View Full Version : Smitfraud-C Toolbar888, Which DLL do I kill?
jakentessa
2006-11-09, 22:36
My PC is infected with Smitfraud-C.Toolbar888. I ran Spybot S&D and got the Extra Removal Instructions Message: You will need to use the process explorer: http://www.sysinternals.com/Utilities/ProcessExplorer.html
There you need to right click on "Winlogon.exe" and choose "properties..."
Then you will have to go to the "Threads" tab, there you will see the dll with the randomized filename, it is the same name as in the Spybot scanresult.
Choose and kill the dll, it is running 2 times. After that you will need to reboot to have Spybot remove the dll from the System. I did this but can't figure out which DLLs to kill. None have same name as Spybot scan result that I can see. I also followed "self help" procedure and here are my results. Please help, been screwing with this for about four days now and I really need my PC back. Thanks for your time!
SmitFraudFix v2.119
Scan done at 9:35:24.04, Thu 11/09/2006
Run from C:\Documents and Settings\OILFIELDHOTTIE\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\OILFIELDHOTTIE
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\OILFIELDHOTTIE\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\OILFIE~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\VirusBursters\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:38:53 PM 11/9/2006
+ Scan result:
C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : Cleaned.
C:\Program Files\Common Files\{388DAD80-0298-1033-0418-010525200001}\MyToolBar.dll -> Adware.Softomate : Cleaned.
C:\Program Files\Common Files\{588DAD80-0298-1033-0418-010525200001}\Update.exe -> Adware.Softomate : Cleaned.
C:\Program Files\Common Files\{588DAD80-0298-1033-0418-010525200001}\services.dll -> Adware.Softomate : Cleaned.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned.
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe -> Downloader.PurityScan.dc : Cleaned.
E:\DOWNLOADS\EvID4226Patch223d-en\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored and added to exceptions
C:\WINDOWS\system32\winvcl32.dll -> Trojan.Agent.vg : Cleaned.
::Report end
jakentessa
2006-11-09, 22:43
--- Search result list ---
Smitfraud-C.: Program directory (Directory, fixed)
C:\Program Files\InetGet2\
Smitfraud-C.Toolbar888: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR
Common Dialogs: History (2 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt
Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
MS Media Player: Anonymous ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2052111302-839522115-1708537768-1003\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0
MS Direct3D: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=
MS Regedit: Recent open key (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2052111302-839522115-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey!=
MS Wordpad: Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2052111302-839522115-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
Windows Explorer: Recent wallpaper list (50 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2052111302-839522115-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2052111302-839522115-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: User Assistant history files (19 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2052111302-839522115-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: Last visited history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2052111302-839522115-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-09-18 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-11-03 Includes\Cookies.sbi (*)
2006-10-13 Includes\Dialer.sbi (*)
2006-11-03 Includes\DialerC.sbi (*)
2006-11-03 Includes\Hijackers.sbi (*)
2006-11-03 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-11-03 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-11-03 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-11-03 Includes\PUPSC.sbi (*)
2006-11-03 Includes\Revision.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-11-03 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-11-03 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2006-11-03 Includes\Trojans.sbi (*)
2006-11-03 Includes\TrojansC.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/917283
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/922770
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917537)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
--- Startup entries list ---
Located: HK_LM:Run, !AVG Anti-Spyware
command: "E:\PROGRAM FILES\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file: E:\PROGRAM FILES\AVG Anti-Spyware 7.5\avgas.exe
size: 6266880
MD5: 01d90ae5dccbce0c7b52874fec35a608
Located: HK_LM:Run, AVG7_CC
command: E:\PROGRA~1\AVGANT~1\avgcc.exe /STARTUP
file: E:\PROGRA~1\AVGANT~1\avgcc.exe
size: 369664
MD5: 5ff72bb3dd3d7a206fbab530de76521a
Located: HK_LM:Run, CTDrive
command: rundll32.exe C:\WINDOWS\system32\drvdup.dll,startup
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, fvenrrj.dll
command: C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fvenrrj.dll,inuslcd
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, ojdfjgh.dll
command: C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ojdfjgh.dll,iocrbed
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff
Located: HK_LM:Run, PCTVOICE
command: pctspk.exe
file: C:\WINDOWS\system32\pctspk.exe
size: 163840
MD5: acf5a15e6a1ace8c882a1638901ea875
Located: HK_LM:Run, UserFaultCheck
command: %systemroot%\system32\dumprep 0 -u
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 13922eb54890c77005268882629a31fe
Located: HK_LM:Run, WMC_AutoUpdate
command:
file:
Located: HK_LM:RunOnce, RemoveModule
command: command /c del C:\WINDOWS\system32\drvdow.dll
file:
Located: HK_LM:RunOnce, SpybotSnD
command: "E:\PROGRAM FILES\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: E:\PROGRAM FILES\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09ca174a605b480318731e691dc98539
Located: HK_LM:Run, IMJPMIG8.1 (DISABLED)
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208952
MD5: 7bbe4cf421aecc7f0226edd75f12079f
Located: HK_LM:Run, IntelliPoint (DISABLED)
command: "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
file: C:\Program Files\Microsoft IntelliPoint\ipoint.exe
size: 461584
MD5: 6f823b154ea55b4b7c2c79b51b9e9638
Located: HK_LM:Run, MSPY2002 (DISABLED)
command: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
file: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
size: 59392
MD5: 1b17e09c1223f6d17336d2dd7a1af4f4
Located: HK_LM:Run, PHIME2002A (DISABLED)
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6
Located: HK_LM:Run, PHIME2002ASync (DISABLED)
command: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
file: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6
Located: HK_LM:RunOnce, SpybotSnD (DISABLED)
command: "E:\PROGRAM FILES\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: E:\PROGRAM FILES\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09ca174a605b480318731e691dc98539
Located: HK_CU:Run, msnmsgr (DISABLED)
command: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
file: C:\Program Files\MSN Messenger\msnmsgr.exe
size: 5354792
MD5: c1ee2387ede907599ee3a6de9493f672
Located: Startup (common), Adobe Reader Speed Launch.lnk
command: E:\PROGRAM FILES\Adobe Reader\Reader\reader_sl.exe
file: E:\PROGRAM FILES\Adobe Reader\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, efcab
command: C:\WINDOWS\system32\efcab.dll
file: C:\WINDOWS\system32\efcab.dll
size: 692276
MD5: de8b1addca91158f2c095625ae201766
Located: System.ini, efcbxyw
command: efcbxyw.dll
file: efcbxyw.dll
Located: System.ini, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, winvcl32
command: winvcl32.dll
file: winvcl32.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, efcab (DISABLED)
command: C:\WINDOWS\system32\efcab.dll
file: C:\WINDOWS\system32\efcab.dll
size: 692276
MD5: de8b1addca91158f2c095625ae201766
--- Browser helper object list ---
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: E:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 9/18/2006 4:29:28 AM
Date (last access): 11/9/2006 1:00:54 PM
Date (last write): 5/31/2005 12:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0
{5960089B-1001-E537-A64A-0371FF198B8B} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: zqxanug.dll
Short name:
Date (created): 11/9/2006 5:49:40 AM
Date (last access): 11/9/2006 12:44:10 PM
Date (last write): 11/9/2006 5:49:40 AM
Filesize: 72704
Attributes: archive
MD5: 26BDB7F4E47B02EF718CB13C4F9FAFC9
CRC32: AC5D0065
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_07\bin\
Long name: ssv.dll
Short name:
Date (created): 5/3/2006 1:57:02 AM
Date (last access): 11/9/2006 11:42:04 AM
Date (last write): 5/3/2006 2:14:38 AM
Filesize: 434279
Attributes: archive
MD5: 162186B53BBB5964F9E806F96934338E
CRC32: 1C68240D
Version: 5.0.70.3
{CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: efcbxyw.dll
Short name:
Date (created): 11/9/2006 5:49:16 AM
Date (last access): 11/9/2006 12:16:16 PM
Date (last write): 11/9/2006 5:49:16 AM
Filesize: 40973
Attributes: hidden sysfile
MD5: 9CB443346B27C05D00EE085A841C5549
CRC32: 0E92F11D
{E949CC43-AFA0-408C-97CD-21D03BF1BB09} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: efcab.dll
Short name:
Date (created): 11/6/2006 6:51:42 AM
Date (last access): 11/9/2006 12:30:50 PM
Date (last write): 11/6/2006 6:51:54 AM
Filesize: 692276
Attributes: hidden sysfile
MD5: DE8B1ADDCA91158F2C095625AE201766
CRC32: E865EB28
{F18F04B0-9CF1-4b93-B004-77A288BEE28B} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: nhkqanpc.dll
jakentessa
2006-11-09, 22:45
--- ActiveX list ---
{0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
DPF name:
CLSID name: PCPitstop Utility
Installer: C:\WINDOWS\Downloaded Program Files\PCPitstop.inf
Codebase: http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
description: Gateway tools
classification: Legitimate
known filename: PCPITSTOP.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: PCPitstop.dll
Short name: PCPITS~1.DLL
Date (created): 9/25/2006 12:57:52 PM
Date (last access): 11/9/2006 12:43:22 PM
Date (last write): 9/25/2006 12:57:52 PM
Filesize: 270336
Attributes: archive
MD5: 62C75F56389CDE498F88C695B086925F
CRC32: E88088EA
Version: 1.0.0.161
{1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class)
DPF name:
CLSID name: iCC Class
Installer: C:\WINDOWS\Downloaded Program Files\pcpconncheck.inf
Codebase: http://www.pcpitstop.com/internet/pcpConnCheck.cab
description:
classification: Legitimate
known filename: PCPCONNCHECK.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: pcpConnCheck.dll
Short name: PCPCON~1.DLL
Date (created): 12/8/2003 9:14:20 AM
Date (last access): 11/9/2006 12:43:22 PM
Date (last write): 12/8/2003 9:14:20 AM
Filesize: 86016
Attributes: archive
MD5: B22B240E952120C0A5251AFA542477D3
CRC32: B58B03EE
Version: 1.0.0.4
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\MSNPupld.inf
Codebase: http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
description:
classification: Legitimate
known filename: MsnPUpld.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 10/8/2004 3:01:22 PM
Date (last access): 11/9/2006 12:43:22 PM
Date (last write): 10/8/2004 3:01:22 PM
Filesize: 372736
Attributes: archive
MD5: D2ED523BB0FE94F8F492BEFE1C336040
CRC32: C4677625
Version: 10.0.910.0
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_07
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_07\bin\
Long name: NPJPI150_07.dll
Short name: NPJPI1~1.DLL
Date (created): 5/3/2006 1:57:02 AM
Date (last access): 11/9/2006 12:18:48 AM
Date (last write): 5/3/2006 2:14:38 AM
Filesize: 69746
Attributes: archive
MD5: 2663A75A8F6DAD0F7C10BF920AE81940
CRC32: 5235B91D
Version: 5.0.70.3
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 3/2/2006 12:52:58 PM
Date (last access): 11/9/2006 12:18:48 AM
Date (last write): 11/10/2005 12:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_07
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_07\bin\
Long name: NPJPI150_07.dll
Short name: NPJPI1~1.DLL
Date (created): 5/3/2006 1:57:02 AM
Date (last access): 11/9/2006 1:07:32 PM
Date (last write): 5/3/2006 2:14:38 AM
Filesize: 69746
Attributes: archive
MD5: 2663A75A8F6DAD0F7C10BF920AE81940
CRC32: 5235B91D
Version: 5.0.70.3
{DBA230D1-8467-4e69-987E-5FAE815A3B45} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control)
DPF name:
CLSID name: Driver Agent ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\driveragent.inf
Codebase: http://driveragent.com/files/driveragent.cab
description:
classification: Open for discussion
known filename: driveragent.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: driveragent.ocx
Short name: DRIVER~1.OCX
Date (created): 10/10/2006 6:00:32 PM
Date (last access): 11/9/2006 2:38:24 AM
Date (last write): 10/10/2006 6:00:32 PM
Filesize: 433384
Attributes: archive
MD5: 6F934B7C659A33323002CB7055AB6E5F
CRC32: 57EB5BED
Version: 2.2006.10.10
{F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control)
DPF name:
CLSID name: Hotmail Attachments Control
Installer:
Codebase: http://by104fd.bay104.hotmail.msn.com/activex/HMAtchmt.ocx
description:
classification: Legitimate
known filename: HMAtchmt.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: HMAtchmt.ocx
Short name:
Date (created): 10/2/2006 4:19:24 AM
Date (last access): 11/9/2006 2:38:30 AM
Date (last write): 10/2/2006 4:19:28 AM
Filesize: 113408
Attributes: archive
MD5: 08E21249E03578574C8461C9E09C46A8
CRC32: FB8E11FD
Version: 1.5.0.5
--- Process list ---
PID: 0 ( 0) [System]
PID: 144 ( 4) \SystemRoot\System32\smss.exe
PID: 188 ( 144) \??\C:\WINDOWS\system32\csrss.exe
PID: 212 ( 144) \??\C:\WINDOWS\system32\winlogon.exe
PID: 256 ( 212) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 268 ( 212) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 424 ( 256) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 472 ( 256) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 516 ( 256) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 752 ( 732) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1756 ( 752) E:\PROGRAM FILES\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 1884 ( 752) C:\WINDOWS\system32\NOTEPAD.EXE
size: 69120
MD5: 388B8FBC36A8558587AFC90FB23A3B99
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11/9/2006 1:07:30 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\First Home Page
http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{53A379C7-9D7B-4046-8DD9-66E9531C358A}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{53A379C7-9D7B-4046-8DD9-66E9531C358A}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E82FB07B-1C2A-4CBD-B011-188ABB61951D}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E82FB07B-1C2A-4CBD-B011-188ABB61951D}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E1458543-9AF9-463E-A802-C7295E9D965B}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E1458543-9AF9-463E-A802-C7295E9D965B}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2AF42FCD-B1AC-485D-8A2E-277C25D61CE3}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2AF42FCD-B1AC-485D-8A2E-277C25D61CE3}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{631F583F-6FBC-41B5-B2C6-824602AC16B3}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{631F583F-6FBC-41B5-B2C6-824602AC16B3}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4B098589-0500-4C09-A872-9F234056D909}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4B098589-0500-4C09-A872-9F234056D909}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FEFCD5A7-F1F8-4A9C-A5AD-4AF5D2A9B17D}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FEFCD5A7-F1F8-4A9C-A5AD-4AF5D2A9B17D}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 3: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename: C:\WINDOWS\system32\pnrpnsp.dll
Namespace Provider 4: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename: C:\WINDOWS\system32\pnrpnsp.dll
jakentessa
2006-11-09, 22:49
--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: E:\PROGRA~1\AD-AWA~1\UNWISE.EXE E:\PROGRA~1\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com
AVG Free Edition (AVG7Uninstall)
uninstall cmd: E:\PROGRAM FILES\AVG Antivirus\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: E:\PROGRAM FILES\AVG Anti-Spyware 7.5
uninstall cmd: E:\PROGRAM FILES\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: http://www.grisoft.com
(Branding)
DV Series (DV Series)
uninstall cmd: C:\Program Files\DV Series\uninst.exe
Eusing Free Registry Cleaner (Eusing Free Registry Cleaner)
uninstall cmd: E:\PROGRA~1\EUSING~1\UNWISE.EXE E:\PROGRA~1\EUSING~1\INSTALL.LOG
Flash Movie Player 1.4 1.4 (Flash Movie Player)
uninstall cmd: E:\PROGRAM FILES\Flash Movie Player\uninst.exe
publisher: Eolsoft
HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: E:\PROGRAM FILES\HJ THIS\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.
hp deskjet 5550 series (Remove only) (hp deskjet 5550 series)
uninstall cmd: C:\Program Files\hp deskjet 5550 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=5550 -huninstall
hp print screen utility (hp print screen utility)
uninstall cmd: C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339
Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835
Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836
Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185
Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302
Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046
Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859
Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781
Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756
Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467
Update for Windows XP (KB894391) 1 (KB894391)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391
Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358
Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423
Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424
Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428
Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587
Security Update for Windows XP (KB899589) 1 (KB899589)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899589
Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591
Update for Windows XP (KB900485) 2 (KB900485)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485
Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725
Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017
Security Update for Windows XP (KB901190) 1 (KB901190)
install date: 20060928
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901190
Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214
Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400
Security Update for Windows XP (KB904706) 2 (KB904706)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706
Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414
Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20061020
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749
Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519
Update for Windows XP (KB908531) 2 (KB908531)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531
Update for Windows XP (KB910437) 1 (KB910437)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437
Update for Windows XP (KB911280) 2 (KB911280)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280
Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562
Security Update for Windows XP (KB911567) 1 (KB911567)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567
Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927
Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919
Security Update for Windows XP (KB913433) (KB913433)
uninstall cmd: C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913433
Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580
Security Update for Windows XP (KB914388) 1 (KB914388)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914388
Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389
Update for Windows XP (KB916595) 1 (KB916595)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916595
Security Update for Windows XP (KB917159) 1 (KB917159)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917159
Security Update for Microsoft .NET Framework 2.0 (KB917283) 1 (KB917283.T1_1ToU93_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/917283
Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344
Security Update for Windows XP (KB917422) 1 (KB917422)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917422
Security Update for Windows XP (KB917537) 1 (KB917537)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917537
Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953
Security Update for Windows XP (KB918439) 1 (KB918439)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439
Security Update for Windows XP (KB918899) 1 (KB918899)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918899
Security Update for Windows XP (KB919007) 1 (KB919007)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=919007
Security Update for Windows XP (KB920214) 1 (KB920214)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920214
Security Update for Windows XP (KB920670) 1 (KB920670)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920670
Security Update for Windows XP (KB920683) 1 (KB920683)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920683
Security Update for Windows XP (KB920685) 1 (KB920685)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920685
Update for Windows XP (KB920872) 1 (KB920872)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920872
Security Update for Windows XP (KB921398) 1 (KB921398)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921398
Security Update for Windows XP (KB921883) 1 (KB921883)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921883
Update for Windows XP (KB922582) 1 (KB922582)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922582
Security Update for Windows XP (KB922616) 1 (KB922616)
install date: 20060920
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922616
Security Update for Microsoft .NET Framework 2.0 (KB922770) 1 (KB922770.T1_1ToU168_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/922770
Security Update for Windows XP (KB922819) 1 (KB922819)
install date: 20061012
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922819
Security Update for Windows XP (KB923191) 1 (KB923191)
install date: 20061012
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923191
Security Update for Windows XP (KB923414) 1 (KB923414)
install date: 20061012
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923414
Security Update for Windows XP (KB924191) 1 (KB924191)
install date: 20061012
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924191
Security Update for Windows XP (KB924496) 1 (KB924496)
install date: 20061012
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924496
Security Update for Windows XP (KB925486) 1 (KB925486)
install date: 20060926
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925486
jakentessa
2006-11-09, 22:50
Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=45396
Mozilla Firefox (2.0) 2.0 (en-US) (Mozilla Firefox (2.0))
install location: E:\PROGRAM FILES\Mozilla Firefox
uninstall cmd: E:\PROGRAM FILES\Mozilla Firefox\uninstall\uninst.exe
publisher: Mozilla
comments: Mozilla Firefox
MSN Music Assistant (MSN Music Assistant)
uninstall cmd: rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Registry Compressor 2.01.69 (Registry Compressor_is1)
install location: E:\PROGRAM FILES\Registry Compressor\
uninstall cmd: "E:\PROGRAM FILES\Registry Compressor\unins000.exe"
publisher: Rosecity Software
(ShockwaveFlash)
Skype 2.5 2.5 (Skype_is1)
install location: E:\PROGRAM FILES\Phone\
uninstall cmd: "E:\PROGRAM FILES\Phone\unins000.exe"
publisher: Skype Technologies S.A.
help link: http://ui.skype.com/ui/0/2.5.0.146/en/help
Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: E:\PROGRAM FILES\Spybot - Search & Destroy\
uninstall cmd: "E:\PROGRAM FILES\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
Tweak UI (Tweak UI 2.10)
uninstall cmd: "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
(Windows XP Service Pack)
XP TCP/IP Repair 1.0 (XP TCP/IP Repair_is1)
install location: C:\Program Files\XP TCPIP Repair\
uninstall cmd: "C:\Program Files\XP TCPIP Repair\unins000.exe"
publisher: WareSoft Software
help link: http://www.xp-smoker.com
Microsoft Windows Dynamic Host Configuration Protocol MOM 2005 MP 05.00.3000 ({0CE5FB47-2560-47B2-A21E-104499AA2FBD})
version: 83889080
version (major): 5
estimated size: 680
install date: 20061014
install source: E:\DOWNLOADS\06-10-14\
uninstall cmd: MsiExec.exe /I{0CE5FB47-2560-47B2-A21E-104499AA2FBD}
publisher: MOM 2005 Management Packs
contact: Microsoft Corporation
Windows Live Sign-in Assistant 4.000.249.1 ({22B3CC30-77B8-419C-AA4B-F571FDF5D66D})
version: 67109113
version (major): 4
estimated size: 1112
install date: 20060826
uninstall cmd: MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
publisher: Microsoft Corporation
Rhapsody Player Engine 1.0.636 ({30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7})
version: 16777852
version (major): 1
estimated size: 1493
install date: 20060826
uninstall cmd: MsiExec.exe /I{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}
publisher: RealNetworks
comments: The Rhapsody Player Engine is a Web browser plugin used for Rhapsody On The Web.
contact: RealNetworks
help link: http://www.rhapsody.com
J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 148501
install date: 20061016
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_06plus-b05/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_06\README.txt
J2SE Runtime Environment 5.0 Update 7 1.5.0.70 ({3248F0A8-6813-11D6-A77B-00B0D0150070})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 122889
install date: 20060622
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_07-b03/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_07\README.txt
WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20060618
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows
ShareIns 1.00.0000 ({590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09})
version: 16777216
version (major): 1
estimated size: 736
install date: 20060621
install source: Z:\Media\Xtras\ShareIns\
publisher: Hewlett-Packard
help link: http://www.hp.com/cposupport/eschome.html
help telephone: 208-323-2551
Debugging Tools for Windows 6.6.7.5 ({5C741A01-05D6-4306-BA6A-DC8401285AE8})
version: 101056519
version (major): 6
version (minor): 6
estimated size: 31554
install date: 20061109
install source: C:\DOCUME~1\OILFIE~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{5C741A01-05D6-4306-BA6A-DC8401285AE8}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/ddk/debugging
Microsoft .NET Framework 2.0 2.0.50727 ({7131646D-CD3C-40F4-97B9-CD9E4E6262EF})
version: 33605159
version (major): 2
estimated size: 218792
install date: 20061014
publisher: Microsoft Corporation
Compaq Presario Monitor Driver Software 5.00 ({7AAA8519-AAC3-426B-8153-78AAA2A1121D})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AAA8519-AAC3-426B-8153-78AAA2A1121D}\Setup.exe" -l0x9
ArcSoft Funhouse ({7AD33F54-A430-4CB2-9B7D-6CF4463C91CD})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AD33F54-A430-4CB2-9B7D-6CF4463C91CD}\setup.exe" -l0x9 -uninst
Windows Support Tools 5.1.2510.0 ({8398B542-3CC4-44D9-83DF-696CCE70124B})
version: 83954126
version (major): 5
version (minor): 1
estimated size: 5544
install date: 20060918
install source: Z:\SUPPORT\TOOLS\
uninstall cmd: MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
publisher: Microsoft Corporation
Intel(R) 810/810E/815/815E/815EM Chipset Graphics Driver Software ({8A708DD8-A5E6-11D4-A706-000629E95E20})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A708DD8-A5E6-11D4-A706-000629E95E20}\Setup.exe" -inteluninstall
Intel Application Accelerator ({9984DF60-1C5B-11D3-ACA1-908A4FC10801})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Adobe Reader 7.0.8 7.0.8 ({AC76BA86-7AD7-1033-7B44-A70800000002})
version: 117440520
version (major): 7
estimated size: 66675
install date: 20060618
install location: E:\PROGRAM FILES\Adobe Reader\Reader\
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig708\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: E:\PROGRAM FILES\Adobe Reader\Reader\Readme.htm
User Profile Hive Cleanup Service 1.5.21 ({BF755CD9-E185-498A-AAFB-E9F8470AB1CC})
version: 17104917
version (major): 1
version (minor): 5
estimated size: 196
install date: 20060826
install source: K:\Program Files\
uninstall cmd: MsiExec.exe /I{BF755CD9-E185-498A-AAFB-E9F8470AB1CC}
publisher: Microsoft Corporation
contact: Robin Caron
Microsoft IntelliPoint 5.5 5.50.661.0 ({EBC91840-41E1-4CC3-AC11-0B889546223C})
version: 87163541
version (major): 5
version (minor): 50
estimated size: 7112
install date: 20061021
install source: C:\Program Files\Microsoft IntelliPoint 5.5\ipoint\setup\
publisher: Microsoft
help link: http://microsoft.com/support/
HP Photo and Imaging 1.2 - Scanjet 4570c Series 1.2.0000 ({EF729AE1-4AE9-402A-AF64-5C5A8150F549})
version: 16908288
version (major): 1
version (minor): 2
estimated size: 2776
install date: 20060621
install source: Z:\hpsw\
uninstall cmd: MsiExec.exe /I{EF729AE1-4AE9-402A-AF64-5C5A8150F549}
publisher: {&Tahoma8}Hewlett-Packard
help link: http://www.hp.com/cposupport/eschome.html
help telephone: 208-323-2551
Windows Live Messenger 8.0.0812.00 ({FCE50DB8-C610-4C42-BE5C-193F46C6F812})
version: 134218540
version (major): 8
estimated size: 28281
install date: 20060928
uninstall cmd: MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
publisher: Microsoft Corporation
Logfile of HijackThis v1.99.1
Scan saved at 3:14:01 AM, on 11/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\AVGANT~1\avgamsvr.exe
E:\PROGRA~1\AVGANT~1\avgupsvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
E:\PROGRAM FILES\UPH Cleanup\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\rundll32.exe
E:\PROGRAM FILES\HJ THIS\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wigjig.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\AVGANT~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvdow.dll,startup
O4 - HKLM\..\Run: [fvenrrj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fvenrrj.dll,inuslcd
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\PROGRAM FILES\Adobe Reader\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{53A379C7-9D7B-4046-8DD9-66E9531C358A}: NameServer = 67.66.97.5,204.251.219.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\AVGANT~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\AVGANT~1\avgupsvc.exe
O23 - Service: IWZSVQ - Unknown owner - C:\DOCUME~1\OILFIE~1\LOCALS~1\Temp\IWZSVQ.exe (file missing)
O23 - Service: MYKLRJXW - Unknown owner - C:\DOCUME~1\OILFIE~1\LOCALS~1\Temp\MYKLRJXW.exe (file missing)
I don't even know if this is the right HJT logfile but it is the only one I could find. I know I didn't run my latest scan at 3:14 AM but i couldn't find ant other saved logs. Where to look????
Hello and sorry for the wait.
Smitfraud-C.Toolbar888 was a false positive reported after the November 3 updates, fixed the following week.
http://forums.spybot.info/showthread.php?t=8668
If you have waited four days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)
Sun Microsystems~Java. Security vunerability in older versions left on system (http://forums.spybot.info/showpost.php?p=12880&postcount=2 )
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.