PDA

View Full Version : Smitfraud-C Toolbar888, Which DLL do I kill?



jakentessa
2006-11-09, 23:36
My PC is infected with Smitfraud-C.Toolbar888. I ran Spybot S&D and got the Extra Removal Instructions Message: You will need to use the process explorer: http://www.sysinternals.com/Utilities/ProcessExplorer.html
There you need to right click on "Winlogon.exe" and choose "properties..."
Then you will have to go to the "Threads" tab, there you will see the dll with the randomized filename, it is the same name as in the Spybot scanresult.
Choose and kill the dll, it is running 2 times. After that you will need to reboot to have Spybot remove the dll from the System. I did this but can't figure out which DLLs to kill. None have same name as Spybot scan result that I can see. I also followed "self help" procedure and here are my results. Please help, been screwing with this for about four days now and I really need my PC back. Thanks for your time!

SmitFraudFix v2.119

Scan done at 9:35:24.04, Thu 11/09/2006
Run from C:\Documents and Settings\OILFIELDHOTTIE\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\OILFIELDHOTTIE


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\OILFIELDHOTTIE\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\OILFIE~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\VirusBursters\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:38:53 PM 11/9/2006

+ Scan result:



C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : Cleaned.
C:\Program Files\Common Files\{388DAD80-0298-1033-0418-010525200001}\MyToolBar.dll -> Adware.Softomate : Cleaned.
C:\Program Files\Common Files\{588DAD80-0298-1033-0418-010525200001}\Update.exe -> Adware.Softomate : Cleaned.
C:\Program Files\Common Files\{588DAD80-0298-1033-0418-010525200001}\services.dll -> Adware.Softomate : Cleaned.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned.
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe -> Downloader.PurityScan.dc : Cleaned.
E:\DOWNLOADS\EvID4226Patch223d-en\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored and added to exceptions
C:\WINDOWS\system32\winvcl32.dll -> Trojan.Agent.vg : Cleaned.


::Report end

jakentessa
2006-11-09, 23:43
--- Search result list ---
Smitfraud-C.: Program directory (Directory, fixed)
C:\Program Files\InetGet2\

Smitfraud-C.Toolbar888: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR

Common Dialogs: History (2 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

MS Media Player: Anonymous ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2052111302-839522115-1708537768-1003\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

MS Direct3D: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=

MS Regedit: Recent open key (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2052111302-839522115-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey!=

MS Wordpad: Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2052111302-839522115-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

Windows Explorer: Recent wallpaper list (50 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2052111302-839522115-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2052111302-839522115-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: User Assistant history files (19 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2052111302-839522115-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: Last visited history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2052111302-839522115-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-09-18 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-11-03 Includes\Cookies.sbi (*)
2006-10-13 Includes\Dialer.sbi (*)
2006-11-03 Includes\DialerC.sbi (*)
2006-11-03 Includes\Hijackers.sbi (*)
2006-11-03 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-11-03 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-11-03 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-11-03 Includes\PUPSC.sbi (*)
2006-11-03 Includes\Revision.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-11-03 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-11-03 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2006-11-03 Includes\Trojans.sbi (*)
2006-11-03 Includes\TrojansC.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/917283
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/922770
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917537)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)


--- Startup entries list ---
Located: HK_LM:Run, !AVG Anti-Spyware
command: "E:\PROGRAM FILES\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file: E:\PROGRAM FILES\AVG Anti-Spyware 7.5\avgas.exe
size: 6266880
MD5: 01d90ae5dccbce0c7b52874fec35a608

Located: HK_LM:Run, AVG7_CC
command: E:\PROGRA~1\AVGANT~1\avgcc.exe /STARTUP
file: E:\PROGRA~1\AVGANT~1\avgcc.exe
size: 369664
MD5: 5ff72bb3dd3d7a206fbab530de76521a

Located: HK_LM:Run, CTDrive
command: rundll32.exe C:\WINDOWS\system32\drvdup.dll,startup
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, fvenrrj.dll
command: C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fvenrrj.dll,inuslcd
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, ojdfjgh.dll
command: C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ojdfjgh.dll,iocrbed
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, PCTVOICE
command: pctspk.exe
file: C:\WINDOWS\system32\pctspk.exe
size: 163840
MD5: acf5a15e6a1ace8c882a1638901ea875

Located: HK_LM:Run, UserFaultCheck
command: %systemroot%\system32\dumprep 0 -u
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 13922eb54890c77005268882629a31fe

Located: HK_LM:Run, WMC_AutoUpdate
command:
file:

Located: HK_LM:RunOnce, RemoveModule
command: command /c del C:\WINDOWS\system32\drvdow.dll
file:

Located: HK_LM:RunOnce, SpybotSnD
command: "E:\PROGRAM FILES\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: E:\PROGRAM FILES\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09ca174a605b480318731e691dc98539

Located: HK_LM:Run, IMJPMIG8.1 (DISABLED)
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208952
MD5: 7bbe4cf421aecc7f0226edd75f12079f

Located: HK_LM:Run, IntelliPoint (DISABLED)
command: "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
file: C:\Program Files\Microsoft IntelliPoint\ipoint.exe
size: 461584
MD5: 6f823b154ea55b4b7c2c79b51b9e9638

Located: HK_LM:Run, MSPY2002 (DISABLED)
command: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
file: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
size: 59392
MD5: 1b17e09c1223f6d17336d2dd7a1af4f4

Located: HK_LM:Run, PHIME2002A (DISABLED)
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6

Located: HK_LM:Run, PHIME2002ASync (DISABLED)
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6

Located: HK_LM:RunOnce, SpybotSnD (DISABLED)
command: "E:\PROGRAM FILES\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: E:\PROGRAM FILES\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09ca174a605b480318731e691dc98539

Located: HK_CU:Run, msnmsgr (DISABLED)
command: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
file: C:\Program Files\MSN Messenger\msnmsgr.exe
size: 5354792
MD5: c1ee2387ede907599ee3a6de9493f672

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: E:\PROGRAM FILES\Adobe Reader\Reader\reader_sl.exe
file: E:\PROGRAM FILES\Adobe Reader\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, efcab
command: C:\WINDOWS\system32\efcab.dll
file: C:\WINDOWS\system32\efcab.dll
size: 692276
MD5: de8b1addca91158f2c095625ae201766

Located: System.ini, efcbxyw
command: efcbxyw.dll
file: efcbxyw.dll

Located: System.ini, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, winvcl32
command: winvcl32.dll
file: winvcl32.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, efcab (DISABLED)
command: C:\WINDOWS\system32\efcab.dll
file: C:\WINDOWS\system32\efcab.dll
size: 692276
MD5: de8b1addca91158f2c095625ae201766



--- Browser helper object list ---
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: E:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 9/18/2006 4:29:28 AM
Date (last access): 11/9/2006 1:00:54 PM
Date (last write): 5/31/2005 12:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{5960089B-1001-E537-A64A-0371FF198B8B} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: zqxanug.dll
Short name:
Date (created): 11/9/2006 5:49:40 AM
Date (last access): 11/9/2006 12:44:10 PM
Date (last write): 11/9/2006 5:49:40 AM
Filesize: 72704
Attributes: archive
MD5: 26BDB7F4E47B02EF718CB13C4F9FAFC9
CRC32: AC5D0065

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_07\bin\
Long name: ssv.dll
Short name:
Date (created): 5/3/2006 1:57:02 AM
Date (last access): 11/9/2006 11:42:04 AM
Date (last write): 5/3/2006 2:14:38 AM
Filesize: 434279
Attributes: archive
MD5: 162186B53BBB5964F9E806F96934338E
CRC32: 1C68240D
Version: 5.0.70.3

{CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: efcbxyw.dll
Short name:
Date (created): 11/9/2006 5:49:16 AM
Date (last access): 11/9/2006 12:16:16 PM
Date (last write): 11/9/2006 5:49:16 AM
Filesize: 40973
Attributes: hidden sysfile
MD5: 9CB443346B27C05D00EE085A841C5549
CRC32: 0E92F11D

{E949CC43-AFA0-408C-97CD-21D03BF1BB09} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: efcab.dll
Short name:
Date (created): 11/6/2006 6:51:42 AM
Date (last access): 11/9/2006 12:30:50 PM
Date (last write): 11/6/2006 6:51:54 AM
Filesize: 692276
Attributes: hidden sysfile
MD5: DE8B1ADDCA91158F2C095625AE201766
CRC32: E865EB28

{F18F04B0-9CF1-4b93-B004-77A288BEE28B} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: nhkqanpc.dll

jakentessa
2006-11-09, 23:45
--- ActiveX list ---
{0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
DPF name:
CLSID name: PCPitstop Utility
Installer: C:\WINDOWS\Downloaded Program Files\PCPitstop.inf
Codebase: http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
description: Gateway tools
classification: Legitimate
known filename: PCPITSTOP.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: PCPitstop.dll
Short name: PCPITS~1.DLL
Date (created): 9/25/2006 12:57:52 PM
Date (last access): 11/9/2006 12:43:22 PM
Date (last write): 9/25/2006 12:57:52 PM
Filesize: 270336
Attributes: archive
MD5: 62C75F56389CDE498F88C695B086925F
CRC32: E88088EA
Version: 1.0.0.161

{1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class)
DPF name:
CLSID name: iCC Class
Installer: C:\WINDOWS\Downloaded Program Files\pcpconncheck.inf
Codebase: http://www.pcpitstop.com/internet/pcpConnCheck.cab
description:
classification: Legitimate
known filename: PCPCONNCHECK.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: pcpConnCheck.dll
Short name: PCPCON~1.DLL
Date (created): 12/8/2003 9:14:20 AM
Date (last access): 11/9/2006 12:43:22 PM
Date (last write): 12/8/2003 9:14:20 AM
Filesize: 86016
Attributes: archive
MD5: B22B240E952120C0A5251AFA542477D3
CRC32: B58B03EE
Version: 1.0.0.4

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\MSNPupld.inf
Codebase: http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
description:
classification: Legitimate
known filename: MsnPUpld.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 10/8/2004 3:01:22 PM
Date (last access): 11/9/2006 12:43:22 PM
Date (last write): 10/8/2004 3:01:22 PM
Filesize: 372736
Attributes: archive
MD5: D2ED523BB0FE94F8F492BEFE1C336040
CRC32: C4677625
Version: 10.0.910.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_07
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_07\bin\
Long name: NPJPI150_07.dll
Short name: NPJPI1~1.DLL
Date (created): 5/3/2006 1:57:02 AM
Date (last access): 11/9/2006 12:18:48 AM
Date (last write): 5/3/2006 2:14:38 AM
Filesize: 69746
Attributes: archive
MD5: 2663A75A8F6DAD0F7C10BF920AE81940
CRC32: 5235B91D
Version: 5.0.70.3

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 12:52:58 PM
Date (last access): 11/9/2006 12:18:48 AM
Date (last write): 11/10/2005 12:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_07
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_07\bin\
Long name: NPJPI150_07.dll
Short name: NPJPI1~1.DLL
Date (created): 5/3/2006 1:57:02 AM
Date (last access): 11/9/2006 1:07:32 PM
Date (last write): 5/3/2006 2:14:38 AM
Filesize: 69746
Attributes: archive
MD5: 2663A75A8F6DAD0F7C10BF920AE81940
CRC32: 5235B91D
Version: 5.0.70.3

{DBA230D1-8467-4e69-987E-5FAE815A3B45} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control)
DPF name:
CLSID name: Driver Agent ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\driveragent.inf
Codebase: http://driveragent.com/files/driveragent.cab
description:
classification: Open for discussion
known filename: driveragent.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: driveragent.ocx
Short name: DRIVER~1.OCX
Date (created): 10/10/2006 6:00:32 PM
Date (last access): 11/9/2006 2:38:24 AM
Date (last write): 10/10/2006 6:00:32 PM
Filesize: 433384
Attributes: archive
MD5: 6F934B7C659A33323002CB7055AB6E5F
CRC32: 57EB5BED
Version: 2.2006.10.10

{F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control)
DPF name:
CLSID name: Hotmail Attachments Control
Installer:
Codebase: http://by104fd.bay104.hotmail.msn.com/activex/HMAtchmt.ocx
description:
classification: Legitimate
known filename: HMAtchmt.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: HMAtchmt.ocx
Short name:
Date (created): 10/2/2006 4:19:24 AM
Date (last access): 11/9/2006 2:38:30 AM
Date (last write): 10/2/2006 4:19:28 AM
Filesize: 113408
Attributes: archive
MD5: 08E21249E03578574C8461C9E09C46A8
CRC32: FB8E11FD
Version: 1.5.0.5

--- Process list ---
PID: 0 ( 0) [System]
PID: 144 ( 4) \SystemRoot\System32\smss.exe
PID: 188 ( 144) \??\C:\WINDOWS\system32\csrss.exe
PID: 212 ( 144) \??\C:\WINDOWS\system32\winlogon.exe
PID: 256 ( 212) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 268 ( 212) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 424 ( 256) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 472 ( 256) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 516 ( 256) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 752 ( 732) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1756 ( 752) E:\PROGRAM FILES\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 1884 ( 752) C:\WINDOWS\system32\NOTEPAD.EXE
size: 69120
MD5: 388B8FBC36A8558587AFC90FB23A3B99
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11/9/2006 1:07:30 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\First Home Page
http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{53A379C7-9D7B-4046-8DD9-66E9531C358A}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{53A379C7-9D7B-4046-8DD9-66E9531C358A}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E82FB07B-1C2A-4CBD-B011-188ABB61951D}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E82FB07B-1C2A-4CBD-B011-188ABB61951D}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E1458543-9AF9-463E-A802-C7295E9D965B}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E1458543-9AF9-463E-A802-C7295E9D965B}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2AF42FCD-B1AC-485D-8A2E-277C25D61CE3}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2AF42FCD-B1AC-485D-8A2E-277C25D61CE3}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{631F583F-6FBC-41B5-B2C6-824602AC16B3}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{631F583F-6FBC-41B5-B2C6-824602AC16B3}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4B098589-0500-4C09-A872-9F234056D909}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4B098589-0500-4C09-A872-9F234056D909}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FEFCD5A7-F1F8-4A9C-A5AD-4AF5D2A9B17D}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FEFCD5A7-F1F8-4A9C-A5AD-4AF5D2A9B17D}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename: C:\WINDOWS\system32\pnrpnsp.dll

Namespace Provider 4: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename: C:\WINDOWS\system32\pnrpnsp.dll

jakentessa
2006-11-09, 23:49
--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: E:\PROGRA~1\AD-AWA~1\UNWISE.EXE E:\PROGRA~1\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

AVG Free Edition (AVG7Uninstall)
uninstall cmd: E:\PROGRAM FILES\AVG Antivirus\setup.exe /UNINSTALL

AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: E:\PROGRAM FILES\AVG Anti-Spyware 7.5
uninstall cmd: E:\PROGRAM FILES\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: http://www.grisoft.com

(Branding)

DV Series (DV Series)
uninstall cmd: C:\Program Files\DV Series\uninst.exe

Eusing Free Registry Cleaner (Eusing Free Registry Cleaner)
uninstall cmd: E:\PROGRA~1\EUSING~1\UNWISE.EXE E:\PROGRA~1\EUSING~1\INSTALL.LOG

Flash Movie Player 1.4 1.4 (Flash Movie Player)
uninstall cmd: E:\PROGRAM FILES\Flash Movie Player\uninst.exe
publisher: Eolsoft

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: E:\PROGRAM FILES\HJ THIS\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

hp deskjet 5550 series (Remove only) (hp deskjet 5550 series)
uninstall cmd: C:\Program Files\hp deskjet 5550 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=5550 -huninstall

hp print screen utility (hp print screen utility)
uninstall cmd: C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Security Update for Windows XP (KB899589) 1 (KB899589)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899589

Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

Update for Windows XP (KB900485) 2 (KB900485)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485

Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Security Update for Windows XP (KB901190) 1 (KB901190)
install date: 20060928
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901190

Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Security Update for Windows XP (KB904706) 2 (KB904706)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20061020
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Update for Windows XP (KB908531) 2 (KB908531)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Update for Windows XP (KB910437) 1 (KB910437)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Update for Windows XP (KB911280) 2 (KB911280)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280

Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Security Update for Windows XP (KB911567) 1 (KB911567)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567

Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927

Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919

Security Update for Windows XP (KB913433) (KB913433)
uninstall cmd: C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913433

Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580

Security Update for Windows XP (KB914388) 1 (KB914388)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914388

Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389

Update for Windows XP (KB916595) 1 (KB916595)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916595

Security Update for Windows XP (KB917159) 1 (KB917159)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917159

Security Update for Microsoft .NET Framework 2.0 (KB917283) 1 (KB917283.T1_1ToU93_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/917283

Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344

Security Update for Windows XP (KB917422) 1 (KB917422)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917422

Security Update for Windows XP (KB917537) 1 (KB917537)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917537

Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953

Security Update for Windows XP (KB918439) 1 (KB918439)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439

Security Update for Windows XP (KB918899) 1 (KB918899)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918899

Security Update for Windows XP (KB919007) 1 (KB919007)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=919007

Security Update for Windows XP (KB920214) 1 (KB920214)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920214

Security Update for Windows XP (KB920670) 1 (KB920670)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920670

Security Update for Windows XP (KB920683) 1 (KB920683)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920683

Security Update for Windows XP (KB920685) 1 (KB920685)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920685

Update for Windows XP (KB920872) 1 (KB920872)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920872

Security Update for Windows XP (KB921398) 1 (KB921398)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921398

Security Update for Windows XP (KB921883) 1 (KB921883)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921883

Update for Windows XP (KB922582) 1 (KB922582)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922582

Security Update for Windows XP (KB922616) 1 (KB922616)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922616

Security Update for Microsoft .NET Framework 2.0 (KB922770) 1 (KB922770.T1_1ToU168_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/922770

Security Update for Windows XP (KB922819) 1 (KB922819)
install date: 20061012
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922819

Security Update for Windows XP (KB923191) 1 (KB923191)
install date: 20061012
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923191

Security Update for Windows XP (KB923414) 1 (KB923414)
install date: 20061012
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923414

Security Update for Windows XP (KB924191) 1 (KB924191)
install date: 20061012
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924191

Security Update for Windows XP (KB924496) 1 (KB924496)
install date: 20061012
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924496

Security Update for Windows XP (KB925486) 1 (KB925486)
install date: 20060926
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925486

jakentessa
2006-11-09, 23:50
Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=45396

Mozilla Firefox (2.0) 2.0 (en-US) (Mozilla Firefox (2.0))
install location: E:\PROGRAM FILES\Mozilla Firefox
uninstall cmd: E:\PROGRAM FILES\Mozilla Firefox\uninstall\uninst.exe
publisher: Mozilla
comments: Mozilla Firefox

MSN Music Assistant (MSN Music Assistant)
uninstall cmd: rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

Registry Compressor 2.01.69 (Registry Compressor_is1)
install location: E:\PROGRAM FILES\Registry Compressor\
uninstall cmd: "E:\PROGRAM FILES\Registry Compressor\unins000.exe"
publisher: Rosecity Software

(ShockwaveFlash)

Skype 2.5 2.5 (Skype_is1)
install location: E:\PROGRAM FILES\Phone\
uninstall cmd: "E:\PROGRAM FILES\Phone\unins000.exe"
publisher: Skype Technologies S.A.
help link: http://ui.skype.com/ui/0/2.5.0.146/en/help

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: E:\PROGRAM FILES\Spybot - Search & Destroy\
uninstall cmd: "E:\PROGRAM FILES\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Tweak UI (Tweak UI 2.10)
uninstall cmd: "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

(Windows XP Service Pack)

XP TCP/IP Repair 1.0 (XP TCP/IP Repair_is1)
install location: C:\Program Files\XP TCPIP Repair\
uninstall cmd: "C:\Program Files\XP TCPIP Repair\unins000.exe"
publisher: WareSoft Software
help link: http://www.xp-smoker.com

Microsoft Windows Dynamic Host Configuration Protocol MOM 2005 MP 05.00.3000 ({0CE5FB47-2560-47B2-A21E-104499AA2FBD})
version: 83889080
version (major): 5
estimated size: 680
install date: 20061014
install source: E:\DOWNLOADS\06-10-14\
uninstall cmd: MsiExec.exe /I{0CE5FB47-2560-47B2-A21E-104499AA2FBD}
publisher: MOM 2005 Management Packs
contact: Microsoft Corporation

Windows Live Sign-in Assistant 4.000.249.1 ({22B3CC30-77B8-419C-AA4B-F571FDF5D66D})
version: 67109113
version (major): 4
estimated size: 1112
install date: 20060826
uninstall cmd: MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
publisher: Microsoft Corporation

Rhapsody Player Engine 1.0.636 ({30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7})
version: 16777852
version (major): 1
estimated size: 1493
install date: 20060826
uninstall cmd: MsiExec.exe /I{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}
publisher: RealNetworks
comments: The Rhapsody Player Engine is a Web browser plugin used for Rhapsody On The Web.
contact: RealNetworks
help link: http://www.rhapsody.com

J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 148501
install date: 20061016
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_06plus-b05/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_06\README.txt

J2SE Runtime Environment 5.0 Update 7 1.5.0.70 ({3248F0A8-6813-11D6-A77B-00B0D0150070})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 122889
install date: 20060622
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_07-b03/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_07\README.txt

WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20060618
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

ShareIns 1.00.0000 ({590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09})
version: 16777216
version (major): 1
estimated size: 736
install date: 20060621
install source: Z:\Media\Xtras\ShareIns\
publisher: Hewlett-Packard
help link: http://www.hp.com/cposupport/eschome.html
help telephone: 208-323-2551

Debugging Tools for Windows 6.6.7.5 ({5C741A01-05D6-4306-BA6A-DC8401285AE8})
version: 101056519
version (major): 6
version (minor): 6
estimated size: 31554
install date: 20061109
install source: C:\DOCUME~1\OILFIE~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{5C741A01-05D6-4306-BA6A-DC8401285AE8}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/ddk/debugging

Microsoft .NET Framework 2.0 2.0.50727 ({7131646D-CD3C-40F4-97B9-CD9E4E6262EF})
version: 33605159
version (major): 2
estimated size: 218792
install date: 20061014
publisher: Microsoft Corporation

Compaq Presario Monitor Driver Software 5.00 ({7AAA8519-AAC3-426B-8153-78AAA2A1121D})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AAA8519-AAC3-426B-8153-78AAA2A1121D}\Setup.exe" -l0x9

ArcSoft Funhouse ({7AD33F54-A430-4CB2-9B7D-6CF4463C91CD})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AD33F54-A430-4CB2-9B7D-6CF4463C91CD}\setup.exe" -l0x9 -uninst

Windows Support Tools 5.1.2510.0 ({8398B542-3CC4-44D9-83DF-696CCE70124B})
version: 83954126
version (major): 5
version (minor): 1
estimated size: 5544
install date: 20060918
install source: Z:\SUPPORT\TOOLS\
uninstall cmd: MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
publisher: Microsoft Corporation

Intel(R) 810/810E/815/815E/815EM Chipset Graphics Driver Software ({8A708DD8-A5E6-11D4-A706-000629E95E20})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A708DD8-A5E6-11D4-A706-000629E95E20}\Setup.exe" -inteluninstall

Intel Application Accelerator ({9984DF60-1C5B-11D3-ACA1-908A4FC10801})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST

Adobe Reader 7.0.8 7.0.8 ({AC76BA86-7AD7-1033-7B44-A70800000002})
version: 117440520
version (major): 7
estimated size: 66675
install date: 20060618
install location: E:\PROGRAM FILES\Adobe Reader\Reader\
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig708\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: E:\PROGRAM FILES\Adobe Reader\Reader\Readme.htm

User Profile Hive Cleanup Service 1.5.21 ({BF755CD9-E185-498A-AAFB-E9F8470AB1CC})
version: 17104917
version (major): 1
version (minor): 5
estimated size: 196
install date: 20060826
install source: K:\Program Files\
uninstall cmd: MsiExec.exe /I{BF755CD9-E185-498A-AAFB-E9F8470AB1CC}
publisher: Microsoft Corporation
contact: Robin Caron

Microsoft IntelliPoint 5.5 5.50.661.0 ({EBC91840-41E1-4CC3-AC11-0B889546223C})
version: 87163541
version (major): 5
version (minor): 50
estimated size: 7112
install date: 20061021
install source: C:\Program Files\Microsoft IntelliPoint 5.5\ipoint\setup\
publisher: Microsoft
help link: http://microsoft.com/support/

HP Photo and Imaging 1.2 - Scanjet 4570c Series 1.2.0000 ({EF729AE1-4AE9-402A-AF64-5C5A8150F549})
version: 16908288
version (major): 1
version (minor): 2
estimated size: 2776
install date: 20060621
install source: Z:\hpsw\
uninstall cmd: MsiExec.exe /I{EF729AE1-4AE9-402A-AF64-5C5A8150F549}
publisher: {&Tahoma8}Hewlett-Packard
help link: http://www.hp.com/cposupport/eschome.html
help telephone: 208-323-2551

Windows Live Messenger 8.0.0812.00 ({FCE50DB8-C610-4C42-BE5C-193F46C6F812})
version: 134218540
version (major): 8
estimated size: 28281
install date: 20060928
uninstall cmd: MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
publisher: Microsoft Corporation


Logfile of HijackThis v1.99.1
Scan saved at 3:14:01 AM, on 11/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\AVGANT~1\avgamsvr.exe
E:\PROGRA~1\AVGANT~1\avgupsvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
E:\PROGRAM FILES\UPH Cleanup\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\rundll32.exe
E:\PROGRAM FILES\HJ THIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wigjig.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\AVGANT~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvdow.dll,startup
O4 - HKLM\..\Run: [fvenrrj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fvenrrj.dll,inuslcd
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\PROGRAM FILES\Adobe Reader\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{53A379C7-9D7B-4046-8DD9-66E9531C358A}: NameServer = 67.66.97.5,204.251.219.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\AVGANT~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\AVGANT~1\avgupsvc.exe
O23 - Service: IWZSVQ - Unknown owner - C:\DOCUME~1\OILFIE~1\LOCALS~1\Temp\IWZSVQ.exe (file missing)
O23 - Service: MYKLRJXW - Unknown owner - C:\DOCUME~1\OILFIE~1\LOCALS~1\Temp\MYKLRJXW.exe (file missing)


I don't even know if this is the right HJT logfile but it is the only one I could find. I know I didn't run my latest scan at 3:14 AM but i couldn't find ant other saved logs. Where to look????

tashi
2006-11-14, 18:10
Hello and sorry for the wait.

Smitfraud-C.Toolbar888 was a false positive reported after the November 3 updates, fixed the following week.
http://forums.spybot.info/showthread.php?t=8668

If you have waited four days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)

Sun Microsystems~Java. Security vunerability in older versions left on system (http://forums.spybot.info/showpost.php?p=12880&postcount=2 )

tashi
2006-11-23, 16:25
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.