PDA

View Full Version : Smitfraud+Yazzle+Purityscan = Help!



JPHalle
2006-11-06, 12:48
My desktop is infected by the 3 above, as detectd by Spybot + AVG. But they keep coming back. Need your help. Here are my logs, as attachments:

the spybot log:

--- Search result list ---
Smitfraud-C.Toolbar888: Réglages (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-24 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-11-03 Includes\Cookies.sbi (*)
2006-10-13 Includes\Dialer.sbi (*)
2006-11-03 Includes\DialerC.sbi (*)
2006-11-03 Includes\Hijackers.sbi (*)
2006-11-03 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-11-03 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-11-03 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-11-03 Includes\PUPSC.sbi (*)
2003-11-12 Includes\QA Tests.sbi (*)
2006-11-03 Includes\Revision.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-11-03 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-11-03 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-11-03 Includes\Trojans.sbi (*)
2006-11-03 Includes\TrojansC.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX: DirectX Update 819696
/ DirectX / DX9 / SP1: Correctif pour DirectX 9 - KB839643
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/917283
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/922770
/ Step By Step Interactive Training / SP2: Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)
/ Windows Media Player: Correctif pour le Lecteur Windows Media [Voir KB837272 pour plus d'informations]
/ Windows Media Player / SP0: Correctif pour le Lecteur Windows Media [Voir wm828026 pour plus d'informations]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player: Windows Media Update 819639
/ Windows Media Player: Windows Media Update 828026
/ Windows Media Player 10: Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)
/ Windows Media Player 10: Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Correctif Windows XP - KB834707
/ Windows XP / SP3: Correctif Windows XP - KB867282
/ Windows XP / SP3: Correctif Windows XP - KB873333
/ Windows XP / SP3: Correctif Windows XP - KB873339
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB883939)
/ Windows XP / SP3: Correctif Windows XP - KB885250
/ Windows XP / SP3: Correctif Windows XP - KB885835
/ Windows XP / SP3: Correctif Windows XP - KB885836
/ Windows XP / SP3: Correctif Windows XP - KB885884
/ Windows XP / SP3: Correctif Windows XP - KB886185
/ Windows XP / SP3: Correctif Windows XP - KB887472
/ Windows XP / SP3: Correctif Windows XP - KB887742
/ Windows XP / SP3: Correctif Windows XP - KB887797
/ Windows XP / SP3: Correctif Windows XP - KB888113
/ Windows XP / SP3: Correctif Windows XP - KB888302
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB890046)
/ Windows XP / SP3: Correctif Windows XP - KB890047
/ Windows XP / SP3: Correctif Windows XP - KB890175
/ Windows XP / SP3: Correctif Windows XP - KB890859
/ Windows XP / SP3: Correctif Windows XP - KB890923
/ Windows XP / SP3: Correctif Windows XP - KB891781
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB893066)
/ Windows XP / SP3: Correctif Windows XP - KB893086
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB894391)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896358)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896422)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896423)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896424)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896428)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896688)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB896727)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB898461)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899587)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899588)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899589)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899591)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB900485)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB900725)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB900930)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB901017)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB901214)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB902400)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB903235)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB904706)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB904942)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB905414)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB905749)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB905915)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB908519)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB908531)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB910437)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB911280)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB911562)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB911567)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB911927)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB912812)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB912919)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB912945)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB913446)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB913580)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB914388)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB914389)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB916281)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB916595)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB917159)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB917344)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB917422)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB917953)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB918439)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB918899)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB919007)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920214)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB920342)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920670)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920683)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920685)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB920872)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB921398)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB921883)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB922582)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB922616)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB922819)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB923191)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB923414)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB924191)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB924496)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB925486)


--- Startup entries list ---
Located: HK_LM:Run, !AVG Anti-Spyware
command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6266880
MD5: 01d90ae5dccbce0c7b52874fec35a608

Located: HK_LM:Run, ANIWZCS2Service
command: C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
file: C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
size: 45056
MD5: f3644c30f79b7d3183e296272b163900

Located: HK_LM:Run, AsioReg
command: REGSVR32.EXE /S CTASIO.DLL
file: C:\WINDOWS\system32\REGSVR32.EXE
size: 12288
MD5: 4f73521f2f65c97c0ee8cef9dba8b40b

Located: HK_LM:Run, BCMSMMSG
command: BCMSMMSG.exe
file: C:\WINDOWS\BCMSMMSG.exe
size: 122880
MD5: 2d99607f21ff368c0e335a2d91a052a1

Located: HK_LM:Run, beep regs about start
command: C:\Documents and Settings\All Users\Application Data\Meta data beep regs\chicnoun.exe
file:

Located: HK_LM:Run, CTDrive
command: rundll32.exe C:\WINDOWS\system32\drvhun.dll,startup
file: C:\WINDOWS\system32\rundll32.exe
size: 33792
MD5: cdd7140c0eaa754c527b983ccc9993cd

Located: HK_LM:Run, CTDVDDet
command: C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
file: C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
size: 45056
MD5: 49530ea45ebd73e2c11c74dfebc30d57

Located: HK_LM:Run, CTHelper
command: CTHELPER.EXE
file: C:\WINDOWS\system32\CTHELPER.EXE
size: 28672
MD5: 97615ab538986082787e4989e03c48f7

Located: HK_LM:Run, CTSysVol
command: C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
file: C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
size: 49152
MD5: c88806e6c9ae0ad88d20e1bda995355a

Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 114741
MD5: 2bff8a443334a034df73d2c8d808d2a7

Located: HK_LM:Run, D-Link AirPlus XtremeG
command: C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
file: C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
size: 987136
MD5: 0624f51b292ec9df12acb8090b7d3d99

Located: HK_LM:Run, DVDSentry
command: C:\WINDOWS\System32\DSentry.exe
file: C:\WINDOWS\System32\DSentry.exe
size: 28672
MD5: d9ee81715cc700cac1c552c247d78d8c

Located: HK_LM:Run, HP Software Update
command: "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
file: c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: e558cde2913daa077d4e25732d1aa176

Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: ba510a646b02cb44137b8296db2783d3

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 33792
MD5: cdd7140c0eaa754c527b983ccc9993cd

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 741376
MD5: a4ae9ba1e10cb9f6c0949c4db91a1f72

Located: HK_LM:Run, PCMService
command: "C:\Program Files\Dell\Media Experience\PCMService.exe"
file: C:\Program Files\Dell\Media Experience\PCMService.exe
size: 204800
MD5: 3f22eaad167797f2de16fa7968593d59

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76a3a30b58405c2c6d833895253a51a9

Located: HK_LM:Run, RealTray
command: C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
file:

Located: HK_LM:Run, REGSHAVE
command: C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
file:

Located: HK_LM:Run, StorageGuard
command: "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
file: C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
size: 155648
MD5: 4d04efdcb8548fdb3b29ab9154480b7b

Located: HK_LM:Run, UpdReg
command: C:\WINDOWS\UpdReg.EXE
file: C:\WINDOWS\UpdReg.EXE
size: 90112
MD5: c419df63e0121d72411285780c2fc6cc

Located: HK_LM:Run, ViewMgr
command: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
file: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
size: 106557
MD5: 1cd4dda616a8c2e2ee028895271492e9

Located: HK_LM:Run, vptray
command: C:\PROGRA~1\NavNT\vptray.exe
file: C:\PROGRA~1\NavNT\vptray.exe
size: 73728
MD5: 40f748be3a7c8d1b1f6b72f6144959be

Located: HK_CU:Run, CTFMON.EXE
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 64e41e8fee655b03e3f19ded21ba5118

Located: HK_CU:Run, Fqafyaz
command: C:\Program Files\?icrosoft.NET\d?xplore.exe
file:

Located: HK_CU:Run, IncrediMail
command: C:\Program Files\IncrediMail\bin\IncMail.exe /c
file:

Located: HK_CU:Run, msnmsgr
command: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
file: C:\Program Files\MSN Messenger\msnmsgr.exe
size: 7094272
MD5: d491eb642758e6161345da99d495c4d9

Located: HK_CU:Run, Rwtt
command: "C:\DOCUME~1\JEAN-P~1\MESDOC~1\CROSOF~1\cmd.exe" -vt ndrv
file:

Located: HK_CU:Run, Skype
command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
file: C:\Program Files\Skype\Phone\Skype.exe
size: 18577448
MD5: a30cf423ae0c6dbcd97c34efa3a88c29

Located: HK_CU:Run, Sonic RecordNow!
command:
file:

Located: HK_CU:Run, Yahoo! Pager
command: "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
file: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
size: 4538368
MD5: a402de81d580d398f201a1e70d7da18a

Located: Démarrage (tous utilisateurs), Acrobat Assistant.lnk
command: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
file: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
size: 217194
MD5: cfe5228556c93d03d6753e7953ccd4a9

Located: Démarrage (tous utilisateurs), Adobe Gamma Loader.lnk
command: C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: Démarrage (tous utilisateurs), Démarrage rapide du logiciel HP Image Zone.lnk
command: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
size: 53248
MD5: 8c53463a3e28454d74f48bf87a9cf7ba

Located: Démarrage (tous utilisateurs), Exif Launcher.lnk
command: C:\Program Files\FinePixViewer\QuickDCF.exe
file: C:\Program Files\FinePixViewer\QuickDCF.exe
size: 200704
MD5: 91e35f8e5c123ca3f1e5bad39fb57697

Located: Démarrage (tous utilisateurs), HP Digital Imaging Monitor.lnk
command: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
size: 258048
MD5: c519cec624cf9bcba3059f32266c8fff

Located: Démarrage (tous utilisateurs), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: Démarrage (tous utilisateurs), NkbMonitor.exe.lnk
command: C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
file: C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
size: 118784
MD5: 8c920dfe944b0dce788db3cb0320b336

Located: Démarrage (tous utilisateurs), VPN Client.lnk
command: C:\WINDOWS\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico
file: C:\WINDOWS\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico
size: 6144
MD5: 85ab6c3089bee58999b434e114e8a64c

Located: Démarrage (tous utilisateurs), WinZip Quick Pick.lnk
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 118784
MD5: 4707a73e38157e37c5d807f29809f2d4

Located: Démarrage (utilisateur), SAM.lnk
command: C:\Program Files\SAM\SAM.exe
file: C:\Program Files\SAM\SAM.exe
size: 851968
MD5: e4e18b88a810fee8734b592ae5b626b1

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, NavLogon
command: C:\WINDOWS\system32\NavLogon.dll
file: C:\WINDOWS\system32\NavLogon.dll
size: 45056
MD5: 7a492824b55d134fa59849da8f3d776c

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, ssqpn
command: C:\WINDOWS\system32\ssqpn.dll
file: C:\WINDOWS\system32\ssqpn.dll
size: 692276
MD5: 686c4024a9ec6ad0e701a1623bab9600

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wintfj32
command: wintfj32.dll
file: wintfj32.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

JPHalle
2006-11-06, 12:51
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 2003-11-03 17:17:44
Date (last access): 2006-11-06 04:51:28
Date (last write): 2003-11-03 17:17:44
Filesize: 54248
Attributes: archive
MD5: FC7850324464E4D19A24A03D882B5CC4
CRC32: 452E8571
Version: 6.0.1.1091

{0B93D27F-5E6A-26AD-06D7-871367A21376} ()
BHO name:
CLSID name:
Path: C:\PROGRA~1\playsize\
Long name: axis setup.exe

{0CF0B8EE-6596-11D5-A98E-0003470BB48E} (CCHelper Class)
BHO name:
CLSID name: CCHelper Class
description: Panicware Popup Stopper
classification: Legitimate
known filename: CChelper.dll
info link: http://www.panicware.com/
info source: TonyKlein
Path: C:\Program Files\Panicware\Pop-Up Stopper Pro\
Long name: CCHelper.dll
Short name:
Date (created): 2003-11-17 22:21:16
Date (last access): 2006-11-06 04:55:00
Date (last write): 2002-02-10 09:52:42
Filesize: 65536
Attributes: archive
MD5: 0CBCF4595792760BC0B6B415475209A5
CRC32: 2DF2BAF0
Version: 1.0.0.1

{39f25b12-74ff-4079-a51f-1d70f5b08b84} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: ixt0.dll

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 2004-05-12 00:03:00
Date (last access): 2006-11-06 04:55:00
Date (last write): 2005-05-31 00:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{57FDC17E-0F88-4510-B86A-A24741277335} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: ssqpn.dll
Short name:
Date (created): 2006-11-05 19:43:58
Date (last access): 2006-11-06 04:55:00
Date (last write): 2006-11-05 19:44:04
Filesize: 692276
Attributes: hidden sysfile
MD5: 686C4024A9EC6AD0E701A1623BAB9600
CRC32: E0B3BE8B

{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\system32\dla\
Long name: tfswshx.dll
Short name:
Date (created): 2003-11-04 16:05:48
Date (last access): 2006-11-06 04:55:00
Date (last write): 2003-08-06 02:04:00
Filesize: 106548
Attributes: archive
MD5: 15F6F27916A2D2AF3ABF029F6CF3037B
CRC32: 808FB6C8
Version: 1.4.5.1

{6A945B63-BCA0-B626-868E-CD6937A68EC1} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: bfdoeg.dll

{AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
BHO name:
CLSID name: AcroIEToolbarHelper Class
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 2003-05-15 01:03:46
Date (last access): 2006-11-06 04:51:28
Date (last write): 2003-05-15 01:03:46
Filesize: 147456
Attributes: archive
MD5: 44BCFF08947790E74BD7CC7532D2B793
CRC32: 0C91890B

{F18F04B0-9CF1-4b93-B004-77A288BEE28B} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: whqxopqa.dll
Short name:
Date (created): 2006-11-05 19:44:12
Date (last access): 2006-11-06 04:55:00
Date (last write): 2006-11-05 19:44:12
Filesize: 60436
Attributes: archive
MD5: 4012ECBCBCE683630F3DF54311626CE8
CRC32: 5B380DCA



--- ActiveX list ---
{00000000-0000-0000-0000-000020040000} ()
DPF name:
CLSID name:
Installer:
Codebase: http://207.234.185.217/ABoxInst_int14.exe
description:
classification: Confirmed as malware
known filename:
info link:
info source: Safer Networking Ltd.

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer: C:\WINDOWS\Downloaded Program Files\QTPlugin.inf
Codebase: http://www.apple.com/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 2004-04-25 18:17:42
Date (last access): 2006-11-05 21:43:48
Date (last write): 2006-05-07 17:57:38
Filesize: 360504
Attributes: archive
MD5: F88CD154B9627646E9DDA1679155E4E3
CRC32: 5B04FF79
Version: 6.5.1.17

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\SYSTEM32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 2003-11-17 14:36:36
Date (last access): 2006-11-05 21:43:48
Date (last write): 2004-05-28 00:38:00
Filesize: 54480
Attributes: archive
MD5: 408F53722D9C1280BF4EDD70341EA7F2
CRC32: 4EB8819E
Version: 10.0.1.4

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 2005-07-12 17:04:22
Date (last access): 2006-11-05 23:06:18
Date (last write): 2006-06-19 15:19:42
Filesize: 571184
Attributes: archive
MD5: 31BF58C9814F840EB10A2B7A410ABEA3
CRC32: DAFAE165
Version: 1.5.540.0

{2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
DPF name:
CLSID name: Minesweeper Flags Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
description:
classification: Legitimate
known filename: minesweeper.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: minesweeper.dll
Short name: MINESW~1.DLL
Date (created): 2003-05-29 14:00:22
Date (last access): 2006-11-06 05:13:20
Date (last write): 2003-05-29 14:00:22
Filesize: 84064
Attributes: archive
MD5: F951FD0EA383DF2D49CA0359E4A86968
CRC32: 50A69718
Version: 7.1.9502.1

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase: http://office.microsoft.com/officeupdate/content/opuc3.cab
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 2005-03-22 14:56:36
Date (last access): 2006-11-06 05:14:44
Date (last write): 2005-08-08 00:25:14
Filesize: 532992
Attributes: archive
MD5: 6433993EBB9B2B6CD18F4256FD7A7C07
CRC32: AEF6FCDD
Version: 12.0.3208.1000

{62475759-9E84-458E-A1AB-5D2C442ADFDE} ()
DPF name:
CLSID name:
Installer:
Codebase: http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119620227656
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: wuweb.dll
Short name:
Date (created): 2004-08-15 10:07:54
Date (last access): 2006-11-05 21:43:48
Date (last write): 2005-05-26 03:19:32
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 5.8.0.2469

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
description:
classification: Legitimate
known filename: messengerstatsclient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: messengerstatsclient.dll
Short name: MESSEN~1.DLL
Date (created): 2003-05-29 14:00:20
Date (last access): 2006-11-06 05:13:20
Date (last write): 2003-05-29 14:00:20
Filesize: 160864
Attributes: archive
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 7.1.9502.1

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37941.3875462963
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

{A1426AC5-8CE5-4A00-B71E-011D35709AC6} ()
DPF name:
CLSID name:
Installer:
Codebase: http://advnt01.com/dialer/int_ver34.CAB

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8b.ocx
Short name:
Date (created): 2006-03-31 10:45:12
Date (last access): 2006-11-05 23:02:14
Date (last write): 2006-03-31 10:45:12
Filesize: 1443464
Attributes: readonly archive
MD5: 12719EDDAAB9CAEEF28C6E58192F594B
CRC32: 680E085C
Version: 8.0.24.0

{EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class)
DPF name:
CLSID name: QDiagHUpdateObj Class
Installer: C:\WINDOWS\Downloaded Program Files\qdiagh.inf
Codebase: http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
description:
classification: Legitimate
known filename: qdiagh.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: qdiagh.ocx
Short name:
Date (created): 2004-11-30 13:10:08
Date (last access): 2006-11-05 21:43:48
Date (last write): 2004-11-30 13:10:08
Filesize: 824416
Attributes: archive
MD5: F74D5AEFB89DEDC35B2295ED424A7CDF
CRC32: 25AD1A25
Version: 1.0.1.326

{EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar)
DPF name:
CLSID name: Yahoo! Toolbar
Installer: C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.inf
Codebase: http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
description: Yahoo toolbar
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: Patrick M. Kolla



--- Process list ---
PID: 0 ( 0) [System]
PID: 160 ( 4) \SystemRoot\System32\smss.exe
PID: 208 ( 160) \??\C:\WINDOWS\system32\csrss.exe
PID: 232 ( 160) \??\C:\WINDOWS\system32\winlogon.exe
PID: 276 ( 232) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 63DCDE1A0D86EEB8924D6738FF616EAD
PID: 288 ( 232) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 259AF82A0932EEA4F316F92DB94707B6
PID: 444 ( 276) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 508 ( 276) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 564 ( 276) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 816 ( 792) C:\WINDOWS\Explorer.EXE
size: 1036288
MD5: 2A7BD330924252A2FD80344FC949BB72
PID: 772 ( 816) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 2006-11-06 05:26:16

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.dell.ca/index.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.dell.ca/index.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

JPHalle
2006-11-06, 12:56
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5FBB3763-EED1-4F64-A7F2-D69A54514737}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5FBB3763-EED1-4F64-A7F2-D69A54514737}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F3823D3-12BB-4BBE-87F6-0BF3F76608E7}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F3823D3-12BB-4BBE-87F6-0BF3F76608E7}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1192AF8E-2423-4CD2-84CB-B03753D4BCF1}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1192AF8E-2423-4CD2-84CB-B03753D4BCF1}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E1396B3B-472C-495F-9505-C3D8142F7D6C}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E1396B3B-472C-495F-9505-C3D8142F7D6C}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6396533C-2530-42F7-AE4F-706B1CEF18F0}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6396533C-2530-42F7-AE4F-706B1CEF18F0}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7C4B0D4D-A0A8-4F24-94A1-488FF2272BEC}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7C4B0D4D-A0A8-4F24-94A1-488FF2272BEC}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1C6607E8-8B8A-421B-A9E0-49666D8ACC72}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1C6607E8-8B8A-421B-A9E0-49666D8ACC72}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DE2C65E6-F60B-4AD0-8C15-CCE400657FD2}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DE2C65E6-F60B-4AD0-8C15-CCE400657FD2}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4DF62A79-67FE-45AA-A3F5-34464F8AA9D2}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4DF62A79-67FE-45AA-A3F5-34464F8AA9D2}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Espace de noms NLA (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace



--- Uninstall list ---
AAA Logo 1.2 (AAA Logo_is1)
uninstall cmd: "C:\Program Files\AAALOGO\unins000.exe"
publisher: SWGSoft.com
help link: http://www.aaa-logo.com

Ad-Aware SE Personal (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.de

(AddressBook)

Adobe Acrobat 4.0 (Adobe Acrobat 4.0)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 4.0\NT\Uninst.isu"

Adobe Atmosphere Player for Acrobat and Adobe Reader (Adobe Atmosphere Player)
uninstall cmd: C:\WINDOWS\atmoUn.exe

Adobe Photoshop 7.0 7.0 (Adobe Photoshop 7.0)
version (major): 7
install location: C:\Program Files\Adobe\Photoshop 7.0
install source: C:\Program Files\Photoshop\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
publisher: Adobe Systems, Inc.

Ares 1.8.1 1.8.1-Build#2941 (Ares)
uninstall cmd: "C:\Program Files\Ares\uninstall.exe"
publisher: Ares Development Group

(AudioHQ)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x40c /remove

AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: http://www.grisoft.com

BCM V.92 56K Modem (BCM V.92 56K Modem)
uninstall cmd: C:\WINDOWS\BCMSMU.exe quiet

(Branding)

Canon Utilities PhotoStitch 3.1 (Canon PhotoStitch 3.1)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu"

(Connection Manager)

Copernic Agent Basic (Copernic Agent Basic)
uninstall cmd: "C:\WINDOWS\CopernicAgentUninstall.exe" /ARGSFILE="C:\Program Files\Copernic Agent\unwise.dat"
publisher: Copernic

(Creative MediaSource)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x40c /remove

(Creative MiniDisc Center)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x40c /remove

(Creative Restore Defaults)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x40c /remove

(Creative WaveStudio)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x40c /remove

(Diagnostics_Audigy2)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x40c /remove

(DirectAnimation)

(DirectDrawEx)

(dlatray.exe)
uninstall cmd: C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

(DXM_Runtime)

(EAX)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove

(Fontcore)

Heroes of Might and Magic II Demo (Heroes of Might and Magic II Demo)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\H2Demo\DeIsL1.isu"

Heroes of Might and Magic® III (Heroes of Might and Magic® III)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Heroes3\Uninst.isu" -c"C:\Program Files\3DO\Heroes3\uninst.dll

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Program Files\Hijackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

Hijackthis 1.99.1 (Hijackthis_is1)
install location: C:\Program Files\Hijackthis\
uninstall cmd: "C:\Program Files\Hijackthis\unins000.exe"
publisher: Soeperman Enterprises Ltd
help link: http://www.merijn.org

HP Image Zone 4.7 4.7 (HP Photo & Imaging)
uninstall cmd: C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
publisher: HP
help link: http://www.hp.com/support

HP Extended Capabilities 4.7 4.7 (HPExtendedCapabilities)
uninstall cmd: C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
publisher: HP
help link: http://www.hp.com/support

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

JPHalle
2006-11-06, 12:59
more logs later today....

JPHalle
2006-11-06, 13:23
IncrediMail Xe (IncrediMail)
uninstall cmd: C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log

(InstallShield Uninstall Information)

AirPlus XtremeG (InstallShield_{79B92240-9C65-4DD7-B1AD-59910D2C1353})
version: 50528256
version (major): 3
version (minor): 3
estimated size: 5730
install date: 20060901
install source: C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\_is1E\
uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{79B92240-9C65-4DD7-B1AD-59910D2C1353}
publisher: D-Link

Correctif Windows XP - KB834707 20040929.110854 (KB834707)
uninstall cmd: C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=834707

Correctif Windows XP - KB867282 20050127.090417 (KB867282)
uninstall cmd: C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=867282

Microsoft Data Access Components KB870669 (KB870669)
uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB870669

Correctif Windows XP - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333

Correctif Windows XP - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

Mise à jour de sécurité pour Windows XP (KB883939) 1 (KB883939)
install date: 20050620
uninstall cmd: "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883939

(KB884016)

Correctif Windows XP - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

Correctif Windows XP - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Correctif Windows XP - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Correctif Windows XP - KB885884 20040924.025457 (KB885884)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885884

Correctif Windows XP - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Correctif Windows XP - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

Correctif Windows XP - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Correctif Windows XP - KB887797 20041018.133824 (KB887797)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887797

Correctif Windows XP - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Correctif Windows XP - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Mise à jour de sécurité pour Windows XP (KB890046) 1 (KB890046)
install date: 20050620
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Correctif Windows XP - KB890047 20041221.124506 (KB890047)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890047

Correctif Windows XP - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175

Correctif Windows XP - KB890859 1 (KB890859)
install date: 20050413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Correctif Windows XP - KB890923 1 (KB890923)
install date: 20050413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890923

Windows Media Format SDK Hotfix - KB891122 (KB891122)
install date: 20051026
uninstall cmd: "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891122

Correctif Windows XP - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Correctif Windows XP - KB893066 1 (KB893066)
install date: 20050413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066

Correctif Windows XP - KB893086 1 (KB893086)
install date: 20050413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086

Mise à jour de sécurité pour Windows XP (KB893756) 1 (KB893756)
install date: 20050811
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

Windows Installer 3.1 (KB893803) 3.1 (KB893803)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Mise à jour pour Windows XP (KB894391) 1 (KB894391)
install date: 20050811
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

Mise à jour de sécurité pour Windows XP (KB896358) 1 (KB896358)
install date: 20050620
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Mise à jour de sécurité pour Windows XP (KB896422) 1 (KB896422)
install date: 20050620
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Mise à jour de sécurité pour Windows XP (KB896423) 1 (KB896423)
install date: 20050811
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Mise à jour de sécurité pour Windows XP (KB896424) 1 (KB896424)
install date: 20051109
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Mise à jour de sécurité pour Windows XP (KB896428) 1 (KB896428)
install date: 20050620
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Mise à jour de sécurité pour Windows XP (KB896688) 1 (KB896688)
install date: 20051013
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896688

Mise à jour pour Windows XP (KB896727) 1 (KB896727)
install date: 20050811
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896727

Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) 20050502.101010 (KB898458)
install date: 20050620
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/898458

Mise à jour pour Windows XP (KB898461) 1 (KB898461)
install date: 20050628
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

Mise à jour de sécurité pour Windows XP (KB899587) 1 (KB899587)
install date: 20050811
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Mise à jour de sécurité pour Windows XP (KB899588) 1 (KB899588)
install date: 20050811
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899588

Mise à jour de sécurité pour Windows XP (KB899589) 1 (KB899589)
install date: 20051013
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899589

Mise à jour de sécurité pour Windows XP (KB899591) 1 (KB899591)
install date: 20050811
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

Mise à jour pour Windows XP (KB900485) 2 (KB900485)
install date: 20060425
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485

Mise à jour de sécurité pour Windows XP (KB900725) 1 (KB900725)
install date: 20051013
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Mise à jour pour Windows XP (KB900930) 1 (KB900930)
install date: 20050806
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900930$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900930

Mise à jour de sécurité pour Windows XP (KB901017) 1 (KB901017)
install date: 20051013
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Mise à jour de sécurité pour Windows XP (KB901214) 1 (KB901214)
install date: 20050719
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Hotfix for Windows Media Format SDK (KB902344) (KB902344)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902344

Mise à jour de sécurité pour Windows XP (KB902400) 1 (KB902400)
install date: 20051013
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Mise à jour de sécurité pour Windows XP (KB903235) 1 (KB903235)
install date: 20050719
uninstall cmd: "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903235

Mise à jour de sécurité pour Windows XP (KB904706) 1 (KB904706)
install date: 20051013
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Mise à jour pour Windows XP (KB904942) 2 (KB904942)
install date: 20060301
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904942

JPHalle
2006-11-06, 13:25
Mise à jour de sécurité pour Windows XP (KB905414) 1 (KB905414)
install date: 20051013
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Mise à jour de sécurité pour Windows XP (KB905749) 1 (KB905749)
install date: 20051013
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

Mise à jour de sécurité pour Windows XP (KB905915) 1 (KB905915)
install date: 20051215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915

Mise à jour de sécurité pour Windows XP (KB908519) 1 (KB908519)
install date: 20060114
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Mise à jour de sécurité pour Windows XP (KB908531) 1 (KB908531)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Package de base Microsoft de service de chiffrement pour cartes à puce (KB909520)
uninstall cmd: "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

Mise à jour pour Windows XP (KB910437) 1 (KB910437)
install date: 20051215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Mise à jour de sécurité pour Windows XP (KB911280) 1 (KB911280)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280

Mise à jour de sécurité pour Windows XP (KB911562) 1 (KB911562)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Mise à jour de sécurité pour Lecteur Windows Media (KB911564) (KB911564)
install date: 20060218
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) (KB911565)
install date: 20060218
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911565

Mise à jour de sécurité pour Windows XP (KB911567) 1 (KB911567)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567

Mise à jour de sécurité pour Windows XP (KB911927) 1 (KB911927)
install date: 20060218
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927

Mise à jour de sécurité pour Windows XP (KB912812) 1 (KB912812)
install date: 20060417
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912812

Mise à jour de sécurité pour Windows XP (KB912919) 1 (KB912919)
install date: 20060107
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919

Mise à jour pour Windows XP (KB912945) 1 (KB912945)
install date: 20060301
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912945

Mise à jour de sécurité pour Windows XP (KB913446) 1 (KB913446)
install date: 20060218
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913446

Mise à jour de sécurité pour Windows XP (KB913580) 1 (KB913580)
install date: 20060511
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580

Mise à jour de sécurité pour Windows XP (KB914388) 1 (KB914388)
install date: 20060712
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914388

Mise à jour de sécurité pour Windows XP (KB914389) 1 (KB914389)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389

Mise à jour de sécurité pour Windows XP (KB916281) 1 (KB916281)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916281

Mise à jour pour Windows XP (KB916595) 1 (KB916595)
install date: 20060712
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916595

Mise à jour de sécurité pour Windows XP (KB917159) 1 (KB917159)
install date: 20060712
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917159

Security Update for Microsoft .NET Framework 2.0 (KB917283) 1 (KB917283.T1_1ToU93_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/917283

Mise à jour de sécurité pour Windows XP (KB917344) 1 (KB917344)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344

Mise à jour de sécurité pour Windows XP (KB917422) 1 (KB917422)
install date: 20060812
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917422

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) (KB917734_WMP10)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734

Mise à jour de sécurité pour Windows XP (KB917953) 1 (KB917953)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953

Mise à jour de sécurité pour Windows XP (KB918439) 1 (KB918439)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439

Mise à jour de sécurité pour Windows XP (KB918899) 1 (KB918899)
install date: 20060812
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918899

Mise à jour de sécurité pour Windows XP (KB919007) 1 (KB919007)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=919007

Mise à jour de sécurité pour Windows XP (KB920214) 1 (KB920214)
install date: 20060812
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920214

Mise à jour pour Windows XP (KB920342) 1 (KB920342)
install date: 20061028
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920342

Mise à jour de sécurité pour Windows XP (KB920670) 1 (KB920670)
install date: 20060812
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920670

Mise à jour de sécurité pour Windows XP (KB920683) 1 (KB920683)
install date: 20060812
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920683

Mise à jour de sécurité pour Windows XP (KB920685) 1 (KB920685)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920685

Mise à jour pour Windows XP (KB920872) 1 (KB920872)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920872

Mise à jour de sécurité pour Windows XP (KB921398) 1 (KB921398)
install date: 20060812
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921398

Mise à jour de sécurité pour Windows XP (KB921883) 1 (KB921883)
install date: 20060812
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921883

Mise à jour pour Windows XP (KB922582) 1 (KB922582)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922582

Mise à jour de sécurité pour Windows XP (KB922616) 1 (KB922616)
install date: 20060812
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922616

Security Update pour Microsoft .NET Framework 2.0 (KB922770) 1 (KB922770.T1_1ToU168_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/922770

Mise à jour de sécurité pour Windows XP (KB922819) 1 (KB922819)
install date: 20061014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922819

Mise à jour de sécurité pour Windows XP (KB923191) 1 (KB923191)
install date: 20061014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923191

Mise à jour de sécurité pour Windows XP (KB923414) 1 (KB923414)
install date: 20061014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923414

Mise à jour de sécurité pour Windows XP (KB924191) 1 (KB924191)
install date: 20061014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924191

Mise à jour de sécurité pour Windows XP (KB924496) 1 (KB924496)
install date: 20061014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924496

Mise à jour de sécurité pour Windows XP (KB925486) 1 (KB925486)
install date: 20060927
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925486

JPHalle
2006-11-06, 13:26
LimeWire 4.10.3 4.10.3 (LimeWire)
uninstall cmd: "C:\Program Files\LimeWire\uninstall.exe"
publisher: Lime Wire, LLC
help link: http://www.limewire.com/support

LiveUpdate 1.7 (Symantec Corporation) (LiveUpdate1.7)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

Ludacris Screensaver (Ludacris Screensaver)
uninstall cmd: C:\WINDOWS\Ludacris Screensaver.scr /u

Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"

Macromedia Shockwave Player (Macromedia Shockwave Player)
uninstall cmd: C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log

(MediaSource Detector)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x40c /remove

(MediaSource DVD-Audio Player)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x40c /remove

(MediaSource Go!)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x40c /remove

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=45396

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA (Microsoft .NET Framework 2.0 Language Pack - FRA)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=45396

(Microsoft Interactive Training)
uninstall cmd: C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu

MSN Gaming Zone (Microsoft Internet Gaming Zone)
uninstall cmd: C:\PROGRA~1\MSNGAM~1\zsetup.exe /Uninstall

(Microsoft NetShow Player 2.0)

Formation Microsoft Interactive (Microsoft Press Interactive Training)
uninstall cmd: C:\Program Files\MSPress\Training\lunins32_s.exe

(MobileOptionPack)

Morpheus 5.1 (remove only) (Morpheus)
uninstall cmd: "C:\Program Files\Morpheus\UninstMorpheus.exe"

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(MsJavaVM)

SureThing CD Labeler Deluxe 4 Trial (MVApplication1)
uninstall cmd: C:\WINDOWS\mvuninst\App1\mvuninst.exe "SureThing CD Labeler Deluxe 4 Trial"

MicroStaff WINASPI NT (MWASPINT)
uninstall cmd: C:\MWASPINT\uninst.exe

(NetMeeting)

NVIDIA Windows 2000/XP Display Drivers (NVIDIA)
uninstall cmd: rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf

NVIDIA Display Driver (NVIDIA Display Driver)
uninstall cmd: C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver

(OutlookExpress)

Panicware Pop-Up Stopper Pro (Panicware Pop-Up Stopper Pro)
uninstall cmd: C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Canon PhotoRecord (PhotoRecord)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"

PokerStars.net 1.796 (PokerStars.net)
version (major): 1
version (minor): 796
install date: 3/9/06 10:42:15p
install location: C:\Program Files\PokerStars.NET
install source: C:\Documents and Settings\Marc-André Hallé\Bureau\PokerStarsInstallPM.exe
uninstall cmd: C:\Program Files\PokerStars.NET\Uninstall.EXE /u:"PokerStars.net"
publisher: PokerStars.net

Intel(R) PRO Network Adapters and Drivers (PROSet)
uninstall cmd: Prounstl.exe

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

RealPlayer Basic (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Fichiers communs\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0

(RecordNow.exe)
uninstall cmd: C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}

Safety Alerter 2006 (Safety Alerter 2006)
uninstall cmd: C:\WINDOWS\system32\components\flx7.dll /del

Safety Bar (SafetyBar)
uninstall cmd: "C:\Program Files\Safety Bar\Uninstall.bat" "C:\Program Files\Safety Bar"

SAM 2.0.0.22 (SAM)
uninstall cmd: C:\Program Files\SAM\uninst.exe
publisher: KishKish

(SB Audigy 2 Getting Started Demo)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x40c /remove

(SchedulingAgent)

(SFBM)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove

(SGTRAY.EXE)
uninstall cmd: C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature

Shockwave (Shockwave)
uninstall cmd: C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log

Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/

Skype 2.0 2.0 (Skype_is1)
install location: C:\Program Files\Skype\Phone\
uninstall cmd: "C:\Program Files\Skype\Phone\unins000.exe"
publisher: Skype Software S.A.
help link: http://ui.skype.com/ui/0/2.0.0.107/en/help

(Sound Blaster Audigy 2)

(Sound Blaster Audigy 2 Pilotes Windows)
uninstall cmd: "C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /U /S /L:FRN

(SPEAKER)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove

(SPKR_CALIBRATOR)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

(SURMIXER)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove

Utilitaires Sierra (Utilitaires Sierra)
uninstall cmd: C:\Program Files\Sierra On-Line\sutil32.exe uninstall

Viewpoint Manager (Remove Only) (Viewpoint Manager)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k

vanBasco's Karaoke Player (VMidi)
uninstall cmd: C:\Program Files\vanBasco's Karaoke Player\uninst.exe

Windows Genuine Advantage Validation Tool (KB892130) 1.5.0530.0 (WGA)
install date: 20060301
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130

Windows Genuine Advantage Notifications (KB905474) 1.5.0540.0 (WgaNotify)
install date: 20060601
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905474

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Lecteur Windows Media*10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows XP Service Pack 2 20040819.151636 (Windows XP Service Pack)
uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811113

WinZip 9.0 BETA (5480) (WinZip)
version (major): 9
install location: C:\PROGRA~1\WINZIP\
uninstall cmd: "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
publisher: WinZip Computing, Inc.
help link: http://www.winzip.com/xsupport.htm

Windows Media Connect (WMCSetup)
uninstall cmd: "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=47544

Yahoo! Toolbar avec bloqueur de fenêtres pop-up (Yahoo! Companion)
uninstall cmd: C:\PROGRA~1\Yahoo!\Common\unyt.exe

Yahoo! Extras (Yahoo! Customizations)
uninstall cmd: C:\PROGRA~1\Yahoo!\Common\unyext.exe

Yahoo! Internet Mail (Yahoo! Internet Mail)
uninstall cmd: C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll

Yahoo! Messenger (Yahoo! Messenger)
uninstall cmd: C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

Yahoo! Install Manager (YInstHelper)
uninstall cmd: C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

Canon Utilities ZoomBrowser EX (ZoomBrowserEXDeInstall)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\uninstallutilities.dll"

Sonic Update Manager 2.80 ({09DA4F91-2A09-4232-AB8C-6BC740096DE3})
version: 38797312
version (major): 2
version (minor): 80
install date: 20031104
uninstall cmd: MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
publisher: Sonic Solutions

Scan 4.5.0.0 ({0DC86BEC-5CE3-413A-BB61-C40A3D186B24})
version: 67436544
version (major): 4
version (minor): 5
estimated size: 8321
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\Scan\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0

1600 47.0.1.000 ({0FF18B53-CA57-40BB-B562-21A27B662005})
version: 788529153
version (major): 47
estimated size: 2
install date: 20060929
install source: C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\Product\
publisher: Hewlett-Packard

Dell Solution Center 1.00.0000 ({11F1920A-56A2-4642-B6E0-3B31A12C9288})
version: 16777216
version (major): 1
install date: 20031104
uninstall cmd: MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
publisher: Dell
help link: http://www.support.dell.com
help telephone: http://www.support.dell.com

Sonic DLA 4.50 ({1206EF92-2E83-4859-ACCB-2048C3CB7DA6})
version: 70385664
version (major): 4
version (minor): 50
install date: 20031104
uninstall cmd: MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
publisher: Sonic Solutions
help link: http://support.dell.com/

ScannerCopy 4.5.0.0 ({14BEB6DF-A499-4A38-8E06-E173BCD5C087})
version: 67436544
version (major): 4
version (minor): 5
estimated size: 4880
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\ScannerCopy\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0

JPHalle
2006-11-06, 13:29
Dell Picture Studio - Dell Image Expert 3.4.1 ({151C555A-A9E7-4A2E-B6D7-165D04A3C956})
version: 50593793
version (major): 3
version (minor): 4
install date: 20031104
uninstall cmd: MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
publisher: Jasc Software Inc
comments:
contact: Service d'assistance technique
help link: http://dell.shutterfly.com/help
help telephone: 1-952-294-2692
readme: -

({169F8893-C1C5-4847-972C-EA1E008112AC})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x40c

HP Product Assistant 2.0.0.0 ({17293791-C82E-476C-9997-9A0FF234A19B})
version: 33554432
version (major): 2
estimated size: 2857
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\RedBox\
publisher: Hewlett-Packard

Fax 47.0.1.000 ({181821B7-82AA-44DA-9DAF-EF254CCB670A})
version: 788529153
version (major): 47
estimated size: 17835
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\fax\
publisher: Hewlett-Packard

BudgetExpress ({1825A7FD-F2A3-49C2-AFAF-56AB60953D5D})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1825A7FD-F2A3-49C2-AFAF-56AB60953D5D}\Setup.exe" -l0xc0c

InstantShare 45.4.157.000 ({1AD5F465-8282-4DAD-B957-E09C0B783D18})
version: 755237021
version (major): 45
version (minor): 4
estimated size: 13132
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\InstantShare\
publisher: Hewlett-Packard

Copy 45.4.157.000 ({1B680FBA-E317-4E93-AF43-3B59798A4BE0})
version: 755237021
version (major): 45
version (minor): 4
estimated size: 1925
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\Copy\
publisher: Hewlett-Packard

TrayApp 45.4.157.000 ({20FBC0A0-3160-4F14-83ED-3A74BB6B8C31})
version: 755237021
version (major): 45
version (minor): 4
estimated size: 621
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\TrayApp\
publisher: Hewlett-Packard

({236FADD8-58FD-11D6-A285-00A0CC51B2FE})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c

FinePixViewer Ver.4.0 ({24ED4D80-8294-11D5-96CD-0040266301AD})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"

Dell Media Experience ({2637C347-9DAD-11D6-9EA2-00055D0CA761})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall

cp_dwShrek2Albums1 45.4.157.000 ({272EC8BA-5A08-4ea1-A189-684466A06B02})
version: 755237021
version (major): 45
version (minor): 4
estimated size: 10993
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\cp_dwShrek2Albums1\
publisher: Hewlett-Packard

Unload 4.5.0 ({2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9})
version: 67436544
version (major): 4
version (minor): 5
estimated size: 5596
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\UnloadIntent\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0

HP PSC & OfficeJet 4.7 ({342C7C88-D335-4bc2-8CF1-281857629CE2})
uninstall cmd: "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
publisher: HP
help link: http://www.hp.com/support

WebFldrs XP 9.50.6513 ({350C940c-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2592
install date: 20020918
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

CueTour 45.4.157.000 ({3762DB2D-71BD-421F-9E55-C74DA7DF4D07})
version: 755237021
version (major): 45
version (minor): 4
estimated size: 2105
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\CueTour\
publisher: Hewlett-Packard

ProductContext 47.1.14.000 ({391E18CE-7D3B-45E9-A8F0-34E77F14F47A})
version: 788594702
version (major): 47
version (minor): 1
estimated size: 3542
install date: 20060929
install source: c:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\
publisher: Hewlett-Packard

Cisco Systems VPN Client 4.0 ({3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6})
version: 67108864
version (major): 4
estimated size: 10093
install date: 20050125
install source: D:\clientVPN\
uninstall cmd: MsiExec.exe /X{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}
publisher: Cisco Systems, Inc.
comments: Un contrat SmartNET est requis pour obtenir du support.
help link: http://www.cisco.com/TAC/
help telephone: (800) 553-2447

({435E969D-867E-4364-8E74-3DC8A69C5BDB})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x40c

Visionneuse Journal Windows Microsoft 1.5.2315.3 ({43DCF766-6838-4F9A-8C91-D92DA586DFA7})
version: 17107211
version (major): 1
version (minor): 5
estimated size: 3719
install date: 20031116
install source: C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
publisher: Microsoft
comments: Visionneuse de documents créés avec l'application Journal Windows.
contact: Microsoft

Readme 47.0.1.000 ({442BE28B-782B-4DC0-B490-E70A403B1C69})
version: 788529153
version (major): 47
estimated size: 56
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\readme\
publisher: Hewlett-Packard

ANIWZCS2 Service ({4C590030-7469-453E-8589-D15DA9D03F52})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"

({5210ED6D-52A9-11D6-A285-00A0CC51B2FE})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c

FUJIFILM USB Driver ({5490882C-6961-11D5-BAE5-00E0188E010B})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"

PC Camera (6029 CIF) 2.29.0.0 ({54DC27A1-2708-421E-8915-119955DB3B92})
version: 35454976
install location: C:\Program Files\Sonix\PC Camera (6029 CIF)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{54DC27A1-2708-421E-8915-119955DB3B92}\Setup.exe" -l0x9

Creative MediaSource ({56F3E1FF-54FE-4384-A153-6CCABA097814})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x40c /remove

({5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x40c

PanoStandAlone 45.4.157.000 ({5E8D588F-307C-4250-B622-26969027319A})
version: 755237021
version (major): 45
version (minor): 4
estimated size: 10210
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\panostandalone\
publisher: Hewlett-Packard

Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91})
version: 16974078
version (major): 1
version (minor): 3
estimated size: 519
install date: 20050806
install source: C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
publisher: Microsoft
comments: Your Comments
contact: Customer Support Department
help link: http://www.microsoft.com/genuine/downloads/whyValidate.aspx/help
help telephone: 1-425.882.8080

DAO 3.50 ({64116298-93C5-401D-B06C-39D8E3338508})
version: 53608448
version (major): 3
version (minor): 50
install date: 20031104
uninstall cmd: MsiExec.exe /I{64116298-93C5-401D-B06C-39D8E3338508}
publisher: Jasc Software Inc
comments: Your Comments
contact: Customer Support Department
help link: http://www.yourcompany.com/help
help telephone: 1-555-555-4505

CreativeProjects 45.4.157.000 ({644D04A2-C682-4FD5-977D-03B804C4B9C5})
version: 755237021
version (major): 45
version (minor): 4
estimated size: 50641
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\CreativeProjects\
publisher: Hewlett-Packard

PhotoGallery 45.4.157.000 ({646A65DD-23FC-418E-B9F0-E0500FB42CB1})
version: 755237021
version (major): 45
version (minor): 4
estimated size: 34050
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\PhotoGallery\
publisher: Hewlett-Packard

HP Software Update 3.0.2.991 ({64FC0C98-B035-4530-B15D-3D30610B6DF1})
version: 50331650
version (major): 3
estimated size: 3555
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\HPSoftwareUpdate\
uninstall cmd: MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
publisher: Hewlett-Packard
contact: http://www.hp.com/support

AiO_Scan 47.0.1.000 ({655CB07D-C944-40BE-B93F-55957CAC7625})
version: 788529153
version (major): 47
estimated size: 438
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\AiO_Scan\
publisher: Hewlett-Packard

PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

Destinations 45.4.157.000 ({68963635-14A4-48D9-B431-DF3A74D1AAE1})
version: 755237021
version (major): 45
version (minor): 4
estimated size: 16179
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\Destinations\
publisher: Hewlett-Packard

Symantec Network Driver Update 5.3.2 ({6AF90EF6-F7F9-466C-99F4-1774826FBB40})
version: 84082690
version (major): 5
version (minor): 3
estimated size: 4506
install date: 20040711
install source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\EXITEM~1.1_E\
uninstall cmd: MsiExec.exe /X{6AF90EF6-F7F9-466C-99F4-1774826FBB40}
publisher: Symantec Corporation

BufferChm 45.4.157.000 ({700A6597-3CE6-49C1-AA75-846B24CDA66D})
version: 755237021
version (major): 45
version (minor): 4
estimated size: 493
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\BufferChm\
publisher: Hewlett-Packard

Microsoft .NET Framework 2.0 2.0.50727 ({7131646D-CD3C-40F4-97B9-CD9E4E6262EF})
version: 33605159
version (major): 2
estimated size: 218792
install date: 20061014
install source: C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\IXP000.TMP\
publisher: Microsoft Corporation

Java 2 Runtime Environment, SE v1.4.2 1.4.2 ({7148F0A8-6813-11D6-A77B-00B0D0142000})
version: 17039362
version (major): 1
version (minor): 4
estimated size: 86372
install date: 20031104
install source: C:\Documents and Settings\Administrateur\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142000}\
uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
publisher: Sun Microsystems, Inc.
comments: http://www.java.com
contact: http://www.java.com
help link: http://www.java.com
help telephone: http://www.java.com
readme: Lisez-moi.txt

({7201B853-5833-11D6-A285-00A0CC51B2FE})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c

cp_dwShrek2Cards1 45.4.157.000 ({724517BD-1DE1-4986-BFCA-C1DFD379E3BC})
version: 755237021
version (major): 45
version (minor): 4
estimated size: 3189
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\cp_dwShrek2Cards1\
publisher: Hewlett-Packard

({77ACE67A-0D21-4CEF-8A97-ED20A61B978B})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x40c

Ventrilo Client 2.3.0 ({789289CA-F73A-4A16-A331-54D498CE069F})
version: 33751040
version (major): 2
version (minor): 3
estimated size: 2392
install date: 20050725
install source: C:\Program Files\Fichiers communs\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
publisher: Flagship Industries, Inc.
help link: http://www.ventrilo.com

AirPlus XtremeG ({79B92240-9C65-4DD7-B1AD-59910D2C1353})
version: 50528256
version (major): 3
version (minor): 3
estimated size: 5730
install date: 20060901
install source: C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\_is1E\
publisher: D-Link

({7A900EAB-DA37-4554-AF19-9C337476D05D})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x40c

HPSystemDiagnostics 1.6.0.0 ({7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B})
version: 17170432
version (major): 1
version (minor): 6
estimated size: 1930
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\Sherlock\
publisher: Your Company Name
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0

ANIO Service ({7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"

Modem Helper ({7F142D56-3326-11D5-B229-002078017FBF})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel

SkinsHP1 45.4.157.000 ({84CDF5A8-1D57-4B69-BAB6-1F11D8923375})
version: 755237021
version (major): 45
version (minor): 4
estimated size: 13
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\SkinsHP1\
publisher: Hewlett-Packard

AiOSoftware 47.0.1.000 ({85CFD253-38AE-4DB1-ACB7-F0F4C791990D})
version: 788529153
version (major): 47
estimated size: 4899
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\AiOSoftware\
publisher: Hewlett-Packard

JPHalle
2006-11-06, 13:30
NetObjects Fusion 8 8 ({86B15A6E-EDFE-4F43-830A-8707615AC5AE})
version: 134217728
install location: C:\Program Files\NetObjects\NetObjects Fusion 8
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86B15A6E-EDFE-4F43-830A-8707615AC5AE}\setup.exe" -l0x9 anything -uninst

({86EF6C1E-9091-4E08-860B-EF3917A15844})
install location: C:\Program Files\NetObjects\NetObjects Fusion 8

QFolder 1.00.0000 ({8777AC6D-89F9-4793-8266-DE406F343E89})
version: 16777216
version (major): 1
estimated size: 177
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\QFolder\
publisher: Hewlett-Packard

DocProc 4.5.0.0 ({8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1})
version: 67436544
version (major): 4
version (minor): 5
estimated size: 76421
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\DocProc\
publisher: Hewlett-Packard
comments: 0
contact: 0
help link: 0
help telephone: 0
readme: 0

Microsoft Publisher 2002 10.0.6626.0 ({90190409-6000-11D3-8CFE-0050048383C9})
version: 167778786
version (major): 10
estimated size: 239223
install date: 20060122
install source: D:\
uninstall cmd: MsiExec.exe /I{90190409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM

Microsoft Office XP Professional avec FrontPage 10.0.6626.0 ({9028040C-6000-11D3-8CFE-0050048383C9})
version: 167778786
version (major): 10
estimated size: 294781
install date: 20060122
install source: D:\
uninstall cmd: MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1036\OFREAD10.HTM

Microsoft Office XP Media Content 10.0.2619.0 ({9030040C-6000-11D3-8CFE-0050048383C9})
version: 167774779
version (major): 10
install date: 20031104
install location: INSTALLLOCATION
uninstall cmd: MsiExec.exe /I{9030040C-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: ARPREADMESETTING

Help and Support Customization 1.00.0000 ({90D55A3F-1D99-4C94-A77E-46DC14F0BF08})
version: 16777216
version (major): 1
install date: 20031104
publisher: Dell
contact: http://www.support.dell.com
help link: http://www.support.dell.com
help telephone: http://www.support.dell.com
readme: 0

({9154ED7C-926E-49CC-B677-0CF3C5267457})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x40c

Sonic RecordNow! 6.5.0 ({9541FED0-327F-4DF0-8B96-EF57EF622F19})
version: 100990976
version (major): 6
version (minor): 5
install date: 20031104
uninstall cmd: MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
publisher: Sonic Solutions
help link: http://support.sonic.com/desktop/

DVDSentry 1.00.0000 ({98DF85D9-96C0-4F57-A92E-C3539477EF5E})
version: 16777216
version (major): 1
install date: 20031104
uninstall cmd: MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
publisher: Dell
help link: http://www.support.dell.com
help telephone: www.support.dell.com

Microsoft .NET Framework 1.1 French Language Pack 1.1.4322 ({9A394342-4A68-4EBA-85A6-55B559F4E700})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 3194
install date: 20031116
install source: C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1036\RepairRedist.htm

({9A4D2983-4662-4387-BE3D-4CFC2FA9C100})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x40c

({A1185190-514F-11D6-A285-00A0CC51B2FE})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c

CP_AtenaShokunin1Config 45.4.131.000 ({A5B9D22C-755A-4AC6-9904-875E80838BB6})
version: 755236995
version (major): 45
version (minor): 4
estimated size: 77
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\cp_AtenaShokunin1Config\
publisher: Hewlett-Packard

ArcSoft Panorama Maker 3 ({A5F68DC8-0278-4AD8-B413-861509B5F25B})
version (major): 3
version (minor): 5
install location: C:\Program Files\ArcSoft\Panorama Maker 3
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x40c
publisher: ArcSoft

Intel(R) PROSet 6.05.2001 ({A790BEB1-BCCF-4EC6-807B-5708B36E8A79})
version: 100992977
version (major): 6
version (minor): 5
install date: 20031104
uninstall cmd: MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
publisher: Intel
comments: Intel(R) PROSet installation package
contact: Intel Customer Support
help link: http://support.intel.com

Ulead PhotoImpact XL TBYB 8.5 ({A802A94B-1C59-446C-BE78-A4063EF47777})
version: 134545408
version (major): 8
install location: C:\Program Files\Ulead Systems\Ulead PhotoImpact XL
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A802A94B-1C59-446C-BE78-A4063EF47777}\Setup.exe" -l0x9
publisher: Ulead System

({AC157741-3285-4D6A-B934-9174587A3493})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x40c

Adobe Acrobat - Reader 6.0.2 Update 6.0.2 ({AC76BA86-0000-0000-0000-6028747ADE01})
version: 100663298
version (major): 6
estimated size: 5800
install date: 20040701
install source: C:\Program Files\Adobe\{AC76BA86-0000-0000-7AC5-6028747ADE00}\
uninstall cmd: MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
publisher: Adobe Systems
comments: Adobe Acrobat - Reader 6.0.2 Update
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-800-833-6687

Adobe Acrobat and Reader 6.0.3 Update 6.0.3 ({AC76BA86-0000-7EC8-7489-000000000603})
version: 100663299
version (major): 6
estimated size: 1305
install date: 20060217
install source: C:\Program Files\Adobe\{8312557B-FC01-4F06-AAC0-D1285ADBE94B}\
uninstall cmd: MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
publisher: Adobe Systems
comments: Adobe Acrobat - Reader 6.0.3 Update
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-800-833-6687

Adobe Acrobat and Reader 6.0.4 Update 6.0.4 ({AC76BA86-0000-7EC8-7489-000000000604})
version: 100663300
version (major): 6
estimated size: 313
install date: 20060217
install source: C:\Program Files\Adobe\{A1849F22-4417-4ECC-B720-297521B3F18A}\
uninstall cmd: MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
publisher: Adobe Systems
comments: Adobe Acrobat - Reader 6.0.4 Update
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-800-833-6687

Adobe Acrobat and Reader 6.0.5 Update 6.0.5 ({AC76BA86-0000-7EC8-7489-000000000605})
version: 100663301
version (major): 6
estimated size: 1189
install date: 20060923
install source: C:\Program Files\Adobe\{490A4339-AFA5-4098-A374-7752A1A30308}\
uninstall cmd: MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605}
publisher: Adobe Systems
comments: Adobe Acrobat - Reader 6.0.5 Update
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-800-833-6687

Adobe Acrobat 6.0.1 Professional 006.000.001 ({AC76BA86-1033-0000-7760-000000000001})
version: 100663297
version (major): 6
estimated size: 549123
install date: 20040127
install source: D:\Adobe Acrobat 6.0 Professional\
uninstall cmd: MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
publisher: Adobe Systems
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 6.0\Readme.htm

Director 45.4.157.000 ({B911B811-BA3E-46D4-90F8-6F3338359651})
version: 755237021
version (major): 45
version (minor): 4
estimated size: 3854
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\Director\
publisher: Hewlett-Packard

MSN Messenger 7.5 7.5.0324.0 ({BAFD3C1E-03EC-11DA-BFBD-00065BBDC0B5})
version: 117768516
version (major): 7
version (minor): 5
estimated size: 17185
install date: 20060212
install source: C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{BAFD3C1E-03EC-11DA-BFBD-00065BBDC0B5}
publisher: Microsoft Corporation

Del Mp3 Karaoke 4.5.4504 4.5.4504 ({BB580821-B599-4C34-8DEA-30374EF4AB3F})
version: 67441048
version (major): 4
version (minor): 5
estimated size: 4476
install date: 20040711
install source: C:\Program Files\Fichiers communs\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /I{BB580821-B599-4C34-8DEA-30374EF4AB3F}
publisher: DMK
comments: http://www.delmp3karaoke.com
contact: support@delmp3karaoke.com

Norton AntiVirus Corporate Edition 7.6.1.0000 ({BD12EB47-DBDF-11D3-BEEA-00A0CC272509})
version: 117833729
version (major): 7
version (minor): 6
estimated size: 20271
install date: 20050205
install source: C:\DOCUME~1\JEAN-P~1\MESDOC~1\LOGICI~1\UNZIPT~1\TRANSF~1\FORJOH~1\NAVOFF~1\
uninstall cmd: MsiExec.exe /I{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}
publisher: Symantec Corporation
contact:
help link: http://www.symantec.com
help telephone:

MarketResearch 45.4.158.000 ({BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B})
version: 755237022
version (major): 45
version (minor): 4
estimated size: 1858
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\MarketResearch\
publisher: Hewlett-Packard

({C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x40c

Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 61699
install date: 20050208
install source: C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

1600_Help 47.1.14.000 ({CB449D5A-7710-47aa-B9F5-352B877C90E6})
version: 788594702
version (major): 47
version (minor): 1
estimated size: 5669
install date: 20060929
install source: c:\temp\HP_WebRelease\Setup\AiOHelp\
publisher: Hewlett-Packard

WebReg 45.4.157.000 ({CDFCF124-115F-4976-8BF4-08C89187A146})
version: 755237021
version (major): 45
version (minor): 4
estimated size: 381
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\WebReg\
publisher: Hewlett-Packard

DocumentViewer 45.4.157.000 ({CE0C8CC5-E396-442B-A50E-D1D374A9E820})
version: 755237021
version (major): 45
version (minor): 4
estimated size: 28396
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\DocumentViewer\
publisher: Hewlett-Packard

Ulead Photo Explorer 8.0 SE Basic 8.0 ({D271DAE0-8D68-4C97-8356-A126D48A1D8C})
version: 134217728
version (major): 8
install location: C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}\Setup.exe" -l0x40c
publisher: Ulead Systems, Inc.

Del Mp3 Karaoke 4.2.4206 4.2.4206 ({D2FC3A09-D834-4929-8362-2175C68F9285})
version: 67244142
version (major): 4
version (minor): 2
estimated size: 4192
install date: 20031123
install source: C:\Program Files\Fichiers communs\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /I{D2FC3A09-D834-4929-8362-2175C68F9285}
publisher: DMK
comments: http://www.delmp3karaoke.com
contact: support@delmp3karaoke.com

Nikon Message Center 0.91.000 ({D2FCC1AE-6311-47C5-8130-C6C66D77DD71})
version: 5963776
install location: C:\Program Files\Fichiers communs\Nikon\Message Center
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x40c UNINSTALL

ImageMixer VCD for FinePix ({D3AA158A-9421-4883-8767-E771B0964A1D})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"

RAW FILE CONVERTER LE ({D680C913-5955-469D-9D88-C1940F7506D6})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x40c

({DEBD7BF3-5856-11D6-A285-00A0CC51B2FE})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c

Classic PhoneTools 4.16 ({E3436EE2-D5CB-4249-840B-3A0140CC34C3})
version (major): 4
version (minor): 16
install location: C:\Program Files\Classic PhoneTools
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x40c ControlPanel
publisher: BVRP Software
help link: http://www.bvrp.fr

Print Server ({E6FCE5FA-B7B7-4B7E-B4FB-A8929BC3FB0F})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E6FCE5FA-B7B7-4B7E-B4FB-A8929BC3FB0F}\Setup.exe" -uninst

Sound Blaster Audigy 2 ({E82BF103-904F-49C0-B77F-6EC110B71E87})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E82BF103-904F-49C0-B77F-6EC110B71E87}\setup.exe" -l0x40c

({EE6699B3-E5AD-4E59-8F2B-207DF630670C})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x40c

Microsoft .NET Framework 2.0 Language Pack - FRA 1.1.50727.42 ({F196AC50-7C95-42E1-9947-BDAB18BF3C8C})
version: 16893479
version (major): 1
version (minor): 1
estimated size: 9179
install date: 20060228
install source: C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\IXP000.TMP\
publisher: Microsoft Corporation

1600Trb 47.1.14.000 ({F4C6CC40-1142-49be-A28C-7BBD36F0B41A})
version: 788594702
version (major): 47
version (minor): 1
estimated size: 133
install date: 20060929
install source: c:\temp\HP_WebRelease\Setup\AiOHelp\
publisher: Hewlett-Packard

CD Ripper ({F7A42F5B-41EF-43E9-9A49-4FA6ED9B8B60})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7A42F5B-41EF-43E9-9A49-4FA6ED9B8B60}\setup.exe"

CreativeProjectsTemplates 45.4.157.000 ({FC22D020-3005-4715-8DF9-F3EDE81DEB3D})
version: 755237021
version (major): 45
version (minor): 4
estimated size: 4362
install date: 20060929
install source: c:\temp\HP_WebRelease\setup\CreativeProjectsTemplates\
publisher: Hewlett-Packard

Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP 1.1.1905.1 ({FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F})
version: 16844657
version (major): 1
version (minor): 1
estimated size: 2210
install date: 20031118
install location: C:\Program Files\HighMAT CD Writing Wizard\
install source: C:\WINDOWS\Downloaded Installations\{43CB02B4-DBE0-4BC3-859A-04C4CF3AF57A}\
uninstall cmd: MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
publisher: Microsoft Corporation
readme: C:\Program Files\HighMAT CD Writing Wizard\1036\\HighMAT_readme.htm

({FD851F7E-F887-405D-9E1C-488811113EF3})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x40c

PictureProject 1.0 ({FF3999BE-1A7B-4738-88AA-97BF14094A4A})
version: 16777216
install location: C:\Program Files\Nikon\PictureProject
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x40c UNINSTALL

JPHalle
2006-11-06, 13:31
SmitFraudFix v2.119

Rapport fait à 23:44:15,79, 2006-11-05
Executé à partir de C:\Documents and Settings\Jean-Pierre Hall‚\Bureau\smithfraudfix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\drvhun.dll PRESENT !
C:\WINDOWS\system32\components\flx?.dll PRESENT !
C:\WINDOWS\system32\components\flx??.dll PRESENT !
C:\WINDOWS\system32\components\flx???.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean-Pierre Hall‚


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean-Pierre Hall‚\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JEAN-P~1\Favoris

C:\DOCUME~1\JEAN-P~1\Favoris\Antivirus Test Online.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

JPHalle
2006-11-06, 13:32
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 05:08:41 2006-11-06

+ Scan result:



C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1\A0000039.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP1\A0000036.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).


::Report end

JPHalle
2006-11-06, 13:33
Logfile of HijackThis v1.99.1
Scan saved at 05:43:42, on 2006-11-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.ca/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {6A945B63-BCA0-B626-868E-CD6937A68EC1} - C:\WINDOWS\system32\bfdoeg.dll (file missing)
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [beep regs about start] C:\Documents and Settings\All Users\Application Data\Meta data beep regs\chicnoun.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvhun.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Fqafyaz] C:\Program Files\?icrosoft.NET\d?xplore.exe
O4 - HKCU\..\Run: [Rwtt] "C:\DOCUME~1\JEAN-P~1\MESDOC~1\CROSOF~1\cmd.exe" -vt ndrv
O4 - Startup: SAM.lnk = C:\Program Files\SAM\SAM.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int14.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119620227656
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

JPHalle
2006-11-06, 13:34
As you can see, I am not an experienced user on this forum with the number of posts it took me to upload everything :red: ... really need your help...

Thank you.

LonnyRJones
2006-11-11, 18:55
Hi JPHalle

You didnt run smithfraudfix option two yet, do that when the pc is in safe mode.

Once its done restart back to normal.
Look in the windows control panel > addremove programs list for
"Search Plugin"
"Zone Media"
if either are there uninstall it then restart your PC

Start Hijackthis and place a check next to these items If there.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {6A945B63-BCA0-B626-868E-CD6937A68EC1} - C:\WINDOWS\system32\bfdoeg.dll (file missing)
O4 - HKLM\..\Run: C:\Documents and Settings\All Users\Application Data\Meta data beep regs\chicnoun.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvhun.dll,startup
O4 - HKCU\..\Run: [Fqafyaz] C:\Program Files\?icrosoft.NET\d?xplore.exe
O4 - HKCU\..\Run: [Rwtt] "C:\DOCUME~1\JEAN-P~1\MESDOC~1\CROSOF~1\cmd.exe" -vt ndrv
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int14.exe
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB


Optional fix's >
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
====================================
Hit fix checked and close Hijackthis.
[B]Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post a new hijackthis log

Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.

JPHalle
2006-11-11, 19:21
While waiting for a reply, I just started another on-line scan, this time using "eTrust Antivirus Web Scanner". As soon, as it's finished, I will do whhat you aked. Thanks a lot :-)

JPHalle
2006-11-11, 21:09
First, the Hijackthis log:

aScan saved at 13:55:32, on 2006-11-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\SAM\SAM.exe
C:\hijackthis_061111\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.ca/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: SAM.lnk = C:\Program Files\SAM\SAM.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119620227656
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: archenteric - {d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3} - C:\WINDOWS\system32\impgsje.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

... more to come...

JPHalle
2006-11-11, 21:10
Now, here is my COMBOFIX log:
aScan saved at 13:55:32, on 2006-11-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Removed duplicate hjt log

JPHalle
2006-11-11, 21:21
went into Add/Remove programs, could not find "Search Plugin" nor "Zone Media"... but i found and deleted 2 others: "Safety bar" and "Safety alerter".

i get still get popups about viruses from antivirus software (not sure if it's AVG or NAV)... virus called either "dilaer.trojan" and "trojan.nebuler".

i've still got a bif question mark icon flashing at the bottom of my screen that displays "Critical system errors" on a mouseover... when I click on it (right click), it brings into a "VirusBurster" internet explorer window...

This will all probably make sense to you... I'm confused...

Thanks for your continued help :sad:

LonnyRJones
2006-11-12, 03:23
Hi

Did you run smithfraudfix option two while in safe mode ?
If so Post its log.

You posted a hijackthis log twice, need that combofix log.

JPHalle
2006-11-12, 16:46
Oups! My mistake, sorry.

Yes, I did run smitfraudfix option 2, and here is the resulting log:
SmitFraudFix v2.119

Rapport fait à 13:32:58,89, 2006-11-11
Executé à partir de C:\Documents and Settings\Jean-Pierre Hall‚\Bureau\smithfraudfix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\drvmoc.dll PRESENT !
C:\WINDOWS\system32\components\flx?.dll PRESENT !
C:\WINDOWS\system32\components\flx??.dll PRESENT !
C:\WINDOWS\system32\components\flx???.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean-Pierre Hall‚


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean-Pierre Hall‚\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JEAN-P~1\Favoris

C:\DOCUME~1\JEAN-P~1\Favoris\Antivirus Test Online.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

...more tom come...

JPHalle
2006-11-12, 16:50
Here is the combofix log:
Jean-Pierre Hall‚ - 06-11-11 13:59:41,31 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Jean-Pierre Hall‚\Bureau"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\ICROSO~1.NET
C:\QooBox\Purity\Program Files\ICROSO~1.NET\d?xplore.exe


((((((((((((((((((((((((((((((( Files Created from 2006-10-11 to 2006-11-11 ))))))))))))))))))))))))))))))))))


2006-11-11 13:41 106,496 --a------ C:\WINDOWS\SYSTEM32\impgsje.dll
2006-11-11 11:56 101,888 --a------ C:\WINDOWS\SYSTEM32\drvmoc.dll
2006-11-11 11:54 40,973 ---hs---- C:\WINDOWS\SYSTEM32\xxyvwww.dll
2006-11-11 11:45 674,187 ---hs---- C:\WINDOWS\SYSTEM32\npqss.bak2
2006-11-05 19:44 602,245 ---hs---- C:\WINDOWS\SYSTEM32\npqss.bak1
2006-11-05 19:43 692,276 ---hs---- C:\WINDOWS\SYSTEM32\ssqpn.dll
2006-11-05 19:42 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-11-05 19:36 40,973 ---hs---- C:\WINDOWS\SYSTEM32\mljgheb.dll
2006-11-05 16:24 2 --a------ C:\WINDOWS\SYSTEM32\wapiit.exe
2006-11-05 16:22 40,973 ---hs---- C:\WINDOWS\SYSTEM32\ljjjghg.dll
2006-11-05 16:22 15,872 --------- C:\WINDOWS\SYSTEM32\wintfj32.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-11 13:53 -------- d-------- C:\Program Files\SAM
2006-11-11 13:53 -------- d-------- C:\Documents and Settings\Jean-Pierre Hall‚\Application Data\Skype
2006-11-11 13:05 -------- d-------- C:\Program Files\Fichiers communs
2006-11-06 05:43 -------- d-------- C:\Program Files\Hijackthis
2006-11-05 19:44 -------- d-------- C:\Program Files\VSAdd-in
2006-11-05 19:42 -------- d-------- C:\Program Files\Grisoft
2006-11-05 18:09 -------- d-------- C:\Program Files\NavNT
2006-10-24 11:08 -------- d-------- C:\Program Files\Morpheus
2006-10-14 13:00 -------- d-------- C:\Program Files\Fichiers communs\SWF Studio
2006-10-11 11:24 58880 --a------ C:\WINDOWS\SYSTEM32\pnrpnsp.dll
2006-10-11 11:24 553984 --a------ C:\WINDOWS\SYSTEM32\p2psvc.dll
2006-10-11 11:24 313344 --a------ C:\WINDOWS\SYSTEM32\p2pgraph.dll
2006-10-11 11:24 153088 --a------ C:\WINDOWS\SYSTEM32\p2p.dll
2006-10-11 11:24 116224 --a------ C:\WINDOWS\SYSTEM32\p2pnetsh.dll
2006-10-11 11:24 104960 --a------ C:\WINDOWS\SYSTEM32\p2pgasvc.dll
2006-09-29 20:35 67896 --a------ C:\Documents and Settings\Jean-Pierre Hall‚\Application Data\GDIPFONTCACHEV1.DAT
2006-09-29 20:06 -------- d-------- C:\Program Files\Fichiers communs\HP
2006-09-29 20:04 -------- d-------- C:\Program Files\HP
2006-09-29 20:04 -------- d-------- C:\Program Files\Hewlett-Packard
2006-09-29 20:03 -------- d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2006-09-29 19:07 -------- d--h----- C:\Documents and Settings\Jean-Pierre Hall‚\Application Data\GTek
2006-09-23 10:54 -------- d-------- C:\Program Files\Adobe
2006-09-13 00:03 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2006-08-25 10:51 617472 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll
2006-08-21 07:26 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltmc.exe
2006-08-16 06:59 100352 --a------ C:\WINDOWS\SYSTEM32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Sonic RecordNow!"=""
"IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"BCMSMMSG"="BCMSMMSG.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"StorageGuard"="\"C:\\Program Files\\Fichiers communs\\Sonic\\Update Manager\\sgtray.exe\" /r"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"CTDVDDet"="C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"AsioReg"="REGSVR32.EXE /S CTASIO.DLL"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"nwiz"="nwiz.exe /install"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"vptray"="C:\\PROGRA~1\\NavNT\\vptray.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"D-Link AirPlus XtremeG"="C:\\Program Files\\D-Link\\AirPlus XtremeG\\AirPlusCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"HP Software Update"="\"c:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"archenteric"="{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvwww

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061111-135106-248
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
backup-20061111-135106-504
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int14.exe
backup-20061111-135105-693
O4 - HKCU\..\Run: [Rwtt] "C:\DOCUME~1\JEAN-P~1\MESDOC~1\CROSOF~1\cmd.exe" -vt ndrv
backup-20061111-135105-415
R3 - URLSearchHook: (no name) - {6A945B63-BCA0-B626-868E-CD6937A68EC1} - C:\WINDOWS\system32\bfdoeg.dll (file missing)
backup-20061111-135105-494
O4 - HKCU\..\Run: [Fqafyaz] C:\Program Files\?icrosoft.NET\d?xplore.exe
backup-20061111-135105-590
O4 - HKLM\..\Run: [beep regs about start] C:\Documents and Settings\All Users\Application Data\Meta data beep regs\chicnoun.exe
backup-20061111-135105-404
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20061111-135105-227
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvmoc.dll,startup
backup-20061111-135105-195
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
backup-20061111-135105-435
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AC49A83B90A25E4B.job

Completion time: 06-11-11 14:03:38.85
C:\ComboFix.txt ... 06-11-11 14:03

Hope this helps.... Last note... Internet Explorer is REALLY slow today...

thanks for your help!

LonnyRJones
2006-11-13, 07:01
Please download VundoFix.exe (http://www.atribune.org/content/view/24/2/)
to your to the root drive, eg: Local Disk C: or partition where your operating system is installed.
Double-click VundoFix.exe to run it.
Click scan for vundo, when it is finished scanning if this file isnt detected add it >
Right click the list box then select add files and add
C:\WINDOWS\SYSTEM32\impgsje.dll

do the same for each of these files
C:\WINDOWS\SYSTEM32\drvmoc.dll
C:\WINDOWS\SYSTEM32\xxyvwww.dll
C:\WINDOWS\SYSTEM32\ssqpn.dll
C:\WINDOWS\SYSTEM32\mljgheb.dll
C:\WINDOWS\SYSTEM32\ljjjghg.dll
C:\WINDOWS\SYSTEM32\wintfj32.dll

Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Wait two mimutes then turn your computer back on.




C:\WINDOWS\SYSTEM32\wapiit.exe < Delete file
C:\Program Files\VSAdd-in delete folder
C:\Documents and Settings\All Users\Application Data\Meta data beep regs\ < delete folder if present
Post a new hijackthis log

You have more than one antivirus, nav and avg, choose one uninstall the other, I suggest keeping avg.


[/URL]
Both your smithfraudfix report's were from running option 1, You still didnt choose the fix option !!
Here are the instruction again [URL]http://forums.spybot.info/showthread.php?t=4015 (http://forums.spybot.info/showpost.php?p=52424&postcount=20)

Post that smithfraudfix report after running option 2
The C:\vundofix.txt and a new hijackthis log, no others are needed yet

JPHalle
2006-11-13, 16:59
I will be applying your solutions tonite, which is approx. at 7:00 pm eastern time.

Thank you very much for all your help.

JPHalle
2006-11-14, 03:51
In the next few lines, I have copied your instructions, and put DONE besides all that I have done.

**************************
Please download VundoFix.exe >DONE
to your to the root drive, eg: Local Disk C: or partition where your operating system is installed.
Double-click VundoFix.exe to run it.
Click scan for vundo, when it is finished scanning if this file isnt detected add it >
Right click the list box then select add files and add
C:\WINDOWS\SYSTEM32\impgsje.dll >DONE

do the same for each of these files
C:\WINDOWS\SYSTEM32\drvmoc.dll >DONE
C:\WINDOWS\SYSTEM32\xxyvwww.dll >DONE
C:\WINDOWS\SYSTEM32\ssqpn.dll >DONE
C:\WINDOWS\SYSTEM32\mljgheb.dll >DONE
C:\WINDOWS\SYSTEM32\ljjjghg.dll >DONE
C:\WINDOWS\SYSTEM32\wintfj32.dll >DONE

Click the Remove Vundo button. >DONE
You will receive a prompt asking if you want to remove the files, click YES >DONE
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Wait two mimutes then turn your computer back on. >DONE




C:\WINDOWS\SYSTEM32\wapiit.exe < Delete file > DONE
C:\Program Files\VSAdd-in delete folder >DONE
C:\Documents and Settings\All Users\Application Data\Meta data beep regs\ < delete folder if present >FOLDER WAS NOT THERE
Post a new hijackthis log > I POSTED THIS LOG BELOW

You have more than one antivirus, nav and avg, choose one uninstall the other, I suggest keeping avg.
> DONE . REMOVED NAV, KEPT AVG


Both your smithfraudfix report's were from running option 1, You still didnt choose the fix option !!
Here are the instruction again http://forums.spybot.info/showthread.php?t=4015
> DOUBLE OUPS! SORRY :-(
Post that smithfraudfix report after running option 2 >DONE (SEE REPORT BELOW)
The C:\vundofix.txt and a new hijackthis log, no others are needed yet
>DONE. THE 2 LOGS ARE BELOW.

***********************************
...logs in my next reply...

JPHalle
2006-11-14, 03:53
First, the vundofix.txt log... hope I got it right this time...

VundoFix V6.2.8

Checking Java version...

Scan started at 19:19:13 2006-11-13

Listing files found while scanning....

C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.bak1
C:\WINDOWS\system32\npqss.bak2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ssqpn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\npqss.bak1
C:\WINDOWS\system32\npqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\npqss.bak2
C:\WINDOWS\system32\npqss.bak2 Has been deleted!

Attempting to delete c:\windows\system32\impgsje.dll
c:\windows\system32\impgsje.dll Has been deleted!

Attempting to delete c:\windows\system32\drvmoc.dll
c:\windows\system32\drvmoc.dll Has been deleted!

Attempting to delete c:\windows\system32\xxyvwww.dll
c:\windows\system32\xxyvwww.dll Has been deleted!

Attempting to delete c:\windows\system32\mljgheb.dll
c:\windows\system32\mljgheb.dll Has been deleted!

Attempting to delete c:\windows\system32\ljjjghg.dll
c:\windows\system32\ljjjghg.dll Has been deleted!

Attempting to delete c:\windows\system32\wintfj32.dll
c:\windows\system32\wintfj32.dll Has been deleted!

Performing Repairs to the registry.
Done!

... more to come...

JPHalle
2006-11-14, 04:00
Hope I got this one right as well...

SmitFraudFix v2.119

Rapport fait à 20:34:18,40, 2006-11-13
Executé à partir de C:\Documents and Settings\Jean-Pierre Hall‚\Bureau\smithfraudfix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"

[HKEY_CLASSES_ROOT\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean-Pierre Hall‚


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean-Pierre Hall‚\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JEAN-P~1\Favoris

C:\DOCUME~1\JEAN-P~1\Favoris\Antivirus Test Online.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"

[HKEY_CLASSES_ROOT\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

...more to come...

JPHalle
2006-11-14, 04:06
Here goes:

Logfile of HijackThis v1.99.1
Scan saved at 20:10:49, on 2006-11-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\hijackthis_061111\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.ca/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B93D27F-5E6A-26AD-06D7-871367A21376} - C:\PROGRA~1\playsize\axis setup.exe (file missing)
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6A945B63-BCA0-B626-868E-CD6937A68EC1} - C:\WINDOWS\system32\bfdoeg.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BC289594-FE2E-4956-92F7-BB3CB849E470} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\system32\xxyvwww.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\whqxopqa.dll (file missing)
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvnod.dll,startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Rwtt] "C:\DOCUME~1\JEAN-P~1\MESDOC~1\CROSOF~1\cmd.exe" -vt yazb
O4 - Startup: SAM.lnk = C:\Program Files\SAM\SAM.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesfr.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119620227656
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: archenteric - {d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3} - C:\WINDOWS\system32\impgsje.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

P.S. Internet explorer speed is back to normal. The only weird icon left in the lower-right corner of my screen is a red circle with a yellow exclamation point in the middle that displays the following on a mouseover: "Security warning: your computer may be infected by harmful or unwanted software".

Let me know what's next, I awair your next instructions. Thanks a lot for your help in this!

LonnyRJones
2006-11-14, 04:11
Hi

Thats another smithfraudfix log from using option 1, you need to choose option two fix.

JPHalle
2006-11-14, 04:45
I have run option 2 in safe mode, and it gives me the log below... Let me detail exactly what I do... maybe I'm doing something wrong, but I swear I am trying real hard...ok, here goes...
1- while in normal Windows mode, I double-click on the smitfraudfix folder on my desktop;
2- then, double-click on the smitfraudfix.cmd, which bring up a DOS-like window, with a message from the authoer where I hit ENTER, and I then get the menu;
3- I choose option #1 to run the SCAN, which produces a log that I save on my desktop;
4- I then reboot my computer in SAFE mode (hitting F8, etc...)
5- Then, I follow the process in thread #4015 to clean out my temporary internet files (I do every step described in step #7 of thread #4015)
6- then I do step #8 in thread #4015... in other words, while still in SAFE mode, I double-click my smitfraudfix folder on my desktop again, and then double-click the smitfraudfix.cmd, which brings up the same window from the author on which I hit ENTER to access the menu;
7- I type 2, and press ENTER (so I AM running option #2 here), which runs very fast and displays a log in NOTEPAD that I save under a different name n my desktop to make sure I can track it....

the log in item #7 above is the log that I am posting on this thread... I am either doing something wrong, or this is the right log...

One last note, since in your last post you mentioned that only needed a vundo.txt and a new hijackthis log, I am doing steps #9, 10 or 11 in thread #4015, i.e. NOT running a complete AVG scan of my system, nor a Spybot report, nor the HJT step there.

I am really trying... and again I am running option #2 in smitfraudfix... :-(

JPHalle
2006-11-14, 04:51
SmitFraudFix v2.119

Rapport fait à 21:25:57,54, 2006-11-13
Executé à partir de C:\Documents and Settings\Jean-Pierre Hall‚\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"

[HKEY_CLASSES_ROOT\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean-Pierre Hall‚


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean-Pierre Hall‚\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JEAN-P~1\Favoris

C:\DOCUME~1\JEAN-P~1\Favoris\Antivirus Test Online.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"

[HKEY_CLASSES_ROOT\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


By the way, right on the first few lines of this log, it says FIX in SAFE mode in French... right under the OS line (line #7 if counting the blank line after line #1).

Just thought I would mention that, cause I am trying to help, not trying to be playing smart, cause you are obviously a lot more knowledgeable than me.

LonnyRJones
2006-11-15, 07:49
It appears your not typeing y when at the prompt to clean the registry
See hilighted below

For now do exactly as written, no safe mode no other scans.
#2 - SmitfraudFix Clean
Re-download smithfraudfix
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Desktop. A folder named SmitfraudFix will be created there.
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process.

Post the txt that will open when the tool is finished.

JPHalle
2006-11-15, 15:45
You seem to have found the problem. All the other times when I was running smitfraudfix, I was NOT getting the question asking me if I wanted to clean the registry, nor was the system doing a cleanup. So I did as you asked, and redownloaded smitfraudfix using the link you provided in your last post, extracted to my desktop, ran option 2, and, oh surprise, I got the REGISTRY question and the disk cleanup ran.

So here is the txt file that was output after it ran:

SmitFraudFix v2.121

Rapport fait à 8:32:25,10, 2006-11-15
Executé à partir de C:\Documents and Settings\Jean-Pierre Hall‚\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"

[HKEY_CLASSES_ROOT\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\system32\impgsje.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url supprimé
C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url supprimé
C:\DOCUME~1\JEAN-P~1\Favoris\Antivirus Test Online.url supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


Anything else I should be doing? Or do you think my computer is now clean?

P.S. You have been very patient. Thanks again :-)

LonnyRJones
2006-11-16, 01:09
Good

Apparently there was a minor bug in it that coused the problem, which was fixed in latest version, so not your fault at all.

Hows that PC running ?

JPHalle
2006-11-16, 02:17
As far as I can tell, all appears to be back to normal 100%!!! Hurrah!!!!!

No flashing icons, speed back to normal, no redirection to other pages in Internet Explorer, no anti-virus messages from AVG... I think I'm doing just fine, but is there one last precaution I should take to make sure all is really well? Like run a Spybot check, a last AVG scan, etc?

LonnyRJones
2006-11-17, 03:42
As per your PM, yes i think that pc is clean now.


Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month

To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279

JPHalle
2006-11-17, 05:31
My expert was LonnieRJones... knowledgeable, patient, available. REALLY appreciate your time and efforts. Thanks to the whole Spybot Team!

From a happy camper, (surfer)

LonnyRJones
2006-11-22, 12:58
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let one of us know via a PM (personal message).