0.131.0

{AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
BHO name:
CLSID name: AcroIEToolbarHelper Class
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 14/12/2004 02:13:40
Date (last access): 14/06/2006 13:54:16
Date (last write): 14/12/2004 02:13:40
Filesize: 225280
Attributes: archive
MD5: 1BA6D822A6BA2402BC5DF7F65955D3A8
CRC32: E355B594
Version: 7.0.0.0



--- ActiveX list ---
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab
description:
classification: Open for discussion
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 11/04/2006 17:10:10
Date (last access): 14/06/2006 13:53:08
Date (last write): 11/04/2006 17:10:10
Filesize: 135168
Attributes: archive
MD5: 7267AE9C8DF527C30885DC29687D2A9B
CRC32: 1B1733A3
Version: 58.5.0.0

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8.ocx
Short name:
Date (created): 27/08/2005 13:38:56
Date (last access): 14/06/2006 12:28:08
Date (last write): 27/08/2005 13:38:56
Filesize: 1435272
Attributes:
MD5: 900373C059C2B51CA91BF110DBDECB33
CRC32: F19599BC
Version: 8.0.22.0

user1
2006-06-14, 07:21
--- Process list ---
PID: 0 ( 0) [System]
PID: 192 ( 4) \SystemRoot\System32\smss.exe
PID: 240 ( 192) \??\C:\WINDOWS\system32\csrss.exe
PID: 264 ( 192) \??\C:\WINDOWS\system32\winlogon.exe
PID: 308 ( 264) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 320 ( 264) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 472 ( 308) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 532 ( 308) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 580 ( 308) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 632 ( 308) C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
size: 2123264
MD5: CE9ADF8CE48E902FAA8AD43A18386DC3
PID: 768 ( 264) C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
size: 389120
MD5: 2F73148CFD930B641D860710931FE8C7
PID: 860 ( 840) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1864 ( 860) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 14/06/2006 14:00:53

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]

Protocol 1: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 4: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{22782613-FFD2-4713-A4C2-F2432FB3AF51}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{22782613-FFD2-4713-A4C2-F2432FB3AF51}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{07F22F57-FD1B-414C-B6D5-FD49E76FDEF5}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{07F22F57-FD1B-414C-B6D5-FD49E76FDEF5}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{729288F6-3F61-47FC-A64F-2D3AAEFAA888}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{729288F6-3F61-47FC-A64F-2D3AAEFAA888}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C197FEA3-B454-4E94-AD12-C82BDEFB836A}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C197FEA3-B454-4E94-AD12-C82BDEFB836A}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7D91FA0E-08D0-41E8-A51C-026B546261A0}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7D91FA0E-08D0-41E8-A51C-026B546261A0}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9151AF23-9C8E-4F1E-9E51-15872E4AA3BA}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9151AF23-9C8E-4F1E-9E51-15872E4AA3BA}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8FC577E3-362F-4687-A03A-9E2235B6815D}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8FC577E3-362F-4687-A03A-9E2235B6815D}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{55D8FF40-DC02-434F-9C12-7FA6D1F4DAC8}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{55D8FF40-DC02-434F-9C12-7FA6D1F4DAC8}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

user1
2006-06-14, 07:23
--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Adobe Acrobat 7.0 Professional 7.0.0 (Adobe Acrobat 7.0 Professional)
version (major): 7
install date: 03/06/2006
install location: C:\Program Files\Adobe\Acrobat 7.0\
install source: D:\MX\Downloads\Adobe Acrobat 7.0\Adobe Acrobat 7.0\
uninstall cmd: msiexec /I {AC76BA86-1033-0000-7760-000000000002}
publisher: Adobe Systems
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Readme.htm

ASUS Live Update (ASUS Live Update)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\ASUS Live Update\Uninst.isu" -c"C:\Program Files\ASUS\ASUS Live Update\Uninst.dll"

ASUS Probe V2.11 (ASUS Probe V2.11)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\ASUS Probe\Uninst.isu"

AVG Free Edition (AVG7Uninstall)
uninstall cmd: C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL

Belarc Advisor 5.0 (Belarc Advisor 2.0)
uninstall cmd: C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG

BIG W Online Digital Photo Shop (BIG W Online Digital Photo Shop)
uninstall cmd: C:\Program Files\BIG W Online Digital Photo Shop\uninst.exe
publisher: Silverwire Software AG

BioNumerics 4.00 (BioNumerics)
uninstall cmd: C:\Program Files\BioNumerics\uninst.exe

CloneDVD2 (CloneDVD2)
install location: C:\Program Files\CloneDVD2
uninstall cmd: "C:\Program Files\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\CloneDVD2"
publisher: Elaborate Bytes

HDAUDIO SoftV92 Data Fax Modem with SmartCP (CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966)

(Connection Manager)

CutePDF Writer 2.4 (CutePDF Writer Installation)
uninstall cmd: C:\WINDOWS\system32\uninscpw.exe C:\Program Files\

(DirectAnimation)

(DirectDrawEx)

DU Meter (dumeter3_is1)
install location: C:\Program Files\DU Meter\
uninstall cmd: "C:\Program Files\DU Meter\unins000.exe"
publisher: Hagel Technologies

DVD Decrypter (Remove Only) (DVD Decrypter)
uninstall cmd: "C:\Program Files\DVD Decrypter\uninstall.exe"

(DXM_Runtime)

EndNote 7.0 (EndNote)
uninstall cmd: C:\PROGRA~1\EndNote\UNWISE.EXE C:\PROGRA~1\EndNote\INSTALL.LOG
publisher: ISI ResearchSoft
contact: pc-support@endnote.com
help telephone: (408) 987-5609

ewido anti-malware (ewidoantimalware)
install location: C:\Program Files\ewido anti-malware
uninstall cmd: C:\Program Files\ewido anti-malware\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

(Fontcore)

FreshDownload (FreshDevices FreshDownload_is1)
install location: C:\Program Files\FreshDevices\FreshDownload\
uninstall cmd: "C:\Program Files\FreshDevices\FreshDownload\unins000.exe"

ATK0100 ACPI UTILITY (HControl)
uninstall cmd: C:\WINDOWS\ATK0100\XPunin.exe

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: D:\MX\Downloads\Ad Aware\hijackthis\hijackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

Hijackthis 1.99.1 (Hijackthis_is1)
install location: C:\Program Files\Hijackthis\
uninstall cmd: "C:\Program Files\Hijackthis\unins000.exe"
publisher: Soeperman Enterprises Ltd
help link: http://www.merijn.org

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

IHMC CmapTools v3.10 3.10.0.0 (IHMC CmapTools v3.10)
install date: Mon Jan 16 22:03:29 EST 2006
install location: C:\Program Files\CmapTools
uninstall cmd: "C:\Program Files\CmapTools\UninstallerData\Uninstall CmapTools.exe"
publisher: Institute for Human & Machine Cognition
comments: The CmapTools program empowers users to construct, navigate, share and criticize knowledge models represented as concept maps. It allows users to, among many other features, construct their Cmaps in their personal computer, share them on servers (CmapServers) anywhere on the Internet, link their Cmaps to other Cmaps on servers, automatically create web pages of their concept maps on servers, edit their maps synchronously (at the same time) with other users on the Internet, and search the web for information relevant to a concept map.
contact: cmapsupport@ihmc.us
help link: cmapsupport@ihmc.us

ISI ResearchSoft - Export Helper (ISI ResearchSoft - Export Helper)
uninstall cmd: C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE

High Definition Audio Driver Package - KB835221 20040219.000000 (KB835221WXP)
uninstall cmd: C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB835221

(KB884016)

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB898461) 1 (KB898461)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

LiveUpdate 2.5 (Symantec Corporation) 2.5.55.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

(Microsoft Interactive Training)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

(MobileOptionPack)

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Nero Suite (NeroMultiInstaller!UninstallKey)
uninstall cmd: C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""

(NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL

(NetMeeting)

(NMPUninstallKey)
uninstall cmd: C:\WINDOWS\UNNMP.exe /UNINSTALL

user1
2006-06-14, 07:26
OmniPage Pro 8.0 (OmniPagePro8.0.1DeinstKey)
uninstall cmd: C:\WINDOWS\OPdeinst.exe -f"C:\PROGRA~1\Caere\OMNIPA~1\DeIsL1.isu"

(OutlookExpress)

Panda ActiveScan (Panda ActiveScan)
uninstall cmd: C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
publisher: Panda Software S.L.

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Intel(R) PROSet/Wireless Software (ProInst)
install location: C:\WINDOWS\Installer\iProInst.exe
uninstall cmd: C:\WINDOWS\Installer\iProInst.exe
publisher: Intel Corporation

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

Registry Healer 4.2.0 uninstall 4.2.0 (RegHealer_is2)
uninstall cmd: "C:\Program Files\RegHealer\uninst.exe"
publisher: KsL Software
help link: http://www.fixregistry.com/feedback.htm

(SchedulingAgent)

Scan Manager 3.0 (ScMgr30Uninstall)
uninstall cmd: C:\WINDOWS\UNSCAN30.EXE -f"C:\Program Files\Common Files\Caere\Scan Manager\DeIsL1.isu"

(Sevinst)

Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/

Skype 2.0 2.0 (Skype_is1)
install location: C:\Program Files\Skype\Phone\
uninstall cmd: "C:\Program Files\Skype\Phone\unins000.exe"
publisher: Skype Software S.A.
help link: http://ui.skype.com/ui/0/2.0.0.81/en/help

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Synaptics Pointing Device Driver 7.12.9.0 (SynTPDeinstKey)
uninstall cmd: rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

TreeView (TreeView)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\TreeView\DeIsL1.isu" -c"C:\Program Files\TreeView\_ISREG32.DLL"

UBD on Disk Brisbane (UBD on Disk Brisbane)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\UBD Map of Bris\Brisbane45\DeIsL1.isu" -c"C:\Program Files\UBD Map of Bris\Brisbane45\_ISREG32.DLL"

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

Microsoft Office 2000 Premium 9.00.2720 ({00000409-78E1-11D2-B60F-006097C998E7})
version: 150997664
version (major): 9
estimated size: 181691
install date: 20051222
uninstall cmd: MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office\ofread9.txt

Google Gmail Notifier ({0228e555-4f9c-4e35-a3ec-b109a192b4c2})
uninstall cmd: "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
publisher: Google Inc.
help link: http://mail.google.com/support

LightScribe 1.4.31.1 1.4.31.1 ({044146E4-A924-458A-9948-4B9C7C7D9321})
version: 17039391
version (major): 1
version (minor): 4
estimated size: 2472
install date: 20060106
install location: C:\Program Files\Common Files\LightScribe\
publisher: Integrator
comments: integrator
contact: integrator
help link: http://www.noopIntegrator.com
help telephone: 1-000-000-0000

mLogView 1.23.0000 ({0E2B0B41-7E08-4F9F-B21F-41C4133F43B7})
version: 18284544
version (major): 1
version (minor): 23
estimated size: 480
install date: 20051104
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373

Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

mProSafe 9.00.0000 ({23FB368F-1399-4EAC-817C-4B83ECBE3D83})
version: 150994944
version (major): 9
install date: 20051104
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
publisher: Intel
comments: Pseudo NCS Install
contact: Customer Support Department
help link: http://www.intel.com
help telephone: 1-555-555-4505

V10COM 10.0.0000 ({286CC5CE-5142-4D76-A06C-A085AD3F3CC5})
version: 167772160
version (major): 10
estimated size: 3748
install date: 20060428
install source: C:\Program Files\Informax Installations\
uninstall cmd: MsiExec.exe /I{286CC5CE-5142-4D76-A06C-A085AD3F3CC5}
publisher: Invitrogen Corporation
contact: Customer Support Department
help link: http://www.invitrogen.com/bioinformatics

mDriver 1.23.0000 ({28DA872A-0848-48CF-B749-19A198157A2A})
version: 18284544
version (major): 1
version (minor): 23
estimated size: 8456
install date: 20051104
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
publisher: Intel
comments: Intel Wireless Adapter driver installation
contact: Customer Support Department
help link: http://www.intel.com
help telephone: 1-555-555-4505

WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2452
install date: 20051104
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

mIWA 1.23.0000 ({3E9D596A-61D4-4239-BD19-2DB984D2A16F})
version: 18284544
version (major): 1
version (minor): 23
estimated size: 673
install date: 20051104
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373

Power4 Gear ({4462AD13-F2AA-4CBD-9F95-293C38EED870})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4462AD13-F2AA-4CBD-9F95-293C38EED870}\setup.exe" -l0x9

V10DT 10.0.0000 ({4ADD6005-5B3E-45E3-96CB-26D5992B8793})
version: 167772160
version (major): 10
estimated size: 167
install date: 20060428
install source: C:\Program Files\Informax Installations\
uninstall cmd: MsiExec.exe /I{4ADD6005-5B3E-45E3-96CB-26D5992B8793}
publisher: Invitrogen Corporation
comments: No Comments
contact: Customer Support Department
help link: http://www.invitrogen.com/bioinformatics/support
help telephone: 1-800-357-3114

Sentinel System Driver 5.41.1 (32-bit) 5.41.1 ({5081528F-5DD5-49BA-8213-9A6A13502497})
version: 86573057
version (major): 5
version (minor): 41
estimated size: 773
install date: 20060415
uninstall cmd: MsiExec.exe /I{5081528F-5DD5-49BA-8213-9A6A13502497}
publisher: Rainbow Technologies
help link: http://www.rainbow.com
help telephone: 1-800-852-8569
readme: readme.txt

V10CNT 10.0.0000 ({54009268-6154-4974-851C-D72ABDAC41F7})
version: 167772160
version (major): 10
estimated size: 1146
install date: 20060428
install source: C:\Program Files\Informax Installations\
uninstall cmd: MsiExec.exe /I{54009268-6154-4974-851C-D72ABDAC41F7}
publisher: Invitrogen Corporation
contact: Customer Support Department
help link: http://www.invitrogen.com/bioinformatics

user1
2006-06-14, 07:26
Logitech MouseWare 9.79.1 ({5809E7CF-4DCF-11D4-9875-00105ACE7734})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL

Spy Sweeper 4.5 ({5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1)
install location: C:\Program Files\Webroot\Spy Sweeper\
uninstall cmd: "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
publisher: Webroot Software, Inc.

ASUSDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

mCore 1.23.0000 ({6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A})
version: 18284544
version (major): 1
version (minor): 23
estimated size: 2967
install date: 20051104
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373

V10PFAM 10.0.0000 ({6E98B2F9-C11A-4444-8150-054FC7AC36E9})
version: 167772160
version (major): 10
estimated size: 241707
install date: 20060428
install source: C:\Program Files\Informax Installations\
uninstall cmd: MsiExec.exe /I{6E98B2F9-C11A-4444-8150-054FC7AC36E9}
publisher: Invitrogen Corporation
comments: PFAM Database Add-on Module
contact: Customer Support Department
help link: http://www.invitrogen.com/bioinformatics/support
help telephone: 1-800-357-3114

mIWCA 1.23.0000 ({6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626})
version: 18284544
version (major): 1
version (minor): 23
estimated size: 280
install date: 20051104
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373

Trend Micro PC-cillin Internet Security 2005 12.0 ({7698EDA5-A90F-4205-99CB-8FF6F9048ED9})
version: 201326592
version (major): 12
estimated size: 42489
install date: 20060603
install location: C:\PROGRA~1\TRENDM~1\INTERN~1\
install source: C:\Program Files\Trend Micro\PCC2005_1244\Setup\
uninstall cmd: MsiExec.exe /X{7698EDA5-A90F-4205-99CB-8FF6F9048ED9}
publisher: Trend Micro
help link: http://kb.trendmicro.com/solutions/
help telephone:

Wireless Console 1.09 ({83F73CB1-7705-49D1-9852-84D839CA2A45})
version: 17367040
install date: 20051104
install location: C:\Program Files\ASUS\Wireless Console
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\setup.exe" -l0x9 -removeonly
publisher: ASUS

Intel(R) Graphics Media Accelerator Driver for Mobile 6.14.10.4332 ({8A708DD8-A5E6-11D4-A706-000629E95E20})

mPfMgr 1.23.0000 ({8B928BA1-EDEC-4227-A2DA-DD83026C36F5})
version: 18284544
version (major): 1
version (minor): 23
estimated size: 728
install date: 20051104
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373

mHelp 1.23.0000 ({8C6BB412-D3A8-4AAE-A01B-35B681789D68})
version: 18284544
version (major): 1
version (minor): 23
estimated size: 224
install date: 20051104
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
publisher: Intel
comments: Help Files
contact: Customer Support Department
help link: http://www.intel.com
help telephone: 1-555-555-4505

Microsoft Office Professional Edition 2003 11.0.5614.0 ({90110409-6000-11D3-8CFE-0150048383C9})
version: 184554990
version (major): 11
estimated size: 531955
install date: 20060531
uninstall cmd: MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM

mPfWiz 1.23.0000 ({90B0D222-8C21-4B35-9262-53B042F18AF9})
version: 18284544
version (major): 1
version (minor): 23
estimated size: 528
install date: 20051104
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373

10.0.0000 ({91DBB3A0-B1B1-44A1-8AE1-9D184C32D07D})
version: 167772160
version (major): 10
estimated size: 8116
install date: 20060428
install source: C:\Program Files\Informax Installations\
uninstall cmd: MsiExec.exe /I{91DBB3A0-B1B1-44A1-8AE1-9D184C32D07D}
publisher: Invitroggen Corp
contact: Customer Support Department
help link: http://www.invitrogen.com/bioinformatics
help telephone: 1-555-555-4505

mZConfig 1.23.0000 ({94658027-9F16-4509-BBD7-A59FE57C3023})
version: 18284544
version (major): 1
version (minor): 23
estimated size: 465
install date: 20051104
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373

mXML 1.23.0000 ({9CC89556-3578-48DD-8408-04E66EBEF401})
version: 18284544
version (major): 1
version (minor): 23
estimated size: 28920
install date: 20051104
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373

Adobe Acrobat 7.0 Professional 7.0.0 ({AC76BA86-1033-0000-7760-000000000002})
version: 117440512
version (major): 7
estimated size: 442174
install date: 20060603
install location: C:\Program Files\Adobe\Acrobat 7.0\
install source: D:\MX\Downloads\Adobe Acrobat 7.0\Adobe Acrobat 7.0\
publisher: Adobe Systems
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Readme.htm

mEoU.msi 1.23.0000 ({B502B428-3386-40A9-98DB-079AAB72E64F})
version: 18284544
version (major): 1
version (minor): 23
estimated size: 1521
install date: 20051104
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373

V10NQ 10.0.0000 ({BE926D85-9B82-462A-A67A-B314911ACDA4})
version: 167772160
version (major): 10
estimated size: 9416
install date: 20060428
install source: C:\Program Files\Informax Installations\
uninstall cmd: MsiExec.exe /I{BE926D85-9B82-462A-A67A-B314911ACDA4}
publisher: Invitrogen Corporation
comments: No Comments
contact: Customer Support Department
help link: http://www.invitrogen.com/bioinformatics/support
help telephone: 1-800-357-3114

Symantec Network Drivers Update 5.5.1.6 ({CA0A1E54-CE0F-4366-B09C-A87B61DC5633})
version: 84213761
version (major): 5
version (minor): 5
estimated size: 2715
install date: 20051223
publisher: Symantec Corporation

MSN Messenger 7.5 7.5.0322.0 ({CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5})
version: 117768514
version (major): 7
version (minor): 5
estimated size: 15808
install date: 20060120
uninstall cmd: MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
publisher: Microsoft Corporation

Bluetooth Stack for Windows by Toshiba v3.03.07(AS) ({CEBB6BFB-D708-4F99-A633-BC2600E01EF6})
version: 50528263
version (major): 3
version (minor): 3
estimated size: 24764
install date: 20051104
uninstall cmd: MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}

V10CC 10.0.0000 ({D65B253D-52FC-4CC4-9BEC-9D3B11E7E670})
version: 167772160
version (major): 10
estimated size: 1012
install date: 20060428
install source: C:\Program Files\Informax Installations\
uninstall cmd: MsiExec.exe /I{D65B253D-52FC-4CC4-9BEC-9D3B11E7E670}
publisher: Invitrogen Corporation
comments: Unvisible part of V9
contact: Customer Support Department
help link: http://www.invitrogen.com/BioinformaticsProductUpdate
help telephone: 1-877-357-3114

ACDSee for Pentax 2.0 6.0.9 ({D8320DD6-FE47-41DE-B116-4158B7AE3F37})
version: 100663305
version (major): 6
estimated size: 41437
install date: 20051224
install location: C:\Program Files\ACD Systems\
install source: C:\WINDOWS\Downloaded Installations\{25D23AE7-0A18-4894-A076-024E544772BA}\
uninstall cmd: MsiExec.exe /I{D8320DD6-FE47-41DE-B116-4158B7AE3F37}
publisher: ACD Systems Ltd.
comments: This database contains the necessary files and logic to install ACDSee and additional support programs and plug-ins where appropriate
contact: Technical Support
help link: http://www.acdsystems.com/English/Support
help telephone: 250-544-6701
readme: ""

WinFlash ({DE10AB76-4756-4913-BE25-55D1C1051F9A})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9

mMHouse 1.23.0000 ({F0BFC7EF-9CF8-44EE-91B0-158884CD87C5})
version: 18284544
version (major): 1
version (minor): 23
estimated size: 1646
install date: 20051104
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373

Realtek High Definition Audio Driver ({F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE

Brother HL-2040 1.00 ({F51A0E47-5D12-45D3-A1F1-B62800768F11})
version: 16777216
install date: 20060306
install location: C:\Program Files\Brother\BRHL2040
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F51A0E47-5D12-45D3-A1F1-B62800768F11}\SETUP.exe" -l0x9 -removeonly /uninst
publisher: Brother

mDrWiFi 1.23.0000 ({F6090A17-0967-4A8A-B3C3-422A1B514D49})
version: 18284544
version (major): 1
version (minor): 23
estimated size: 274
install date: 20051104
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
publisher: Intel Corporation
comments: Your Comments
contact: Customer Support Department
help link: http://www.intel.com/support
help telephone: +1 (800) 538-3373

({F64306A5-4C32-41bb-B153-53986527FAB4})

Vector NTI 10 10.0.0000 ({F78E411F-68D8-4D99-ABF5-B86DC05D29FB})
version: 167772160
version (major): 10
estimated size: 77765
install date: 20060428
install source: C:\Program Files\Informax Installations\
uninstall cmd: MsiExec.exe /I{F78E411F-68D8-4D99-ABF5-B86DC05D29FB}
publisher: Invitrogen Corporation
comments: Vector NTI Advance 10 Main Module
contact: Customer Support Department
help link: http://www.invitrogen.com/bioinformatics
help telephone: 1-877-357-3114

mWlsSafe 9.00.0000 ({FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4})
version: 150994944
version (major): 9
install date: 20051104
install source: C:\WINDOWS\Installer\iprodata\
uninstall cmd: MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
publisher: Intel
comments: Pseudo NCS Install
contact: Customer Support Department
help link: http://www.intel.com
help telephone: 1-555-555-4505

user1
2006-06-14, 07:28
Here are the ewido and HJT logs
I will be waiting for instructions on what to do next
Thank you


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 13:51:12, 14/06/2006
+ Report-Checksum: C67BA6F5

+ Scan result:

No infected objects found.


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 14:06:20, on 14/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &All by FD - file://C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
O8 - Extra context menu item: Download with &FD - file://C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files\Invitrogen\Vector NTI Advance 10\Ncbi.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

LonnyRJones
2006-06-14, 08:45
Post the c:\rapport.txt please and mention any current problems

user1
2006-06-14, 13:53
here's the rapport.txt
I don't seem to have any problems now.
thank you


SmitFraudFix v2.57

Scan done at 12:50:26.31, 14/06/2006
Run from C:\Documents and Settings\MX\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{5aaf6542-f4ba-4df4-873d-4902ecbe794c}"="acheweed"

[HKEY_CLASSES_ROOT\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
@="C:\WINDOWS\system32\acvgxw.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
@="C:\WINDOWS\system32\acvgxw.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\acvgxw.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

LonnyRJones
2006-06-14, 17:45
"I don't seem to have any problems now."

Great

Delete smithfraudfix, if ever needed again it will have been changed.

Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month

To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279