System Tray Adware/Malware help!

[Mic_128]

I had a few pesttraps show up in Spybot and after failing to get rid of em, I searched and followed these instructions http://forums.spybot.info/showthread.php?t=9424&highlight=Pesttrap
which removed them fine, however one adware is still in my Tray which I assumed was Pestbot but after Spybot failed to pick it up, I searched around and found this description of the adware.

It alternately flashes a yellow exclamation triangle and a minesweeper bomb. Context click does not present a menu to disable. Either mouseclick brings up this URL:

xxx:virusbursters.com/?aff=330

So some enthusiastic, or broke, affiliate wrote what seems to be a trojan horse to pimp this product! It regenerates registry entries after every boot, maybe during shutdown. It takes forever to shutdown. Some example strings in the registry are "baloon", and "virusbursters". It also seems to append strings to: SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters, without them being visible to regedit! I'm using RegSeeker to find these strings. Oh, and the strings are offshore havens, such as Trinidad and Tobago.

And this sounds exactly like what I've got. What can I do to fix this?

 

[Mic_128]

I meant Pesttrap, not pestbot, sorry.

 

[Mic_128]

Used PAnda Scan and got this


Incident Status Location

Adware:adware/adultlinks Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Dad\Cookies\dad@ccbill[2].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Dad\Cookies\dad@kinghost[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Dad\Cookies\dad@toplist[1].txt
Adware:Adware/PestTrap Not disinfected C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\RQCOGT9F\safeiepage[1].htm
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mic\Cookies\mic@atwola[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Mic\Cookies\mic@burstnet[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Mic\Cookies\mic@cgi-bin[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mic\Cookies\mic@com[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Mic\Cookies\mic@xiti[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mum\Cookies\mum@ad.yieldmanager[2].txt
Adware:Adware/PestTrap Not disinfected C:\Documents and Settings\Mum\Local Settings\Temp\Temporary Internet Files\Content.IE5\SVJF64TX\safeiepage[2].htm
Possible Virus. Not disinfected C:\Program Files\Video ActiveX Object\pmsngr.exe

 

[pskelley]

Welcome to the forum, you must have missed the Pinned information at the top, especially these:
UPDATED WINDOWS - Your first line of defence, links and tips
http://forums.spybot.info/showthread.php?t=425
"BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D
http://forums.spybot.info/showthread.php?t=288

Follow the directions in this link: http://forums.spybot.info/showthread.php?t=4015 When you finish the instructions, post the three logs in this same topic using the "Post Reply" button.
Please use these instructions when you run AVG Anti-Spyware, make sure you delete or at least quarantine what is located.
http://forums.security-central.us/showthread.php?t=3165

Spybot-S&D: Be sure to follow the directions to save the scan report but do not post it here unless requested by a helper.

Thanks...pskelley
Safer Networking Forums

If you would like to let your thoughts be known about the lowlifes who put that junk on your computer, you can do that here:
If you have been infected by one of the SpyAxe family
http://forums.tomcoyote.org/index.php?showtopic=58063
http://www.malwarecomplaints.info/

 

[Mic_128]

HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 9:23:19 AM, on 14/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\VideoCompressionCodec\isaddon.dll (file missing)
O3 - Toolbar: Protection Bar - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - C:\Program Files\VideoCompressionCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: BTTray.lnk.disabled
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153129715185
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153589781390
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\WINDOWS\system32\dpfwu.dll (file missing)
O21 - SSODL: blippers - {f2efa195-4785-4db1-9316-b48c64bb71da} - C:\WINDOWS\system32\xqpauzx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

[Mic_128]

--- Search result list ---
Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-10-22 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-12-08 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2006-12-08 Includes\DialerC.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2006-12-08 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-12-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-12-08 Includes\Malware.sbi (*)
2006-12-08 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-12-08 Includes\PUPSC.sbi (*)
2006-12-08 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2006-12-08 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-12-08 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-12-08 Includes\Trojans.sbi (*)
2006-12-08 Includes\TrojansC.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/917283
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/922770
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922760)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)


--- Startup entries list ---
Located: HK_LM:Run, !AVG Anti-Spyware
command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6266880
MD5: 01d90ae5dccbce0c7b52874fec35a608

Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 369664
MD5: 5ff72bb3dd3d7a206fbab530de76521a

Located: HK_LM:Run, Lexmark X1100 Series
command: "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
file: C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
size: 57344
MD5: 8e7939d19e49d071110d780bf1edec21

Located: HK_LM:Run, ATICCC (DISABLED)
command: "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
file: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
size: 45056
MD5: 64c4c17bf6a40ff1cd21205e6fd415b8

Located: HK_LM:Run, BluetoothAuthenticationAgent (DISABLED)
command: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, DAEMON Tools (DISABLED)
command: "C:\DAEMON Tools\daemon.exe" -lang 1033
file: C:\DAEMON Tools\daemon.exe
size: 133016
MD5: d050311a72d10d4d2cffacf5728fc978

Located: HK_LM:Run, NeroFilterCheck (DISABLED)
command: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
file: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
size: 155648
MD5: c93ab037a8c792d5f8a1a9fc88a7c7c5

Located: HK_LM:Run, RaidTool (DISABLED)
command: C:\Program Files\VIA\RAID\raid_tool.exe
file: C:\Program Files\VIA\RAID\raid_tool.exe
size: 589824
MD5: 1cf881aae046fa887e684b5b8d5d3156

Located: HK_LM:Run, SoundMAX (DISABLED)
command: "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
file: C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
size: 794624
MD5: 0a83aedefade30b5cd28049031e149fa

Located: HK_LM:Run, SoundMAXPnP (DISABLED)
command: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
file: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
size: 1368064
MD5: d3333768300f462f6b309ab53f75bb25

Located: HK_LM:Run, TkBellExe (DISABLED)
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185784
MD5: 8a71139a5cd86ac55cf0e4383ab4ae33

Located: HK_CU:Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} (DISABLED)
command: "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
file: C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
size: 139264
MD5: 7824452741212af839ea61a9e9f1ea0b

Located: HK_CU:Run, CTFMON.EXE (DISABLED)
command: C:\WINDOWS\system32\ctfmon.exe
file:

Located: HK_CU:Run, MSMSGS (DISABLED)
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: HK_CU:Run, SpybotSD TeaTimer (DISABLED)
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496eee0ddbe485f658693826f44d38

Located: HK_CU:Run, Steam (DISABLED)
command: "c:\valve\steam\steam.exe" -silent
file: c:\valve\steam\steam.exe
size: 1249280
MD5: cde5895db998d361a2d95647d1da4bbf

Located: Startup (common), Adobe Reader Speed Launch.lnk (DISABLED)
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Startup (common), BTTray.lnk (DISABLED)
command: C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
file: C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
size: 499773
MD5: d7faa78dad1f0c1d6a557f73045cea14

Located: Startup (common), Run Nintendo Wi-Fi USB Connector Registration Tool.lnk (DISABLED)
command: C:\Program Files\WiFiConnector\NintendoWFCReg.exe
file: C:\Program Files\WiFiConnector\NintendoWFCReg.exe
size: 1073152
MD5: e7f99344c5c441c0b7771e40c9e1e8c7

Located: Startup (user), Adobe Gamma.lnk (DISABLED)
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: System.ini, AtiExtEvent (DISABLED)
command: Ati2evxx.dll
file: Ati2evxx.dll

Located: System.ini, crypt32chain (DISABLED)
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet (DISABLED)
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll (DISABLED)
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp (DISABLED)
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule (DISABLED)
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy (DISABLED)
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn (DISABLED)
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv (DISABLED)
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon (DISABLED)
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon (DISABLED)
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 12/01/2006 8:38:22 PM
Date (last access): 14/12/2006 8:44:30 AM
Date (last write): 12/01/2006 8:38:22 PM
Filesize: 63128
Attributes: archive
MD5: F17B2B264072B921FC66A0BE16626BAB
CRC32: 5184CFEA
Version: 7.0.7.142

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 22/10/2006 9:41:22 AM
Date (last access): 14/12/2006 8:44:30 AM
Date (last write): 31/05/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} ()
BHO name:
CLSID name:
Path: C:\Program Files\VideoCompressionCodec\
Long name: isaddon.dll



--- ActiveX list ---
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
Installer: C:\WINDOWS\Downloaded Program Files\QTPlugin.inf
Codebase: http://www.apple.com/qtactivex/qtplugin.cab
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\QuickTime\
Long name: QTPlugin.ocx
Short name:
Date (created): 1/10/2006 10:32:34 PM
Date (last access): 5/12/2006 2:06:10 PM
Date (last write): 1/10/2006 10:32:34 PM
Filesize: 562760
Attributes: archive
MD5: 023EDA335ED2BE8C249EA4D652E3874D
CRC32: 24B00570
Version: 7.1.3.100

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 13/11/2006 10:26:38 AM
Date (last access): 8/12/2006 1:05:48 PM
Date (last write): 3/09/2006 11:10:30 PM
Filesize: 54960
Attributes: archive
MD5: EB271B21EA6104B7C6946EF32D558C91
CRC32: CEC4E0C2
Version: 10.1.4.20

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?LinkID=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 17/05/2006 11:23:38 AM
Date (last access): 13/12/2006 7:48:50 PM
Date (last write): 7/08/2006 9:50:22 AM
Filesize: 1484592
Attributes: archive
MD5: 5E700932C726D5F845AF03478B999749
CRC32: B7C379F2
Version: 1.5.708.0

{4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class)
DPF name:
CLSID name: EPUImageControl Class
Installer: C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.inf
Codebase: http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
description:
classification: Legitimate
known filename: EPUWalcontrol.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: EPUWALcontrol.dll
Short name: EPUWAL~1.DLL
Date (created): 15/06/2006 6:33:54 PM
Date (last access): 14/12/2006 9:12:52 AM
Date (last write): 15/06/2006 6:33:54 PM
Filesize: 1132192
Attributes: archive
MD5: 6C378170CBEC45E5DBBE6B5A17BB3C90
CRC32: 679C2B95
Version: 1.0.3.48

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153129715185
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 18/07/2006 7:08:40 AM
Date (last access): 13/12/2006 7:48:50 PM
Date (last write): 26/05/2005 4:19:32 AM
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 5.8.0.2469

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153589781390
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 26/05/2005 4:19:32 AM
Date (last access): 13/12/2006 7:48:50 PM
Date (last write): 26/05/2005 4:19:32 AM
Filesize: 178408
Attributes: archive
MD5: EE37AA2C0700221CD8B02FADCD4C7FB5
CRC32: F5494B06
Version: 5.8.0.2469

 

[Mic_128]

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab
description:
classification: Legitimate
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 24/08/2006 8:28:54 AM
Date (last access): 14/12/2006 9:12:52 AM
Date (last write): 24/08/2006 8:28:54 AM
Filesize: 141424
Attributes: archive
MD5: CB0EBD772D7D003BD11A999FF515A89A
CRC32: 3CFE74C1
Version: 58.6.0.0

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9b.ocx
Short name:
Date (created): 9/11/2006 2:46:28 PM
Date (last access): 14/12/2006 8:44:38 AM
Date (last write): 9/11/2006 2:46:28 PM
Filesize: 2262648
Attributes: readonly archive
MD5: F3B3EE66CA76C94510555ABE9D00A353
CRC32: A51F3CB4
Version: 9.0.28.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 216 ( 4) \SystemRoot\System32\smss.exe
PID: 264 ( 216) \??\C:\WINDOWS\system32\csrss.exe
PID: 288 ( 216) \??\C:\WINDOWS\system32\winlogon.exe
PID: 336 ( 288) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 348 ( 288) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 500 ( 336) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 564 ( 336) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 612 ( 336) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 748 ( 740) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 860 ( 748) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 14/12/2006 9:17:45 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.msn.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD RfComm [Bluetooth]
GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD RfComm [Bluetooth]

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{357BEB13-DB09-4EED-B285-BCA999627B19}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{357BEB13-DB09-4EED-B285-BCA999627B19}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D8364119-A1AD-4B73-8B0F-095E914B56D7}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D8364119-A1AD-4B73-8B0F-095E914B56D7}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6462031A-C83C-4D65-A15F-5B82F5E24A06}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6462031A-C83C-4D65-A15F-5B82F5E24A06}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6447B4EA-E853-4EB7-B470-76E9085DD283}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6447B4EA-E853-4EB7-B470-76E9085DD283}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FAA42FFC-BEDC-45E3-912F-00B425753E01}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FAA42FFC-BEDC-45E3-912F-00B425753E01}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{90A20549-95C6-4635-847B-2EB584B9DA60}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{90A20549-95C6-4635-847B-2EB584B9DA60}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5AFEF8C2-6AF9-4129-B03C-B07788913E7A}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5AFEF8C2-6AF9-4129-B03C-B07788913E7A}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: Bluetooth Namespace
GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
Filename: %SystemRoot%\system32\wshbth.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\wshbth.dll
DB protocol: Bluetooth-Namespace



--- Uninstall list ---
(ABBYY FineReader 5.0 Sprint)

Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Adobe Photoshop CS2 9.0 (Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D})
version: 9
version (major): 9
install location: C:\Program Files\Adobe\Adobe Photoshop CS2\
uninstall cmd: msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
publisher: Adobe Systems, Inc.
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-555-555-4505

Adobe Shockwave Player 10.1.4.20 (Adobe Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/support/shockwave

Adobe Download Manager 2.0 (Remove Only) 2.0 (AdobeESD)
uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"

AhaView (AhaView)
uninstall cmd: "C:\Program Files\AhaView\uninstall.exe"

ATI - Software Uninstall Utility 6.14.10.1015 (All ATI Software)
install location: C:\Program Files\ATI Technologies\UninstallAll
uninstall cmd: C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

AOL Instant Messenger (AOL Instant Messenger)
uninstall cmd: C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=

ATI Display Driver 8.263-060607a-033678C-ATI (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean

AVG Free Edition (AVG7Uninstall)
uninstall cmd: C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL

AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: http://www.grisoft.com

(Branding)

CloneDVD 3.9.4 (CloneDVD.exe_is1)
install location: C:\Program Files\CloneDVD\
uninstall cmd: "C:\Program Files\CloneDVD\unins000.exe"
publisher: Copyright (C) 2003-2006 DVD X Studios.
help link: http://www.clonedvd.net

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

(Fontcore)

Hamachi 1.0.0.62 (Hamachi)
uninstall cmd: C:\Hamachi\uninstall.exe

Hijackthis 1.99.1 (Hijackthis_is1)
install location: C:\Program Files\Hijackthis\
uninstall cmd: "C:\Program Files\Hijackthis\unins000.exe"
publisher: Soeperman Enterprises Ltd
help link: http://www.merijn.org

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

VIA Platform Device Manager 1.12 (InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169})
version: 17563648
version (major): 1
version (minor): 12
install date: 20060717
install source: E:\Drivers\4in1\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
publisher: VIA Technologies, Inc.
comments: VIA Hyperion Pro Setup Program
contact: http://forums.viaarena.com/
help link: http://www.viaarena.com/
help telephone: NULL
readme: NULL

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

(KB884016)

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Windows Media Format SDK Hotfix - KB891122 (KB891122)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891122

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

Hotfix for Windows XP (KB896344) 2 (KB896344)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896344

Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

 

[Mic_128]

Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Update for Windows XP (KB898461) 1 (KB898461)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Security Update for Windows XP (KB899589) 1 (KB899589)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899589

Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

Update for Windows XP (KB900485) 2 (KB900485)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485

Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Hotfix for Windows Media Format SDK (KB902344) (KB902344)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902344

Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Security Update for Windows XP (KB904706) 2 (KB904706)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Update for Windows XP (KB904942) 2 (KB904942)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904942

Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Update for Windows XP (KB908531) 2 (KB908531)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Microsoft Base Smart Card Cryptographic Service Provider Package (KB909520)
uninstall cmd: "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

Update for Windows XP (KB910437) 1 (KB910437)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Update for Windows XP (KB911280) 2 (KB911280)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280

Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564

Security Update for Windows XP (KB911567) 1 (KB911567)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567

Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927

Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919

Security Update for Windows XP (KB913433) (KB913433)
uninstall cmd: C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913433

Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580

Security Update for Windows XP (KB914388) 1 (KB914388)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914388

Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389

Security Update for Windows XP (KB916281) 1 (KB916281)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916281

Update for Windows XP (KB916595) 1 (KB916595)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916595

Security Update for Windows XP (KB917159) 1 (KB917159)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917159

Security Update for Microsoft .NET Framework 2.0 (KB917283) 1 (KB917283.T1_1ToU93_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/917283

Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344

Security Update for Windows XP (KB917422) 1 (KB917422)
install date: 20060816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917422

Security Update for Windows Media Player 10 (KB917734) (KB917734_WMP10)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734

Security Update for Windows Media Player 9 (KB917734) (KB917734_WMP9)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734

Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953

Security Update for Windows XP (KB918439) 1 (KB918439)
install date: 20060717
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439

Security Update for Windows XP (KB918899) 1 (KB918899)
install date: 20060816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918899

Security Update for Windows XP (KB919007) 1 (KB919007)
install date: 20060913
uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=919007

Security Update for Windows XP (KB920213) 1 (KB920213)
install date: 20061119
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920213

Security Update for Windows XP (KB920214) 1 (KB920214)
install date: 20060816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920214

Security Update for Windows XP (KB920670) 1 (KB920670)
install date: 20060816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920670

Security Update for Windows XP (KB920683) 1 (KB920683)
install date: 20060816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920683

Security Update for Windows XP (KB920685) 1 (KB920685)
install date: 20060913
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920685

Update for Windows XP (KB920872) 1 (KB920872)
install date: 20060913
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920872

Security Update for Windows XP (KB921398) 1 (KB921398)
install date: 20060816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921398

Security Update for Windows XP (KB921883) 1 (KB921883)
install date: 20060809
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921883

Update for Windows XP (KB922582) 1 (KB922582)
install date: 20060913
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922582

Security Update for Windows XP (KB922616) 1 (KB922616)
install date: 20060816
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922616

Security Update for Windows XP (KB922760) 1 (KB922760)
install date: 20061119
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922760

Security Update for Microsoft .NET Framework 2.0 (KB922770) 1 (KB922770.T1_1ToU168_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/922770

Security Update for Windows XP (KB922819) 1 (KB922819)
install date: 20061011
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922819

Security Update for Windows XP (KB923191) 1 (KB923191)
install date: 20061011
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923191

Security Update for Windows XP (KB923414) 1 (KB923414)
install date: 20061011
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923414

Security Update for Windows XP (KB923980) 1 (KB923980)
install date: 20061119
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923980

Security Update for Windows XP (KB924191) 1 (KB924191)
install date: 20061011
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924191

Security Update for Windows XP (KB924270) 1 (KB924270)
install date: 20061119
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924270

Security Update for Windows XP (KB924496) 1 (KB924496)
install date: 20061011
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924496

Security Update for Windows XP (KB925486) 1 (KB925486)
install date: 20060927
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925486

Lexmark X1100 Series (Lexmark X1100 Series)
uninstall cmd: C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series

Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=45396

(MobileOptionPack)

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

(NeroBackItUp!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

(NeroMediaHome!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

(NeroRecode!UninstallKey)
uninstall cmd: C:\WINDOWS\UNRecode.exe /UNINSTALL

(NeroShowTime!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

(NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL

(NetMeeting)

(OutlookExpress)

Panda ActiveScan (Panda ActiveScan)
uninstall cmd: C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
publisher: Panda Software S.L.

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Public Messenger ver 2.03 (Public Messenger ver 2.03)
uninstall cmd: "C:\Program Files\Video ActiveX Object\pmuninst.exe"

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

(SchedulingAgent)

(Shockwave)

Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
publisher: Adobe Systems
help link: http://www.adobe.com/go/flashplayer_support/

 

[Mic_128]

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

Video ActiveX Object 1.15 1.15 (Video ActiveX Object)
uninstall cmd: C:\Program Files\Video ActiveX Object\uninst.exe
publisher: Video ActiveX Object Software

Viewpoint Media Player (Remove Only) (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u

VIA Rhine-Family Fast Ethernet Adapter (VN_VUIns_Rhine_VIA)
uninstall cmd: Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA

Windows Genuine Advantage Validation Tool (KB892130) 1.5.0530.0 (WGA)
install date: 20060717
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130

Windows Genuine Advantage Notifications (KB905474) 1.5.0540.0 (WgaNotify)
install date: 20060717
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905474

Nintendo Wi-Fi USB Connector Registration Tool (WiFiConnector)
uninstall cmd: C:\Program Files\WiFiConnector\SoftAPUninst.exe

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

WinZip (WinZip)
uninstall cmd: "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

Windows Media Connect (WMCSetup)
uninstall cmd: "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=47544

World of Warcraft (World of Warcraft)
uninstall cmd: C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

Steam(TM) 1.0.0.0 ({048298C9-A4D3-490B-9FF9-AB023A9238F3})
version: 16777216
version (major): 1
estimated size: 25178
install date: 20060723
install source: E:\
uninstall cmd: MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
publisher: Valve
comments: Steam
help link: http://steampowered.custhelp.com/cgi-bin/steampowered.cfg/php/enduser/entry.php

ATI Catalyst Control Center 1.2.2349.28584 ({12452C5A-32E2-40C6-808D-DA4FB6DC35A5})
version: 16910637
version (major): 1
version (minor): 2
estimated size: 67664
install date: 20060717
install source: C:\ATI\SUPPORT\6-6_xp-2k_dd_ccc_wdm_enu_33678\ACE\
uninstall cmd: MsiExec.exe /I{12452C5A-32E2-40C6-808D-DA4FB6DC35A5}
comments: Free technical support for ATI products, available 24 hours a day through our customer care webform.
contact: Customer Support Department
help link: http://www.ati.com/support/
help telephone: 1-877-284-1564

AutoUpdate 1.1 ({18D10072035C4515918F7E37EAFAACFC})
install location: C:\Program Files\DivX

Hallmark Card Studio 3 ({1EA8F972-45F7-497D-8A03-F40F1A421099})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EA8F972-45F7-497D-8A03-F40F1A421099}\setup.exe"

Platform 1.12 ({20D4A895-748C-4D88-871C-FDB1695B0169})
version: 17563648
version (major): 1
version (minor): 12
install date: 20060717
install source: E:\Drivers\4in1\
publisher: VIA Technologies, Inc.
comments: VIA Hyperion Pro Setup Program
contact: http://forums.viaarena.com/
help link: http://www.viaarena.com/
help telephone: NULL
readme: NULL

Adobe Photoshop CS2 9.0 ({236BB7C4-4419-42FD-0409-1E257A25E34D})
version: 150994944
version (major): 9
estimated size: 639892
install date: 20061028
install location: C:\Program Files\Adobe\Adobe Photoshop CS2\
install source: C:\Photoshop\Photoshop CS2\Adobe(R) Photoshop(R) CS2\
publisher: Adobe Systems, Inc.
comments:
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-555-555-4505

S3GSetup 2.00.07.0709 ({2B43252C-A1E3-4C47-927C-9F2C276D3515})
version: 33554439
version (major): 2
install date: 20060717
install source: E:\Drivers\Display\2K_XP\
publisher: S3 Graphics
comments: .
contact:
help link: http://www.s3graphics.com
help telephone: -
readme: Readme.txt

WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154279267
version (major): 9
version (minor): 50
estimated size: 2472
install date: 20060717
install source: C:\WINDOWS\system32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

({62369F2F77534556AEF4C58152E3BDE5})

Microsoft .NET Framework 2.0 2.0.50727 ({7131646D-CD3C-40F4-97B9-CD9E4E6262EF})
version: 33605159
version (major): 2
estimated size: 575620
install date: 20061012
install source: C:\DOCUME~1\Dad\LOCALS~1\Temp\IXP000.TMP\
publisher: Microsoft Corporation

Adobe Stock Photos 1.0 001.000.000 ({786C5747-1033-0000-B58E-000000000001})
version: 16777216
version (major): 1
estimated size: 5397
install date: 20061028
install location: C:\Program Files\Adobe\Adobe Stock Photos\
install source: C:\Photoshop\Photoshop CS2\Adobe(R) Photoshop(R) CS2\Stock Photography\
uninstall cmd: MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com
help telephone: 1-555-555-4505

Ventrilo Client 2.3.0 ({789289CA-F73A-4A16-A331-54D498CE069F})
version: 33751040
version (major): 2
version (minor): 3
estimated size: 2392
install date: 20060803
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
publisher: Flagship Industries, Inc.
help link: http://www.ventrilo.com

DivX Codec 6.4.0 ({7B63B2922B174135AFC0E1377DD81EC2})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
publisher: DivX, Inc.

SpeechRedist 1.0.0 ({8795CBED-55E2-4693-9F14-84EC446935BE})
version: 16777216
version (major): 1
estimated size: 60209
install date: 20060717
install source: E:\Speech\Redist\
uninstall cmd: MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
publisher: Epic Games Inc.
contact: Epic Games Inc.

DivX Player 6.2.0 ({8ADFC4160D694100B5B8A22DE9DCABD9})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
publisher: DivXNetworks, Inc.

Adobe Common File Installer 1.00.0000 ({8EDBA74D-0686-4C99-BFDD-F894678E5B39})
version: 16777216
version (major): 1
estimated size: 136561
install date: 20061028
install location: C:\Program Files\Common Files\Adobe\
install source: C:\Photoshop\Photoshop CS2\Adobe(R) Photoshop(R) CS2\commonfilesinstaller\
uninstall cmd: MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
publisher: Adobe System Incorporated
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com/help
help telephone: 1-555-555-4505

Microsoft Office Standard Edition 2003 11.0.7969.0 ({91120409-6000-11D3-8CFE-0150048383C9})
version: 184557345
version (major): 11
estimated size: 441344
install date: 20061120
install source: C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\
uninstall cmd: MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM

Nero - Burning Rom 5.5.9.9 ({A4D7B764-4140-11D4-88EB-0050DA3579C0})
version: 84213769
version (major): 5
version (minor): 5
estimated size: 44941
install date: 20060928
install source: D:\NeroExpress55\
uninstall cmd: MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
publisher: ahead software gmbh
contact: Hotline
help link: http://www.nero.com
help telephone:
readme: 0

Adobe Reader 7.0.8 7.0.8 ({AC76BA86-7AD7-1033-7B44-A70800000002})
version: 117440520
version (major): 7
estimated size: 66675
install date: 20060724
install location: C:\Program Files\Adobe\Acrobat 7.0\Reader\
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig708\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

({B13A7C41581B411290FBC0395694E2A9})

Adobe Bridge 1.0 001.000.000 ({B74D4E10-1033-0000-0000-000000000001})
version: 16777216
version (major): 1
estimated size: 64689
install date: 20061028
install location: C:\Program Files\Adobe\Adobe Bridge\
install source: C:\Photoshop\Photoshop CS2\Adobe(R) Photoshop(R) CS2\Bridge\
uninstall cmd: MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html
help telephone: 1-555-555-4505

Athlon 64 Processor Driver 1.1.0.14 ({C151CE54-E7EA-4804-854B-F515368B0798})
version: 16842752
install location: C:\Program Files\AMD\Athlon 64 Processor Driver
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9

Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 60751
install date: 20060717
install source: C:\DOCUME~1\Dad\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

ABBYY FineReader 5.0 Sprint 5.0.482.3421 ({D1696920-9794-4BBC-8A30-7A88763DE5A2})
version: 83886562
version (major): 5
estimated size: 104373
install date: 20060722
install source: E:\OCR\
uninstall cmd: MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
publisher: ABBYY Software House
contact: support@abbyy.com
help link: http://www.abbyy.com/support
help telephone: +7 (095) 234 44 00

Half-Life(R) 2 1.0.0.0 ({D45EC259-4A19-4656-B588-C2C360DD18EA})
version: 16777216
version (major): 1
estimated size: 4411613
install date: 20060723
install source: E:\
uninstall cmd: MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
publisher: Valve
comments: Half-Life 2
help link: http://steampowered.custhelp.com/cgi-bin/steampowered.cfg/php/enduser/entry.php

Samsung PC Studio II 2.0 PIMS & File Manager ({D4E01931-9B3F-49BD-B19B-511000A1E039})
install location: C:\Program Files\Samsung\Samsung PC Studio II 2.0\PIMS & File Manager
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4E01931-9B3F-49BD-B19B-511000A1E039}\Setup.exe" -l0x9

Adobe Help Center 1.0 001.000.000 ({E9787678-1033-0000-8E67-000000000001})
version: 16777216
version (major): 1
estimated size: 21738
install date: 20061028
install location: C:\Program Files\Adobe\Adobe Help Center\
install source: C:\Photoshop\Photoshop CS2\Adobe(R) Photoshop(R) CS2\Help Center\
uninstall cmd: MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com
help telephone: 1-555-555-4505

QuickTime 7.1.3.100 ({F07B861C-72B9-40A4-8B1A-AAED4C06A7E8})
version: 117506051
version (major): 7
version (minor): 1
estimated size: 71799
install date: 20061001
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\Mic\LOCALS~1\Temp\IXP104.TMP\
uninstall cmd: MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273

SoundMAX 5.12.01.5150 ({F0A37341-D692-11D4-A984-009027EC0A9C})
version: 50331648
install location: C:\Program Files\Analog Devices\SoundMAX
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9
publisher: Analog Devices

Nero 7 7.02.0936 ({F14B8ECC-BDA0-4987-9201-D7B7DBE11033})
version: 117572520
version (major): 7
version (minor): 2
estimated size: 488797
install date: 20061121
install location: C:\Program Files\Nero\Nero 7\
install source: C:\DOCUME~1\Mic\LOCALS~1\Temp\NeroDemo11237\
uninstall cmd: MsiExec.exe /I{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}
publisher: Nero AG
comments: Nero AG
contact: techsupport@nero.com
help link: http://www.nero.com/

Windows Live Messenger 8.0.0812.00 ({FCE50DB8-C610-4C42-BE5C-193F46C6F812})
version: 134218540
version (major): 8
estimated size: 27576
install date: 20060921
install source: C:\DOCUME~1\Mic\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
publisher: Microsoft Corporation

Belkin Bluetooth Software 1.4.2.10 ({FE90E9E7-A158-4687-8853-DF677A939A61})
version: 17039362
version (major): 1
version (minor): 4
estimated size: 15219
install date: 20060824
install source: D:\files\
uninstall cmd: MsiExec.exe /X{FE90E9E7-A158-4687-8853-DF677A939A61}
publisher: Belkin, Inc.
help link: www.belkin.com
help telephone: (800) 223-5546 x2263
readme: 0

 

[Mic_128]

Rapport.txt

SmitFraudFix v2.128

Scan done at 8:47:17.23, Thu 14/12/2006
Run from C:\Program Files\smitfrraud\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\xqpauzx.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mic


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mic\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Mic\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video ActiveX Object\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"

[HKEY_CLASSES_ROOT\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}\InProcServer32]
@="C:\WINDOWS\system32\dpfwu.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}\InProcServer32]
@="C:\WINDOWS\system32\dpfwu.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{f2efa195-4785-4db1-9316-b48c64bb71da}"="blippers"

[HKEY_CLASSES_ROOT\CLSID\{f2efa195-4785-4db1-9316-b48c64bb71da}\InProcServer32]
@="C:\WINDOWS\system32\xqpauzx.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{f2efa195-4785-4db1-9316-b48c64bb71da}\InProcServer32]
@="C:\WINDOWS\system32\xqpauzx.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

[pskelley]

Please read the instructions carefully:

Spybot-S&D: Be sure to follow the directions to save the scan report but do not post it here unless requested by a helper.

This hugh Spybot log makes reading the information much more difficult!

--- Search result list ---
Congratulations!: No immediate threats were found. ()

Is this the results of the AVG Anti-Spyware scan?

Smitfraudfix has been updated to SmitFraudFix v2.130, please remove any of Smitfraudfix you have on your computer, then download the newest version from here:
http://siri.geekstogo.com/SmitfraudFix.php

Follow these directions:

Clean:
Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Double-click SmitfraudFix.exe
Select 2 and hit Enter to delete infect files.
You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

Optional:
To restore Trusted and Restricted site zone, select 3 and hit Enter.
You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

Make sure you save that C:\rapport.txt. Now restart your computer and post that C:\rapport.txt and a new HJT log. Supply any information I requested.

Thanks

 

[tashi]

This topic is closed due to lack of a response.

If you need it re-opened please send me a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.