View Full Version : Zlob.download/sysnet hijack
emericanized
2006-07-14, 18:57
Hey there,
i read through the other threads but just in case the instructions were customized for those members i thought i should post again.. Ive got the Zlob.Downloader in S&D and the browser home page goes to http://www.sysnetsecurity.com/.... I had that annoying little notification in the tray, the question mark that kept popping up every 30 seconds, but after a windows update that dissapeared. The other two problems still exist.
Heres my log! Any advice would be appreciated! :)
Logfile of HijackThis v1.99.1
Scan saved at 1:48:50 PM, on 14/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: fairydom - {5839511e-ec1b-4f91-ace3-fb88e52f5239} - C:\WINDOWS\system32\jevtxpg.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
thanks!
emericanized
pskelley
2006-07-16, 01:02
Hello and welcome to the forum:) follow the directions in this link:
http://forums.spybot.info/showthread.php?t=4015 then post those three logs at the end in this same topic. I will be notified and check to see if there is more to do as soon as possible after you post.
Thanks...pskelley
Safer Networking Forums
emericanized
2006-07-17, 17:03
Logfile of HijackThis v1.99.1
Scan saved at 11:59:35 AM, on 17/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
emericanized
2006-07-17, 17:04
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:21:52 AM 17/07/2006
+ Scan result:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
::Report end
emericanized
2006-07-17, 17:08
--- Search result list ---
WildTangent: Global settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\WildTangent
WildTangent: Program directory (Directory, fixed)
C:\WINDOWS\wt\wtupdates\
WildTangent: Program directory (Directory, fixed)
C:\WINDOWS\wt\updater\
WildTangent: Program directory (Directory, fixed)
C:\WINDOWS\wt\webdriver\
WildTangent: Program directory (Directory, fixing failed)
C:\Program Files\WildTangent\
WildTangent: Program directory (Directory, fixed)
C:\WINDOWS\wt\
WildTangent: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{1FAD572E-1A3D-44D9-9C23-A87F922DA8C0}
WildTangent: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{7946205B-FEF7-494F-A64B-3E992A780866}
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-05-17 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-07-07 Includes\Cookies.sbi (*)
2006-07-07 Includes\Dialer.sbi (*)
2006-07-07 Includes\Hijackers.sbi (*)
2006-07-07 Includes\Keyloggers.sbi (*)
2006-07-07 Includes\Malware.sbi (*)
2006-07-07 Includes\PUPS.sbi (*)
2006-07-07 Includes\Revision.sbi (*)
2006-07-07 Includes\Security.sbi (*)
2006-07-07 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-07-07 Includes\Trojans.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB887998)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Update for Windows Media Player 10 (KB913800)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB883667
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Microsoft .NET Framework 1.0 Hotfix (KB887998)
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Hotfix for Windows XP (KB888795)
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Hotfix for Windows XP (KB891593)
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Windows XP Hotfix - KB892050
/ Windows XP / SP3: Windows XP Hotfix - KB893066
/ Windows XP / SP3: Hotfix for Windows XP (KB893357)
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Hotfix for Windows XP (KB899337)
/ Windows XP / SP3: Hotfix for Windows XP (KB899510)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Hotfix for Windows XP (KB902841)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Hotfix for Windows XP (KB906569)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
--- Startup entries list ---
Located: HK_LM:Run, !ewido
command: "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
file: C:\Program Files\ewido anti-spyware 4.0\ewido.exe
size: 6283264
MD5: 10c40f37ac87a18f624143d4fe6e8dec
Located: HK_LM:Run, {0228e555-4f9c-4e35-a3ec-b109a192b4c2}
command: C:\Program Files\Google\Gmail Notifier\gnotify.exe
file: C:\Program Files\Google\Gmail Notifier\gnotify.exe
size: 479232
MD5: 3df7ac30a381c57d0c70eaefee3c4ef2
Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 357888
MD5: 679093afd939b3c1b88110ebf859984d
Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61a3a9d5d98bf0331df5b716144a8100
Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09ca174a605b480318731e691dc98539
Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: HK_CU:Run, MsnMsgr
command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
size: 7094272
MD5: b83e12b5341c5dcecc5c217a824ffeb1
Located: Startup (disabled), Adobe Gamma Loader (DISABLED)
command: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
file: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a
Located: Startup (disabled), HP Digital Imaging Monitor (DISABLED)
command: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
file: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
size: 282624
MD5: 5597d0075861cb0a6e6087752d205c0d
Located: System.ini, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 14/12/2004 6:56:50 AM
Date (last access): 17/07/2006 10:40:30 AM
Date (last write): 14/12/2004 6:56:50 AM
Filesize: 63136
Attributes: archive
MD5: 42729C3DE75A7A51FC6F9EF6546C9199
CRC32: 4D60BD07
Version: 7.0.0.1333
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 17/05/2006 8:26:54 AM
Date (last access): 17/07/2006 11:46:48 AM
Date (last write): 31/05/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 02/03/2006 1:53:00 PM
Date (last access): 17/07/2006 10:40:30 AM
Date (last write): 10/11/2005 1:22:12 PM
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar2.dll
Short name: GOOGLE~2.DLL
Date (created): 16/05/2006 8:57:36 PM
Date (last access): 17/07/2006 10:40:30 AM
Date (last write): 14/02/2006 8:05:30 PM
Filesize: 1191424
Attributes: readonly archive
MD5: 677C42CD9FE9C13B4B7B601A2E4065B0
CRC32: 58231F90
Version: 3.0.131.0
emericanized
2006-07-17, 17:09
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} (HpWebHelper)
BHO name: HpWebHelper
CLSID name: hpWebHelper Class
Path: C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\
Long name: WebHelper.dll
Short name: WEBHEL~1.DLL
Date (created): 22/02/2006 12:21:54 PM
Date (last access): 17/07/2006 10:40:30 AM
Date (last write): 22/02/2006 12:21:54 PM
Filesize: 217088
Attributes: archive
MD5: A0EF773AA00AFAF320E7404304EC5220
CRC32: 210919B9
Version: 1.0.0.1
--- ActiveX list ---
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer: C:\WINDOWS\Downloaded Program Files\QTPlugin.inf
Codebase: http://www.apple.com/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime Alternative\QTSystem\
Long name: QTPlugin.ocx
Short name:
Date (created): 04/06/2006 10:14:46 PM
Date (last access): 16/07/2006 8:11:08 AM
Date (last write): 12/05/2006 10:22:50 PM
Filesize: 557056
Attributes: archive
MD5: 2DA25D5262D714BFA420D6DE849E67A1
CRC32: 0098926B
Version: 7.1.0.210
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 21/05/2006 4:22:00 AM
Date (last access): 16/07/2006 6:25:12 PM
Date (last write): 08/02/2006 12:52:02 PM
Filesize: 54976
Attributes: archive
MD5: 40D5ED5BA7CF8F2FA59A18D3BFAB34DD
CRC32: 1CA89E71
Version: 10.1.1.16
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\MSNPupld.inf
Codebase: http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
description:
classification: Legitimate
known filename: MsnPUpld.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 08/10/2004 4:01:22 PM
Date (last access): 17/07/2006 11:23:36 AM
Date (last write): 08/10/2004 4:01:22 PM
Filesize: 372736
Attributes: archive
MD5: D2ED523BB0FE94F8F492BEFE1C336040
CRC32: C4677625
Version: 10.0.910.0
{85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class)
DPF name:
CLSID name: SecureLogin class
Installer:
Codebase: http://secure2.comned.com/signuptemplates/securelogin-devel.cab
description:
classification: Open for discussion
known filename: securelogin.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: securelogin.ocx
Short name: SECURE~1.OCX
Date (created): 16/11/2004 9:44:22 PM
Date (last access): 16/07/2006 8:15:52 AM
Date (last write): 16/11/2004 9:44:22 PM
Filesize: 22088
Attributes: archive
MD5: 464558B35F280D82EADF7F80A4FC3499
CRC32: A104BD24
Version: 0.0.6.0
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 02/03/2006 1:52:58 PM
Date (last access): 16/07/2006 8:08:44 AM
Date (last write): 10/11/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_05
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_05\bin\
Long name: NPJPI150_05.dll
Short name: NPJPI1~1.DLL
Date (created): 26/08/2005 11:14:48 PM
Date (last access): 16/07/2006 8:08:24 AM
Date (last write): 26/08/2005 11:33:54 PM
Filesize: 69746
Attributes: archive
MD5: 52A85771BE18C9C00732F475A2C192AE
CRC32: 525AE3AD
Version: 5.0.50.5
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 02/03/2006 1:52:58 PM
Date (last access): 17/07/2006 11:47:46 AM
Date (last write): 10/11/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 02/03/2006 1:52:58 PM
Date (last access): 17/07/2006 11:47:46 AM
Date (last write): 10/11/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8b.ocx
Short name:
Date (created): 31/03/2006 11:45:12 AM
Date (last access): 17/07/2006 1:16:26 AM
Date (last write): 31/03/2006 11:45:12 AM
Filesize: 1443464
Attributes: readonly archive
MD5: 12719EDDAAB9CAEEF28C6E58192F594B
CRC32: 680E085C
Version: 8.0.24.0
--- Process list ---
PID: 0 ( 0) [System]
PID: 152 ( 4) \SystemRoot\System32\smss.exe
PID: 216 ( 152) \??\C:\WINDOWS\system32\csrss.exe
PID: 240 ( 152) \??\C:\WINDOWS\system32\winlogon.exe
PID: 284 ( 240) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 296 ( 240) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 452 ( 284) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 516 ( 284) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 572 ( 284) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 840 ( 812) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1168 ( 840) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 17/07/2006 11:47:47 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6CC9D5B1-3B38-4E85-A7D9-FA8BD114339C}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6CC9D5B1-3B38-4E85-A7D9-FA8BD114339C}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{68643F99-EA0A-4C7F-A2BC-015D4FAB84C6}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{68643F99-EA0A-4C7F-A2BC-015D4FAB84C6}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{868451BA-34F8-48B6-AF2A-F2C2B562E0BF}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{868451BA-34F8-48B6-AF2A-F2C2B562E0BF}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{892900FC-9814-4488-99C0-81491C1EE93D}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{892900FC-9814-4488-99C0-81491C1EE93D}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D589907-2D53-4DBA-8511-D302D05BE3EB}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D589907-2D53-4DBA-8511-D302D05BE3EB}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FECA2202-8AB9-4832-997F-0DA2317240A6}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FECA2202-8AB9-4832-997F-0DA2317240A6}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
--- Uninstall list ---
GemMaster Mystic (12133444-BF36-4d4e-B7FB-A3424C645DE4)
uninstall cmd: "C:\Program Files\GemMaster\uninstallgemmaster.exe"
FATE from HP Media Center (remove only) (3320769C-062B-4670-BD6B-AA4B3D0E9903)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\3320769C-062B-4670-BD6B-AA4B3D0E9903
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\3320769C-062B-4670-BD6B-AA4B3D0E9903\Uninstall.exe"
publisher: WildTangent
emericanized
2006-07-17, 17:09
Mah Jong Quest from HP Media Center (remove only) (538B9061-0C77-4FB2-903F-EC42A1FF5DD8)
install location: C:\Program Files\WildTangent\Apps\GameChannel\Games\538B9061-0C77-4FB2-903F-EC42A1FF5DD8
uninstall cmd: "C:\Program Files\WildTangent\Apps\GameChannel\Games\538B9061-0C77-4FB2-903F-EC42A1FF5DD8\Uninstall.exe"
publisher: WildTangent
ABC (remove only) (ABC)
uninstall cmd: C:\Program Files\ABC\Uninstall.exe
(AddressBook)
Agere Systems PCI-SV92PP Soft Modem (Agere Systems Soft Modem)
uninstall cmd: agrsmdel
AOL Instant Messenger (AOL Instant Messenger)
uninstall cmd: C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
ATI Display Driver 8.17-050813a1-029703C-HP (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
(AudioPlugin.dll)
uninstall cmd: c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
AVG Free Edition (AVG7Uninstall)
uninstall cmd: C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
Microsoft Away Mode 6.0.0160.0 (AwayMode160)
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=902437
Otto (B3EE3001-DC24-4cd1-8743-5692C716659F)
uninstall cmd: "C:\Program Files\EnglishOtto\uninstallotto.exe"
(Connection Manager)
(CopyNow.dll)
uninstall cmd: c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
(DataPlugin.dll)
uninstall cmd: c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
(DirectAnimation)
(DirectDrawEx)
DISCover 3.23 (DISCover)
uninstall cmd: "C:\Program Files\DISC\uninstall.exe"
(DXM_Runtime)
(EAFunctions.dll)
uninstall cmd: c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
Europa 1400 - The Guild (Europa 1400 - The Guild)
uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\JoWooD\Europa 1400 - The Guild\uninstal.log
Evil Genius (Evil Genius_is1)
install location: C:\Program Files\VUGames\Evil Genius\
uninstall cmd: "C:\Program Files\VUGames\Evil Genius\unins000.exe"
publisher: Elixir Studios Ltd
help link: http://www.vugames-europe.com
ewido anti-spyware 4.0 (ewidoantispyware4)
install location: C:\Program Files\ewido anti-spyware 4.0
uninstall cmd: C:\Program Files\ewido anti-spyware 4.0\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net
(Fontcore)
Guild Wars (Guild Wars)
uninstall cmd: "C:\Program Files\Guild Wars\Gw.exe" -uninstall
HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Program Files\Hijackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.
Hijackthis 1.99.1 (Hijackthis_is1)
install location: C:\Program Files\Hijackthis\
uninstall cmd: "C:\Program Files\Hijackthis\unins000.exe"
publisher: Soeperman Enterprises Ltd
help link: http://www.merijn.org
HP Document Viewer 5.3 5.3 (HP Document Viewer)
uninstall cmd: C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
publisher: HP
help link: http://www.hp.com/support
HP Game Console and games (HP Game Console)
install location: C:\Program Files\WildTangent\Apps\HP Game Console
uninstall cmd: C:\Program Files\WildTangent\Apps\hpuninstall.exe
publisher: WildTangent
HP Imaging Device Functions 6.0 6.0 (HP Imaging Device Functions)
uninstall cmd: C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
publisher: HP
help link: http://www.hp.com/support
HP Photosmart Premier Software 6.0 6.0 (HP Photo & Imaging)
uninstall cmd: C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
publisher: HP
help link: http://www.hp.com/support
HP Photosmart for Media Center PC (HP Photosmart for Media Center PC)
uninstall cmd: c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Rhapsody (HP Rhapsody)
uninstall cmd: C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Solution Center & Imaging Support Tools 5.3 5.3 (HP Solution Center & Imaging Support Tools)
uninstall cmd: C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
publisher: HP
help link: http://www.hp.com/support
(ICW)
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
(InstallShield Uninstall Information)
Customer Experience Enhancement Customer Experience Enhancement -1.0.0.1680 (InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79})
version: 16777216
version (major): 1
estimated size: 336
install date: 20060222
install source: C:\hp\tmp\src\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
publisher: Hewlett-Packard
Easy Internet Sign-up FE UI-4.1.0.1680 (InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D})
version: 50331648
version (major): 3
estimated size: 14004
install date: 20060222
install source: C:\hp\tmp\src\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
publisher: Hewlett-Packard
Vampire - The Masquerade Bloodlines 1.00.0000 (InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56})
version: 16777216
version (major): 1
estimated size: 2912288
install date: 20060611
install location: C:\Program Files\Activision\Vampire - Bloodlines\
install source: F:\
publisher: Activision
help link: http://activision.custhelp.com
(InstallShield_{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38})
Remove IntelliMover Demo (IntelliMover Data Transfer Demo)
install location: C:\Program Files\IntelliMoverDemo
uninstall cmd: c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c "C:\Program Files\IntelliMoverDemo\clean.bat"
Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339
Windows XP Hotfix - KB883667 20040812.104354 (KB883667)
uninstall cmd: C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883667
(KB884016)
Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250
Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835
Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836
Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185
Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472
Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742
Microsoft .NET Framework 1.0 Hotfix (KB887998) (KB887998)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
High Definition Audio Driver Package - KB888111 20040219.000000 (KB888111WXPSP2)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB888111
Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113
Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302
Hotfix for Windows XP (KB888795) 3 (KB888795)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888795
Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046
Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175
Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859
Hotfix for Windows XP (KB891593) 2 (KB891593)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891593
Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781
Windows XP Hotfix - KB892050 3 (KB892050)
install date: 20060222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB892050$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892050
Windows XP Hotfix - KB893066 1 (KB893066)
install date: 20060222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066
Hotfix for Windows XP (KB893357) 2 (KB893357)
install date: 20060222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893357
Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756
3.1 (KB893803)
help link: http://go.microsoft.com/fwlink/?LinkId=42467
emericanized
2006-07-17, 17:11
Windows Installer 3.1 (KB893803) (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467
Hotfix for Windows XP (KB895961) 1 (KB895961)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=895961
Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20060222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358
Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20060222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422
Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423
Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20060222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424
Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428
Security Update for Step By Step Interactive Training (KB898458) 20050502.101010 (KB898458)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/898458
Update for Windows XP (KB898461) 1 (KB898461)
install date: 20060516
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461
Hotfix for Windows XP (KB899337) 5 (KB899337)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899337
Hotfix for Windows XP (KB899510) 1 (KB899510)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899510
Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587
Security Update for Windows XP (KB899589) 1 (KB899589)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899589
Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591
Update Rollup 2 for Windows XP Media Center Edition 2005 (KB900325)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900325
Update for Windows XP (KB900485) 2 (KB900485)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485
Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725
Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017
Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20060222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214
Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20060222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400
Hotfix for Windows XP (KB902841) 1 (KB902841)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902841
Hotfix for Windows Media Player 10 (KB903157) (KB903157)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903157
Security Update for Windows XP (KB904706) 2 (KB904706)
install date: 20060222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706
Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414
Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749
Security Update for Windows XP (KB905915) 1 (KB905915)
install date: 20060222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915
Hotfix for Windows XP (KB906569) 2 (KB906569)
install date: 20060222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=906569
Windows XP Media Center Edition 2005 KB908250 (KB908250)
install date: 20060222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908250
Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519
Update for Windows XP (KB908531) 2 (KB908531)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531
Hotfix for Windows Media Player 10 (KB910393) (KB910393)
install date: 20060222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=910393
Update for Windows XP (KB910437) 1 (KB910437)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437
Security Update for Windows XP (KB911280) 1 (KB911280)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280
Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562
Security Update for Windows Media Player 10 (KB911565) (KB911565)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911565
Security Update for Windows XP (KB911567) 1 (KB911567)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567
Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927
Security Update for Windows XP (KB912812) 1 (KB912812)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912812
Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060222
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919
Security Update for Windows XP (KB913446) 1 (KB913446)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913446
Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580
Update for Windows Media Player 10 (KB913800) (KB913800)
install date: 20060517
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=913800
Security Update for Windows XP (KB914388) 1 (KB914388)
install date: 20060713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914388
Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389
Security Update for Windows XP (KB916281) 1 (KB916281)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916281
Update for Windows XP (KB916595) 1 (KB916595)
install date: 20060713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916595
Security Update for Windows XP (KB917159) 1 (KB917159)
install date: 20060713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917159
Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344
Security Update for Windows Media Player 10 (KB917734) (KB917734_WMP10)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734
Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953
Security Update for Windows XP (KB918439) 1 (KB918439)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439
Enhanced Multimedia Keyboard Solution (KBD)
uninstall cmd: C:\HP\KBD\Install.exe /u
(KBKB895961)
Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Macromedia Shockwave Player 10.1.0.11 (Macromedia Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Macromedia, Inc.
help link: http://www.macromedia.com/support/shockwave
Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
(Microsoft Interactive Training)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
(MobileOptionPack)
Microsoft Money 2006 15 (Money2006b)
estimated size: 105603072
install location: C:\Program Files\Microsoft Money 2006
uninstall cmd: "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
publisher: Microsoft
comments: The installation database contains the logic and data required to install Money 2006.
contact: Microsoft Corporation
help link: http://support.microsoft.com
help telephone: (800) 936-5700
readme: C:\Program Files\Microsoft Money 2006\readme.txt
(MPlayer2)
(MSI30-Beta1)
(MSI30-Beta2)
(MSI30-KB884016)
(MSI30-RC1)
(MSI30-RC2)
(MSI30a-KB884016)
(MSI31-Beta)
(MSI31-RC1)
(NetMeeting)
Netscape Browser (remove only) (Netscape Browser)
uninstall cmd: "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
(OutlookExpress)
PC-Doctor 5 for Windows 5.00.3311.03 (PC-Doctor 5 for Windows)
install location: C:\Program Files\PC-Doctor 5 for Windows\
uninstall cmd: C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
publisher: PC-Doctor, Inc.
comments: Personal Computer Diagnostics Software
contact: Customer Support Depertment
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
PS2 (PS2)
uninstall cmd: C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2.3 2.2.3 (Python 2.2.3)
uninstall cmd: C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
publisher: PythonLabs at Zope Corporation
help link: http://www.python.org/
Python 2.2 pywin32 extensions (build 203) (pywin32-py2.2)
uninstall cmd: "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
QuickTime Alternative 1.70 1.70 (QuicktimeAlt_is1)
install location: C:\Program Files\QuickTime Alternative\
uninstall cmd: "C:\Program Files\QuickTime Alternative\unins000.exe"
(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
(SchedulingAgent)
(Shockwave)
Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/
Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
Starcraft (Starcraft)
uninstall cmd: C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
The Odyssey Online Classic 5.3 5.3 (The Odyssey Online Classic)
uninstall cmd: C:\Program Files\The Odyssey Online Classic\uninst.exe
publisher: James Chambers
Windows Genuine Advantage Notifications (KB905474) 1.5.0540.0 (WgaNotify)
install date: 20060629
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905474
Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe
Google Gmail Notifier ({0228e555-4f9c-4e35-a3ec-b109a192b4c2})
uninstall cmd: "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
publisher: Google Inc.
help link: http://mail.google.com/support
Sonic RecordNow Data 2.0.4 ({075473F5-846A-448B-BCB3-104AA1760205})
version: 33554436
version (major): 2
estimated size: 14289
install date: 20060222
install source: c:\hp\tmp\src\SC_DATA_204\
uninstall cmd: MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
publisher: Sonic Solutions
help link: http://support.sonic.com/
AiO_Scan 50.0.206.000 ({0B33B738-AD79-4E32-90C5-E67BFB10BBFF})
version: 838861006
version (major): 50
estimated size: 197
install date: 20060222
install source: c:\hp\tmp\src\CDB\setup\AiO_Scan\
publisher: Hewlett-Packard
ATI Control Panel 6.14.10.5166 ({0BEDBD4E-2D34-47B5-9973-57E62B29307C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
Vidira ClearerZoom 1.00.0000 ({1053BE1D-F0DD-405D-90D5-D309D3FA9A3A})
version: 16777216
version (major): 1
estimated size: 1020
install date: 20060703
install location: C:\Program Files\Vidira\ClearerZoom\
install source: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\96KIVT1G\
uninstall cmd: MsiExec.exe /X{1053BE1D-F0DD-405D-90D5-D309D3FA9A3A}
publisher: Vidira, Inc.
Stronghold 2 1.30.100 ({16D2C649-CBA8-44EE-B730-12584667D487})
version: 18743396
install date: 20060610
install location: C:\Program Files\Firefly Studios\Stronghold 2
install source: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\bye88A.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D2C649-CBA8-44EE-B730-12584667D487}\setup.exe" -l0x9 -removeonly
publisher: Firefly Studios
DocumentViewer 53.0.13.000 ({172975EB-9465-4861-95B5-C7BB6D3DE62A})
version: 889192461
version (major): 53
estimated size: 27710
install date: 20060222
install source: c:\hp\tmp\src\CDA\setup\DocumentViewer\
publisher: Hewlett-Packard
emericanized
2006-07-17, 17:13
CP_CalendarTemplates1 60.0.155.000 ({1CB34CE9-0E6B-493F-BB66-3425E5DF76E5})
version: 1006633115
version (major): 60
estimated size: 2333
install date: 20060222
install source: c:\hp\tmp\src\setup\CP_CalendarTemplates1\
publisher: Hewlett-Packard
Sonic MyDVD Plus 6.2.0 ({21657574-BD54-48A2-9450-EB03B2C7FC29})
version: 100794368
version (major): 6
version (minor): 2
estimated size: 119622
install date: 20060222
install source: c:\hp\tmp\src\
uninstall cmd: MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
publisher: Sonic Solutions
help link: http://support.sonic.com/
Customer Experience Enhancement Customer Experience Enhancement -1.0.0.1680 ({23012310-3E05-46A5-88A9-C6CBCABCAC79})
version: 16777216
version (major): 1
estimated size: 336
install date: 20060222
install source: C:\hp\tmp\src\
publisher: Hewlett-Packard
Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
CP_Package_Variety2 60.0.155.000 ({23B35809-5E4A-4F14-8332-1CDEDDFAC089})
version: 1006633115
version (major): 60
estimated size: 8609
install date: 20060222
install source: c:\hp\tmp\src\setup\CP_Package_Variety2\
publisher: Hewlett-Packard
Destinations 60.0.155.000 ({24BEBF2E-73F3-4599-840B-EDC612CCDD0D})
version: 1006633115
version (major): 60
estimated size: 16895
install date: 20060222
install source: c:\hp\tmp\src\setup\Destinations\
publisher: Hewlett-Packard
Quicken 2006 15.1.1.29 ({2818095F-FB6C-42C8-827E-0A406CC9AFF5})
version: 251723777
version (major): 15
version (minor): 1
estimated size: 74045
install date: 20060222
install source: E:\disk1\
uninstall cmd: MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
publisher: Intuit
comments: All URL's valid as of July 2006
contact: Customer Support Department
help link: http://www.intuit.com/support/quicken
help telephone: 1-900-555-4932
readme: C:\Program Files\Quicken\Readme.wri
SkinsHP1 60.0.155.000 ({2A548002-9042-4083-A270-B67473DE1073})
version: 1006633115
version (major): 60
estimated size: 5
install date: 20060222
install source: c:\hp\tmp\src\setup\SkinsHP1\
publisher: Hewlett-Packard
The Battle for Middle-earth (tm) II ({2A9F95AB-65A3-432c-8631-B8BC5BF7477A})
uninstall cmd: C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\EAUninstall.exe
HP Deskjet Printer Preload 10.1.0 ({2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0})
version: 167837696
version (major): 10
version (minor): 1
estimated size: 24878
install date: 20060222
install location: c:\hp\drivers\printers\deskjet\
install source: c:\hp\drivers\printers\deskjet\
uninstall cmd: MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
publisher: Hewlett-Packard Company
comments: Removing this preload will not affect installed Deskjet printers. Reinstallation will require the CD that accompanies the printer.
contact: Customer Support Department
help link: http://www.hp.com
help telephone:
Sonic Update Manager 3.0.0 ({30465B6C-B53F-49A1-9EBA-A3F187AD502E})
version: 50331648
version (major): 3
estimated size: 2444
install date: 20060222
install source: c:\hp\tmp\src\UPDATEMANAGER_MSI\
uninstall cmd: MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
publisher: Sonic Solutions
TrayApp 53.0.13.000 ({30C19FF2-7FBA-4d09-B9DE-1659977F64F6})
version: 889192461
version (major): 53
estimated size: 698
install date: 20060222
install source: c:\hp\tmp\src\CDA\setup\TrayApp\
publisher: Hewlett-Packard
J2SE Runtime Environment 5.0 Update 5 1.5.0.50 ({3248F0A8-6813-11D6-A77B-00B0D0150050})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 155209
install date: 20060222
install source: C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_05\README.txt
J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 122273
install date: 20060516
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_06plus-b05/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_06\README.txt
HP Photosmart 330,380,420,470,7800,8000,8200 Series 8.1 ({33D6CC28-9F75-4d1b-A11D-98895B3A3729})
uninstall cmd: C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
publisher: HP
help link: http://www.hp.com/support
Unload 6.0.0 ({34F3FCF1-817B-4D61-B6AF-19D9486AFEA0})
version: 100663296
version (major): 6
estimated size: 8701
install date: 20060222
install source: c:\hp\tmp\src\setup\UnloadIntent\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0
WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20050830
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows
muvee autoProducer unPlugged 1.2 1.20.100 ({35DD9A1D-B340-4F41-A8B0-6EEBFB119280})
version: 18088036
install location: C:\Program Files\muvee Technologies\muvee autoProducer unPlugged 1.2 - HPD
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35DD9A1D-B340-4F41-A8B0-6EEBFB119280}\setup.exe" -l0x9
publisher: muvee Technologies
help link: http://store.muvee.com/?f=support&k=&w=01030408&l=1033
OptionalContentQFolder 1.00.0000 ({36D620AD-EEBA-4973-BA86-0C9AE6396620})
version: 16777216
version (major): 1
install date: 20060222
install source: c:\hp\tmp\src\setup\QFolder\
publisher: Hewlett-Packard
HP Boot Optimizer 2.0.5.1 ({3BA95526-6AE0-4B87-A62D-17187EF565FC})
uninstall cmd: C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall
publisher: Hewlett-Packard Company
help link: www.hp.com
HP PSC & OfficeJet 5.3.A ({3E386744-10FA-44b2-98C9-DF7A270DECB3})
uninstall cmd: "C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
publisher: HP
help link: http://www.hp.com/support
RandMap 60.0.155.000 ({3FE0CFAB-584A-4AA5-B8CD-C32284CFA308})
version: 1006633115
version (major): 60
estimated size: 22628
install date: 20060222
install source: c:\hp\tmp\src\setup\RandMap\
publisher: Hewlett-Packard
BufferChm 60.0.155.000 ({4041C245-7099-4C96-9738-5EBC23827B3C})
version: 1006633115
version (major): 60
estimated size: 645
install date: 20060222
install source: c:\hp\tmp\src\setup\BufferChm\
publisher: Hewlett-Packard
Microsoft Works 08.04.0623 ({416D80BA-6F6D-4672-B7CF-F54DA2F80B44})
version: 134480495
version (major): 8
version (minor): 4
estimated size: 291561
install date: 20060222
install source: c:\hp\tmp\src\MSWORKS\
uninstall cmd: MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
publisher: Microsoft Corporation
comments: Microsoft Works 8.0 installation.
help link: http://support.microsoft.com/support/works
help telephone:
HP DVD Play 1.0 ({45D707E9-F3C4-11D9-A373-0050BAE317E1})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
CP_Panorama1Config 60.0.155.000 ({494D17B5-3369-4905-8C4B-80C972C5E0FF})
version: 1006633115
version (major): 60
estimated size: 13
install date: 20060222
install source: c:\hp\tmp\src\setup\CP_Panorama1Config\
publisher: Hewlett-Packard
cp_LightScribeConfig 60.0.155.000 ({4DA4012B-39AF-48c2-B23B-A4D570D233A6})
version: 1006633115
version (major): 60
estimated size: 37
install date: 20060222
install source: c:\hp\tmp\src\setup\cp_LightScribeConfig\
publisher: Hewlett-Packard
CP_Package_Variety1 60.0.155.000 ({522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1})
version: 1006633115
version (major): 60
estimated size: 7393
install date: 20060222
install source: c:\hp\tmp\src\setup\CP_Package_Variety1\
publisher: Hewlett-Packard
FullDPAppQFolder 1.00.0000 ({53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C})
version: 16777216
version (major): 1
install date: 20060222
install source: c:\hp\tmp\src\hpsw\setup\QFolder\
publisher: Hewlett-Packard
GdiplusUpgrade 1.00.01 ({5421155F-B033-49DB-9B33-8F80F233D4D5})
version: 16777217
version (major): 1
estimated size: 6412
install date: 20060518
install source: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\GdiplusUpgrade\
uninstall cmd: MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
publisher: Hewlett-Packard
PC Camera (6029 CIF) 2.29.0.0 ({54DC27A1-2708-421E-8915-119955DB3B92})
version: 35454976
install location: C:\Program Files\Sonix\PC Camera (6029 CIF)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{54DC27A1-2708-421E-8915-119955DB3B92}\Setup.exe" -l0x9
NewCopy 50.0.206.000 ({54E3707F-808E-4fd4-95C9-15D1AB077E5D})
version: 838861006
version (major): 50
estimated size: 2282
install date: 20060222
install source: c:\hp\tmp\src\CDB\setup\newcopy\
publisher: Hewlett-Packard
cp_PosterPrintConfig 60.0.155.000 ({54F0998F-73C8-4b51-8286-FE903C231BED})
version: 1006633115
version (major): 60
estimated size: 29
install date: 20060222
install source: c:\hp\tmp\src\setup\cp_PosterPrintConfig\
publisher: Hewlett-Packard
NewCopy_CDA 50.0.214.000 ({567C23E1-7580-4185-B8C2-30805677297C})
version: 838861014
version (major): 50
estimated size: 2486
install date: 20060222
install source: c:\hp\tmp\src\CDA\setup\newcopy\
publisher: Hewlett-Packard
WebReg 53.0.13.000 ({56F8AFC3-FA98-4ff1-9673-8A026CBF85BE})
version: 889192461
version (major): 53
estimated size: 529
install date: 20060222
install source: c:\hp\tmp\src\CDA\setup\WebReg\
publisher: Hewlett-Packard
HP PSC & OfficeJet 5.3.B ({5B79CFD1-6845-4158-9D7D-6BE89DF2C135})
uninstall cmd: "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
publisher: HP
help link: http://www.hp.com/support
Sonic Express Labeler 2.1.0 ({6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA})
version: 33619968
version (major): 2
version (minor): 1
estimated size: 13851
install date: 20060222
install source: c:\hp\tmp\src\EXPRESSLABELER_20\
uninstall cmd: MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
publisher: Sonic Solutions
DocProc 5.2.0.0 ({6BB6627C-694F-4FDC-A3E5-C7F4BED4C724})
version: 84017152
version (major): 5
version (minor): 2
estimated size: 76186
install date: 20060222
install source: c:\hp\tmp\src\CDA\setup\DocProc\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0
PSTAPlugin 8.01.0000 ({755EC5E3-FD51-46bd-A57F-7A2D56FBF061})
version: 134283264
version (major): 8
version (minor): 1
estimated size: 1293
install date: 20060222
install source: c:\hp\tmp\src\setup\PSTAPlugin\
publisher: Hewlett-Packard
CP_Package_Basic1 60.0.155.000 ({766633B3-1AFA-44B6-A3FC-1DE991CD9C52})
version: 1006633115
version (major): 60
estimated size: 2245
install date: 20060222
install source: c:\hp\tmp\src\setup\CP_Package_Basic1\
publisher: Hewlett-Packard
PSPrinters08 8.01.0000 ({769A295C-DCF4-41d6-AFBA-7D9394B23AFE})
version: 134283264
version (major): 8
version (minor): 1
estimated size: 21413
install date: 20060222
install source: c:\hp\tmp\src\setup\PSPrinters08\
publisher: HP
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0
AiOSoftware 50.0.206.000 ({7850A6D2-CBEA-4728-9877-F1BEDEA9F619})
version: 838861006
version (major): 50
estimated size: 2918
install date: 20060222
install source: c:\hp\tmp\src\CDB\setup\AiOSoftware\
publisher: Hewlett-Packard
Sonic_PrimoSDK 60.0.155.000 ({79F8E1D4-36C1-439C-95FA-F695050B5B07})
version: 1006633115
version (major): 60
estimated size: 1803
install date: 20060222
install source: c:\hp\tmp\src\setup\Sonic_PrimoSDK\
publisher: Hewlett-Packard
DocumentViewerQFolder 1.00.0000 ({7C03270C-4FAB-4F5C-B10D-52FEDA190790})
version: 16777216
version (major): 1
install date: 20060222
install source: c:\hp\tmp\src\CDA\setup\QFolder\
publisher: Hewlett-Packard
cp_UpdateProjectsConfig 60.0.155.000 ({80AE27BA-B0ED-4288-A8B9-D8194BCF4115})
version: 1006633115
version (major): 60
install date: 20060222
install source: c:\hp\tmp\src\setup\cp_UpdateProjectsConfig\
publisher: Hewlett-Packard
Easy Internet Sign-up FE UI-4.1.0.1680 ({8105684D-8CA6-440D-8F58-7E5FD67A499D})
version: 50331648
version (major): 3
estimated size: 14004
install date: 20060222
install source: C:\hp\tmp\src\
publisher: Hewlett-Packard
PhotoGallery 60.0.155.000 ({869C3062-4745-4949-B6C9-98AF24D89030})
version: 1006633115
version (major): 60
estimated size: 54667
install date: 20060222
install source: c:\hp\tmp\src\setup\PhotoGallery\
publisher: Hewlett-Packard
Microsoft Office Standard Edition 2003 11.0.5614.0 ({91120409-6000-11D3-8CFE-0150048383C9})
version: 184554990
version (major): 11
install date: 20060222
install location: C:\Program Files\Microsoft Office\
install source: E:\
uninstall cmd: MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM
Readme 50.0.214.000 ({923A7F5A-1E8C-4FBE-8DF6-85940A60A79F})
version: 838861014
version (major): 50
estimated size: 56
install date: 20060222
install source: c:\hp\tmp\src\CDA\setup\readme\
publisher: Hewlett-Packard
CueTour 60.0.155.000 ({9D4ABB0C-F60B-44A6-956C-A4A63D5495C9})
version: 1006633115
version (major): 60
estimated size: 2325
install date: 20060222
install source: c:\hp\tmp\src\setup\CueTour\
publisher: Hewlett-Packard
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour 1.0.0 ({A01FC76F-CC09-4658-9E37-5C2F635EE708})
version: 16777216
version (major): 1
estimated size: 1728
install date: 20060222
install source: C:\hp\tmp\src\Tour\
uninstall cmd: MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
publisher: Microsoft
contact: Ioan Grigoreanu
ScannerCopy 5.2.0.0 ({A195B13E-A5E3-4BAF-A995-7F70F445CD06})
version: 84017152
version (major): 5
version (minor): 2
estimated size: 4552
install date: 20060222
install source: c:\hp\tmp\src\CDA\setup\ScannerCopy\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0
CameraDrivers 5.0.0.328 ({A3455242-DAE0-4523-8242-FD82706ABF4B})
version: 83886080
version (major): 5
estimated size: 2567
install date: 20060222
install source: c:\hp\tmp\src\setup\Camera\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0
Sonic RecordNow Audio 2.0.4 ({AB708C9B-97C8-4AC9-899B-DBF226AC9382})
version: 33554436
version (major): 2
estimated size: 14157
install date: 20060222
install source: c:\hp\tmp\src\SC_AUDIO_204\
uninstall cmd: MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
publisher: Sonic Solutions
help link: http://support.sonic.com/
LightScribe 1.4.62.1 1.4.62.1 ({ABB2901A-3D0A-4F21-8324-2F13C3EFE163})
version: 17039422
version (major): 1
version (minor): 4
estimated size: 3349
install date: 20060222
install location: C:\Program Files\Common Files\LightScribe\
install source: C:\hp\drivers\LightScribe\
publisher: http://www.lightscribe.com
comments: LightScribe
contact: LightScribe
help link: http://www.lightscribe.com
help telephone: 1-000-000-0000
Adobe Reader 7.0 7.0.0 ({AC76BA86-7AD7-1033-7B44-A70000000000})
version: 117440512
version (major): 7
estimated size: 63015
install date: 20060222
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm
CP_AtenaShokunin1Config 60.0.155.000 ({B11E71BA-498C-42D4-9F1A-9D7A89D9DA61})
version: 1006633115
version (major): 60
estimated size: 13
install date: 20060222
install source: c:\hp\tmp\src\setup\cp_AtenaShokunin1Config\
publisher: Hewlett-Packard
Sonic RecordNow Copy 2.0.4 ({B12665F4-4E93-4AB4-B7FC-37053B524629})
version: 33554436
version (major): 2
estimated size: 14673
install date: 20060222
install source: c:\hp\tmp\src\SC_COPY_204\
uninstall cmd: MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
publisher: Sonic Solutions
help link: http://support.sonic.com/
AiO_Scan_CDA 50.0.214.000 ({B276997E-4367-4b1b-A39C-4CAE7464337A})
version: 838861014
version (major): 50
estimated size: 495
install date: 20060222
install source: c:\hp\tmp\src\CDA\setup\AiO_Scan\
publisher: Hewlett-Packard
PanoStandAlone 53.0.13.000 ({B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5})
version: 889192461
version (major): 53
estimated size: 10318
install date: 20060222
install source: c:\hp\tmp\src\CDA\setup\PanoStandAlone\
publisher: Hewlett-Packard
CP_Package_Variety3 60.0.155.000 ({B57F2FF0-5A25-4332-B503-4592B370C02F})
version: 1006633115
version (major): 60
estimated size: 8609
install date: 20060222
install source: c:\hp\tmp\src\setup\CP_Package_Variety3\
publisher: Hewlett-Packard
Fax_CDA 50.0.214.000 ({B60E7826-F117-4d26-8165-D2DC5A494AB0})
version: 838861014
version (major): 50
estimated size: 17962
install date: 20060222
install source: c:\hp\tmp\src\CDA\setup\fax\
publisher: Hewlett-Packard
AiOSoftwareNPI 50.0.214.000 ({B64E3AFC-59EF-4f18-BF11-E751462450D3})
version: 838861014
version (major): 50
estimated size: 10853
install date: 20060222
install source: c:\hp\tmp\src\CDA\setup\AiOSoftwarenpi\
publisher: Hewlett-Packard
cp_OnlineProjectsConfig 60.0.155.000 ({BBD3BF67-5B89-4CBB-BA58-5818ED5F3290})
version: 1006633115
version (major): 60
estimated size: 29
install date: 20060222
install source: c:\hp\tmp\src\setup\cp_OnlineProjectsConfig\
publisher: Hewlett-Packard
Scan 5.2.0.0 ({C506A18C-1469-4678-B094-F4EC9DAE6DB7})
version: 84017152
version (major): 5
version (minor): 2
estimated size: 9128
install date: 20060222
install source: c:\hp\tmp\src\CDA\setup\Scan\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0
HP Photosmart Cameras 5.0 5.0 ({C83A12B9-B31B-461A-BBD4-CE9B988094F1})
uninstall cmd: C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
publisher: HP
help link: http://www.hp.com
Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 60751
install date: 20060517
install source: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
emericanized
2006-07-17, 17:14
Fax 50.0.206.000 ({CE24344F-DFD8-40C8-8FD8-C9740B5F25AC})
version: 838861006
version (major): 50
estimated size: 11615
install date: 20060222
install source: c:\hp\tmp\src\CDB\setup\fax\
publisher: Hewlett-Packard
MSN Messenger 7.5 7.5.0324.0 ({CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5})
version: 117768516
version (major): 7
version (minor): 5
estimated size: 15613
install date: 20060517
install source: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
publisher: Microsoft Corporation
CameraDrivers 5.0.0.290 ({D518592A-0F1E-40ca-BECB-3D3F026C6B0D})
version: 83886080
version (major): 5
estimated size: 2542
install date: 20060222
install source: c:\hp\tmp\src\hpsw\setup\Camera\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0
HP Web Helper ({DAAD5187-62C5-4AD6-A526-803C18C4944D})
uninstall cmd: regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
HpSdpAppCoreApp 3.00.0000 ({DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38})
version: 50331648
version (major): 3
estimated size: 2987
install date: 20060222
install source: C:\hp\tmp\src\
publisher: Hewlett-Packard
muvee autoProducer 4.5 4.50.050 ({E073D315-3C54-44BF-A1B2-B5583AEA618C})
version: 70385714
install location: C:\Program Files\muvee Technologies\muvee autoProducer 4.5 - HPD
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E073D315-3C54-44BF-A1B2-B5583AEA618C}\setup.exe" -l0x9
publisher: muvee Technologies
help link: http://store.muvee.com/?f=support&k=&w=01030314&l=1033
HPProductAssistant 53.0.13.000 ({E3F90083-80D4-4b5a-87C7-E97E12F5516D})
version: 889192461
version (major): 53
estimated size: 3115
install date: 20060222
install source: c:\hp\tmp\src\CDA\setup\hpproductassistant\
publisher: Hewlett-Packard
SolutionCenter 50.0.152.000 ({EA103B64-C0E4-4C0E-A506-751590E1653D})
version: 838860952
version (major): 50
estimated size: 7452
install date: 20060222
install source: c:\hp\tmp\src\CDA\setup\SolutionCenter\
publisher: Hewlett-Packard
HP Software Update 3.0.6.002 ({ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93})
version: 50331654
version (major): 3
estimated size: 3377
install date: 20060222
install source: c:\hp\drivers\hpsu\
uninstall cmd: MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
publisher: HEWLET~1|Hewlett-Packard
contact: http://www.hp.com/support
Adobe Photoshop CS CS ({EFB21DE7-8C19-4A88-BB28-A766E16493BC})
version: 134217728
version (major): 8
install location: C:\Program Files\Adobe\Photoshop CS
install source: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX20.593\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
publisher: Adobe Systems, Inc.
Status 53.0.13.000 ({F4C2E5F5-2970-45f4-ABD3-C180C4D961C4})
version: 889192461
version (major): 53
estimated size: 1169
install date: 20060222
install source: c:\hp\tmp\src\CDA\setup\Status\
publisher: Hewlett-Packard
HP DigitalMedia Archive 2.0 ({F80239D8-7811-4D5E-B033-0D0BBFE32920})
version: 33554432
version (major): 2
estimated size: 8339
install date: 20060222
install source: c:\hp\tmp\src\DMA_20\
uninstall cmd: MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
publisher: Hewlett-Packard
InstantShareDevices 60.0.155.000 ({FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0})
version: 1006633115
version (major): 60
estimated size: 2918
install date: 20060222
install source: c:\hp\tmp\src\setup\InstantShareDevices\
publisher: Hewlett-Packard
pskelley
2006-07-17, 18:44
Please read the instructions carefully:
Copy/paste into your own new topic.
c:\rapport.txt <<< I do not see this?
and Ewido log
the HJT log
The Spybot log says this:
10) Open Spybot-S&D
Press export in the save in box, choose a place such as My Documents folder and save the report there.
Post the Spybot log only if requested.
I do, however, need that SmitfraudFix results: c:\rapport.txt
Thanks
emericanized
2006-07-17, 19:29
hey sorry about posting the spybot log, man! i just totally spammed my own thread then...
here is the rapport, i think i included the other stuff the HJT and ewido, is there anything you need other than this ? I saved the spybot log
sorry again!
SmitFraudFix v2.72
Scan done at 1:24:37.50, 17/07/2006
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"fairydom"="{5839511e-ec1b-4f91-ace3-fb88e52f5239}"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
C:\WINDOWS\system32\jevtxpg.dll -> Missing File
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted
C:\DOCUME~1\HP_ADM~1\FAVORI~1\Antivirus Test Online.url Deleted
C:\Program Files\SpyQuake2.com\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
pskelley
2006-07-17, 22:46
Thanks for that report, looks like it removed what it found. Let's do a litle cleaning.
http://forums.security-central.us/showthread.php?t=1925
Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
HJT log looks good, the only think I see is this: O15 - Trusted Zone: http://*.trymedia.com (HKLM)
Normally SmitfraudFix clean the TZ but if you know it is there, I suppose there is no need to run it.
C:\Program Files\Java\jre1.5.0_06 <<< Java just released jre1.5.0_07 so you will want to manually update.
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://boards.cexx.org/viewtopic.php?t=957
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
ewido is a great program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam
If all is well, then safe surfing...tashi:) will close you in a day or so.
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
As the problem appears to be resolved this topic will be archived.
If you need it re-opened please send me a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.
Glad we could help.