System alert popups and FakeAlert-B (over and over again)

M

maria

New member
Good morning, I'm glad to have found people with the same problem I am facing and even more happy to know there's someone willing to help me get rid of the alerts and popups I keep receiving. I left my brother with the computer for 24 hours and this happened; my antivirus McAfee detects FakeAlert B and deletes it but it keeps appearing as well as the popups telling me my computer is full with problems (so far I know this is not true).
I don't understand much of computers but so far I managed to follow your instructions........ Thank, thank you again.
I don't konw what to do next... (I'll wait for your answer)

Now, here is the logfile (I don't even know what this is!!!):

Logfile of HijackThis v1.99.1
Scan saved at 13:19:52, on 20-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atmclk.exe
C:\Programas\Network Associates\VirusScan\SHSTAT.EXE
C:\Programas\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\carpserv.exe
C:\Programas\MessengerPlus! 3\MsgPlus.exe
C:\Programas\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\Programas\Network Associates\Common Framework\FrameworkService.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Network Associates\VirusScan\Mcshield.exe
C:\Programas\Network Associates\VirusScan\VsTskMgr.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.clix.pt
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sapo.pt/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer disponibilizado por Clix
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hpD853.tmp
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programas\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programas\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.clix.pt
O17 - HKLM\System\CCS\Services\Tcpip\..\{D667D5BF-3C48-4121-9B62-672E8436646A}: NameServer = 195.23.129.126,194.79.69.222
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programas\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programas\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programas\Network Associates\VirusScan\VsTskMgr.exe
 
Hello Maria, Your computer is infected with the Smitfraud trojan. We have a fix for it if you will but follow the directions. You will find the instructions here:

http://forums.spybot.info/showthread.php?t=4015

Some of the instructions you have completed, like getting the HJT log. Read through the instructions and then carefully follow them. When you have complete the instructions, post your three logs here in this same topic. I will be notified when you do and check to see if there is more to do as soon as possible after you post.

Thanks...pskelley
Safer Networking Forums
 
Ok, I've done it!

I´ve done as you said (the only exception was in #2 SmitfraudFix clean in which the item of wininet.dll didn't appear).

Here it is:
______________________________________________________________
c:\rapport.txt:

SmitFraudFix v2.45

Scan done at 20:31:20,62, 22-05-2006
Run from C:\Documents and Settings\Administrador\Ambiente de trabalho\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [VersÆo 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\ADMINI~1\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» End

_____________________________________________________________


Ewido log:

---------------------------------------------------------
ewido anti-malware - Relatório de verificação
---------------------------------------------------------

+ Criado em: 20:12:37, 22-05-2006
+ Relatório-Checksum: DC635EB1

+ Resultado da verificação:

C:\Documents and Settings\Administrador\Definições locais\Temp\NI.UWA6PZ_0001_N73M1004\setup.exe -> Trojan.Fakealert : Limpo com backup
C:\Documents and Settings\Administrador\Definições locais\Temp\temp.fr10AF -> Downloader.Zlob.ou : Limpo com backup
C:\WINDOWS\system32\atmclk.exe -> Trojan.Small : Limpo com backup
C:\WINDOWS\system32\ldA1DF.tmp -> Downloader.Zlob.ot : Limpo com backup
C:\WINDOWS\system32\regperf.exe -> Trojan.Spambot : Limpo com backup


::Fim do Relatório
 
The HJT log:

--- Search result list ---
Vcodec: Dados (Arquivo, fixed)
C:\WINDOWS\system32\ts.ico

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-05-19 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-05-19 Includes\Cookies.sbi (*)
2006-05-19 Includes\Dialer.sbi (*)
2006-05-19 Includes\Hijackers.sbi (*)
2006-05-19 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-05-19 Includes\Malware.sbi (*)
2006-05-19 Includes\PUPS.sbi (*)
2006-05-19 Includes\Revision.sbi (*)
2006-05-19 Includes\Security.sbi (*)
2006-05-19 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-05-19 Includes\Trojans.sbi (*)


--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Windows Media Player 10: Actualização de Segurança para o Windows Media Player 10 (KB911565)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Actualização para Windows XP (KB894391)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB896358)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB896422)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB896423)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB896424)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB896428)
/ Windows XP / SP3: Actualização para Windows XP (KB898461)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB899587)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB899589)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB899591)
/ Windows XP / SP3: Actualização para Windows XP (KB900485)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB900725)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB901017)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB901214)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB902400)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB904706)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB905414)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB905749)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB908519)
/ Windows XP / SP3: Actualização para Windows XP (KB908531)
/ Windows XP / SP3: Actualização para Windows XP (KB910437)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB911562)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB911567)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB911927)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB912812)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB912919)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB913446)
/ Windows XP / SP3: Actualização de segurança para Windows XP (KB913580)


--- Startup entries list ---
Located: HK_LM:Run, CARPService
command: carpserv.exe
file: C:\WINDOWS\system32\carpserv.exe
size: 4608
MD5: ea3be7f5cdef0fe4df1bf6dbfe7abde0

Located: HK_LM:Run, McAfeeUpdaterUI
command: "C:\Programas\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
file: C:\Programas\Network Associates\Common Framework\UpdaterUI.exe
size: 135251
MD5: a5123363892c9fd682dcac6b450a991c

Located: HK_LM:Run, MessengerPlus3
command: "C:\Programas\MessengerPlus! 3\MsgPlus.exe"
file: C:\Programas\MessengerPlus! 3\MsgPlus.exe
size: 190024
MD5: b787d9a60fee9c3732c2e2d4571bb716

Located: HK_LM:Run, QuickTime Task
command: "C:\Programas\QuickTime\qttask.exe" -atboottime
file: C:\Programas\QuickTime\qttask.exe
size: 282624
MD5: 383145864f6543c97a7e1b78505d2f1c

Located: HK_LM:Run, ShStatEXE
command: "C:\Programas\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
file: C:\Programas\Network Associates\VirusScan\SHSTAT.EXE
size: 81990
MD5: f0814bd93969e2283a240ad4c6a04843

Located: HK_CU:Run, CTFMON.EXE
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 62b37f1f519a08af502e6f6bb41d2dff

Located: HK_CU:Run, MSMSGS
command: "C:\Programas\Messenger\msmsgs.exe" /background
file: C:\Programas\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: HK_CU:Run, MsnMsgr
command: "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Programas\MSN Messenger\MsnMsgr.Exe
size: 7094272
MD5: 3e7043efb95cbf2b444426747cf40f61

Located: Arranque (comum), Microsoft Office.lnk
command: C:\Programas\Microsoft Office\Office10\OSA.EXE
file: C:\Programas\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{f79fd28e-36ee-4989-aa61-9dd8e30a82fa} (Nothing)
BHO name:
CLSID name: Nothing
Path: C:\WINDOWS\system32\
Long name: hpF423.tmp
Short name:
Date (created): 22-05-2006 19:06:16
Date (last access): 22-05-2006 20:17:38
Date (last write): 22-05-2006 19:06:16
Filesize: 250368
Attributes: archive
MD5: 457D4F0EBB6BC7F6A1EECA75ACE7CED4
CRC32: C75EB314



--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash8b.ocx
Short name:
Date (created): 31-03-2006 11:45:12
Date (last access): 22-05-2006 19:06:52
Date (last write): 31-03-2006 11:45:12
Filesize: 1443464
Attributes: readonly archive
MD5: 12719EDDAAB9CAEEF28C6E58192F594B
CRC32: 680E085C
Version: 8.0.24.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 148 ( 4) \SystemRoot\System32\smss.exe
PID: 196 ( 148) \??\C:\WINDOWS\system32\csrss.exe
PID: 228 ( 148) \??\C:\WINDOWS\system32\winlogon.exe
PID: 272 ( 228) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 8186DA2B57774E6CD516A014827272EF
PID: 284 ( 228) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 4795EE604A505E58F9E7D6D17F4B7D32
PID: 444 ( 272) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: B62FC77D3CFC8B1C74763742D3214D3E
PID: 508 ( 272) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: B62FC77D3CFC8B1C74763742D3214D3E
PID: 564 ( 272) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: B62FC77D3CFC8B1C74763742D3214D3E
PID: 756 ( 732) C:\WINDOWS\Explorer.EXE
size: 1034240
MD5: 7A28F6B962DCDBFD94280338B4A8E6FB
PID: 1828 ( 756) C:\Programas\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 22-05-2006 20:27:04

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.clix.pt/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.hotmail.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.clix.pt
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]

Protocol 1: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D667D5BF-3C48-4121-9B62-672E8436646A}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D667D5BF-3C48-4121-9B62-672E8436646A}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C4493839-98CE-4D7A-9E0A-6FB6B22DE5A0}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C4493839-98CE-4D7A-9E0A-6FB6B22DE5A0}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D1CC607E-902F-4996-81B6-003116613D68}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D1CC607E-902F-4996-81B6-003116613D68}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0D32F7D2-7022-42CB-A544-63E454572B21}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0D32F7D2-7022-42CB-A544-63E454572B21}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0D96C8EB-1CDD-494A-AC3A-91321E744697}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0D96C8EB-1CDD-494A-AC3A-91321E744697}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{99FCDF8D-F712-485C-8B90-2AEF9A9EEADA}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{99FCDF8D-F712-485C-8B90-2AEF9A9EEADA}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Espaço de nomes para 'Identificação da localização na rede (NLA)'
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace



--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

(Branding)

Conexant 56K ACLink Modem (CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C)
uninstall cmd: C:\Programas\CONEXANT\CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C\HXFSETUP.EXE -U -Ihpm08505.inf

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

'Assistente para actualizar licenças pessoais' (DRM7Tool)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\drmtool.inf,Uninstall

(DXM_Runtime)

ewido anti-malware (ewidoantimalware)
install location: C:\Programas\ewido anti-malware
uninstall cmd: C:\Programas\ewido anti-malware\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

(expinst)

(Fontcore)
 
(continuation)

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\hijackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

Canon RemoteCapture Task for ZoomBrowser EX 1.0.2 (InstallShield_{2C164906-E68F-462A-9010-70DD022223EF})
version: 16777218
version (major): 1
estimated size: 8370
install date: 20060414
install source: D:\SOFTWARE\RCTASK\ENGLISH\
uninstall cmd: C:\Programas\Ficheiros comuns\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2C164906-E68F-462A-9010-70DD022223EF}
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Canon Internet Library for ZoomBrowser EX 1.3.3 (InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A})
version: 16973827
version (major): 1
version (minor): 3
estimated size: 666
install date: 20060414
install location: C:\Programas\Canon\ZoomBrowser EX\Program\
install source: D:\SOFTWARE\CIG\English\
uninstall cmd: C:\Programas\Ficheiros comuns\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F81FBFC-9A37-431F-9050-14B55485DF5A}
publisher: Canon Inc.
comments:
contact:
help link:
help telephone:

Canon RAW Image Task for ZoomBrowser EX 1.0 (InstallShield_{9518F764-C54D-47B2-9E73-154B21E79FD2})
version: 16777216
version (major): 1
estimated size: 5704
install date: 20060414
install source: D:\SOFTWARE\RAWTASK\ENGLISH\
uninstall cmd: C:\Programas\Ficheiros comuns\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9518F764-C54D-47B2-9E73-154B21E79FD2}
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

QuickTime 7.1 (InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31})
version: 117506048
version (major): 7
version (minor): 1
estimated size: 71343
install date: 20060516
install location: C:\Programas\QuickTime\
install source: C:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\_is2A\
uninstall cmd: C:\PROGRA~1\FICHEI~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

Canon Camera Support Core Library 7.0.0.15 (InstallShield_{C3E1AA89-B370-46F4-AEBD-F4EBE7BE38A1})
version: 117440512
version (major): 7
estimated size: 1388
install date: 20060414
install source: D:\SOFTWARE\CSCLIB\
uninstall cmd: C:\Programas\Ficheiros comuns\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C3E1AA89-B370-46F4-AEBD-F4EBE7BE38A1} /l1033
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Canon MovieEdit Task for ZoomBrowser EX 1.1.1.41 (InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817})
version: 16842753
version (major): 1
version (minor): 1
estimated size: 963
install date: 20060414
install source: D:\SOFTWARE\MVW\ENGLISH\
uninstall cmd: C:\Programas\Ficheiros comuns\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DE286975-ACF1-45B8-9EF7-34E162B2C817}
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Canon Utilities PhotoStitch 3.1 3.1.13 (InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401})
version: 50397197
version (major): 3
version (minor): 1
estimated size: 1364
install date: 20060414
install location: C:\Programas\Canon\PhotoStitch\
install source: D:\SOFTWARE\PSTITCH\ENGLISH\
uninstall cmd: C:\Programas\Ficheiros comuns\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
publisher: Canon
comments:
contact:
help link:
help telephone:

Canon Camera Window for ZoomBrowser EX 4.6.1 (InstallShield_{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0})
version: 67502081
version (major): 4
version (minor): 6
estimated size: 19958
install date: 20060414
install source: D:\SOFTWARE\cw\English\
uninstall cmd: C:\Programas\Ficheiros comuns\InstallShield\Driver\8\Intel 32\IDriver.exe /M{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

(KB884016)

Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB885884 20040924.025457 (KB885884)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885884

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Actualização de segurança para Windows XP (KB890046) 1 (KB890046)
install date: 20060501
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20060511
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Actualização de segurança para Windows XP (KB893756) 1 (KB893756)
install date: 20060515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Actualização para Windows XP (KB894391) 1 (KB894391)
install date: 20060508
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

Actualização de segurança para Windows XP (KB896358) 1 (KB896358)
install date: 20060515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Actualização de segurança para Windows XP (KB896422) 1 (KB896422)
install date: 20060515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Actualização de segurança para Windows XP (KB896423) 1 (KB896423)
install date: 20060423
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Actualização de segurança para Windows XP (KB896424) 1 (KB896424)
install date: 20060515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Actualização de segurança para Windows XP (KB896428) 1 (KB896428)
install date: 20060508
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Actualização para Windows XP (KB898461) 1 (KB898461)
install date: 20060422
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

Actualização de segurança para Windows XP (KB899587) 1 (KB899587)
install date: 20060515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Actualização de segurança para Windows XP (KB899589) 1 (KB899589)
install date: 20060501
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899589

Actualização de segurança para Windows XP (KB899591) 1 (KB899591)
install date: 20060515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

Actualização para Windows XP (KB900485) 2 (KB900485)
install date: 20060515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485

Actualização de segurança para Windows XP (KB900725) 1 (KB900725)
install date: 20060512
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Actualização de segurança para Windows XP (KB901017) 1 (KB901017)
install date: 20060515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Actualização de segurança para Windows XP (KB901214) 1 (KB901214)
install date: 20060511
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Actualização de segurança para Windows XP (KB902400) 1 (KB902400)
install date: 20060515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Actualização de segurança para Windows XP (KB904706) 2 (KB904706)
install date: 20060425
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Actualização de segurança para Windows XP (KB905414) 1 (KB905414)
install date: 20060429
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Actualização de segurança para Windows XP (KB905749) 1 (KB905749)
install date: 20060501
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

Actualização de segurança para Windows XP (KB908519) 1 (KB908519)
install date: 20060426
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Actualização para Windows XP (KB908531) 2 (KB908531)
install date: 20060515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Actualização para Windows XP (KB910437) 1 (KB910437)
install date: 20060515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Actualização de segurança para Windows XP (KB911562) 1 (KB911562)
install date: 20060515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Actualização de Segurança para o Windows Media Player (KB911564) (KB911564)
install date: 20060507
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564

Actualização de Segurança para o Windows Media Player 10 (KB911565) (KB911565)
install date: 20060512
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911565

Actualização de segurança para Windows XP (KB911567) 1 (KB911567)
install date: 20060505
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567

Actualização de segurança para Windows XP (KB911927) 1 (KB911927)
install date: 20060515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927

Actualização de segurança para Windows XP (KB912812) 1 (KB912812)
install date: 20060515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912812

Actualização de segurança para Windows XP (KB912919) 1 (KB912919)
install date: 20060426
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919

Actualização de segurança para Windows XP (KB913433) (KB913433)
uninstall cmd: C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913433

Actualização de segurança para Windows XP (KB913446) 1 (KB913446)
install date: 20060430
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913446

Actualização de segurança para Windows XP (KB913580) 1 (KB913580)
install date: 20060515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580

K-Lite Codec Pack 2.54 Full 2.54 (KLiteCodecPack_is1)
install location: C:\Programas\K-Lite Codec Pack\
uninstall cmd: "C:\Programas\K-Lite Codec Pack\unins000.exe"

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

(MPlayer2)

Messenger Plus! 3 (MsgPlus! Plugin)
uninstall cmd: "C:\Programas\MessengerPlus! 3\MsgPlus.exe" /Remove

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(MsJavaVM)

(NetMeeting)

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

(PhotoRecord)

(SchedulingAgent)

Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Programas\Spybot - Search & Destroy\
uninstall cmd: "C:\Programas\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Programas\Windows Media Player\Setup_wm.exe" /Uninstall

Windows XP Service Pack 2 20040803.231315 (Windows XP Service Pack)
uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811113

RemoteCapture Task 1.0.2 1.0.2 ({2C164906-E68F-462A-9010-70DD022223EF})
version: 16777218
version (major): 1
estimated size: 8370
install date: 20060414
install source: D:\SOFTWARE\RCTASK\ENGLISH\
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

Internet Library 1.3.3 ({2F81FBFC-9A37-431F-9050-14B55485DF5A})
version: 16973827
version (major): 1
version (minor): 3
estimated size: 666
install date: 20060414
install location: C:\Programas\Canon\ZoomBrowser EX\Program\
install source: D:\SOFTWARE\CIG\English\
publisher: Canon Inc.
comments:
contact:
help link:
help telephone:
 
the final one (I couldn't put them all in one)

(continuation)

WebFldrs XP 9.50.6513 ({350C9816-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2628
install date: 20060324
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

MSN Messenger 7.5 7.5.0324.0 ({44078C4E-03EE-11DA-BFBD-00065BBDC0B5})
version: 117768516
version (major): 7
version (minor): 5
estimated size: 15946
install date: 20060515
install source: C:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{44078C4E-03EE-11DA-BFBD-00065BBDC0B5}
publisher: Microsoft Corporation

McAfee VirusScan Enterprise 7.1.0 ({59224777-298D-4E9C-9AEB-4A91BDA01B27})
version: 117506048
version (major): 7
version (minor): 1
estimated size: 10613
install date: 20060324
install location: C:\Programas\Network Associates\VirusScan\
install source: C:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\McAfee VirusScan Enterprise 7\
uninstall cmd: MsiExec.exe /I{59224777-298D-4E9C-9AEB-4A91BDA01B27}
publisher: Network Associates
help link: https://mysupport.nai.com/redir/default.asp?pCode=VSC&sRef=app&sDest=FAQ
help telephone: +1 (408) 988-3832

Microsoft Office XP Professional 10.0.2627.18 ({90110816-6000-11D3-8CFE-0050048383C9})
version: 167774787
version (major): 10
estimated size: 431760
install date: 20060324
install location: INSTALLLOCATION
install source: D:\office XP\
uninstall cmd: MsiExec.exe /I{90110816-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Programas\Microsoft Office\Office10\2070\OFREAD10.HTM

RAW Image Task 1.0 1.0 ({9518F764-C54D-47B2-9E73-154B21E79FD2})
version: 16777216
version (major): 1
estimated size: 5704
install date: 20060414
install source: D:\SOFTWARE\RAWTASK\ENGLISH\
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

InterVideo WinDVD ({98E8A2EF-4EAE-43B8-A172-74842B764777})
version (major): 4
install location: C:\Programas\InterVideo\WinDVD4
uninstall cmd: "C:\Programas\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
publisher: InterVideo Inc.

Adobe Reader 6.0 - Português 006.000.000 ({AC76BA86-7AD7-1046-7B44-000000000001})
version: 100663296
version (major): 6
estimated size: 49792
install date: 20060324
install location: C:\Programas\Adobe\Acrobat 6.0\Reader\
install source: C:\WINDOWS\Cache\Adobe Reader 6.0\PTBBIG\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-000000000001}
publisher: Adobe Systems Incorporated
comments:
contact: Departamento de atendimento ao cliente
help link: http://www.brasil.adobe.com/products/acrobat/main.html
help telephone:
readme: C:\Programas\Adobe\Acrobat 6.0\Readme.htm

ArcSoft Camera Suite 1.3 ({AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7})
uninstall cmd: RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}\setup.exe" -l0x9

Canon PhotoRecord 02.00.00029 ({BEF56F2D-56ED-4176-BF72-7B68D4A3B98D})
version: 33554461
version (major): 2
estimated size: 82181
install date: 20060414
install source: D:\SOFTWARE\PR2\
uninstall cmd: MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
publisher: Cisra

Canon Utilities ZoomBrowser EX 04.06.00032 ({C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2})
version: 67502112
version (major): 4
version (minor): 6
estimated size: 8811
install date: 20060414
install source: D:\SOFTWARE\ZOOMBRSR\ENGLISH\
uninstall cmd: MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
publisher: CISRA

QuickTime 7.1 ({C21D5524-A970-42FA-AC8A-59B8C7CDCA31})
version: 117506048
version (major): 7
version (minor): 1
estimated size: 71343
install date: 20060516
install location: C:\Programas\QuickTime\
install source: C:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\_is2A\
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

Camera Support Core Library 7.0.0.15 ({C3E1AA89-B370-46F4-AEBD-F4EBE7BE38A1})
version: 117440512
version (major): 7
estimated size: 1388
install date: 20060414
install source: D:\SOFTWARE\CSCLIB\
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

MovieEdit Task 1.1.1.41 ({DE286975-ACF1-45B8-9EF7-34E162B2C817})
version: 16842753
version (major): 1
version (minor): 1
estimated size: 963
install date: 20060414
install source: D:\SOFTWARE\MVW\ENGLISH\
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:

PhotoStitch 3.1.13 ({EF4C7EB0-D71B-43A3-9552-8053DE4B0401})
version: 50397197
version (major): 3
version (minor): 1
estimated size: 1364
install date: 20060414
install location: C:\Programas\Canon\PhotoStitch\
install source: D:\SOFTWARE\PSTITCH\ENGLISH\
publisher: Canon
comments:
contact:
help link:
help telephone:

Camera Window 4.6.1 ({F37942A8-B21B-4C5A-A1D2-B676BF55EAE0})
version: 67502081
version (major): 4
version (minor): 6
estimated size: 19958
install date: 20060414
install source: D:\SOFTWARE\cw\English\
publisher: Canon
comments:
contact:
help link:
help telephone:
readme:


______________________________________________________________

Ok, so far I didn't see any popups alerts, the net didn't go to security internet... or appeared messages from my antivirus!!!!!!! Is it cured??
I looked above to see what I've been doing and I am amazed!!! (I don't understand anything!!!)
If this is all, I must thank you very, very much!!! I am a bit obsessive and I could not rest while this problem wasn't solved.
I'll try to contribute with some money to your forum (I just don't know how to do it easily), you're really nice people.
By the way, which of the programs I've installed I should keep in my computer (all, some, none) and which I can use routinely to check for problems.

Thank you again,
Maria
 
Hello Maria, The last information you are posting is NOT the HJT log. I need to see a new HJT log. Open HJT and choose "Do a system scan and save a logfile" Wait until the notepad appears with the logfile in it. Look at the top, Format, make sure "Word Wrap" IS NOT checked. Now click on Edit then Select all. The information that is highlited, copy and paste that to this same topic. Thanks
 
here it is

Hello, I believe this is it:

Logfile of HijackThis v1.99.1
Scan saved at 18:27:51, on 23-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Network Associates\VirusScan\SHSTAT.EXE
C:\Programas\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\carpserv.exe
C:\Programas\MessengerPlus! 3\MsgPlus.exe
C:\Programas\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\Programas\ewido anti-malware\ewidoctrl.exe
C:\Programas\ewido anti-malware\ewidoguard.exe
C:\Programas\Network Associates\Common Framework\FrameworkService.exe
C:\Programas\Network Associates\VirusScan\Mcshield.exe
C:\Programas\Network Associates\VirusScan\VsTskMgr.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\Microsoft Office\Office10\WINWORD.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sapo.pt/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer disponibilizado por Clix
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programas\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programas\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programas\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.clix.pt
O17 - HKLM\System\CCS\Services\Tcpip\..\{D667D5BF-3C48-4121-9B62-672E8436646A}: NameServer = 195.23.129.126,194.79.69.222
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: ewido security suite control - ewido networks - C:\Programas\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programas\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programas\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programas\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programas\Network Associates\VirusScan\VsTskMgr.exe


Thank you!
 
Thanks Maria, that was what I needed to see and your HJT log is clean of malware, here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://boards.cexx.org/viewtopic.php?t=957
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

ewido is a great program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

The tools you downloaded for fixing Smitfraud trojan, you may delete those, hope you never need them again but if you do you would want the fresh. (updated)

If all is running well, then you are good to go:bigthumb:

Safe surfing...tashi will close your topic in a few days.

Thanks...Phil
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
 
You must log in or register to reply here.
Back
Top