View Full Version : Spyware Quake [Smitfraud]
Hi,
Have followed the instructions provided for removal of desktop type hijacks, however am still encountering popups and unknown applications attempting to access the internet.
The following are my logs for Smitfraud fix, HijackThis, Spybot S&D and trial version of Ewido.
Would appreciate any assistance that can be provided to help analyze the logs and advice as to what I may have missed out or needs to be done to clean my computer from this malware. Thank you in advance.
jason
SmitFraudFix v2.58
Scan done at 2:32:56.34, Sun 06/11/2006
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 8:58:19 AM, 6/11/2006
+ Report-Checksum: F5904F5B
+ Scan result:
HKLM\SOFTWARE\Classes\WinRes.WindowsResources -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WinRes.WindowsResources\CLSID -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WinRes.WindowsResources\CurVer -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WinRes.WindowsResources.1 -> Adware.CoolWebSearch : Cleaned with backup
C:\Program Files\IBM\checker\pskill.exe -> Not-A-Virus.NetTool.Win32.PsKill : Cleaned with backup
C:\temp\checkerinx.exe/pskill.exe -> Not-A-Virus.NetTool.Win32.PsKill : Error during cleaning
::Report End
--- Search result list ---
CoolWWWSearch.BadZoneMap: Settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-974258482-2525228948-2548678636-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com\*!=W=4
CoolWWWSearch.WinRes: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{5CDE145A-B6B9-408D-A8CC-F9CA040BA7A4}
CoolWWWSearch.WinRes: Trusted Site (Registry change, fixed)
HKEY_USERS\S-1-5-21-974258482-2525228948-2548678636-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\offshoreclicks.com\*!=W=4
CoolWWWSearch.WinRes: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{344EE577-2027-4714-82FF-0D7538488547}
Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-02-22 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-06-10 Includes\Cookies.sbi (*)
2006-06-10 Includes\Dialer.sbi (*)
2006-06-10 Includes\Hijackers.sbi (*)
2006-06-10 Includes\Keyloggers.sbi (*)
2006-06-10 Includes\Malware.sbi (*)
2006-06-10 Includes\PUPS.sbi (*)
2006-06-10 Includes\Revision.sbi (*)
2006-06-10 Includes\Security.sbi (*)
2006-06-10 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-06-10 Includes\Trojans.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB887797
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Update for Windows XP (KB917425)
--- Startup entries list ---
Located: HK_LM:Run, ACTray
command: C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
file: C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
size: 409600
MD5: f5a4aa5b24d4821963db9037d116258e
Located: HK_LM:Run, ACUMon
command: "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -a
file: C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
size: 364544
MD5: 612495556c82e4c85c920d6a8b78964b
Located: HK_LM:Run, ACWLIcon
command: C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
file: C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
size: 98304
MD5: 7559c4b77115007019cf62ae4a995f17
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88363
MD5: c0041bb27e2e5b0550c179ecf53425cd
Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 344064
MD5: 5fc1ab7cdabd2afa52b114fe7aa77f15
Located: HK_LM:Run, BLOG
command: rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, BMMGAG
command: RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
file:
Located: HK_LM:Run, BMMLREF
command: C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
file: C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
size: 20480
MD5: ab8f79ad286a4fbf1f3f5b1058858051
Located: HK_LM:Run, BMMMONWND
command: rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, c44eb0cc.exe
command: C:\WINDOWS\system32\c44eb0cc.exe
file: C:\WINDOWS\system32\c44eb0cc.exe
size: 13312
MD5: fdf38e80663ad68a2a6e06566abf6dcf
Located: HK_LM:Run, C4EBReg
command: "C:\Program Files\C4ebreg\c4ebreg.exe" /q
file: C:\Program Files\C4ebreg\c4ebreg.exe
size: 315392
MD5: b46f8251f89f2d67a750b5883817d2c7
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 67184
MD5: eb992a85c604a9977e1161e6560ba611
Located: HK_LM:Run, cssauth
command: "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
file: C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
size: 1996336
MD5: 6902f7c3cf78150d7900cb5c13015a06
Located: HK_LM:Run, ICQ Lite
command: C:\Program Files\ICQLite\ICQLite.exe -minimize
file:
Located: HK_LM:Run, IMJPMIG8.1
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208952
MD5: 7bbe4cf421aecc7f0226edd75f12079f
Located: HK_LM:Run, ISAMTray
command: "C:\Program Files\C4ebreg\isamtray.exe"
file: C:\Program Files\C4ebreg\isamtray.exe
size: 221184
MD5: 40786823c85922f3ebb25a0fe7e00ee7
Located: HK_LM:Run, ISSI EZUpdate Service
command: "c:\sdwork\issimsvc.exe"
file: c:\sdwork\issimsvc.exe
size: 195584
MD5: 71fa7c969692e1a999318aa62d7724ed
Located: HK_LM:Run, pdfFactory Dispatcher v1
command: "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe" /source=HKLM
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
size: 487424
MD5: cf83701016b7e98ed9d32334addb95ea
Located: HK_LM:Run, PDService.exe
command: "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
file: C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
size: 49152
MD5: c997e2accd65259e49875f4d4ba80733
Located: HK_LM:Run, PRONoMgrWired
command: C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
file: C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
size: 86016
MD5: 31f4726648a033f3000b340331d9c55b
Located: HK_LM:Run, SoundMAX
command: C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
file:
Located: HK_LM:Run, SoundMAXPnP
command: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
file: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
size: 1388544
MD5: c06f1a3ff958a10f828eee828623e193
Located: HK_LM:Run, stgclean
command: c:\sdwork\w32main2.exe /cleanup
file: c:\sdwork\w32main2.exe
size: 260608
MD5: e63d680afc9e3fe2a73421f608093c31
Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61a3a9d5d98bf0331df5b716144a8100
Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 512000
MD5: 1d858862f87672ec99cf03bc9e4adeb8
Located: HK_LM:Run, SynTPLpr
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 110592
MD5: 102653fc100d33a0b6c01c9917ad66a0
Located: HK_LM:Run, TP4EX
command: tp4ex.exe
file: C:\WINDOWS\system32\tp4ex.exe
size: 65536
MD5: 38f143a10a8e723026499041501b9563
Located: HK_LM:Run, Tpam.exe
command: "C:\Program Files\IBM\Personal Communications\tpam.exe"
file: C:\Program Files\IBM\Personal Communications\tpam.exe
size: 28672
MD5: b91575d581793f9a782f7d9ff41303db
Located: HK_LM:Run, TPHOTKEY
command: C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
file: C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
size: 94208
MD5: 9a99cb3dc649bcc9d3f00599c008f881
Located: HK_LM:Run, TPKBDLED
command: C:\WINDOWS\system32\TpScrLk.exe
file: C:\WINDOWS\system32\TpScrLk.exe
size: 40960
MD5: 11b38e81029d837a54ce5af675b50912
Located: HK_LM:Run, TPKMAPHELPER
command: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
file:
Located: HK_LM:Run, vptray
command: C:\PROGRA~1\SYMANT~1\VPTray.exe
file: C:\PROGRA~1\SYMANT~1\VPTray.exe
size: 120640
MD5: fb7c5949dca2d774461758c0f259f470
Located: HK_LM:Run, Zone Labs Client
command: "C:\Program Files\CheckPoint\Integrity Client\iclient.exe"
file: C:\Program Files\CheckPoint\Integrity Client\iclient.exe
size: 931584
MD5: a1ebf351300c0f3110660c2d02870fd8
Located: HK_CU:Run, c44eb0cc.exe
command: C:\Documents and Settings\Administrator\Local Settings\Application Data\c44eb0cc.exe
file: C:\Documents and Settings\Administrator\Local Settings\Application Data\c44eb0cc.exe
size: 13312
MD5: fdf38e80663ad68a2a6e06566abf6dcf
Located: HK_CU:Run, MsnMsgr
command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
size: 5278504
MD5: 2b4cf7ba3122e1b2270f3cdd47f3deb5
Located: HK_CU:Run, Yahoo! Pager
command: "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
file: C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
size: 3334144
MD5: e9181dd46f01a3936523ae46a264dd62
Located: HK_CU:RunOnce, ICQ Lite
command: C:\Program Files\ICQLite\ICQLite.exe -trayboot
file:
Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0
Located: Startup (common), BTTray.lnk
command: C:\Program Files\IBM\Bluetooth Software\BTTray.exe
file: C:\Program Files\IBM\Bluetooth Software\BTTray.exe
size: 507965
MD5: 037731588de041a80ba15d558d976eb6
Located: Startup (disabled), Lotus QuickStart (DISABLED)
command: C:\lotus\wordpro\ltsstart.exe
file: C:\lotus\wordpro\ltsstart.exe
size: 32768
MD5: 9ce8609b5a64fd4abc94180bfddedcb8
Located: System.ini, ACNotify
command: ACNotify.dll
file: ACNotify.dll
Located: System.ini, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
Located: System.ini, atmgrtok
command: atmgrtok.dll
file: atmgrtok.dll
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, NavLogon
command: C:\WINDOWS\system32\NavLogon.dll
file: C:\WINDOWS\system32\NavLogon.dll
size: 55104
MD5: f4edb3a832b79b34497478a589a13f9d
Located: System.ini, pcsinst
command: pcsinst.dll
file: pcsinst.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, tpfnf2
command: notifyf2.dll
file: notifyf2.dll
Located: System.ini, tphotkey
command: tphklock.dll
file: tphklock.dll
Located: System.ini, winvrw32
command: winvrw32.dll
file: winvrw32.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 9/24/2005 12:12:08 PM
Date (last access): 6/11/2006 9:04:58 AM
Date (last write): 1/12/2006 8:38:22 PM
Filesize: 63128
Attributes: archive
MD5: F17B2B264072B921FC66A0BE16626BAB
CRC32: 5184CFEA
Version: 7.0.7.142
{16664845-0E00-11D2-8059-000000000000} (ClickCatcher MSIE handler)
BHO name:
CLSID name: ClickCatcher MSIE handler
description: ReGet
classification: Legitimate
known filename: Catcher.dll
info link: http://deluxe.reget.com/en/
info source: TonyKlein
Path: C:\Program Files\Common Files\ReGet Shared\
Long name: Catcher.dll
Short name:
Date (created): 6/11/2006 1:13:38 AM
Date (last access): 6/11/2006 9:04:58 AM
Date (last write): 3/8/2005 3:22:54 PM
Filesize: 294964
Attributes: archive
MD5: 448BB5718CFD2D8F8D02DBFECBCE87BD
CRC32: E02A0D06
Version: 1.0.0.93
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 2/22/2006 1:54:36 PM
Date (last access): 6/11/2006 9:00:38 AM
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 3/2/2006 1:53:00 PM
Date (last access): 6/11/2006 9:04:58 AM
Date (last write): 11/10/2005 1:22:12 PM
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 4/7/2006 12:02:02 AM
Date (last access): 6/11/2006 9:04:58 AM
Date (last write): 4/7/2006 12:02:02 AM
Filesize: 323904
Attributes: archive
MD5: B30FAF9FD36BB993A5FB3A3AFE0E3703
CRC32: 53C1960B
Version: 4.0.246.1
--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
{11865A2A-649F-4FA1-8B99-B97DF8070B7C} (IWSystemchecks Control)
DPF name:
CLSID name: IWSystemchecks Control
Installer: C:\WINDOWS\Downloaded Program Files\iwsystemchecks.inf
Codebase: http://ivc.interwise.com/ibmsg/English/ActiveX/IWsystemchecks.cab
description:
classification: Open for discussion
known filename: IWSystemChecks.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: IWSystemChecks.ocx
Short name: IWSYST~1.OCX
Date (created): 3/30/2005 10:25:54 AM
Date (last access): 6/3/2006 5:59:20 PM
Date (last write): 3/30/2005 10:25:54 AM
Filesize: 684032
Attributes: archive
MD5: 915BE7177DD19908D3D482D63327F042
CRC32: 2498DCCF
Version: 5.9.10.0
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 5/17/2006 11:23:38 AM
Date (last access): 6/7/2006 9:01:30 PM
Date (last write): 5/17/2006 11:23:38 AM
Filesize: 579888
Attributes: archive
MD5: 99619B070D9AF903E874C2968FEE1E24
CRC32: 87EA3AB2
Version: 1.5.530.0
{253A9D23-F982-11D4-8BE4-00D0B7E61414} (SiebelHTMLApplication Class)
DPF name:
CLSID name: SiebelHTMLApplication Class
Installer: C:\WINDOWS\Downloaded Program Files\siebelhtml.inf
Codebase: https://w3-602.ibm.com/transform/crm/asia_pacific/my/callcenter/16199/applets/siebelhtml.cab
{6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5)
DPF name:
CLSID name: Housecall ActiveX 6.5
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\hcImpl.inf
Codebase: http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
Long name: Housecall_ActiveX.dll
Short name: HOUSEC~1.DLL
Date (created): 2/2/2006 4:22:42 PM
Date (last access): 6/3/2006 5:59:20 PM
Date (last write): 2/2/2006 4:22:42 PM
Filesize: 357376
Attributes: archive
MD5: D91BD5AA0DA1728C1B11ECB5A7D4B3D7
CRC32: B40F7F41
Version: 6.5.2.7
{7A162288-DE78-473C-A6BA-23FF17F768E9} (AxWebInstaller Control)
DPF name:
CLSID name: AxWebInstaller Control
Installer: C:\WINDOWS\Downloaded Program Files\AxWebInstaller.inf
Codebase: http://ivc.interwise.com/ibmsg/application/EventEntry/AxWebInstaller.cab
Path: C:\WINDOWS\DOWNLO~1\
Long name: AxWebInstaller.ocx
Short name: AXWEBI~1.OCX
Date (created): 8/16/2005 9:29:08 AM
Date (last access): 6/3/2006 5:59:20 PM
Date (last write): 8/16/2005 9:29:08 AM
Filesize: 57344
Attributes: archive
MD5: 5CC51DC1DDC19BA58DF59146390702F1
CRC32: BD71A2EE
Version: 6.0.8.0
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 1:52:58 PM
Date (last access): 6/3/2006 5:54:40 PM
Date (last write): 11/10/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
description:
classification: Legitimate
known filename: messengerstatsclient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: messengerstatsclient.dll
Short name: MESSEN~1.DLL
Date (created): 5/29/2003 3:00:20 PM
Date (last access): 6/11/2006 9:03:42 AM
Date (last write): 5/29/2003 3:00:20 PM
Filesize: 160864
Attributes: archive
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 7.1.9502.1
{8F4F3368-54CA-4268-8225-0F4367472CF4} (MailClient Class)
DPF name:
CLSID name: MailClient Class
Installer: C:\WINDOWS\Downloaded Program Files\SiebExtMailClient.inf
Codebase: https://w3-602.ibm.com/transform/crm/asia_pacific/my/callcenter/16199/applets/SiebExtMailClient.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: siebextmailclient.dll
Short name: SIEBEX~1.DLL
Date (created): 2/16/2005 8:39:18 PM
Date (last access): 6/11/2006 9:03:42 AM
Date (last write): 2/16/2005 8:39:18 PM
Filesize: 311568
Attributes: archive
MD5: 2A4D6FBEC27B9FA6643D7744AA1C13B0
CRC32: CCC450F4
Version: 7.5.3.16199
{9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class)
DPF name:
CLSID name: LNWebAssist Class
Installer:
Codebase: http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
Path: C:\WINDOWS\DOWNLO~1\
Long name: LNWebAssist.dll
Short name: LNWEBA~1.DLL
Date (created): 5/16/2005 8:48:06 PM
Date (last access): 6/11/2006 9:03:42 AM
Date (last write): 5/16/2005 8:48:06 PM
Filesize: 143360
Attributes: archive
MD5: 7B7CF4263804DBC39BB6C296E64A3F3D
CRC32: 43C010AB
Version: 1.0.0.16
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab
description:
classification: Open for discussion
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 12/19/2005 1:35:32 PM
Date (last access): 6/11/2006 9:03:42 AM
Date (last write): 4/11/2006 5:10:10 PM
Filesize: 135168
Attributes: archive
MD5: 7267AE9C8DF527C30885DC29687D2A9B
CRC32: 1B1733A3
Version: 58.5.0.0
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 1:52:58 PM
Date (last access): 6/11/2006 9:13:02 AM
Date (last write): 11/10/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 1:52:58 PM
Date (last access): 6/11/2006 9:13:02 AM
Date (last write): 11/10/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8b.ocx
Short name:
Date (created): 3/31/2006 11:45:12 AM
Date (last access): 6/11/2006 2:25:38 AM
Date (last write): 3/31/2006 11:45:12 AM
Filesize: 1443464
Attributes: readonly archive
MD5: 12719EDDAAB9CAEEF28C6E58192F594B
CRC32: 680E085C
Version: 8.0.24.0
{E9077188-6DCA-42A2-8FA3-BE7BED5A95B2} (Siebel Option Pack for IE 7.5.3)
DPF name:
CLSID name: Siebel Option Pack for IE 7.5.3
Installer: C:\WINDOWS\Downloaded Program Files\SiebelOptionPack.inf
Codebase: https://w3-602.ibm.com/transform/crm/asia_pacific/my/callcenter/16199/applets/SiebelOptionPack.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ieop_aom_39a00113-2b68-4bc0-9a98-fbe2375763ff.dll
Short name: IEOP_A~1.DLL
Date (created): 11/15/2005 12:20:26 AM
Date (last access): 6/11/2006 9:03:42 AM
Date (last write): 11/15/2005 12:20:26 AM
Filesize: 639248
Attributes: archive
MD5: 99F6F3357D29B42A78888FBE74B7BF02
CRC32: FE087514
Version: 7.5.3.11
--- Process list ---
PID: 0 ( 0) [System]
PID: 152 ( 4) \SystemRoot\System32\smss.exe
PID: 204 ( 152) \??\C:\WINDOWS\system32\csrss.exe
PID: 228 ( 152) \??\C:\WINDOWS\system32\winlogon.exe
PID: 272 ( 228) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 284 ( 228) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 436 ( 272) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 492 ( 272) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 532 ( 272) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 920 ( 900) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1508 ( 920) C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
size: 71288
MD5: 6C37AD8C2212D3DDC456BB48A3AA398E
PID: 1468 ( 920) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 6/11/2006 9:13:03 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchURL
prosearching.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page_bak
prosearching.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchURL
prosearching.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2139E8B7-1719-46FF-80A5-073C3F051BF5}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2139E8B7-1719-46FF-80A5-073C3F051BF5}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6519596C-F63A-49F1-88FC-3D2A6152AF22}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6519596C-F63A-49F1-88FC-3D2A6152AF22}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{15FB3143-7387-4578-9EE8-5F463B8ADFF7}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{15FB3143-7387-4578-9EE8-5F463B8ADFF7}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{44B0CB7D-218F-46BC-A474-EF4A0F14F24B}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{44B0CB7D-218F-46BC-A474-EF4A0F14F24B}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0F9FFB71-A47A-4F8A-8686-A955C396C89A}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0F9FFB71-A47A-4F8A-8686-A955C396C89A}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A45EF429-57EC-44C0-8034-9E73583BCBD3}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A45EF429-57EC-44C0-8034-9E73583BCBD3}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{784412BF-B8E0-4AAA-8734-327454F0F0B6}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{784412BF-B8E0-4AAA-8734-327454F0F0B6}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DA2D2D34-90D4-44EF-AF5F-C04197FABD9A}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DA2D2D34-90D4-44EF-AF5F-C04197FABD9A}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
--- Uninstall list ---
Windows Driver Package - MSN (usbccgp) USB (04/19/2006 1.1.0.2) 04/19/2006 1.1.0.2 (60A5FC6E548B5906438A6A163A886BAF2BE75AA9)
uninstall cmd: rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\WLPhoneC_A6FBDDFD78E9FD2D94C453BC7FCFBE6BEE0A125E\WLPhoneC.inf
publisher: MSN
(AddressBook)
Adobe Atmosphere Player for Acrobat and Adobe Reader (Adobe Atmosphere Player)
uninstall cmd: C:\WINDOWS\atmoUn.exe
Agere Systems AC'97 Modem 2.1.31 (Agere Systems Soft Modem)
uninstall cmd: agrsmdel
ATI - Software Uninstall Utility 6.14.10.1012 (All ATI Software)
install location: C:\Program Files\ATI Technologies\UninstallAll
uninstall cmd: C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Aspell English Dictionary-0.50-2 (Aspell English Dictionary_is1)
uninstall cmd: "C:\Program Files\Aspell\unins001.exe"
publisher: GNU
AT&T Network Client (AT&T Network Client {C:,PROGRA~1,AT&TNE~1,})
uninstall cmd: C:\Program Files\AT&T Network Client\NetUN.exe
ATI Display Driver 8.133.2-050525a-024243C-IBM (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Azureus 2.4.0.2 (Azureus)
install location: C:\Program Files\Azureus
uninstall cmd: C:\Program Files\Azureus\Uninstall.exe
Cisco Aironet Installation Wizard (CiscoInstallWizard)
uninstall cmd: C:\WINDOWS\Cisco\DInstall\IWSetup.exe /cp
(Connection Manager)
Cowabanga by OIN (Cowabanga)
uninstall cmd: C:\Program Files\Cowabanga\uninstaller.exe
(DirectAnimation)
(DirectDrawEx)
(DXM_Runtime)
ewido anti-malware (ewidoantimalware)
install location: C:\Program Files\ewido anti-malware
uninstall cmd: C:\Program Files\ewido anti-malware\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net
FinePrint pdfFactory (FinePrint pdfFactory)
uninstall cmd: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppinst1.exe /uninstall
(Fontcore)
Gaim (remove only) (Gaim)
uninstall cmd: C:\Program Files\Gaim\gaim-uninst.exe
GNU Aspell 0.50-3 (GNU Aspell_is1)
uninstall cmd: "C:\Program Files\Aspell\unins000.exe"
publisher: GNU
help link: http://mail.gnu.org/mailman/listinfo/aspell-user
GTK+ Runtime 2.6.9 rev a (remove only) (GTK 2.0)
uninstall cmd: C:\Program Files\Common Files\GTK\2.0\uninst.exe
IBM Ayudame (IBM Ayudame)
uninstall cmd: C:\WINDOWS\ai2919.exe Patient
IBM Printer Software Uninstall (IBM Printer Software Uninstall)
uninstall cmd: C:\Program Files\IBM\Install\Uninstall.exe
ICQ 5 (ICQLite)
uninstall cmd: C:\Program Files\ICQLite\ICQLiteUninstall.EXE
(ICW)
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
(InstallShield Uninstall Information)
Disk Magic 6.2.1 (InstallShield_{3464D083-C1A0-43BD-B233-7B01C331DD6D})
version: 100794369
version (major): 6
version (minor): 2
estimated size: 10340
install date: 20060605
install location: C:\Program Files\Disk Magic\
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_is38\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3464D083-C1A0-43BD-B233-7B01C331DD6D}
publisher: IntelliMagic
Interwise Participant (Interwise Participant)
install location: c:\program files\interwise\participant
uninstall cmd: c:\program files\interwise\participant\iwuninst.exe
ISCI Documentation (ISCI25dc)
uninstall cmd: rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 132 C:\WINDOWS\INF\ISCI25dc.inf
Windows XP Hotfix - KB867282 20050127.090417 (KB867282)
uninstall cmd: C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=867282
Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333
Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339
Security Update for Windows XP (KB883939) 1 (KB883939)
install date: 20050713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883939
(KB884016)
Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250
Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835
Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836
(KB885884)
Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185
Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472
Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742
Windows XP Hotfix - KB887797 20041018.133824 (KB887797)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887797
Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113
Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302
Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20050713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046
Windows XP Hotfix - KB890047 20041221.124506 (KB890047)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890047
Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175
Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20050413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859
Windows XP Hotfix - KB890923 1 (KB890923)
install date: 20050413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890923
Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781
Windows XP Hotfix - KB893066 1 (KB893066)
install date: 20050413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066
Windows XP Hotfix - KB893086 1 (KB893086)
install date: 20050413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086
Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20051125
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756
Windows Installer 3.1 (KB893803) 3.1 (KB893803)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467
Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467
Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20050713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358
Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20050713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422
Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20051125
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423
Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20051125
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424
Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20050713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428
Security Update for Windows XP (KB896688) 1 (KB896688)
install date: 20051125
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896688
Update for Windows XP (KB896727) 1 (KB896727)
install date: 20051125
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896727
Update for Windows XP (KB898461) 1 (KB898461)
install date: 20050713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461
Security Update for Windows XP (KB899588) 1 (KB899588)
install date: 20051125
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899588
Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20051125
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725
Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20050714
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214
Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20051125
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400
Security Update for Windows XP (KB903235) 1 (KB903235)
install date: 20050713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903235
Security Update for Windows XP (KB904706) 1 (KB904706)
install date: 20051125
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706
Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20051125
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749
Security Update for Windows XP (KB905915) 1 (KB905915)
install date: 20060222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915
Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519
Security Update for Windows XP (KB908531) 1 (KB908531)
install date: 20060504
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531
Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20060504
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562
Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20060222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564
Security Update for Windows XP (KB911567) 1 (KB911567)
install date: 20060504
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567
Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20060222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927
Security Update for Windows XP (KB912812) 1 (KB912812)
install date: 20060425
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912812
Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919
Update for Windows XP (KB917425) 1 (KB917425)
install date: 20060425
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917425$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917425
LiveUpdate 2.0 (Symantec Corporation) 2.0.39.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation
Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Macromedia Shockwave Player 10.1.0.11 (Macromedia Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Macromedia, Inc.
help link: http://www.macromedia.com/support/shockwave
Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
(MobileOptionPack)
Mozilla Firefox (1.5.0.4) 1.5.0.4 (en-US) (Mozilla Firefox (1.5.0.4))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.4 (en-US)"
publisher: Mozilla
(MPlayer2)
(MSI30-Beta1)
(MSI30-Beta2)
(MSI30-KB884016)
(MSI30-RC1)
(MSI30-RC2)
(MSI30a-KB884016)
(MSI31-Beta)
(MSI31-RC1)
(MsJavaVM)
(NetMeeting)
(OutlookExpress)
IBM ISMA Peer-To-Peer (P2P GUI)
install location: C:\Program Files\ibm\P2P GUI
uninstall cmd: rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 132 C:\WINDOWS\inf\p2pgui.inf
Panda ActiveScan (Panda ActiveScan)
uninstall cmd: C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
publisher: Panda Software S.L.
Panda spyXposer (Panda spyXposer)
uninstall cmd: C:\WINDOWS\system32\ASUninst.exe Panda spyXposer
publisher: Panda Software S.L.
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
IBM ThinkPad Battery MaxiMiser and Power Management Features 1.38 (Power Features)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unbmm.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsbmm.dll"
ThinkPad Power Management Driver 1.33 (Power Management Driver)
uninstall cmd: RunDll32.exe tpinspm.dll,Uninstall
IBM ThinkPad Presentation Director 2.33 (Presentation Director)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
Intel(R) PRO Network Adapters and Drivers (PROSet)
uninstall cmd: Prounstl.exe
(RecordNow.exe)
uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
Recover My Files 3.9.2.3353 (Recover My Files_is1)
install location: C:\Program Files\GetData\Recover My Files\
uninstall cmd: "C:\Program Files\GetData\Recover My Files\unins000.exe"
publisher: GetData Pty Ltd
contact: support@getdata.com
help link: http://support.getdata.com
ReGet Deluxe 4.2 (ReGetDx)
uninstall cmd: C:\Program Files\ReGetDx\regetdx.exe -uninstall
(SchedulingAgent)
(Sevinst)
(Shockwave)
Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/
Snapshot Viewer (Snapshot Viewer)
uninstall cmd: C:\Program Files\Snapshot Viewer\Setup\Setup.exe /T snap90.stf
Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
SpywareBlaster v3.5.1 3.5.1 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC
ThinkPad UltraNav Driver 7.5.17.20 (SynTPDeinstKey)
uninstall cmd: rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad FullScreen Magnifier 1.16 (ThinkPad FullScreen Magnifier)
uninstall cmd: RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.inf
Scroll Lock Indicator Utility 1.07 (TPKBDLED)
uninstall cmd: RunDll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\TpScrLk.inf
VideoLAN VLC media player 0.8.4a 0.8.4a (VLC media player)
uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe
publisher: VideoLAN Team
WinAce Archiver 2.6 (WinAce Archiver)
uninstall cmd: C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
publisher: e-merge GmbH
help link: mailto:techsupport@winace.com
Windows Live Safety Scanner (Windows Live Safety Scanner)
uninstall cmd: RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Yazzle by OIN (Y1123Oin)
uninstall cmd: "C:\Program Files\Common Files\Y1123OU.exe"
Yahoo! Messenger (Yahoo! Messenger)
uninstall cmd: C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ATI Control Panel 6.14.10.5154 ({0BEDBD4E-2D34-47B5-9973-57E62B29307C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
Lotus NotesSQL 3.01 driver ({113EECD6-9A04-11D4-811D-00805F923B86})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{113EECD6-9A04-11D4-811D-00805F923B86}\Setup.exe" -uninst
IBM Rescue and Recovery with Rapid Restore 2.02.0178.011 ({11783F13-C3A9-44A8-929B-21A476F65272})
version: 33685682
version (major): 2
version (minor): 2
estimated size: 38803
install date: 20050406
install location: C:\Program Files\IBM\IBM Rapid Restore Ultra\
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_is2\
uninstall cmd: MsiExec.exe /X{11783F13-C3A9-44A8-929B-21A476F65272}
publisher: IBM
help link: http://www.ibm.com/support
help telephone: 1-888-IBM-HELP
Intel(R) PROSet for Wired Connections 7.10.0000 ({16906D21-0656-4F8B-9A01-C3D24B5401FC})
version: 118095872
version (major): 7
version (minor): 10
estimated size: 15591
install date: 20060526
install source: C:\DRIVERS\1URC13WW\APPS\PROSet\W2KWS03\
uninstall cmd: MsiExec.exe /I{16906D21-0656-4F8B-9A01-C3D24B5401FC}
publisher: Intel
comments: Intel(R) PROSet installation package
contact: Intel Customer Support
help link: http://support.intel.com
IBM BladeCenter and xSeries Power Configurator v4.3.5.3 4.3.5.3 ({1BB975B6-C460-4EF1-B5F1-DD4398930F3D})
version: 67305477
version (major): 4
version (minor): 3
estimated size: 23710
install date: 20060424
install source: C:\Documents and Settings\Administrator\Desktop\Share\xSeries Power Tool\
uninstall cmd: MsiExec.exe /I{1BB975B6-C460-4EF1-B5F1-DD4398930F3D}
publisher: IBM xSeries Power Development
IBM Standalone Solutions Configuration Tool 1.3.5 ({1E0FB335-ACE4-47CB-9F70-305D2FB2A3EF})
version: 16973829
install date: 20060520
install location: C:\Program Files\IBM Standalone Solutions Configuration Tool
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bye1A.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E0FB335-ACE4-47CB-9F70-305D2FB2A3EF}\setup.exe" -l0x9 -uninst -removeonly
publisher: IBM
ThinkPad Keyboard Customizer Utility 1.3.32.0 ({2111B23F-7FDA-4A41-8309-E5A1663CA296})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\setup.exe" -l0x9 anything
Ad-Aware SE Plus 1.06 ({2469F39C-54EC-4DDE-AA02-FF9633F20190})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 3997
install date: 20060222
install source: C:\Documents and Settings\Administrator\Desktop\Share\Applications\Anti SpyWare\AdAware\
uninstall cmd: MsiExec.exe /X{2469F39C-54EC-4DDE-AA02-FF9633F20190}
publisher: Lavasoft
help link: http://www.lavasoft.de
Integrity Flex 06.00.1160 ({28FA2436-4092-422C-AEBB-2BF9336CFC19})
version: 100664456
version (major): 6
estimated size: 9502
install date: 20050713
install location: C:\Program Files\CheckPoint\Integrity Client\
install source: C:\WINDOWS\Downloaded Installations\{117A488F-7F9C-4425-B22F-313D46FCF32F}\
publisher: Check Point, Inc.
comments: << Check Point Inc. >>
contact: -
help link: http://www.checkpoint.com/
MetaFrame Presentation Server Client 8.103.31055 ({2AA3367E-690F-4896-A617-A6924CFCEEBD})
version: 140998991
version (major): 8
version (minor): 103
estimated size: 10452
install date: 20060222
install location: C:\Program Files\Citrix\ICA Client\
install source: E:\swd\_tb03468\imgwin\ica80100\en\
uninstall cmd: MsiExec.exe /I{2AA3367E-690F-4896-A617-A6924CFCEEBD}
publisher: Citrix Systems, Inc.
contact: Citrix Systems, Inc.
help telephone: 1-800-424-8749
J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 148501
install date: 20060503
install source: C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_06\README.txt
Disk Magic 6.2.1 ({3464D083-C1A0-43BD-B233-7B01C331DD6D})
version: 100794369
version (major): 6
version (minor): 2
estimated size: 10340
install date: 20060605
install location: C:\Program Files\Disk Magic\
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_is38\
publisher: IntelliMagic
WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20050404
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows
8.00.0005 ({403EF592-953B-4794-BCEF-ECAB835C2095})
version: 134217733
version (major): 8
install date: 20060526
install source: C:\DRIVERS\1URC13WW\APPS\PROSet\W2KWS03\
uninstall cmd: MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
publisher: Intel
comments: Pseudo NCS Install
contact: Customer Support Department
help link: http://www.intel.com
help telephone: 1-555-555-4505
Microsoft Windows Journal Viewer 1.5.2315.3 ({43DCF766-6838-4F9A-8C91-D92DA586DFA7})
version: 17107211
version (major): 1
version (minor): 5
estimated size: 3546
install date: 20050404
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
publisher: Microsoft
comments: A viewer for Windows Journal documents.
contact: Microsoft
Lotus SmartSuite - English 9.8.0 ({536D6172-7453-7569-7465-392E38300409})
version: 151519232
version (major): 9
version (minor): 8
estimated size: 243508
install date: 20050405
install location: C:\lotus\
install source: C:\swd\_tb00912\imgwin\lss90800\en\
uninstall cmd: MsiExec.exe /I{536D6172-7453-7569-7465-392E38300409}
publisher: Lotus Development Corporation
comments: Lotus SmartSuite
contact:
help link: http://www.support.lotus.com
help telephone:
readme: ReadMe.rtf
AFP Workbench for Windows 1.58 ({53A93780-6073-4207-A729-A99A30AFDE40})
version: 20578304
version (major): 1
version (minor): 58
estimated size: 5572
install date: 20050405
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_isD\
uninstall cmd: MsiExec.exe /X{53A93780-6073-4207-A729-A99A30AFDE40}
publisher: IBM - Printing Systems Division
help link: http://www.printers.ibm.com/R5PSC.NSF/Web/support+overview
help telephone: 1-800-237-5511
({6041B9C1-775E-4C6A-AECE-70C39CAED90A})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6041B9C1-775E-4C6A-AECE-70C39CAED90A}\SETUP.EXE"
Lotus Notes 7.0 7.00.5229 ({628789DC-75F8-4302-A268-27EF628E6906})
version: 117445741
version (major): 7
estimated size: 318823
install date: 20060309
install source: C:\swd\_tb02084\imgwin\nwt71144\en\clientonly\
uninstall cmd: MsiExec.exe /I{628789DC-75F8-4302-A268-27EF628E6906}
publisher: IBM
contact: Lotus Support
help link: http://www.ibm.com/software/lotus/support
help telephone: 1-800-553-4270
readme: http://www.lotus.com/ldd/releasenotes
Windows Live Messenger 8.0.0689.00 ({633372EE-FB01-48AC-A986-5CB03E56A53D})
version: 134218417
version (major): 8
estimated size: 29485
install date: 20060515
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{633372EE-FB01-48AC-A986-5CB03E56A53D}
publisher: Microsoft Corporation
2.02.0178.011 ({6A6DC4BA-CF81-468A-B125-D844809C3653})
MSXML 4.0 SP2 Parser and SDK 4.20.9818.0 ({716E0306-8318-4364-8B8F-0CC4E9376BAC})
version: 68429402
version (major): 4
version (minor): 20
estimated size: 1259
install date: 20060222
install source: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LUQYBXMP\
uninstall cmd: MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
publisher: Microsoft Corporation
help link: http://www.msdn.microsoft.com/xml
ThinkVantage Access Connections 4.12 ({7EB114D8-207F-45AE-BABD-1669715F2630})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\setup.exe" -l0x9 anything
IBM Tivoli Storage Manager Client 05.02.0210 ({7F87DF1C-6B8F-49F4-8EEF-7600128D99AE})
version: 84017362
version (major): 5
version (minor): 2
estimated size: 26040
install date: 20050405
install source: C:\swd\_tb02504\imgwin\tsm50220\en\
uninstall cmd: MsiExec.exe /I{7F87DF1C-6B8F-49F4-8EEF-7600128D99AE}
publisher: IBM
comments: Tivoli Storage Manager for Databases - Setup Installation Tool
contact: Customer Support Department
help link: http://www-3.ibm.com/software/sysmgmt/products/support/IBMTivoliStorageManager.html
help telephone: 1-800-848-6548 or 1-800-237-5511
readme: C:\Program Files\Tivoli\TSM\baclient\READ1STC.TXT
ThinkPad UltraNav Wizard 3.04 ({82512BC9-BD5D-4C50-BE4D-B98E7DF78687})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\setup.exe" -l0x9 UNINSTALL
Symantec AntiVirus 9.0.310 ({848AC794-8B81-440A-81AE-6474337DB527})
version: 150995254
version (major): 9
estimated size: 35155
install date: 20050405
install location: C:\Program Files\Symantec AntiVirus\
install source: C:\swd\_tb00948\imgwin\nav9030a\en\
uninstall cmd: MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
publisher: Symantec Corporation
comments: Thank you for using Symantec security products.
contact: Technical Support
help link: http://www.symantec.com/techsupp
help telephone: 1 (800) 721-3934
WLSDownloadPlay 7.6 ({8ACB0763-0AB9-4E48-B023-B05410050648})
version: 117833728
install location: C:\Program Files\IBM\WLSDownloadPlay
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8ACB0763-0AB9-4E48-B023-B05410050648}\setup.exe" -l0x9
Microsoft Office XP Standard 10.0.6626.0 ({90120409-6000-11D3-8CFE-0050048383C9})
version: 167778786
version (major): 10
estimated size: 173365
install date: 20060509
install source: C:\i387\
uninstall cmd: MsiExec.exe /I{90120409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM
IBM Personal Communications 5.7.0200 ({9033C64F-84BE-4619-83FD-64959E624E6B})
version: 84345032
version (major): 5
version (minor): 7
estimated size: 122194
install date: 20050405
install location: C:\Program Files\IBM\Personal Communications\
install source: C:\swd\_tb02536\imgwin\pcm57cs2\en\
uninstall cmd: MsiExec.exe /I{9033C64F-84BE-4619-83FD-64959E624E6B}
publisher: IBM
contact: IBM Support
help link: http://www.ibm.com/software/network/pcomm/support/
help telephone: 800-426-4357
readme: 0
Microsoft Office Visio Viewer 2003 (English) 11.0.3709.5614 ({90520409-6000-11D3-8CFE-0150048383C9})
version: 184553085
version (major): 11
estimated size: 11902
install date: 20060222
install location: C:\Program Files\Microsoft Office\
install source: E:\swd\_tb03388\imgwin\mvv20030\en\
uninstall cmd: MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Visio Viewer\1033\VVREADME.HTM
Microsoft Office Excel Viewer 2003 11.0.6412.0 ({90840409-6000-11D3-8CFE-0150048383C9})
version: 184555788
version (major): 11
estimated size: 21404
install date: 20050802
install location: C:\Program Files\Microsoft Office\
install source: C:\swd\_tb00420\imgwin\mev20030\en\
uninstall cmd: MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
Microsoft Office Word Viewer 2003 11.0.6412.0 ({90850409-6000-11D3-8CFE-0150048383C9})
version: 184555788
version (major): 11
estimated size: 26434
install date: 20050802
install location: C:\Program Files\Microsoft Office\
install source: C:\swd\_tb00216\imgwin\mwv20030\en\
uninstall cmd: MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
Microsoft Office PowerPoint Viewer 2003 11.0.6458.0 ({90AF0409-6000-11D3-8CFE-0150048383C9})
version: 184555834
version (major): 11
estimated size: 4107
install date: 20050802
install location: C:\Program Files\Microsoft Office\
install source: C:\swd\_tb00824\imgwin\mpv20030\en\
uninstall cmd: MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
IBM RecordNow! 7.22 ({9541FED0-327F-4DF0-8B96-EF57EF622F19})
version: 118882304
version (major): 7
version (minor): 22
estimated size: 35627
install date: 20051125
install source: C:\swd\_tb03460\imgwin\rcd70000\en\
uninstall cmd: MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
publisher: IBM Corporation
help link: http://www.ibm.com/support/
IBM Infoprint Select 4.1.0.100 ({AA36483F-5D79-4EFD-ACA7-161EE2474E17})
version: 67174400
install location: C:\Program Files\IBM\Infoprint Select
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA36483F-5D79-4EFD-ACA7-161EE2474E17}\Setup.exe" -l0x9
publisher: IBM Corp., Printing Systems Division
help link: http://www.ibm.com/printers
Adobe Reader 7.0.8 7.0.8 ({AC76BA86-7AD7-1033-7B44-A70000000000})
version: 117440520
version (major): 7
estimated size: 61791
install date: 20060604
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm
IBM Lotus Sametime Connect 7.5 7.5 ({AF82A14D-A239-4018-B0C3-4C132CC61734})
version: 117768192
version (major): 7
version (minor): 5
estimated size: 47444
install date: 20060602
install location: C:\Program Files\IBM\Sametime Connect 7.5\
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_is2\
uninstall cmd: MsiExec.exe /I{AF82A14D-A239-4018-B0C3-4C132CC61734}
publisher: IBM
({B6CB604F-CC59-480B-90FB-C15E80FB81A2})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6CB604F-CC59-480B-90FB-C15E80FB81A2}\Setup.exe"
DivX Web Player 1.0.0 ({B7050CBDB2504B34BC2A9CA0A692CC29})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
publisher: DivX,Inc.
({C75C9B85-4D7B-4E8B-8BDB-60C737610C2D})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C75C9B85-4D7B-4E8B-8BDB-60C737610C2D}\Setup.exe"
ILC 1.2.4 ({CA96F3A1-F350-11D3-B354-002035C150E4})
version: 16908292
install date: 20051125
install location: C:\Program Files\IBM\BMS\ILC
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bye5D.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA96F3A1-F350-11D3-B354-002035C150E4}\setup.exe" -l0x9 -removeonly
publisher: IBM
Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 60751
install date: 20050404
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
Software Installer 3.60.0608 ({D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5})
uninstall cmd: swiif.exe /U
Client Security Solution 6.01.0037.00 ({DC78AACC-D3E4-4D92-95E8-42AFD802B8DB})
version: 100728869
version (major): 6
version (minor): 1
estimated size: 96723
install date: 20060526
install location: C:\Program Files\IBM ThinkVantage\
install source: C:\WINDOWS\Downloaded Installations\{DE9E74C3-AA2E-4DDE-A9DB-BB8211B9624F}\
uninstall cmd: MsiExec.exe /I{DC78AACC-D3E4-4D92-95E8-42AFD802B8DB}
publisher: Lenovo Group Limited
comments: Your installation can include Password Manager and SafeGuard PrivateDisk with Client Security Solution.
To change your installed features, click Change. Then modify the program.
help link: http://www.lenovo.com/think/support
({E01ADB17-4514-401F-ADE2-815946A651D6})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E01ADB17-4514-401F-ADE2-815946A651D6}\Setup.exe"
IBM xSeries Rack Configurator v3 3.9 ({E1B27341-CDB9-4980-88AE-330D1D3011A2})
version: 50921472
install date: 20060322
install location: C:\Program Files\IBM xSeries Rack Configurator v3
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bye20.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1B27341-CDB9-4980-88AE-330D1D3011A2}\setup.exe" -l0x9 -uninst -removeonly
publisher: IBM
IBM Integrated Bluetooth II Software 1.4.3.4 ({E98D6792-FC51-4187-9448-CA9BF893384E})
version: 17039363
version (major): 1
version (minor): 4
estimated size: 17286
install date: 20051124
install source: C:\wxpdrive\repos\bthwxp1o\
uninstall cmd: MsiExec.exe /X{E98D6792-FC51-4187-9448-CA9BF893384E}
publisher: IBM, Inc.
help link: www.ibm.com/pc/support
help telephone: 800-772-2227
readme: 0
TrackPoint Accessibility Features 1.11.0.0 ({EA664480-3844-11D5-8C25-444553540000})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\setup.exe"
Access IBM 4.52 ({EC6AF20D-4376-4070-BEE4-D3A0DFF7E140})
version: 67436544
version (major): 4
version (minor): 5
estimated size: 16807
install date: 20051124
install source: C:\WINDOWS\Downloaded Installations\{EB5B1A9D-E61C-4E61-938B-17C7440FC301}\
uninstall cmd: MsiExec.exe /X{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}
publisher: IBM Corporation
help link: http://www.ibm.com/support
help telephone: 1-800-426-4968
SoundMAX 5.12.01.5410 ({F0A37341-D692-11D4-A984-009027EC0A9C})
version: 50331648
install date: 20060429
install location: C:\Program Files\Analog Devices\SoundMAX
install source: C:\DRIVERS\1GA241WW\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
publisher: Analog Devices
Windows Live Sign-in Assistant 4.000.246.1 ({F652D238-5F29-42D5-BAF3-0115EF977EC2})
version: 67109110
version (major): 4
estimated size: 1112
install date: 20060515
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
uninstall cmd: MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
publisher: Microsoft Corporation
IBM ThinkPad Configuration 1.40b ({FC081D4D-DF1B-4CF1-B530-027E4118D846})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\setup.exe" -l0x9 -AddRemove
HighMAT Extension to Microsoft Windows XP CD Writing Wizard 1.1.1905.1 ({FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F})
version: 16844657
version (major): 1
version (minor): 1
estimated size: 2182
install date: 20050404
install location: C:\Program Files\HighMAT CD Writing Wizard\
install source: C:\WINDOWS\Downloaded Installations\{095E5CF6-639B-4273-836C-C0E47269EC61}\
uninstall cmd: MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
publisher: Microsoft Corporation
readme: C:\Program Files\HighMAT CD Writing Wizard\1033\\HighMAT_readme.htm
User Profile Hive Cleanup Service 1.6.30 ({FF77941A-2BFA-4A18-BE2E-69B9498E4D55})
version: 17170462
version (major): 1
version (minor): 6
estimated size: 248
install date: 20060605
install source: C:\Documents and Settings\Administrator\Desktop\
uninstall cmd: MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
publisher: Microsoft Corporation
comments: Installer for User Profile Hive Cleanup Service
contact: Robin Caron
help link: http://support.microsoft.com/kb/837115
Logfile of HijackThis v1.99.1
Scan saved at 9:34:05 AM, on 6/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\IBM Ayudame\ayudame.exe
C:\Program Files\IBM Ayudame\ayudame.exe
C:\Program Files\C4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\notes\ntmulti.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\WRTService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\Program Files\C4ebreg\isamtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\CheckPoint\Integrity Client\iclient.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\WINDOWS\system32\TpScrLk.exe
C:\WINDOWS\system32\c44eb0cc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.au.ibm.com/my1.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = w3-501.ibm.com;w3-113.ibm.com;w3-602.ibm.com;w3-603.ibm.com;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\C4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CheckPoint\Integrity Client\iclient.exe"
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [pdfFactory Dispatcher v1] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe" /source=HKLM
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -a
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [c44eb0cc.exe] C:\WINDOWS\system32\c44eb0cc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [c44eb0cc.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\c44eb0cc.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {11865A2A-649F-4FA1-8B99-B97DF8070B7C} (IWSystemchecks Control) - http://ivc.interwise.com/ibmsg/English/ActiveX/IWsystemchecks.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {253A9D23-F982-11D4-8BE4-00D0B7E61414} (SiebelHTMLApplication Class) - https://w3-602.ibm.com/transform/crm/asia_pacific/my/callcenter/16199/applets/siebelhtml.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7A162288-DE78-473C-A6BA-23FF17F768E9} (AxWebInstaller Control) - http://ivc.interwise.com/ibmsg/application/EventEntry/AxWebInstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8F4F3368-54CA-4268-8225-0F4367472CF4} (MailClient Class) - https://w3-602.ibm.com/transform/crm/asia_pacific/my/callcenter/16199/applets/SiebExtMailClient.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E9077188-6DCA-42A2-8FA3-BE7BED5A95B2} (Siebel Option Pack for IE 7.5.3) - https://w3-602.ibm.com/transform/crm/asia_pacific/my/callcenter/16199/applets/SiebelOptionPack.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = my.ibm.com
O17 - HKLM\Software\..\Telephony: DomainName = my.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{15FB3143-7387-4578-9EE8-5F463B8ADFF7}: Domain = my.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2139E8B7-1719-46FF-80A5-073C3F051BF5}: Domain = my.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{44B0CB7D-218F-46BC-A474-EF4A0F14F24B}: Domain = my.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6519596C-F63A-49F1-88FC-3D2A6152AF22}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = my.ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = IBMMY,au.ibm.com,ibm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = my.ibm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = IBMMY,au.ibm.com,ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = IBMMY,au.ibm.com,ibm.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: winvrw32 - C:\WINDOWS\SYSTEM32\winvrw32.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM Ayudame (IBMFORTH) - Unknown owner - C:\Program Files\IBM Ayudame\ayudame.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Global Services - C:\Program Files\C4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WRT Service (WRTService) - Unknown owner - C:\WINDOWS\WRTService.exe
LonnyRJones
2006-06-12, 18:33
Welcome to the forum
In addremove programs uninstall
Yazzle by OIN
Start Hijackthis and place a check next to these items If there.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O4 - HKLM\..\Run: [c44eb0cc.exe] C:\WINDOWS\system32\c44eb0cc.exe
O4 - HKCU\..\Run: [c44eb0cc.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\c44eb0cc.exe
Since these show as missing fix them >
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Go here and submit this file and let us know whats found
C:\WINDOWS\SYSTEM32\winvrw32.dll
http://www.virustotal.com/flash/index_en.html
Post another new hijackthis log
hi,
thanks for your prompt reply, have followed your instructions, however was not able to locate the file "C:\WINDOWS\SYSTEM32\winvrw32.dll" to upload for
testing, could be that ewido had removed it.
Logfile of HijackThis v1.99.1
Scan saved at 11:16:52 PM, on 6/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\IBM Ayudame\ayudame.exe
C:\Program Files\IBM Ayudame\ayudame.exe
C:\Program Files\C4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\notes\ntmulti.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\WRTService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\Program Files\C4ebreg\isamtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\Program Files\CheckPoint\Integrity Client\iclient.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\WINDOWS\system32\TpScrLk.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.au.ibm.com/my1.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = w3-501.ibm.com;w3-113.ibm.com;w3-602.ibm.com;w3-603.ibm.com;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\C4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CheckPoint\Integrity Client\iclient.exe"
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [pdfFactory Dispatcher v1] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe" /source=HKLM
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -a
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Lotus QuickStart.lnk = ?
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {11865A2A-649F-4FA1-8B99-B97DF8070B7C} (IWSystemchecks Control) - http://ivc.interwise.com/ibmsg/English/ActiveX/IWsystemchecks.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7A162288-DE78-473C-A6BA-23FF17F768E9} (AxWebInstaller Control) - http://ivc.interwise.com/ibmsg/application/EventEntry/AxWebInstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = my.ibm.com
O17 - HKLM\Software\..\Telephony: DomainName = my.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{15FB3143-7387-4578-9EE8-5F463B8ADFF7}: Domain = my.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{15FB3143-7387-4578-9EE8-5F463B8ADFF7}: NameServer = 202.188.0.133,202.188.1.5,203.120.90.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{2139E8B7-1719-46FF-80A5-073C3F051BF5}: Domain = my.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{44B0CB7D-218F-46BC-A474-EF4A0F14F24B}: Domain = my.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6519596C-F63A-49F1-88FC-3D2A6152AF22}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = my.ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = IBMMY,au.ibm.com,ibm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = my.ibm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = IBMMY,au.ibm.com,ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = IBMMY,au.ibm.com,ibm.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: winvrw32 - winvrw32.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM Ayudame (IBMFORTH) - Unknown owner - C:\Program Files\IBM Ayudame\ayudame.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Global Services - C:\Program Files\C4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WRT Service (WRTService) - Unknown owner - C:\WINDOWS\WRTService.exe
LonnyRJones
2006-06-13, 20:30
Fix this item with hijackthis
O20 - Winlogon Notify: winvrw32 - winvrw32.dll (file missing)
============
Keep an eye out for problems over the next few days, keep us informed
In the meantime:
Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month
To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279
thank you once again for your prompt reply.
really appreciate all the time and assistance provided.
have made the fixes using hijackthis as advised.
will continue to monitor situation and will provide an update then.
thanks again
jason
LonnyRJones
2006-06-20, 06:58
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let Me or Tashi know.