Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help with Hijack File

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Mojo » August 6th, 2005, 5:03 pm

I have installed version 1.4 of Spybot and updated. When I re-run the scan I still got Smitfraud-C. There are 7 associated files. Again, Spybot could not remove these even after following their instructions.
Mojo
Mojo
Regular Member
 
Posts: 50
Joined: July 4th, 2005, 7:34 am
Advertisement
Register to Remove

Unread postby Middle Of Nowhere » August 6th, 2005, 5:17 pm

hi

Can you post a spybot scan report.

Here are the instructions:

Start Spybot

goto Mode, selected Advanced mode

Do a scan

Tools, view report

Copy/paste report back here

So i can examine it , thanks :)
User avatar
Middle Of Nowhere
Retired Graduate
 
Posts: 677
Joined: May 30th, 2005, 2:08 pm
Location: Derbyshire, UK

Unread postby Mojo » August 6th, 2005, 7:06 pm

Thank you. Here is the Spybot log:
Mojo

--- Search result list ---
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-220523388-152049171-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\awmdabest.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-220523388-152049171-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.tempx.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-220523388-152049171-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trackhits.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-220523388-152049171-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracktraff.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-220523388-152049171-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vparivalka.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-220523388-152049171-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vv7.al.57e.net\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-220523388-152049171-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\win-eto.com\*!=W=4


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-08-06 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2005-07-29 Includes\Dialer.sbi (*)
2005-08-04 Includes\Hijackers.sbi (*)
2005-06-23 Includes\Keyloggers.sbi (*)
2005-08-04 Includes\Malware.sbi (*)
2005-08-04 Includes\PUPS.sbi (*)
2003-11-12 Includes\QA Tests.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-08-02 Includes\Security.sbi (*)
2005-08-04 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-08-04 Includes\Trojans.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 1
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB889293
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player: Windows Media Update 828026
/ Windows XP / SP2: Windows XP Hotfix - KB810217
/ Windows XP / SP2: Windows XP Hotfix - KB821557
/ Windows XP / SP2: Windows XP Hotfix - KB823182
/ Windows XP / SP2: Windows XP Hotfix - KB823559
/ Windows XP / SP2: Windows XP Hotfix - KB823980
/ Windows XP / SP2: Windows XP Hotfix - KB824105
/ Windows XP / SP2: Windows XP Hotfix - KB824141
/ Windows XP / SP2: Windows XP Hotfix - KB824146
/ Windows XP / SP2: Windows XP Hotfix - KB825119
/ Windows XP / SP2: Windows XP Hotfix - KB828028
/ Windows XP / SP2: Windows XP Hotfix - KB828035
/ Windows XP / SP2: Windows XP Hotfix - KB828741
/ Windows XP / SP2: Windows XP Hotfix - KB833987
/ Windows XP / SP2: Windows XP Hotfix - KB835732
/ Windows XP / SP2: Windows XP Hotfix - KB837001
/ Windows XP / SP2: Windows XP Hotfix - KB839643
/ Windows XP / SP2: Windows XP Hotfix - KB839645
/ Windows XP / SP2: Windows XP Hotfix - KB840315
/ Windows XP / SP2: Windows XP Hotfix - KB840374
/ Windows XP / SP2: Windows XP Hotfix - KB840987
/ Windows XP / SP2: Windows XP Hotfix - KB841356
/ Windows XP / SP2: Windows XP Hotfix - KB841533
/ Windows XP / SP2: Windows XP Hotfix - KB841873
/ Windows XP / SP2: Windows XP Hotfix - KB842773
/ Windows XP / SP2: Windows XP Hotfix - KB873376
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q323255 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q328310
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329048 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329115 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329170
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329390 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329441
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329834 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q331953
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810565
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810577
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810833
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q811493
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q811630
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q814033
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q815021
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q817287
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q817606
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q819696
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB898461)


--- Startup entries list ---
Located: HK_LM:Run, Advanced Tools Check
command: C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
file: C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
size: 74696
MD5: 5da7a448ca0075f0f731ad58d5021e62

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 71280
MD5: 5712b77158fbbb5ab5aebc396e15499d

Located: HK_LM:Run, ccRegVfy
command: "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
file:

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 114688
MD5: 92a8471be66d9072941f6347a1d0879e

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\System32\igfxtray.exe
file: C:\WINDOWS\System32\igfxtray.exe
size: 155648
MD5: 96113c67d8d44ae1e35050f6be9c0680

Located: HK_LM:Run, Imonitor
command: "C:\Program Files\McAfee\QuickClean\PlgUni.exe" /START
file: C:\Program Files\McAfee\QuickClean\PlgUni.exe
size: 98304
MD5: 3c246a878620c3393d17e92baae05afd

Located: HK_LM:Run, IntelliType
command: "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
file: C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
size: 94208
MD5: b5eca5948d7f8eaa00333231f33ea31a

Located: HK_LM:Run, Intense Registry Service
command: IntEdReg.exe /CHECK
file: C:\WINDOWS\system32\IntEdReg.exe
size: 53760
MD5: 9253beee2651853cf0367254ba627505

Located: HK_LM:Run, Iomega Drive Icons
command: C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
file: C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
size: 61440
MD5: dfdfd202f0c0a29088e043bbcd71002d

Located: HK_LM:Run, Iomega Startup Options
command: C:\Program Files\Iomega\Common\ImgStart.exe
file: C:\Program Files\Iomega\Common\ImgStart.exe
size: 45056
MD5: 1808f91fa578e8572bd1a9649fabb518

Located: HK_LM:Run, Nero DriveSpeed
command: C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
file: C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
size: 282624
MD5: c6b223c38f83878396e658ca379f3337

Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, POINTER
command: point32.exe
file:

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: 4e165b34780ff2d1b405f29e3fa68df2

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 46592
MD5: d968b3259421c4a0627a62f4e0e96d6d

Located: HK_LM:Run, SSC_UserPrompt
command: C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
file: C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
size: 218240
MD5: b96c81be7b8d11710496787e5859d768

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\System32\ctfmon.exe
file: C:\WINDOWS\System32\ctfmon.exe
size: 13312
MD5: 414de7cf9d3f19c3ea902f1bb38ec116

Located: HK_CU:Run, ILO_Office_Manager
command: IntEdReg.exe /OFFMAN
file: C:\WINDOWS\system32\IntEdReg.exe
size: 53760
MD5: 9253beee2651853cf0367254ba627505

Located: HK_CU:Run, Iomega Active Disk
command: C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
file:

Located: HK_CU:Run, McAfee.InstantUpdate.Monitor
command: "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
file: C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
size: 122948
MD5: 4bfc3d39305984c6583a042628956d84

Located: HK_CU:Run, Play_PC_Backup
command: C:\Program Files\PC Backup\pcbackup.exe -silent
file:

Located: HK_CU:RunOnce, ARC
command: "C:\Program Files\McAfee\QuickClean\Uni.exe" /ARC:Spybot - Search & Destroy 1.3
file: C:\Program Files\McAfee\QuickClean\Uni.exe
size: 81920
MD5: ab53d1e15c6e00284abf3e9fadd2743a

Located: Startup (common), Adobe Gamma Loader.exe.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: Startup (common), WinZip Quick Pick.lnk
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 106560
MD5: 2fe253973433442c2cb234fb2bc4bf29

Located: Startup (user), SpywareGuard.lnk
command: C:\Program Files\SpywareGuard\sgmain.exe
file: C:\Program Files\SpywareGuard\sgmain.exe
size: 360448
MD5: 61c028aba5e49573a6332f4a7c744e87

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll

Located: WinLogon, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 06/08/2005 21:30:06
Date (last access): 06/08/2005 23:42:52
Date (last write): 31/05/2005 01:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 01/08/2005 20:52:56
Date (last access): 06/08/2005 23:42:52
Date (last write): 01/08/2005 20:52:56
Filesize: 1157120
Attributes: readonly archive
MD5: 8B5A0B5054E5A604E6FA6C87450C6649
CRC32: F2047595
Version: 3.0.124.6



--- ActiveX list ---
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
Path: C:\WINDOWS\System32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 03/08/2005 10:33:42
Date (last access): 06/08/2005 10:32:46
Date (last write): 03/08/2005 10:33:42
Filesize: 520456
Attributes: archive
MD5: 386D5DD972E4F6A1CF7F626751FD29F7
CRC32: 3C9940B2
Version: 1.3.265.0

{1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class)
DPF name:
CLSID name: RegUserCfgUI Class
Installer:
Codebase: http://us.dl1.yimg.com/download.yahoo.c ... egucfg.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: yregucfg.dll
Short name:
Date (created): 11/10/2004 12:21:14
Date (last access): 06/08/2005 23:48:16
Date (last write): 11/10/2004 12:21:14
Filesize: 144448
Attributes: archive
MD5: DC3F07EAF0E7483885C3F3A9540E39B1
CRC32: 3DBE30F2
Version: 2004.10.11.1

{1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class)
DPF name:
CLSID name: LSSupCtl Class
Installer: C:\WINDOWS\Downloaded Program Files\LSSupCtl.inf
Codebase: http://www.symantec.com/techsupp/asa/LSSupCtl.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: LSSupCtl.dll
Short name:
Date (created): 27/10/2004 15:10:26
Date (last access): 06/08/2005 23:48:16
Date (last write): 27/10/2004 15:10:26
Filesize: 111752
Attributes: archive
MD5: C8FEBEA460AAD5C1B6817F9676E03F78
CRC32: 807349F9
Version: 3.1.0.5

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
DPF name:
CLSID name: Symantec AntiVirus scanner
Installer: C:\WINDOWS\Downloaded Program Files\avsniff.inf
Codebase: http://security.symantec.com/sscv6/Shar ... vSniff.cab
description: Symantec online scanner
classification: Legitimate
known filename: AVSNIFF.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: avsniff.dll
Short name:
Date (created): 26/10/2004 19:14:08
Date (last access): 06/08/2005 23:48:16
Date (last write): 26/10/2004 19:14:08
Filesize: 197760
Attributes: archive
MD5: 8C505A352CE49B8BB0822D67EF8892E6
CRC32: 6768F662
Version: 2004.6.23.54

{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
Codebase: http://download.microsoft.com/download/ ... mv9VCM.CAB

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase: http://office.microsoft.com/officeupdat ... t/opuc.cab
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 27/08/2003 04:10:30
Date (last access): 06/08/2005 23:49:30
Date (last write): 27/08/2003 04:10:30
Filesize: 314368
Attributes: archive
MD5: 1E32EC4A8A17B19926B49EA5F6B79A76
CRC32: E98FC293
Version: 11.0.5626.0

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupda ... 3232885125
Path: C:\WINDOWS\System32\
Long name: wuweb.dll
Short name:
Date (created): 26/05/2005 04:19:32
Date (last access): 06/08/2005 10:34:34
Date (last write): 26/05/2005 04:19:32
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 5.8.0.2469

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf
Codebase: http://security.symantec.com/sscv6/Shar ... /cabsa.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 26/10/2004 19:14:18
Date (last access): 06/08/2005 23:48:16
Date (last write): 26/10/2004 19:14:18
Filesize: 160928
Attributes: archive
MD5: 7FC8A8D89A80ED7443F00C31AEDAC9A9
CRC32: 3EC34C3D
Version: 2004.6.23.42

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://www.pandasoftware.com/activescan/as5/asinst.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 24/06/2005 09:44:30
Date (last access): 06/08/2005 23:48:16
Date (last write): 24/06/2005 09:44:30
Filesize: 131072
Attributes: archive
MD5: 794F7D10634EF24DC4B44E5EB09F2E52
CRC32: A5BF5B5E
Version: 57.7.0.0

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupdate.microsoft.com/C ... 5934953704
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
DPF name:
CLSID name: ActiveDataInfo Class
Installer:
Codebase: https://www-secure.symantec.com/techsup ... mAData.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: SymAData.dll
Short name:
Date (created): 17/05/2004 11:05:58
Date (last access): 06/08/2005 23:48:16
Date (last write): 17/05/2004 11:05:58
Filesize: 156792
Attributes: archive
MD5: B7A28CBD0022210FD0D877C9951694F1
CRC32: C44DD1D5
Version: 2.0.0.1

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shoc ... wflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\flash\
Long name: Flash.ocx
Short name:
Date (created): 08/12/2003 15:01:58
Date (last access): 06/08/2005 17:21:58
Date (last write): 08/12/2003 15:01:58
Filesize: 933888
Attributes: archive
MD5: F7E435D02F7A48120B746E33254A70BC
CRC32: 02AF493D
Version: 7.0.19.0

{E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class)
DPF name:
CLSID name: ActiveDataObj Class
Installer:
Codebase: https://www-secure.symantec.com/techsup ... veData.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ActiveData.dll
Short name: ACTIVE~1.DLL
Date (created): 12/06/2002 14:16:22
Date (last access): 06/08/2005 23:48:16
Date (last write): 12/06/2002 14:16:22
Filesize: 112312
Attributes: archive
MD5: C0A5720A581109543B113A8BEAE7868C
CRC32: 1B08DE36
Version: 1.0.0.1

{EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class)
DPF name:
CLSID name: webhelper Class
Installer: C:\WINDOWS\Downloaded Program Files\btwebcontrol.inf
Codebase: http://register.btinternet.com/template ... rol023.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: btwebcontrol.dll



--- Process list ---
PID: 0 ( 0) [System]
PID: 436 ( 4) \SystemRoot\System32\smss.exe
PID: 492 ( 436) \??\C:\WINDOWS\system32\csrss.exe
PID: 516 ( 436) \??\C:\WINDOWS\system32\winlogon.exe
PID: 560 ( 516) C:\WINDOWS\system32\services.exe
size: 101376
MD5: E3DF4A0252D287C44606EE55355E1623
PID: 572 ( 516) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
PID: 732 ( 560) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 776 ( 560) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 844 ( 560) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 904 ( 560) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1012 ( 560) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 235120
MD5: CDAB825C28154669AB35EA731B8E452B
PID: 1124 (1104) C:\WINDOWS\Explorer.EXE
size: 1004032
MD5: A82B28BFC2E4455FE43022A498C0EF0A
PID: 1136 ( 560) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
size: 206552
MD5: 443E397643965E08C5AB6A6CAA732B97
PID: 1180 ( 560) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 255600
MD5: 620CC860890D50FD18D5D9508C5551B2
PID: 1372 ( 560) C:\WINDOWS\system32\spoolsv.exe
size: 51200
MD5: 9B4155BA58192D4073082B8FC5D42612
PID: 1552 ( 560) C:\WINDOWS\System32\alg.exe
size: 41984
MD5: 497AEAD5ECEF9512F6B364977A5308EE
PID: 1572 ( 560) C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
size: 218736
MD5: 35AD77BDC4EE11E7FA111E4CE4026E8C
PID: 1616 ( 560) C:\Program Files\ewido\security suite\ewidoctrl.exe
size: 16448
MD5: 867D9D1FA818F8629BB7A4A26E94B06A
PID: 1656 ( 560) C:\Program Files\ewido\security suite\ewidoguard.exe
size: 163904
MD5: 13EE66A939D7C3A2ED62C967DEBD52BB
PID: 1708 ( 560) C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
size: 61440
MD5: B6E1B4A08DCCB11E374AC29DA97EDB1E
PID: 1728 ( 560) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
size: 270336
MD5: 450BF05CA4F923D70605BAC8185FA7DB
PID: 1784 ( 560) C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
size: 158848
MD5: 106188EE7FCE8C769DEFEC27C1EDB67C
PID: 1812 ( 560) C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
size: 135168
MD5: 4914A155F9B73317B14F94BBA4A79639
PID: 1896 ( 560) C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
size: 194272
MD5: DE337E8649E1970C5663999457A9352F
PID: 1972 ( 560) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1984 ( 560) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 585728
MD5: 94D3C8257776019A7A96AF69F62BA509
PID: 2604 (1124) C:\WINDOWS\System32\igfxtray.exe
size: 155648
MD5: 96113C67D8D44AE1E35050F6BE9C0680
PID: 2624 (1124) C:\WINDOWS\System32\hkcmd.exe
size: 114688
MD5: 92A8471BE66D9072941F6347A1D0879E
PID: 2636 (1124) C:\WINDOWS\SOUNDMAN.EXE
size: 46592
MD5: D968B3259421C4A0627A62F4E0E96D6D
PID: 2696 (1124) C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
size: 61440
MD5: DFDFD202F0C0A29088E043BBCD71002D
PID: 2732 (1124) C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
size: 94208
MD5: B5ECA5948D7F8EAA00333231F33EA31A
PID: 2740 (1124) C:\Program Files\Microsoft Hardware\Mouse\point32.exe
size: 176128
MD5: 44FCD222D8A4BCFF2C944C081AEAD78C
PID: 2748 (1124) C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
size: 282624
MD5: C6B223C38F83878396E658CA379F3337
PID: 2756 (1124) C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: 4E165B34780FF2D1B405F29E3FA68DF2
PID: 2812 (1124) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 71280
MD5: 5712B77158FBBB5AB5AEBC396E15499D
PID: 2944 (1124) C:\Program Files\McAfee\QuickClean\PlgUni.exe
size: 98304
MD5: 3C246A878620C3393D17E92BAAE05AFD
PID: 2952 (1124) C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
size: 122948
MD5: 4BFC3D39305984C6583A042628956D84
PID: 2968 (1124) C:\WINDOWS\System32\ctfmon.exe
size: 13312
MD5: 414DE7CF9D3F19C3EA902F1BB38EC116
PID: 2976 (2960) C:\Program Files\Intense Language Office\COMMON\Offman.exe
size: 521216
MD5: 26BEF3876BD1274E96A70EA504F158AB
PID: 3116 (1124) C:\Program Files\WinZip\WZQKPICK.EXE
size: 106560
MD5: 2FE253973433442C2CB234FB2BC4BF29
PID: 3136 (1124) C:\Program Files\SpywareGuard\sgmain.exe
size: 360448
MD5: 61C028ABA5E49573A6332F4A7C744E87
PID: 3188 (3136) C:\Program Files\SpywareGuard\sgbhp.exe
size: 233472
MD5: A80D0704537C0EF97DB2BEF24B99AF1A
PID: 2872 (2812) C:\Program Files\Common Files\Symantec Shared\NMain.exe
size: 623736
MD5: B0E375CA7AA70CFEFC98FE2016FC1BCD
PID: 180 (2732) C:\Program Files\Internet Explorer\iexplore.exe
size: 91136
MD5: 418D301C3B1FA94B19584AEEB3D65166
PID: 2840 (1124) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4064 ( 732) C:\Program Files\Messenger\msmsgs.exe
size: 1511453
MD5: 1E455B08870D4AC3BB6AB5968603E8AF
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 06/08/2005 23:55:55

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://ie.search.msn.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/keyword/%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E82FE74D-F547-44CB-902B-AE6DBCF40C48}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E82FE74D-F547-44CB-902B-AE6DBCF40C48}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{623A92A2-68A4-4CA9-B2C9-AEE4BBA7ADC7}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{623A92A2-68A4-4CA9-B2C9-AEE4BBA7ADC7}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0F429A46-BBE6-4998-B734-7B99804B4109}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0F429A46-BBE6-4998-B734-7B99804B4109}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{40247DF5-2890-469D-9D6D-BC49F8685E75}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{40247DF5-2890-469D-9D6D-BC49F8685E75}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1EB20BB5-3C13-468E-AADF-4E3D125DBD3C}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1EB20BB5-3C13-468E-AADF-4E3D125DBD3C}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A11F12AD-5D92-4572-93D6-A1429841FD3E}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A11F12AD-5D92-4572-93D6-A1429841FD3E}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace



--- Uninstall list ---
a-squared free 1.5.1 1.5.1 (a-squared free_is1)
install location: C:\Program Files\a2 free\
uninstall cmd: "C:\Program Files\a2 free\unins000.exe"
publisher: Emsi Software GmbH
help link: http://forum.emsisoft.com

Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Adobe Photoshop Elements 1.0 (Adobe Photoshop Elements 1.0)
version (major): 6
install location: C:\Program Files\Adobe\Photoshop Elements
install source: D:\English\Adobe Photoshop Elements\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"
publisher: Adobe Systems, Inc.

Adobe SVG Viewer 1.0 (Adobe SVG Viewer)
version (major): 1
install location: C:\WINDOWS\System32\Adobe\SVG Viewer
install source: D:\English\Adobe Photoshop Elements\SVG\
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
publisher: Adobe Systems, Inc.

Advanced Tools (Advanced Tools)

(Branding)

Complete Internet Cleanup Pro (Complete Internet Cleanup Pro)
uninstall cmd: C:\Program Files\cicpb\uninst.exe
publisher: PC Mesh

Complete Internet Cleanup Pro Beta (Complete Internet Cleanup Pro Beta)
uninstall cmd: C:\Program Files\cicpb\uninst.exe
publisher: PC Mesh

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

EPSON Photo Print (EPSON Photo Print)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Photo Print\Uninst.isu"

ewido security suite (ewidosecuritysuite)
install location: C:\Program Files\ewido\security suite
uninstall cmd: C:\Program Files\ewido\security suite\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

(Fontcore)

GraphicView 32 (GraphicView 32)
uninstall cmd: C:\PROGRA~1\GRAPHI~1\UNWISE.EXE C:\PROGRA~1\GRAPHI~1\INSTALL.LOG

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\unzipped\hijackthis[1]\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

Intense Language Office (Intense Language Office)
uninstall cmd: C:\Program Files\Intense Language Office\Common\Uninst.exe

Internet Update (Internet Update)
uninstall cmd: uninstIU.exe

Iomega App Services (Iomega App Services)
uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\System32\uninstal.log

IomegaWare (IomegaWare)
uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\uninstal.log

Windows XP Hotfix - KB810217 20030806.140405 (KB810217)
uninstall cmd: C:\WINDOWS\$NtUninstallKB810217$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=810217

Windows XP Hotfix - KB821557 20030611.134342 (KB821557)
uninstall cmd: C:\WINDOWS\$NtUninstallKB821557$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=821557

Windows XP Hotfix - KB823182 20030724.164017 (KB823182)
uninstall cmd: C:\WINDOWS\$NtUninstallKB823182$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=823182

Windows XP Hotfix - KB823559 20030701.220428 (KB823559)
uninstall cmd: C:\WINDOWS\$NtUninstallKB823559$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=823559

Windows XP Hotfix - KB823980 20030705.121219 (KB823980)
uninstall cmd: C:\WINDOWS\$NtUninstallKB823980$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=823980

Windows XP Hotfix - KB824105 20030724.164839 (KB824105)
uninstall cmd: C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=824105

Windows XP Hotfix - KB824141 20030925.103600 (KB824141)
uninstall cmd: C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=824141

Windows XP Hotfix - KB824146 20030825.150526 (KB824146)
uninstall cmd: C:\WINDOWS\$NtUninstallKB824146$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=824146

Windows XP Hotfix - KB825119 20030828.113916 (KB825119)
uninstall cmd: C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=825119

Windows XP Hotfix - KB828028 20030919.121052 (KB828028)
uninstall cmd: C:\WINDOWS\$NtUninstallKB828028$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828028

Windows XP Hotfix - KB828035 20031003.162415 (KB828035)
uninstall cmd: C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828035

Windows XP Hotfix - KB828741 20040305.182309 (KB828741)
uninstall cmd: C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828741

Windows XP Hotfix - KB833987 20040308.224628 (KB833987)
uninstall cmd: C:\WINDOWS\$NtUninstallKB833987$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=833987

Windows XP Hotfix - KB835732 20040329.175541 (KB835732)
uninstall cmd: C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=835732

Windows XP Hotfix - KB837001 20040317.230926 (KB837001)
uninstall cmd: C:\WINDOWS\$NtUninstallKB837001$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=837001

Windows XP Hotfix - KB839643 20040512.154803 (KB839643)
uninstall cmd: C:\WINDOWS\$NtUninstallKB839643$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=839643

Windows XP Hotfix - KB839645 20040630.164542 (KB839645)
uninstall cmd: C:\WINDOWS\$NtUninstallKB839645$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=839645

Windows XP Hotfix - KB840315 20040622.172631 (KB840315)
uninstall cmd: C:\WINDOWS\$NtUninstallKB840315$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=840315

Windows XP Hotfix - KB840374 20040416.100205 (KB840374)
uninstall cmd: C:\WINDOWS\$NtUninstallKB840374$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=840374

Windows XP Hotfix - KB840987 20040927.095912 (KB840987)
uninstall cmd: C:\WINDOWS\$NtUninstallKB840987$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=840987

Windows XP Hotfix - KB841356 20040929.102221 (KB841356)
uninstall cmd: C:\WINDOWS\$NtUninstallKB841356$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=841356

Windows XP Hotfix - KB841533 20040927.100142 (KB841533)
uninstall cmd: C:\WINDOWS\$NtUninstallKB841533$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=841533

Windows XP Hotfix - KB841873 20040608.144346 (KB841873)
uninstall cmd: C:\WINDOWS\$NtUninstallKB841873$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=841873

Windows XP Hotfix - KB842773 20040701.144218 (KB842773)
uninstall cmd: C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=842773

Microsoft Data Access Components KB870669 (KB870669)
uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB870669

Windows XP Hotfix - KB873339 20041117.094106 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

Windows XP Hotfix - KB873376 20040923.181029 (KB873376)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873376$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873376

(KB884016)

Windows XP Hotfix - KB885835 20041027.181751 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.161024 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB889293 20041111.235619 (KB889293-IE6SP1-20041111.235619)
uninstall cmd: C:\WINDOWS\$NtUninstallKB889293-IE6SP1-20041111.235619$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=889293

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB898461) 1 (KB898461)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

LiveReg (Symantec Corporation) 2.4.2.2295 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
publisher: Symantec Corporation

LiveUpdate 2.6 (Symantec Corporation) 2.6.14.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

(MPlayer2)

Ahead InCD EasyWrite Reader (MRW!UninstallKey)
uninstall cmd: C:\WINDOWS\UNMrw.exe /UNINSTALL

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

Ahead NeroVision Express (NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL

(NetMeeting)

Outlook Express Q823353 (oeupdate)
uninstall cmd: C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q823353.inf

(OutlookExpress)

PC Backup (PC Backup_is1)
install location: C:\Program Files\PC Backup\
uninstall cmd: "C:\Program Files\PC Backup\unins000.exe"

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

PF 1260 1660 2400 Guide (PF 1260 1660 2400 Guide)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\PROGRAMF\EPSON\PF 1260 1660 2400\DeIsL1.isu"

Windows XP Hotfix (SP2) Q328310 20021122.122733 (Q328310)
uninstall cmd: C:\WINDOWS\$NtUninstallQ328310$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q328310 at http://support.microsoft.com

Windows XP Hotfix (SP2) [See Q329048 for more information] (Q329048)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329048$\spuninst\spuninst.exe

Windows XP Hotfix (SP2) [See Q329115 for more information] (Q329115)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe

Windows XP Hotfix (SP2) Q329170 20030102.120145 (Q329170)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q329170 at http://support.microsoft.com

Windows XP Hotfix (SP2) [See Q329390 for more information] (Q329390)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329390$\spuninst\spuninst.exe

Windows XP Hotfix (SP2) Q329441 20021114.125038 (Q329441)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329441$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q329441 at http://support.microsoft.com

Windows XP Hotfix (SP2) [See Q329834 for more information] (Q329834)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329834$\spuninst\spuninst.exe

Windows XP Hotfix (SP2) Q331953 20021107.174736 (Q331953)
uninstall cmd: C:\WINDOWS\$NtUninstallQ331953$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q331953 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q810565 20021127.115011 (Q810565)
uninstall cmd: C:\WINDOWS\$NtUninstallQ810565$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q810565 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q810577 20021118.135247 (Q810577)
uninstall cmd: C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q810577 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q810833 20021203.201545 (Q810833)
uninstall cmd: C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q810833 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q811493 20030424.101451 (Q811493)
uninstall cmd: C:\WINDOWS\$NtUninstallQ811493$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811493

Windows XP Hotfix (SP2) Q814033 20030131.164620 (Q814033)
uninstall cmd: C:\WINDOWS\$NtUninstallQ814033$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q814033 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q815021 20030501.165608 (Q815021)
uninstall cmd: C:\WINDOWS\$NtUninstallQ815021$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=815021

Windows XP Hotfix (SP2) Q817287 20030325.164011 (Q817287)
uninstall cmd: C:\WINDOWS\$NtUninstallQ817287$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=817287

Windows XP Hotfix (SP2) Q817606 20030331.103753 (Q817606)
uninstall cmd: C:\WINDOWS\$NtUninstallQ817606$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=817606

Windows XP Hotfix (SP2) Q819696 20030513.102848 (Q819696)
uninstall cmd: C:\WINDOWS\$NtUninstallQ819696$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=819696

Windows Media Player Hotfix [See wm828026 for more information] (Q828026)
uninstall cmd: C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe
publisher: Microsoft Corporation

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log

Reference Manager 9 (Reference Manager 9)
uninstall cmd: C:\PROGRA~1\REFERE~1\UNWISE.EXE C:\PROGRA~1\REFERE~1\INSTALL.LOG

(SchedulingAgent)

(Sevinst)

(ShockwaveFlash)

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

SpywareBlaster v3.4 3.4.0 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC

SpywareGuard v2.2 2.2 (SpywareGuard_is1)
uninstall cmd: "C:\Program Files\SpywareGuard\unins000.exe"
publisher: Javacool Software LLC

StatView (StatViewDeinstKey)
uninstall cmd: C:\WINDOWS\uninst.exe -fC:\StatView\DeIsL1.isu

Norton Internet Security Professional (Symantec Corporation) 7.0.3.8 (SymSetup.{AED74EFF-83ED-4ed6-8413-285C24BCEB6E})
install location: C:\Program Files\Norton Internet Security Professional
install source: D:
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\SymSetup\{AED74EFF-83ED-4ed6-8413-285C24BCEB6E}.exe /X
publisher: Symantec Corporation

WinZip 8.1 SR-1 (5266) (WinZip)
version (major): 8
version (minor): 1
install location: C:\PROGRA~1\WINZIP\
uninstall cmd: "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
publisher: WinZip Computing, Inc.
help link: http://www.winzip.com/xsupport.htm

({11E83B33-972B-4512-A447-FF0FD0246EE9})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9

Windows Installer Clean Up 2.05.00.0000 ({121634B0-2F4A-11D3-ADA3-00C04F52DD53})
version: 33882112
version (major): 2
version (minor): 5
estimated size: 129
install date: 20041204
install source: C:\DOCUME~1\MLC\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
publisher: Microsoft Corporation

Norton Internet Security 7.0.3.8 ({12E2B9E9-05B1-407d-B0FD-B5F350535125})
version: 117440515
version (major): 7
estimated size: 4815
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
publisher: Symantec Corporation

Norton WMI Update 2005.1.2.20 ({1526D87C-A955-4FAB-BF18-697BA457E352})
version (major): 2005
version (minor): 1
estimated size: 2080
install date: 20041204
install source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\EXITEM~3.1_E\
uninstall cmd: MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
publisher: Symantec Corporation

Microsoft IntelliPoint 4.1 4.10.0851 ({1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F})
version: 67765075
version (major): 4
version (minor): 10
estimated size: 6052
install date: 20030714
install source: d:\mouse\Setup\
publisher: Microsoft Corporation
help link: http://microsoft.com/support
help telephone:

Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

({23EFDB58-0874-4883-9810-EDA510B19FAE})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9

({27B9131D-CEFA-42C5-8D7D-56EFD80BAA25})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27B9131D-CEFA-42C5-8D7D-56EFD80BAA25}\setup.exe" -l0x9

({2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9

({2BFBC62A-3353-443D-93BE-7AC641D9F342})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9

WebFldrs XP 9.50.6513 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2508
install date: 20030705
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

Norton AntiSpam 2004.1.0.147 ({3B29A786-5803-4e9e-9B58-3014A5B4E519})
version (major): 2004
version (minor): 1
estimated size: 1166
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
publisher: Symantec Corporation

Norton Internet Security Professional 7.0.3.8 ({449F3A9E-9903-4a0d-A209-08030D45A935})
version: 117440515
version (major): 7
estimated size: 1073
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
publisher: Symantec Corporation

Norton Internet Security 7.0.3.8 ({48185814-A224-447a-81DA-71BD20580E1B})
version: 117440515
version (major): 7
estimated size: 2589
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
publisher: Symantec Corporation

Norton Internet Security 7.0.3.8 ({526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F})
version: 117440515
version (major): 7
estimated size: 1731
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
publisher: Symantec Corporation

Norton AntiSpam 2004.1.0.147 ({5677563D-0CB1-485f-9E18-C5025306BB3F})
version (major): 2004
version (minor): 1
estimated size: 2802
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
publisher: Symantec Corporation

Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91})
version: 16974078
version (major): 1
version (minor): 3
estimated size: 519
install date: 20050805
install source: C:\DOCUME~1\MLC\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
publisher: Microsoft
comments: Your Comments
contact: Customer Support Department
help link: http://www.microsoft.com/genuine/downlo ... .aspx/help
help telephone: 1-425.882.8080

EPSON Smart Panel ({6C11D561-620B-47DA-A693-4C597F3CDF40})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\setup.exe" -l0x9 Uninstall

Intel(R) 82845G Graphics Driver Software ({8A708DD8-A5E6-11D4-A706-000629E95E20})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A708DD8-A5E6-11D4-A706-000629E95E20}\Setup.exe" -inteluninstall

Microsoft Office XP Media Content 10.0.2619.0 ({90300409-6000-11D3-8CFE-0050048383C9})
version: 167774779
version (major): 10
estimated size: 625193
install date: 20030714
install location: INSTALLLOCATION
install source: D:\
uninstall cmd: MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: ARPREADMESETTING

Microsoft Office XP Professional 10.0.3520.0 ({91110409-6000-11D3-8CFE-0050048383C9})
version: 167775680
version (major): 10
estimated size: 542529
install date: 20030924
install source: D:\
uninstall cmd: MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM

Microsoft Publisher 2002 10.0.2627.01 ({91190409-6000-11D3-8CFE-0050048383C9})
version: 167774787
version (major): 10
estimated size: 344747
install date: 20040615
install location: INSTALLLOCATION
install source: D:\
uninstall cmd: MsiExec.exe /I{91190409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM

Norton Internet Security 7.0.3.8 ({91AA4B1F-B918-4e0b-A304-F8D4EC5D7726})
version: 117440515
version (major): 7
estimated size: 385
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
publisher: Symantec Corporation

McAfee QuickClean 3.02.6000 ({951DA770-6E72-11D6-B279-0010A4C6B25D})
version: 50336648
version (major): 3
estimated size: 42451
install date: 20030721
install source: D:\Qcl\
uninstall cmd: MsiExec.exe /I{951DA770-6E72-11D6-B279-0010A4C6B25D}
publisher: McAfee Consumer Division
contact: techsupport@mcafeehelp.com
help link: http://www.mcafee-at-home.com/support/default.asp
help telephone: (972) 855-2500
readme: C:\Program Files\McAfee\QuickClean\README.TXT

Intel Application Accelerator ({9984DF60-1C5B-11D3-ACA1-908A4FC10801})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST

EPSON TWAIN 5 ({9A3EABC0-CA06-11D4-BF77-00104B130C19})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\setup.exe" -l0x9 UNINSTALL

Microsoft IntelliType Pro 2.2 2.20.447.0 ({9DE006A5-B384-4EDE-A760-0F217136B9EA})
version: 34865599
version (major): 2
version (minor): 20
estimated size: 6697
install date: 20030714
install source: d:\keyboard\Setup\
publisher: Microsoft
help link: http://microsoft.com/support
help telephone:

CC_ccProxyMSI 2.1.1.700 ({A398F2DC-D706-4bb2-AC38-5532CD229D08})
version: 33619969
version (major): 2
version (minor): 1
estimated size: 1745
install date: 20041204
install source: D:\Support\Proxy\
uninstall cmd: MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
publisher: Symantec

Nero - Burning Rom 5.5.9 ({A4D7B764-4140-11D4-88EB-0050DA3579C0})
version: 84213769
version (major): 5
version (minor): 5
estimated size: 45261
install date: 20030714
install source: D:\NeroExpress55\
uninstall cmd: MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
publisher: ahead software gmbh
contact: Hotline
help link: http://www.nero.com
help telephone:

Adobe Acrobat 7.0.1 and Reader 7.0.1 Update 7.0.2 ({AC76BA86-0000-7EC8-7489-000000000702})
version: 117440514
version (major): 7
estimated size: 1841
install date: 20050425
install source: C:\Program Files\Adobe\{0C55731F-7B21-4936-839A-BA09B2EAED59}\
uninstall cmd: MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000702}
publisher: Adobe Systems
comments: Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-800-833-6687

Adobe Reader 7.0 7.0.0 ({AC76BA86-7AD7-1033-7B44-A70000000000})
version: 117440512
version (major): 7
estimated size: 63195
install date: 20050424
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

Norton Internet Security Professional 7.0.3.8 ({AED74EFF-83ED-4ed6-8413-285C24BCEB6E})
version: 117440515
version (major): 7
estima
Mojo
Regular Member
 
Posts: 50
Joined: July 4th, 2005, 7:34 am

Unread postby Middle Of Nowhere » August 7th, 2005, 3:02 am

Hi Mojo :D

Thank you for the latest information i will examine it and get back to you shortly
User avatar
Middle Of Nowhere
Retired Graduate
 
Posts: 677
Joined: May 30th, 2005, 2:08 pm
Location: Derbyshire, UK

Unread postby Middle Of Nowhere » August 7th, 2005, 4:22 am

Hi Mojo :D

I need you to follow the instructions below:

Download RegSeeker.
Extract it to it's own folder, open and double click RegSeeker.exe to start the program.
Maximize the window and click clean registry.
Check all sections and click OK.
When the scan is complete, verify the backup box in lower left corner is checked and click the select all button, then select all again.
Then right click within the search results and select delete.
Run it again and again, deleting everything it finds until it finds nothing.
Reboot and make sure your programs are working properly, control panel and add/remove programs windows open, etc (basically just do a quick check of everything).
In the event anything was 'broken', you can open RegSeeker,
click backups and double click any/all files to put the information back.
A reboot may be required for the effects to be seen.
Reboot When done.

When finished please can you post a new Hijack This log and Spybot log.
User avatar
Middle Of Nowhere
Retired Graduate
 
Posts: 677
Joined: May 30th, 2005, 2:08 pm
Location: Derbyshire, UK

Unread postby Mojo » August 7th, 2005, 4:07 pm

I have followed your instructions and attach the new Spybot [which again turned up Smitfraud-C] and HJT logs. I need to tell you [you will see from the Spybot log] that when I was updating Microsoft Windows I accidentally commenced download of the SP2 pack. I cancelled this as soon as I realised it but it appears that some of the stuff has downloaded nonetheless. I hope this does not confuse the problem. Thanks for your patience as ever.
Mojo

--- Search result list ---
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-220523388-152049171-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\awmdabest.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-220523388-152049171-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.tempx.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-220523388-152049171-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trackhits.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-220523388-152049171-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracktraff.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-220523388-152049171-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vparivalka.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-220523388-152049171-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vv7.al.57e.net\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-220523388-152049171-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\win-eto.com\*!=W=4


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-08-06 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2005-07-29 Includes\Dialer.sbi (*)
2005-08-04 Includes\Hijackers.sbi (*)
2005-06-23 Includes\Keyloggers.sbi (*)
2005-08-04 Includes\Malware.sbi (*)
2005-08-04 Includes\PUPS.sbi (*)
2003-11-12 Includes\QA Tests.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-08-02 Includes\Security.sbi (*)
2005-08-04 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-08-04 Includes\Trojans.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 1
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB889293
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player: Windows Media Update 828026
/ Windows XP / SP2: Windows XP Hotfix - KB810217
/ Windows XP / SP2: Windows XP Hotfix - KB821557
/ Windows XP / SP2: Windows XP Hotfix - KB823182
/ Windows XP / SP2: Windows XP Hotfix - KB823559
/ Windows XP / SP2: Windows XP Hotfix - KB823980
/ Windows XP / SP2: Windows XP Hotfix - KB824105
/ Windows XP / SP2: Windows XP Hotfix - KB824141
/ Windows XP / SP2: Windows XP Hotfix - KB824146
/ Windows XP / SP2: Windows XP Hotfix - KB825119
/ Windows XP / SP2: Windows XP Hotfix - KB828028
/ Windows XP / SP2: Windows XP Hotfix - KB828035
/ Windows XP / SP2: Windows XP Hotfix - KB828741
/ Windows XP / SP2: Windows XP Hotfix - KB833987
/ Windows XP / SP2: Windows XP Hotfix - KB835732
/ Windows XP / SP2: Windows XP Hotfix - KB837001
/ Windows XP / SP2: Windows XP Hotfix - KB839643
/ Windows XP / SP2: Windows XP Hotfix - KB839645
/ Windows XP / SP2: Windows XP Hotfix - KB840315
/ Windows XP / SP2: Windows XP Hotfix - KB840374
/ Windows XP / SP2: Windows XP Hotfix - KB840987
/ Windows XP / SP2: Windows XP Hotfix - KB841356
/ Windows XP / SP2: Windows XP Hotfix - KB841533
/ Windows XP / SP2: Windows XP Hotfix - KB841873
/ Windows XP / SP2: Windows XP Hotfix - KB842773
/ Windows XP / SP2: Windows XP Hotfix - KB873376
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q323255 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q328310
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329048 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329115 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329170
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329390 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329441
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329834 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q331953
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810565
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810577
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810833
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q811493
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q811630
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q814033
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q815021
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q817287
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q817606
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q819696
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB898461)


--- Startup entries list ---
Located: HK_LM:Run, Advanced Tools Check
command: C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
file: C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
size: 74696
MD5: 5da7a448ca0075f0f731ad58d5021e62

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 71280
MD5: 5712b77158fbbb5ab5aebc396e15499d

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 114688
MD5: 92a8471be66d9072941f6347a1d0879e

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\System32\igfxtray.exe
file: C:\WINDOWS\System32\igfxtray.exe
size: 155648
MD5: 96113c67d8d44ae1e35050f6be9c0680

Located: HK_LM:Run, Imonitor
command: "C:\Program Files\McAfee\QuickClean\PlgUni.exe" /START
file: C:\Program Files\McAfee\QuickClean\PlgUni.exe
size: 98304
MD5: 3c246a878620c3393d17e92baae05afd

Located: HK_LM:Run, IntelliType
command: "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
file: C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
size: 94208
MD5: b5eca5948d7f8eaa00333231f33ea31a

Located: HK_LM:Run, Intense Registry Service
command: IntEdReg.exe /CHECK
file: C:\WINDOWS\system32\IntEdReg.exe
size: 53760
MD5: 9253beee2651853cf0367254ba627505

Located: HK_LM:Run, Iomega Drive Icons
command: C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
file: C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
size: 61440
MD5: dfdfd202f0c0a29088e043bbcd71002d

Located: HK_LM:Run, Iomega Startup Options
command: C:\Program Files\Iomega\Common\ImgStart.exe
file: C:\Program Files\Iomega\Common\ImgStart.exe
size: 45056
MD5: 1808f91fa578e8572bd1a9649fabb518

Located: HK_LM:Run, Nero DriveSpeed
command: C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
file: C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
size: 282624
MD5: c6b223c38f83878396e658ca379f3337

Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, POINTER
command: point32.exe
file:

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: 4e165b34780ff2d1b405f29e3fa68df2

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 46592
MD5: d968b3259421c4a0627a62f4e0e96d6d

Located: HK_LM:Run, SSC_UserPrompt
command: C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
file: C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
size: 218240
MD5: b96c81be7b8d11710496787e5859d768

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\System32\ctfmon.exe
file: C:\WINDOWS\System32\ctfmon.exe
size: 13312
MD5: 414de7cf9d3f19c3ea902f1bb38ec116

Located: HK_CU:Run, ILO_Office_Manager
command: IntEdReg.exe /OFFMAN
file: C:\WINDOWS\system32\IntEdReg.exe
size: 53760
MD5: 9253beee2651853cf0367254ba627505

Located: HK_CU:Run, McAfee.InstantUpdate.Monitor
command: "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
file: C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
size: 122948
MD5: 4bfc3d39305984c6583a042628956d84

Located: HK_CU:Run, Play_PC_Backup
command: C:\Program Files\PC Backup\pcbackup.exe -silent
file:

Located: HK_CU:RunOnce, ARC
command: "C:\Program Files\McAfee\QuickClean\Uni.exe" /ARC:Adobe Photoshop Elements
file: C:\Program Files\McAfee\QuickClean\Uni.exe
size: 81920
MD5: ab53d1e15c6e00284abf3e9fadd2743a

Located: Startup (common), Adobe Gamma Loader.exe.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: Startup (common), WinZip Quick Pick.lnk
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 106560
MD5: 2fe253973433442c2cb234fb2bc4bf29

Located: Startup (user), SpywareGuard.lnk
command: C:\Program Files\SpywareGuard\sgmain.exe
file: C:\Program Files\SpywareGuard\sgmain.exe
size: 360448
MD5: 61c028aba5e49573a6332f4a7c744e87

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll

Located: WinLogon, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 06/08/2005 21:30:06
Date (last access): 07/08/2005 20:27:36
Date (last write): 31/05/2005 01:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 01/08/2005 20:52:56
Date (last access): 07/08/2005 20:30:00
Date (last write): 01/08/2005 20:52:56
Filesize: 1157120
Attributes: readonly archive
MD5: 8B5A0B5054E5A604E6FA6C87450C6649
CRC32: F2047595
Version: 3.0.124.6



--- ActiveX list ---
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
Path: C:\WINDOWS\System32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 03/08/2005 10:33:42
Date (last access): 07/08/2005 20:31:02
Date (last write): 03/08/2005 10:33:42
Filesize: 520456
Attributes: archive
MD5: 386D5DD972E4F6A1CF7F626751FD29F7
CRC32: 3C9940B2
Version: 1.3.265.0

{1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class)
DPF name:
CLSID name: RegUserCfgUI Class
Installer:
Codebase: http://us.dl1.yimg.com/download.yahoo.c ... egucfg.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: yregucfg.dll
Short name:
Date (created): 11/10/2004 12:21:14
Date (last access): 07/08/2005 20:31:02
Date (last write): 11/10/2004 12:21:14
Filesize: 144448
Attributes: archive
MD5: DC3F07EAF0E7483885C3F3A9540E39B1
CRC32: 3DBE30F2
Version: 2004.10.11.1

{1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class)
DPF name:
CLSID name: LSSupCtl Class
Installer: C:\WINDOWS\Downloaded Program Files\LSSupCtl.inf
Codebase: http://www.symantec.com/techsupp/asa/LSSupCtl.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: LSSupCtl.dll
Short name:
Date (created): 27/10/2004 15:10:26
Date (last access): 07/08/2005 20:31:02
Date (last write): 27/10/2004 15:10:26
Filesize: 111752
Attributes: archive
MD5: C8FEBEA460AAD5C1B6817F9676E03F78
CRC32: 807349F9
Version: 3.1.0.5

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
DPF name:
CLSID name: Symantec AntiVirus scanner
Installer: C:\WINDOWS\Downloaded Program Files\avsniff.inf
Codebase: http://security.symantec.com/sscv6/Shar ... vSniff.cab
description: Symantec online scanner
classification: Legitimate
known filename: AVSNIFF.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: avsniff.dll
Short name:
Date (created): 26/10/2004 19:14:08
Date (last access): 07/08/2005 20:31:02
Date (last write): 26/10/2004 19:14:08
Filesize: 197760
Attributes: archive
MD5: 8C505A352CE49B8BB0822D67EF8892E6
CRC32: 6768F662
Version: 2004.6.23.54

{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
Codebase: http://download.microsoft.com/download/ ... mv9VCM.CAB

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase: http://office.microsoft.com/officeupdat ... t/opuc.cab
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 27/08/2003 04:10:30
Date (last access): 07/08/2005 20:31:02
Date (last write): 27/08/2003 04:10:30
Filesize: 314368
Attributes: archive
MD5: 1E32EC4A8A17B19926B49EA5F6B79A76
CRC32: E98FC293
Version: 11.0.5626.0

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupda ... 3232885125
Path: C:\WINDOWS\System32\
Long name: wuweb.dll
Short name:
Date (created): 26/05/2005 04:19:32
Date (last access): 07/08/2005 20:31:02
Date (last write): 26/05/2005 04:19:32
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 5.8.0.2469

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf
Codebase: http://security.symantec.com/sscv6/Shar ... /cabsa.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 26/10/2004 19:14:18
Date (last access): 07/08/2005 20:31:02
Date (last write): 26/10/2004 19:14:18
Filesize: 160928
Attributes: archive
MD5: 7FC8A8D89A80ED7443F00C31AEDAC9A9
CRC32: 3EC34C3D
Version: 2004.6.23.42

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://www.pandasoftware.com/activescan/as5/asinst.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 24/06/2005 09:44:30
Date (last access): 07/08/2005 20:31:02
Date (last write): 24/06/2005 09:44:30
Filesize: 131072
Attributes: archive
MD5: 794F7D10634EF24DC4B44E5EB09F2E52
CRC32: A5BF5B5E
Version: 57.7.0.0

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupdate.microsoft.com/C ... 5934953704
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
DPF name:
CLSID name: ActiveDataInfo Class
Installer:
Codebase: https://www-secure.symantec.com/techsup ... mAData.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: SymAData.dll
Short name:
Date (created): 17/05/2004 11:05:58
Date (last access): 07/08/2005 20:31:02
Date (last write): 17/05/2004 11:05:58
Filesize: 156792
Attributes: archive
MD5: B7A28CBD0022210FD0D877C9951694F1
CRC32: C44DD1D5
Version: 2.0.0.1

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shoc ... wflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\flash\
Long name: Flash.ocx
Short name:
Date (created): 08/12/2003 15:01:58
Date (last access): 07/08/2005 20:31:02
Date (last write): 08/12/2003 15:01:58
Filesize: 933888
Attributes: archive
MD5: F7E435D02F7A48120B746E33254A70BC
CRC32: 02AF493D
Version: 7.0.19.0

{E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class)
DPF name:
CLSID name: ActiveDataObj Class
Installer:
Codebase: https://www-secure.symantec.com/techsup ... veData.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ActiveData.dll
Short name: ACTIVE~1.DLL
Date (created): 12/06/2002 14:16:22
Date (last access): 07/08/2005 20:31:02
Date (last write): 12/06/2002 14:16:22
Filesize: 112312
Attributes: archive
MD5: C0A5720A581109543B113A8BEAE7868C
CRC32: 1B08DE36
Version: 1.0.0.1

{EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\btwebcontrol.inf
Codebase: http://register.btinternet.com/template ... rol023.cab



--- Process list ---
PID: 0 ( 0) [System]
PID: 444 ( 4) \SystemRoot\System32\smss.exe
PID: 496 ( 444) \??\C:\WINDOWS\system32\csrss.exe
PID: 520 ( 444) \??\C:\WINDOWS\system32\winlogon.exe
PID: 568 ( 520) C:\WINDOWS\system32\services.exe
size: 101376
MD5: E3DF4A0252D287C44606EE55355E1623
PID: 580 ( 520) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
PID: 756 ( 568) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 816 ( 568) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 920 ( 568) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 944 ( 568) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1024 ( 568) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 235120
MD5: CDAB825C28154669AB35EA731B8E452B
PID: 1036 ( 568) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
size: 206552
MD5: 443E397643965E08C5AB6A6CAA732B97
PID: 1156 ( 568) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 255600
MD5: 620CC860890D50FD18D5D9508C5551B2
PID: 1208 (1164) C:\WINDOWS\Explorer.EXE
size: 1004032
MD5: A82B28BFC2E4455FE43022A498C0EF0A
PID: 1412 ( 568) C:\WINDOWS\system32\spoolsv.exe
size: 51200
MD5: 9B4155BA58192D4073082B8FC5D42612
PID: 1504 ( 568) C:\WINDOWS\System32\alg.exe
size: 41984
MD5: 497AEAD5ECEF9512F6B364977A5308EE
PID: 1524 ( 568) C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
size: 218736
MD5: 35AD77BDC4EE11E7FA111E4CE4026E8C
PID: 1596 ( 568) C:\Program Files\ewido\security suite\ewidoctrl.exe
size: 16448
MD5: 867D9D1FA818F8629BB7A4A26E94B06A
PID: 1672 ( 568) C:\Program Files\ewido\security suite\ewidoguard.exe
size: 163904
MD5: 13EE66A939D7C3A2ED62C967DEBD52BB
PID: 1832 ( 568) C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
size: 61440
MD5: B6E1B4A08DCCB11E374AC29DA97EDB1E
PID: 1848 (1208) C:\WINDOWS\System32\igfxtray.exe
size: 155648
MD5: 96113C67D8D44AE1E35050F6BE9C0680
PID: 1856 (1208) C:\WINDOWS\System32\hkcmd.exe
size: 114688
MD5: 92A8471BE66D9072941F6347A1D0879E
PID: 1864 (1208) C:\WINDOWS\SOUNDMAN.EXE
size: 46592
MD5: D968B3259421C4A0627A62F4E0E96D6D
PID: 1880 ( 568) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
size: 270336
MD5: 450BF05CA4F923D70605BAC8185FA7DB
PID: 1904 (1208) C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
size: 61440
MD5: DFDFD202F0C0A29088E043BBCD71002D
PID: 1976 (1208) C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
size: 94208
MD5: B5ECA5948D7F8EAA00333231F33EA31A
PID: 1984 ( 568) C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
size: 158848
MD5: 106188EE7FCE8C769DEFEC27C1EDB67C
PID: 2000 (1208) C:\Program Files\Microsoft Hardware\Mouse\point32.exe
size: 176128
MD5: 44FCD222D8A4BCFF2C944C081AEAD78C
PID: 2020 (1208) C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
size: 282624
MD5: C6B223C38F83878396E658CA379F3337
PID: 120 (1208) C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: 4E165B34780FF2D1B405F29E3FA68DF2
PID: 192 (1208) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 71280
MD5: 5712B77158FBBB5AB5AEBC396E15499D
PID: 180 ( 568) C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
size: 135168
MD5: 4914A155F9B73317B14F94BBA4A79639
PID: 460 ( 568) C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
size: 194272
MD5: DE337E8649E1970C5663999457A9352F
PID: 776 ( 568) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 992 (1208) C:\Program Files\McAfee\QuickClean\PlgUni.exe
size: 98304
MD5: 3C246A878620C3393D17E92BAAE05AFD
PID: 628 ( 568) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 585728
MD5: 94D3C8257776019A7A96AF69F62BA509
PID: 1176 (1208) C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
size: 122948
MD5: 4BFC3D39305984C6583A042628956D84
PID: 1320 (1208) C:\WINDOWS\System32\ctfmon.exe
size: 13312
MD5: 414DE7CF9D3F19C3EA902F1BB38EC116
PID: 1632 (1076) C:\Program Files\Intense Language Office\COMMON\Offman.exe
size: 521216
MD5: 26BEF3876BD1274E96A70EA504F158AB
PID: 2132 (1208) C:\Program Files\WinZip\WZQKPICK.EXE
size: 106560
MD5: 2FE253973433442C2CB234FB2BC4BF29
PID: 2204 (1208) C:\Program Files\SpywareGuard\sgmain.exe
size: 360448
MD5: 61C028ABA5E49573A6332F4A7C744E87
PID: 2356 (2204) C:\Program Files\SpywareGuard\sgbhp.exe
size: 233472
MD5: A80D0704537C0EF97DB2BEF24B99AF1A
PID: 2572 (1976) C:\Program Files\Internet Explorer\iexplore.exe
size: 91136
MD5: 418D301C3B1FA94B19584AEEB3D65166
PID: 3592 (1208) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 3484 ( 756) C:\Program Files\Messenger\msmsgs.exe
size: 1511453
MD5: 1E455B08870D4AC3BB6AB5968603E8AF
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 07/08/2005 20:55:40

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://ie.search.msn.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/keyword/%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E82FE74D-F547-44CB-902B-AE6DBCF40C48}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E82FE74D-F547-44CB-902B-AE6DBCF40C48}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{623A92A2-68A4-4CA9-B2C9-AEE4BBA7ADC7}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{623A92A2-68A4-4CA9-B2C9-AEE4BBA7ADC7}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0F429A46-BBE6-4998-B734-7B99804B4109}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0F429A46-BBE6-4998-B734-7B99804B4109}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{40247DF5-2890-469D-9D6D-BC49F8685E75}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{40247DF5-2890-469D-9D6D-BC49F8685E75}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1EB20BB5-3C13-468E-AADF-4E3D125DBD3C}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1EB20BB5-3C13-468E-AADF-4E3D125DBD3C}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A11F12AD-5D92-4572-93D6-A1429841FD3E}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A11F12AD-5D92-4572-93D6-A1429841FD3E}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace



--- Uninstall list ---
a-squared free 1.5.1 1.5.1 (a-squared free_is1)
install location: C:\Program Files\a2 free\
uninstall cmd: "C:\Program Files\a2 free\unins000.exe"
publisher: Emsi Software GmbH
help link: http://forum.emsisoft.com

Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Adobe Photoshop Elements 1.0 (Adobe Photoshop Elements 1.0)
version (major): 6
install location: C:\Program Files\Adobe\Photoshop Elements
install source: D:\English\Adobe Photoshop Elements\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"
publisher: Adobe Systems, Inc.

Adobe SVG Viewer 1.0 (Adobe SVG Viewer)
version (major): 1
install location: C:\WINDOWS\System32\Adobe\SVG Viewer
install source: D:\English\Adobe Photoshop Elements\SVG\
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
publisher: Adobe Systems, Inc.

Advanced Tools (Advanced Tools)

(Branding)

Complete Internet Cleanup Pro (Complete Internet Cleanup Pro)
uninstall cmd: C:\Program Files\cicpb\uninst.exe
publisher: PC Mesh

Complete Internet Cleanup Pro Beta (Complete Internet Cleanup Pro Beta)
uninstall cmd: C:\Program Files\cicpb\uninst.exe
publisher: PC Mesh

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

EPSON Photo Print (EPSON Photo Print)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Photo Print\Uninst.isu"

ewido security suite (ewidosecuritysuite)
install location: C:\Program Files\ewido\security suite
uninstall cmd: C:\Program Files\ewido\security suite\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

(Fontcore)

GraphicView 32 (GraphicView 32)
uninstall cmd: C:\PROGRA~1\GRAPHI~1\UNWISE.EXE C:\PROGRA~1\GRAPHI~1\INSTALL.LOG

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\unzipped\hijackthis[1]\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

Intense Language Office (Intense Language Office)
uninstall cmd: C:\Program Files\Intense Language Office\Common\Uninst.exe

Internet Update (Internet Update)
uninstall cmd: uninstIU.exe

Iomega App Services (Iomega App Services)
uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\System32\uninstal.log

IomegaWare (IomegaWare)
uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\uninstal.log

Windows XP Hotfix - KB810217 20030806.140405 (KB810217)
uninstall cmd: C:\WINDOWS\$NtUninstallKB810217$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=810217

Windows XP Hotfix - KB821557 20030611.134342 (KB821557)
uninstall cmd: C:\WINDOWS\$NtUninstallKB821557$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=821557

Windows XP Hotfix - KB823182 20030724.164017 (KB823182)
uninstall cmd: C:\WINDOWS\$NtUninstallKB823182$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=823182

Windows XP Hotfix - KB823559 20030701.220428 (KB823559)
uninstall cmd: C:\WINDOWS\$NtUninstallKB823559$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=823559

Windows XP Hotfix - KB823980 20030705.121219 (KB823980)
uninstall cmd: C:\WINDOWS\$NtUninstallKB823980$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=823980

Windows XP Hotfix - KB824105 20030724.164839 (KB824105)
uninstall cmd: C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=824105

Windows XP Hotfix - KB824141 20030925.103600 (KB824141)
uninstall cmd: C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=824141

Windows XP Hotfix - KB824146 20030825.150526 (KB824146)
uninstall cmd: C:\WINDOWS\$NtUninstallKB824146$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=824146

Windows XP Hotfix - KB825119 20030828.113916 (KB825119)
uninstall cmd: C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=825119

Windows XP Hotfix - KB828028 20030919.121052 (KB828028)
uninstall cmd: C:\WINDOWS\$NtUninstallKB828028$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828028

Windows XP Hotfix - KB828035 20031003.162415 (KB828035)
uninstall cmd: C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828035

Windows XP Hotfix - KB828741 20040305.182309 (KB828741)
uninstall cmd: C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828741

Windows XP Hotfix - KB833987 20040308.224628 (KB833987)
uninstall cmd: C:\WINDOWS\$NtUninstallKB833987$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=833987

Windows XP Hotfix - KB835732 20040329.175541 (KB835732)
uninstall cmd: C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=835732

Windows XP Hotfix - KB837001 20040317.230926 (KB837001)
uninstall cmd: C:\WINDOWS\$NtUninstallKB837001$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=837001

Windows XP Hotfix - KB839643 20040512.154803 (KB839643)
uninstall cmd: C:\WINDOWS\$NtUninstallKB839643$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=839643

Windows XP Hotfix - KB839645 20040630.164542 (KB839645)
uninstall cmd: C:\WINDOWS\$NtUninstallKB839645$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=839645

Windows XP Hotfix - KB840315 20040622.172631 (KB840315)
uninstall cmd: C:\WINDOWS\$NtUninstallKB840315$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=840315

Windows XP Hotfix - KB840374 20040416.100205 (KB840374)
uninstall cmd: C:\WINDOWS\$NtUninstallKB840374$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=840374

Windows XP Hotfix - KB840987 20040927.095912 (KB840987)
uninstall cmd: C:\WINDOWS\$NtUninstallKB840987$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=840987

Windows XP Hotfix - KB841356 20040929.102221 (KB841356)
uninstall cmd: C:\WINDOWS\$NtUninstallKB841356$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=841356

Windows XP Hotfix - KB841533 20040927.100142 (KB841533)
uninstall cmd: C:\WINDOWS\$NtUninstallKB841533$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=841533

Windows XP Hotfix - KB841873 20040608.144346 (KB841873)
uninstall cmd: C:\WINDOWS\$NtUninstallKB841873$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=841873

Windows XP Hotfix - KB842773 20040701.144218 (KB842773)
uninstall cmd: C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=842773

Microsoft Data Access Components KB870669 (KB870669)
uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB870669

Windows XP Hotfix - KB873339 20041117.094106 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

Windows XP Hotfix - KB873376 20040923.181029 (KB873376)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873376$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873376

(KB884016)

Windows XP Hotfix - KB885835 20041027.181751 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.161024 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB889293 20041111.235619 (KB889293-IE6SP1-20041111.235619)
uninstall cmd: C:\WINDOWS\$NtUninstallKB889293-IE6SP1-20041111.235619$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=889293

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB898461) 1 (KB898461)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

LiveReg (Symantec Corporation) 2.4.2.2295 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
publisher: Symantec Corporation

LiveUpdate 2.6 (Symantec Corporation) 2.6.14.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

(MobileOptionPack)

Ahead InCD EasyWrite Reader (MRW!UninstallKey)
uninstall cmd: C:\WINDOWS\UNMrw.exe /UNINSTALL

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

Ahead NeroVision Express (NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL

(NetMeeting)

Outlook Express Q823353 (oeupdate)
uninstall cmd: C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q823353.inf

(OutlookExpress)

PC Backup (PC Backup_is1)
install location: C:\Program Files\PC Backup\
uninstall cmd: "C:\Program Files\PC Backup\unins000.exe"

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

PF 1260 1660 2400 Guide (PF 1260 1660 2400 Guide)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\PROGRAMF\EPSON\PF 1260 1660 2400\DeIsL1.isu"

Windows XP Hotfix (SP2) Q328310 20021122.122733 (Q328310)
uninstall cmd: C:\WINDOWS\$NtUninstallQ328310$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q328310 at http://support.microsoft.com

Windows XP Hotfix (SP2) [See Q329048 for more information] (Q329048)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329048$\spuninst\spuninst.exe

Windows XP Hotfix (SP2) [See Q329115 for more information] (Q329115)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe

Windows XP Hotfix (SP2) Q329170 20030102.120145 (Q329170)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q329170 at http://support.microsoft.com

Windows XP Hotfix (SP2) [See Q329390 for more information] (Q329390)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329390$\spuninst\spuninst.exe

Windows XP Hotfix (SP2) Q329441 20021114.125038 (Q329441)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329441$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q329441 at http://support.microsoft.com

Windows XP Hotfix (SP2) [See Q329834 for more information] (Q329834)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329834$\spuninst\spuninst.exe

Windows XP Hotfix (SP2) Q331953 20021107.174736 (Q331953)
uninstall cmd: C:\WINDOWS\$NtUninstallQ331953$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q331953 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q810565 20021127.115011 (Q810565)
uninstall cmd: C:\WINDOWS\$NtUninstallQ810565$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q810565 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q810577 20021118.135247 (Q810577)
uninstall cmd: C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q810577 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q810833 20021203.201545 (Q810833)
uninstall cmd: C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q810833 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q811493 20030424.101451 (Q811493)
uninstall cmd: C:\WINDOWS\$NtUninstallQ811493$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811493

Windows XP Hotfix (SP2) Q814033 20030131.164620 (Q814033)
uninstall cmd: C:\WINDOWS\$NtUninstallQ814033$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q814033 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q815021 20030501.165608 (Q815021)
uninstall cmd: C:\WINDOWS\$NtUninstallQ815021$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=815021

Windows XP Hotfix (SP2) Q817287 20030325.164011 (Q817287)
uninstall cmd: C:\WINDOWS\$NtUninstallQ817287$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=817287

Windows XP Hotfix (SP2) Q817606 20030331.103753 (Q817606)
uninstall cmd: C:\WINDOWS\$NtUninstallQ817606$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=817606

Windows XP Hotfix (SP2) Q819696 20030513.102848 (Q819696)
uninstall cmd: C:\WINDOWS\$NtUninstallQ819696$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=819696

Windows Media Player Hotfix [See wm828026 for more information] (Q828026)
uninstall cmd: C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe
publisher: Microsoft Corporation

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log

Reference Manager 9 (Reference Manager 9)
uninstall cmd: C:\PROGRA~1\REFERE~1\UNWISE.EXE C:\PROGRA~1\REFERE~1\INSTALL.LOG

(SchedulingAgent)

(Sevinst)

(ShockwaveFlash)

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

SpywareBlaster v3.4 3.4.0 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC

SpywareGuard v2.2 2.2 (SpywareGuard_is1)
uninstall cmd: "C:\Program Files\SpywareGuard\unins000.exe"
publisher: Javacool Software LLC

StatView (StatViewDeinstKey)
uninstall cmd: C:\WINDOWS\uninst.exe -fC:\StatView\DeIsL1.isu

Norton Internet Security Professional (Symantec Corporation) 7.0.3.8 (SymSetup.{AED74EFF-83ED-4ed6-8413-285C24BCEB6E})
install location: C:\Program Files\Norton Internet Security Professional
install source: D:
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\SymSetup\{AED74EFF-83ED-4ed6-8413-285C24BCEB6E}.exe /X
publisher: Symantec Corporation

WinZip 8.1 SR-1 (5266) (WinZip)
version (major): 8
version (minor): 1
install location: C:\PROGRA~1\WINZIP\
uninstall cmd: "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
publisher: WinZip Computing, Inc.
help link: http://www.winzip.com/xsupport.htm

({11E83B33-972B-4512-A447-FF0FD0246EE9})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9

Windows Installer Clean Up 2.05.00.0000 ({121634B0-2F4A-11D3-ADA3-00C04F52DD53})
version: 33882112
version (major): 2
version (minor): 5
estimated size: 129
install date: 20041204
uninstall cmd: MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
publisher: Microsoft Corporation

Norton Internet Security 7.0.3.8 ({12E2B9E9-05B1-407d-B0FD-B5F350535125})
version: 117440515
version (major): 7
estimated size: 4815
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
publisher: Symantec Corporation

Norton WMI Update 2005.1.2.20 ({1526D87C-A955-4FAB-BF18-697BA457E352})
version (major): 2005
version (minor): 1
estimated size: 2080
install date: 20041204
uninstall cmd: MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
publisher: Symantec Corporation

Microsoft IntelliPoint 4.1 4.10.0851 ({1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F})
version: 67765075
version (major): 4
version (minor): 10
estimated size: 6052
install date: 20030714
install source: d:\mouse\Setup\
publisher: Microsoft Corporation
help link: http://microsoft.com/support
help telephone:

Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

({23EFDB58-0874-4883-9810-EDA510B19FAE})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9

({27B9131D-CEFA-42C5-8D7D-56EFD80BAA25})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27B9131D-CEFA-42C5-8D7D-56EFD80BAA25}\setup.exe" -l0x9

({2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9

({2BFBC62A-3353-443D-93BE-7AC641D9F342})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9

WebFldrs XP 9.50.6513 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2508
install date: 20030705
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

Norton AntiSpam 2004.1.0.147 ({3B29A786-5803-4e9e-9B58-3014A5B4E519})
version (major): 2004
version (minor): 1
estimated size: 1166
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
publisher: Symantec Corporation

Norton Internet Security Professional 7.0.3.8 ({449F3A9E-9903-4a0d-A209-08030D45A935})
version: 117440515
version (major): 7
estimated size: 1073
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
publisher: Symantec Corporation

Norton Internet Security 7.0.3.8 ({48185814-A224-447a-81DA-71BD20580E1B})
version: 117440515
version (major): 7
estimated size: 2589
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
publisher: Symantec Corporation

Norton Internet Security 7.0.3.8 ({526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F})
version: 117440515
version (major): 7
estimated size: 1731
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
publisher: Symantec Corporation

Norton AntiSpam 2004.1.0.147 ({5677563D-0CB1-485f-9E18-C5025306BB3F})
version (major): 2004
version (minor): 1
estimated size: 2802
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
publisher: Symantec Corporation

Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91})
version: 16974078
version (major): 1
version (minor): 3
estimated size: 519
install date: 20050805
uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
publisher: Microsoft
comments: Your Comments
contact: Customer Support Department
help link: http://www.microsoft.com/genuine/downlo ... .aspx/help
help telephone: 1-425.882.8080

EPSON Smart Panel ({6C11D561-620B-47DA-A693-4C597F3CDF40})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\setup.exe" -l0x9 Uninstall

Intel(R) 82845G Graphics Driver Software ({8A708DD8-A5E6-11D4-A706-000629E95E20})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A708DD8-A5E6-11D4-A706-000629E95E20}\Setup.exe" -inteluninstall

Microsoft Office XP Media Content 10.0.2619.0 ({90300409-6000-11D3-8CFE-0050048383C9})
version: 167774779
version (major): 10
estimated size: 625193
install date: 20030714
install location: INSTALLLOCATION
install source: D:\
uninstall cmd: MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: ARPREADMESETTING

Microsoft Office XP Professional 10.0.3520.0 ({91110409-6000-11D3-8CFE-0050048383C9})
version: 167775680
version (major): 10
estimated size: 542529
install date: 20030924
install source: D:\
uninstall cmd: MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM

Microsoft Publisher 2002 10.0.2627.01 ({91190409-6000-11D3-8CFE-0050048383C9})
version: 167774787
version (major): 10
estimated size: 344747
install date: 20040615
install location: INSTALLLOCATION
install source: D:\
uninstall cmd: MsiExec.exe /I{91190409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM

Norton Internet Security 7.0.3.8 ({91AA4B1F-B918-4e0b-A304-F8D4EC5D7726})
version: 117440515
version (major): 7
estimated size: 385
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
publisher: Symantec Corporation

McAfee QuickClean 3.02.6000 ({951DA770-6E72-11D6-B279-0010A4C6B25D})
version: 50336648
version (major): 3
estimated size: 42451
install date: 20030721
install source: D:\Qcl\
uninstall cmd: MsiExec.exe /I{951DA770-6E72-11D6-B279-0010A4C6B25D}
publisher: McAfee Consumer Division
contact: techsupport@mcafeehelp.com
help link: http://www.mcafee-at-home.com/support/default.asp
help telephone: (972) 855-2500
readme: C:\Program Files\McAfee\QuickClean\README.TXT

Intel Application Accelerator ({9984DF60-1C5B-11D3-ACA1-908A4FC10801})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST

EPSON TWAIN 5 ({9A3EABC0-CA06-11D4-BF77-00104B130C19})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\setup.exe" -l0x9 UNINSTALL

Microsoft IntelliType Pro 2.2 2.20.447.0 ({9DE006A5-B384-4EDE-A760-0F217136B9EA})
version: 34865599
version (major): 2
version (minor): 20
estimated size: 6697
install date: 20030714
install source: d:\keyboard\Setup\
publisher: Microsoft
help link: http://microsoft.com/support
help telephone:

CC_ccProxyMSI 2.1.1.700 ({A398F2DC-D706-4bb2-AC38-5532CD229D08})
version: 33619969
version (major): 2
version (minor): 1
estimated size: 1745
install date: 20041204
install source: D:\Support\Proxy\
uninstall cmd: MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
publisher: Symantec

Nero - Burning Rom 5.5.9 ({A4D7B764-4140-11D4-88EB-0050DA3579C0})
version: 84213769
version (major): 5
version (minor): 5
estimated size: 45261
install date: 20030714
install source: D:\NeroExpress55\
uninstall cmd: MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
publisher: ahead software gmbh
contact: Hotline
help link: http://www.nero.com
help telephone:

Adobe Acrobat 7.0.1 and Reader 7.0.1 Update 7.0.2 ({AC76BA86-0000-7EC8-7489-000000000702})
version: 117440514
version (major): 7
estimated size: 1841
install date: 20050425
install source: C:\Program Files\Adobe\{0C55731F-7B21-4936-839A-BA09B2EAED59}\
uninstall cmd: MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000702}
publisher: Adobe Systems
comments: Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-800-833-6687

Adobe Reader 7.0 7.0.0 ({AC76BA86-7AD7-1033-7B44-A70000000000})
version: 117440512
version (major): 7
estimated size: 63195
install date: 20050424
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

Norton Internet Security Professional 7.0.3.8 ({AED74EFF-83ED-4ed6-8413-285C24BCEB6E})
version: 117440515
version (major): 7
estimated size: 4402
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{AED74EFF-83ED-4ed6-8413-285C24BCEB6E}
publisher: Symantec Corporation

({B100B05B-E290-41EF-9366-8BC4C76D7769})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9

({B14F9B26-D695-4C4A-8B11-0FE6CDCC797B})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL
Mojo
Regular Member
 
Posts: 50
Joined: July 4th, 2005, 7:34 am

Unread postby Middle Of Nowhere » August 7th, 2005, 4:18 pm

Hi

Bear with us this one seam to have more lives than a alley cat :D

With regarding SP2 you should download it and install, it will improve your security of XP.

Also could you tell me if you have multiple user accounts setup in XP?

Thanks
User avatar
Middle Of Nowhere
Retired Graduate
 
Posts: 677
Joined: May 30th, 2005, 2:08 pm
Location: Derbyshire, UK

Unread postby Mojo » August 7th, 2005, 4:33 pm

I am the only user of the computer. However, when I clicked on "user accounts" I noted that I am logged in as administrator and for some reason "guest account" is turned on too.

I will certainly download SP2 but I thought I'd get clear of this bug first in case I came a cropper with the downloading and add to the confusion.

Incidentally I can't see the HJT log on my latest return to you. If it went missing and you need it please let ne know.

Mojo
Mojo
Regular Member
 
Posts: 50
Joined: July 4th, 2005, 7:34 am

Unread postby Middle Of Nowhere » August 8th, 2005, 1:56 pm

Hi Mojo :)

First we need to disable the guest account on your computer.
To do this follow the below instructions:

Press Start
Select Control Panel
Click on User Accounts
Click on Guest Account
Select Turn off the guest account
When finished it will tell you it's turn off in the user account area.
Make sure your adminatrator
Close all windows

Now you'll need to follow the next set of instructions:

Step 1.
==========
Download Registrar Lite from here

Put it in its own folder. You may want to keep this program. It is an excellent free, registry editor.

Next:

Backup your Registry...
- Press "CTRL - ALT - DEL" keys all at the same time to start "Task Manager"
- In the Task Manager window click on "File", then from the drop-down menu select "New Task (Run...)"
- In the "Create New Task" window enter\type "regedit" (without quotes)
- Once Regedit opens click on the FILE menu and select Export
- Save the file as backup. Save the file somewhere you will remember and not delete.
IMPORTANT: make sure to set the export range to ALL

Step 2.
==========
Copy and paste the follow text into the address bar, then hit 'Go':

HKEY_USERS\S-1-5-21-220523388-152049171-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

In the pane on the right are the values associated with that key.
We want to remove these:

awmdabest.com
s13.tempx.cc
trackhits.cc
tracktraff.cc
vparivalka.com
vv7.al.57e.net
win-eto.com


Right click on it, and select delete.
If you get a confirmation question, respond OK

When you have removed the above:
- Close Registry and reboot computer

When completed can you please post a new spybot log and HJT log

Thank you
User avatar
Middle Of Nowhere
Retired Graduate
 
Posts: 677
Joined: May 30th, 2005, 2:08 pm
Location: Derbyshire, UK

Unread postby Mojo » August 8th, 2005, 4:30 pm

Hello Out of This World

Well - I followed what you said and as you can see the Spybot search then became clear. Great! I also attach a new HJT log. The Registrar Lite tool is interesting but I noted a few dubiously sounding values that seemed to be associated with adult sites [sex, gambling, drugs] [which I don't visit]. However, I've only removed the seven values that you instructed me to do.
Mojo

--- Search result list ---
Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-08-06 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2005-07-29 Includes\Dialer.sbi (*)
2005-08-04 Includes\Hijackers.sbi (*)
2005-06-23 Includes\Keyloggers.sbi (*)
2005-08-04 Includes\Malware.sbi (*)
2005-08-04 Includes\PUPS.sbi (*)
2003-11-12 Includes\QA Tests.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-08-02 Includes\Security.sbi (*)
2005-08-04 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-08-04 Includes\Trojans.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 1
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security update for Microsoft Data Access Components
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB889293
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player: Windows Media Update 828026
/ Windows XP / SP2: Windows XP Hotfix - KB810217
/ Windows XP / SP2: Windows XP Hotfix - KB821557
/ Windows XP / SP2: Windows XP Hotfix - KB823182
/ Windows XP / SP2: Windows XP Hotfix - KB823559
/ Windows XP / SP2: Windows XP Hotfix - KB823980
/ Windows XP / SP2: Windows XP Hotfix - KB824105
/ Windows XP / SP2: Windows XP Hotfix - KB824141
/ Windows XP / SP2: Windows XP Hotfix - KB824146
/ Windows XP / SP2: Windows XP Hotfix - KB825119
/ Windows XP / SP2: Windows XP Hotfix - KB828028
/ Windows XP / SP2: Windows XP Hotfix - KB828035
/ Windows XP / SP2: Windows XP Hotfix - KB828741
/ Windows XP / SP2: Windows XP Hotfix - KB833987
/ Windows XP / SP2: Windows XP Hotfix - KB835732
/ Windows XP / SP2: Windows XP Hotfix - KB837001
/ Windows XP / SP2: Windows XP Hotfix - KB839643
/ Windows XP / SP2: Windows XP Hotfix - KB839645
/ Windows XP / SP2: Windows XP Hotfix - KB840315
/ Windows XP / SP2: Windows XP Hotfix - KB840374
/ Windows XP / SP2: Windows XP Hotfix - KB840987
/ Windows XP / SP2: Windows XP Hotfix - KB841356
/ Windows XP / SP2: Windows XP Hotfix - KB841533
/ Windows XP / SP2: Windows XP Hotfix - KB841873
/ Windows XP / SP2: Windows XP Hotfix - KB842773
/ Windows XP / SP2: Windows XP Hotfix - KB873376
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q323255 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q328310
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329048 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329115 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329170
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329390 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329441
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329834 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q331953
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810565
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810577
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810833
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q811493
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q811630
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q814033
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q815021
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q817287
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q817606
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q819696
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB898461)


--- Startup entries list ---
Located: HK_LM:Run, Advanced Tools Check
command: C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
file: C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
size: 74696
MD5: 5da7a448ca0075f0f731ad58d5021e62

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 71280
MD5: 5712b77158fbbb5ab5aebc396e15499d

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 114688
MD5: 92a8471be66d9072941f6347a1d0879e

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\System32\igfxtray.exe
file: C:\WINDOWS\System32\igfxtray.exe
size: 155648
MD5: 96113c67d8d44ae1e35050f6be9c0680

Located: HK_LM:Run, Imonitor
command: "C:\Program Files\McAfee\QuickClean\PlgUni.exe" /START
file: C:\Program Files\McAfee\QuickClean\PlgUni.exe
size: 98304
MD5: 3c246a878620c3393d17e92baae05afd

Located: HK_LM:Run, IntelliType
command: "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
file: C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
size: 94208
MD5: b5eca5948d7f8eaa00333231f33ea31a

Located: HK_LM:Run, Intense Registry Service
command: IntEdReg.exe /CHECK
file: C:\WINDOWS\system32\IntEdReg.exe
size: 53760
MD5: 9253beee2651853cf0367254ba627505

Located: HK_LM:Run, Iomega Drive Icons
command: C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
file: C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
size: 61440
MD5: dfdfd202f0c0a29088e043bbcd71002d

Located: HK_LM:Run, Iomega Startup Options
command: C:\Program Files\Iomega\Common\ImgStart.exe
file: C:\Program Files\Iomega\Common\ImgStart.exe
size: 45056
MD5: 1808f91fa578e8572bd1a9649fabb518

Located: HK_LM:Run, Nero DriveSpeed
command: C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
file: C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
size: 282624
MD5: c6b223c38f83878396e658ca379f3337

Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, POINTER
command: point32.exe
file:

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: 4e165b34780ff2d1b405f29e3fa68df2

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 46592
MD5: d968b3259421c4a0627a62f4e0e96d6d

Located: HK_LM:Run, SSC_UserPrompt
command: C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
file: C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
size: 218240
MD5: b96c81be7b8d11710496787e5859d768

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\System32\ctfmon.exe
file: C:\WINDOWS\System32\ctfmon.exe
size: 13312
MD5: 414de7cf9d3f19c3ea902f1bb38ec116

Located: HK_CU:Run, ILO_Office_Manager
command: IntEdReg.exe /OFFMAN
file: C:\WINDOWS\system32\IntEdReg.exe
size: 53760
MD5: 9253beee2651853cf0367254ba627505

Located: HK_CU:Run, McAfee.InstantUpdate.Monitor
command: "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
file: C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
size: 122948
MD5: 4bfc3d39305984c6583a042628956d84

Located: HK_CU:Run, Play_PC_Backup
command: C:\Program Files\PC Backup\pcbackup.exe -silent
file:

Located: HK_CU:RunOnce, ARC
command: "C:\Program Files\McAfee\QuickClean\Uni.exe" /ARC:Adobe Photoshop Elements
file: C:\Program Files\McAfee\QuickClean\Uni.exe
size: 81920
MD5: ab53d1e15c6e00284abf3e9fadd2743a

Located: Startup (common), Adobe Gamma Loader.exe.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: Startup (common), WinZip Quick Pick.lnk
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 106560
MD5: 2fe253973433442c2cb234fb2bc4bf29

Located: Startup (user), SpywareGuard.lnk
command: C:\Program Files\SpywareGuard\sgmain.exe
file: C:\Program Files\SpywareGuard\sgmain.exe
size: 360448
MD5: 61c028aba5e49573a6332f4a7c744e87

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll

Located: WinLogon, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 06/08/2005 21:30:06
Date (last access): 08/08/2005 21:09:28
Date (last write): 31/05/2005 01:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 01/08/2005 20:52:56
Date (last access): 08/08/2005 21:09:28
Date (last write): 01/08/2005 20:52:56
Filesize: 1157120
Attributes: readonly archive
MD5: 8B5A0B5054E5A604E6FA6C87450C6649
CRC32: F2047595
Version: 3.0.124.6



--- ActiveX list ---
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
Path: C:\WINDOWS\System32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 03/08/2005 10:33:42
Date (last access): 08/08/2005 21:12:44
Date (last write): 03/08/2005 10:33:42
Filesize: 520456
Attributes: archive
MD5: 386D5DD972E4F6A1CF7F626751FD29F7
CRC32: 3C9940B2
Version: 1.3.265.0

{1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class)
DPF name:
CLSID name: RegUserCfgUI Class
Installer:
Codebase: http://us.dl1.yimg.com/download.yahoo.c ... egucfg.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: yregucfg.dll
Short name:
Date (created): 11/10/2004 12:21:14
Date (last access): 08/08/2005 20:51:24
Date (last write): 11/10/2004 12:21:14
Filesize: 144448
Attributes: archive
MD5: DC3F07EAF0E7483885C3F3A9540E39B1
CRC32: 3DBE30F2
Version: 2004.10.11.1

{1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class)
DPF name:
CLSID name: LSSupCtl Class
Installer: C:\WINDOWS\Downloaded Program Files\LSSupCtl.inf
Codebase: http://www.symantec.com/techsupp/asa/LSSupCtl.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: LSSupCtl.dll
Short name:
Date (created): 27/10/2004 15:10:26
Date (last access): 08/08/2005 20:51:24
Date (last write): 27/10/2004 15:10:26
Filesize: 111752
Attributes: archive
MD5: C8FEBEA460AAD5C1B6817F9676E03F78
CRC32: 807349F9
Version: 3.1.0.5

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
DPF name:
CLSID name: Symantec AntiVirus scanner
Installer: C:\WINDOWS\Downloaded Program Files\avsniff.inf
Codebase: http://security.symantec.com/sscv6/Shar ... vSniff.cab
description: Symantec online scanner
classification: Legitimate
known filename: AVSNIFF.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: avsniff.dll
Short name:
Date (created): 26/10/2004 19:14:08
Date (last access): 08/08/2005 20:51:24
Date (last write): 26/10/2004 19:14:08
Filesize: 197760
Attributes: archive
MD5: 8C505A352CE49B8BB0822D67EF8892E6
CRC32: 6768F662
Version: 2004.6.23.54

{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
Codebase: http://download.microsoft.com/download/ ... mv9VCM.CAB

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase: http://office.microsoft.com/officeupdat ... t/opuc.cab
Path: C:\WINDOWS\
Long name: opuc.dll
Short name:
Date (created): 27/08/2003 04:10:30
Date (last access): 08/08/2005 20:52:38
Date (last write): 27/08/2003 04:10:30
Filesize: 314368
Attributes: archive
MD5: 1E32EC4A8A17B19926B49EA5F6B79A76
CRC32: E98FC293
Version: 11.0.5626.0

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupda ... 3232885125
Path: C:\WINDOWS\System32\
Long name: wuweb.dll
Short name:
Date (created): 26/05/2005 04:19:32
Date (last access): 08/08/2005 21:12:44
Date (last write): 26/05/2005 04:19:32
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 5.8.0.2469

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
DPF name:
CLSID name: Symantec RuFSI Utility Class
Installer: C:\WINDOWS\Downloaded Program Files\CabSA.inf
Codebase: http://security.symantec.com/sscv6/Shar ... /cabsa.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: rufsi.dll
Short name:
Date (created): 26/10/2004 19:14:18
Date (last access): 08/08/2005 20:51:24
Date (last write): 26/10/2004 19:14:18
Filesize: 160928
Attributes: archive
MD5: 7FC8A8D89A80ED7443F00C31AEDAC9A9
CRC32: 3EC34C3D
Version: 2004.6.23.42

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://www.pandasoftware.com/activescan/as5/asinst.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 24/06/2005 09:44:30
Date (last access): 08/08/2005 20:51:24
Date (last write): 24/06/2005 09:44:30
Filesize: 131072
Attributes: archive
MD5: 794F7D10634EF24DC4B44E5EB09F2E52
CRC32: A5BF5B5E
Version: 57.7.0.0

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupdate.microsoft.com/C ... 5934953704
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
DPF name:
CLSID name: ActiveDataInfo Class
Installer:
Codebase: https://www-secure.symantec.com/techsup ... mAData.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: SymAData.dll
Short name:
Date (created): 17/05/2004 11:05:58
Date (last access): 08/08/2005 20:51:24
Date (last write): 17/05/2004 11:05:58
Filesize: 156792
Attributes: archive
MD5: B7A28CBD0022210FD0D877C9951694F1
CRC32: C44DD1D5
Version: 2.0.0.1

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shoc ... wflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\flash\
Long name: Flash.ocx
Short name:
Date (created): 08/12/2003 15:01:58
Date (last access): 08/08/2005 21:12:46
Date (last write): 08/12/2003 15:01:58
Filesize: 933888
Attributes: archive
MD5: F7E435D02F7A48120B746E33254A70BC
CRC32: 02AF493D
Version: 7.0.19.0

{E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class)
DPF name:
CLSID name: ActiveDataObj Class
Installer:
Codebase: https://www-secure.symantec.com/techsup ... veData.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ActiveData.dll
Short name: ACTIVE~1.DLL
Date (created): 12/06/2002 14:16:22
Date (last access): 08/08/2005 20:51:24
Date (last write): 12/06/2002 14:16:22
Filesize: 112312
Attributes: archive
MD5: C0A5720A581109543B113A8BEAE7868C
CRC32: 1B08DE36
Version: 1.0.0.1

{EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\btwebcontrol.inf
Codebase: http://register.btinternet.com/template ... rol023.cab



--- Process list ---
PID: 0 ( 0) [System]
PID: 436 ( 4) \SystemRoot\System32\smss.exe
PID: 492 ( 436) \??\C:\WINDOWS\system32\csrss.exe
PID: 516 ( 436) \??\C:\WINDOWS\system32\winlogon.exe
PID: 560 ( 516) C:\WINDOWS\system32\services.exe
size: 101376
MD5: E3DF4A0252D287C44606EE55355E1623
PID: 572 ( 516) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
PID: 736 ( 560) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 780 ( 560) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 848 ( 560) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 864 ( 560) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1000 ( 560) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 235120
MD5: CDAB825C28154669AB35EA731B8E452B
PID: 1112 (1092) C:\WINDOWS\Explorer.EXE
size: 1004032
MD5: A82B28BFC2E4455FE43022A498C0EF0A
PID: 1124 ( 560) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
size: 206552
MD5: 443E397643965E08C5AB6A6CAA732B97
PID: 1184 ( 560) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 255600
MD5: 620CC860890D50FD18D5D9508C5551B2
PID: 1372 ( 560) C:\WINDOWS\system32\spoolsv.exe
size: 51200
MD5: 9B4155BA58192D4073082B8FC5D42612
PID: 1508 ( 560) C:\WINDOWS\System32\alg.exe
size: 41984
MD5: 497AEAD5ECEF9512F6B364977A5308EE
PID: 1564 ( 560) C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
size: 218736
MD5: 35AD77BDC4EE11E7FA111E4CE4026E8C
PID: 1608 ( 560) C:\Program Files\ewido\security suite\ewidoctrl.exe
size: 16448
MD5: 867D9D1FA818F8629BB7A4A26E94B06A
PID: 1660 ( 560) C:\Program Files\ewido\security suite\ewidoguard.exe
size: 163904
MD5: 13EE66A939D7C3A2ED62C967DEBD52BB
PID: 1712 ( 560) C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
size: 61440
MD5: B6E1B4A08DCCB11E374AC29DA97EDB1E
PID: 1736 ( 560) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
size: 270336
MD5: 450BF05CA4F923D70605BAC8185FA7DB
PID: 1764 ( 560) C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
size: 158848
MD5: 106188EE7FCE8C769DEFEC27C1EDB67C
PID: 1828 ( 560) C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
size: 135168
MD5: 4914A155F9B73317B14F94BBA4A79639
PID: 1832 (1112) C:\WINDOWS\System32\igfxtray.exe
size: 155648
MD5: 96113C67D8D44AE1E35050F6BE9C0680
PID: 1856 (1112) C:\WINDOWS\System32\hkcmd.exe
size: 114688
MD5: 92A8471BE66D9072941F6347A1D0879E
PID: 1912 (1112) C:\WINDOWS\SOUNDMAN.EXE
size: 46592
MD5: D968B3259421C4A0627A62F4E0E96D6D
PID: 1940 ( 560) C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
size: 194272
MD5: DE337E8649E1970C5663999457A9352F
PID: 2020 ( 560) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 2032 (1112) C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
size: 61440
MD5: DFDFD202F0C0A29088E043BBCD71002D
PID: 188 ( 560) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 585728
MD5: 94D3C8257776019A7A96AF69F62BA509
PID: 384 (1112) C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
size: 94208
MD5: B5ECA5948D7F8EAA00333231F33EA31A
PID: 420 (1112) C:\Program Files\Microsoft Hardware\Mouse\point32.exe
size: 176128
MD5: 44FCD222D8A4BCFF2C944C081AEAD78C
PID: 752 (1112) C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
size: 282624
MD5: C6B223C38F83878396E658CA379F3337
PID: 904 (1112) C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: 4E165B34780FF2D1B405F29E3FA68DF2
PID: 1024 (1112) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 71280
MD5: 5712B77158FBBB5AB5AEBC396E15499D
PID: 1064 (1112) C:\Program Files\McAfee\QuickClean\PlgUni.exe
size: 98304
MD5: 3C246A878620C3393D17E92BAAE05AFD
PID: 880 (1112) C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
size: 122948
MD5: 4BFC3D39305984C6583A042628956D84
PID: 1588 (1112) C:\WINDOWS\System32\ctfmon.exe
size: 13312
MD5: 414DE7CF9D3F19C3EA902F1BB38EC116
PID: 1812 ( 688) C:\Program Files\Intense Language Office\COMMON\Offman.exe
size: 521216
MD5: 26BEF3876BD1274E96A70EA504F158AB
PID: 2192 (1112) C:\Program Files\WinZip\WZQKPICK.EXE
size: 106560
MD5: 2FE253973433442C2CB234FB2BC4BF29
PID: 2220 (1112) C:\Program Files\SpywareGuard\sgmain.exe
size: 360448
MD5: 61C028ABA5E49573A6332F4A7C744E87
PID: 2420 (2220) C:\Program Files\SpywareGuard\sgbhp.exe
size: 233472
MD5: A80D0704537C0EF97DB2BEF24B99AF1A
PID: 2800 (1112) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System
PID: 212 ( 384) C:\Program Files\Internet Explorer\iexplore.exe
size: 91136
MD5: 418D301C3B1FA94B19584AEEB3D65166
PID: 2260 ( 736) C:\Program Files\Messenger\msmsgs.exe
size: 1511453
MD5: 1E455B08870D4AC3BB6AB5968603E8AF


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 08/08/2005 21:18:17

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://ie.search.msn.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/keyword/%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E82FE74D-F547-44CB-902B-AE6DBCF40C48}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E82FE74D-F547-44CB-902B-AE6DBCF40C48}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{623A92A2-68A4-4CA9-B2C9-AEE4BBA7ADC7}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{623A92A2-68A4-4CA9-B2C9-AEE4BBA7ADC7}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0F429A46-BBE6-4998-B734-7B99804B4109}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0F429A46-BBE6-4998-B734-7B99804B4109}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{40247DF5-2890-469D-9D6D-BC49F8685E75}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{40247DF5-2890-469D-9D6D-BC49F8685E75}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1EB20BB5-3C13-468E-AADF-4E3D125DBD3C}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1EB20BB5-3C13-468E-AADF-4E3D125DBD3C}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A11F12AD-5D92-4572-93D6-A1429841FD3E}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A11F12AD-5D92-4572-93D6-A1429841FD3E}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace



--- Uninstall list ---
a-squared free 1.5.1 1.5.1 (a-squared free_is1)
install location: C:\Program Files\a2 free\
uninstall cmd: "C:\Program Files\a2 free\unins000.exe"
publisher: Emsi Software GmbH
help link: http://forum.emsisoft.com

Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Adobe Photoshop Elements 1.0 (Adobe Photoshop Elements 1.0)
version (major): 6
install location: C:\Program Files\Adobe\Photoshop Elements
install source: D:\English\Adobe Photoshop Elements\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"
publisher: Adobe Systems, Inc.

Adobe SVG Viewer 1.0 (Adobe SVG Viewer)
version (major): 1
install location: C:\WINDOWS\System32\Adobe\SVG Viewer
install source: D:\English\Adobe Photoshop Elements\SVG\
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
publisher: Adobe Systems, Inc.

Advanced Tools (Advanced Tools)

(Branding)

Complete Internet Cleanup Pro (Complete Internet Cleanup Pro)
uninstall cmd: C:\Program Files\cicpb\uninst.exe
publisher: PC Mesh

Complete Internet Cleanup Pro Beta (Complete Internet Cleanup Pro Beta)
uninstall cmd: C:\Program Files\cicpb\uninst.exe
publisher: PC Mesh

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

EPSON Photo Print (EPSON Photo Print)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Photo Print\Uninst.isu"

ewido security suite (ewidosecuritysuite)
install location: C:\Program Files\ewido\security suite
uninstall cmd: C:\Program Files\ewido\security suite\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

(Fontcore)

GraphicView 32 (GraphicView 32)
uninstall cmd: C:\PROGRA~1\GRAPHI~1\UNWISE.EXE C:\PROGRA~1\GRAPHI~1\INSTALL.LOG

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\unzipped\hijackthis[1]\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

Intense Language Office (Intense Language Office)
uninstall cmd: C:\Program Files\Intense Language Office\Common\Uninst.exe

Internet Update (Internet Update)
uninstall cmd: uninstIU.exe

Iomega App Services (Iomega App Services)
uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\System32\uninstal.log

IomegaWare (IomegaWare)
uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\uninstal.log

Windows XP Hotfix - KB810217 20030806.140405 (KB810217)
uninstall cmd: C:\WINDOWS\$NtUninstallKB810217$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=810217

Windows XP Hotfix - KB821557 20030611.134342 (KB821557)
uninstall cmd: C:\WINDOWS\$NtUninstallKB821557$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=821557

Windows XP Hotfix - KB823182 20030724.164017 (KB823182)
uninstall cmd: C:\WINDOWS\$NtUninstallKB823182$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=823182

Windows XP Hotfix - KB823559 20030701.220428 (KB823559)
uninstall cmd: C:\WINDOWS\$NtUninstallKB823559$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=823559

Windows XP Hotfix - KB823980 20030705.121219 (KB823980)
uninstall cmd: C:\WINDOWS\$NtUninstallKB823980$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=823980

Windows XP Hotfix - KB824105 20030724.164839 (KB824105)
uninstall cmd: C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=824105

Windows XP Hotfix - KB824141 20030925.103600 (KB824141)
uninstall cmd: C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=824141

Windows XP Hotfix - KB824146 20030825.150526 (KB824146)
uninstall cmd: C:\WINDOWS\$NtUninstallKB824146$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=824146

Windows XP Hotfix - KB825119 20030828.113916 (KB825119)
uninstall cmd: C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=825119

Windows XP Hotfix - KB828028 20030919.121052 (KB828028)
uninstall cmd: C:\WINDOWS\$NtUninstallKB828028$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828028

Windows XP Hotfix - KB828035 20031003.162415 (KB828035)
uninstall cmd: C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828035

Windows XP Hotfix - KB828741 20040305.182309 (KB828741)
uninstall cmd: C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828741

Windows XP Hotfix - KB833987 20040308.224628 (KB833987)
uninstall cmd: C:\WINDOWS\$NtUninstallKB833987$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=833987

Windows XP Hotfix - KB835732 20040329.175541 (KB835732)
uninstall cmd: C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=835732

Windows XP Hotfix - KB837001 20040317.230926 (KB837001)
uninstall cmd: C:\WINDOWS\$NtUninstallKB837001$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=837001

Windows XP Hotfix - KB839643 20040512.154803 (KB839643)
uninstall cmd: C:\WINDOWS\$NtUninstallKB839643$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=839643

Windows XP Hotfix - KB839645 20040630.164542 (KB839645)
uninstall cmd: C:\WINDOWS\$NtUninstallKB839645$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=839645

Windows XP Hotfix - KB840315 20040622.172631 (KB840315)
uninstall cmd: C:\WINDOWS\$NtUninstallKB840315$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=840315

Windows XP Hotfix - KB840374 20040416.100205 (KB840374)
uninstall cmd: C:\WINDOWS\$NtUninstallKB840374$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=840374

Windows XP Hotfix - KB840987 20040927.095912 (KB840987)
uninstall cmd: C:\WINDOWS\$NtUninstallKB840987$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=840987

Windows XP Hotfix - KB841356 20040929.102221 (KB841356)
uninstall cmd: C:\WINDOWS\$NtUninstallKB841356$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=841356

Windows XP Hotfix - KB841533 20040927.100142 (KB841533)
uninstall cmd: C:\WINDOWS\$NtUninstallKB841533$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=841533

Windows XP Hotfix - KB841873 20040608.144346 (KB841873)
uninstall cmd: C:\WINDOWS\$NtUninstallKB841873$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=841873

Windows XP Hotfix - KB842773 20040701.144218 (KB842773)
uninstall cmd: C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=842773

Microsoft Data Access Components KB870669 (KB870669)
uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB870669

Windows XP Hotfix - KB873339 20041117.094106 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

Windows XP Hotfix - KB873376 20040923.181029 (KB873376)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873376$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873376

(KB884016)

Windows XP Hotfix - KB885835 20041027.181751 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.161024 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB889293 20041111.235619 (KB889293-IE6SP1-20041111.235619)
uninstall cmd: C:\WINDOWS\$NtUninstallKB889293-IE6SP1-20041111.235619$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=889293

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB898461) 1 (KB898461)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

LiveReg (Symantec Corporation) 2.4.2.2295 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
publisher: Symantec Corporation

LiveUpdate 2.6 (Symantec Corporation) 2.6.14.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

(MobileOptionPack)

Ahead InCD EasyWrite Reader (MRW!UninstallKey)
uninstall cmd: C:\WINDOWS\UNMrw.exe /UNINSTALL

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

Ahead NeroVision Express (NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL

(NetMeeting)

Outlook Express Q823353 (oeupdate)
uninstall cmd: C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q823353.inf

(OutlookExpress)

PC Backup (PC Backup_is1)
install location: C:\Program Files\PC Backup\
uninstall cmd: "C:\Program Files\PC Backup\unins000.exe"

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

PF 1260 1660 2400 Guide (PF 1260 1660 2400 Guide)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\PROGRAMF\EPSON\PF 1260 1660 2400\DeIsL1.isu"

Windows XP Hotfix (SP2) Q328310 20021122.122733 (Q328310)
uninstall cmd: C:\WINDOWS\$NtUninstallQ328310$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q328310 at http://support.microsoft.com

Windows XP Hotfix (SP2) [See Q329048 for more information] (Q329048)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329048$\spuninst\spuninst.exe

Windows XP Hotfix (SP2) [See Q329115 for more information] (Q329115)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe

Windows XP Hotfix (SP2) Q329170 20030102.120145 (Q329170)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q329170 at http://support.microsoft.com

Windows XP Hotfix (SP2) [See Q329390 for more information] (Q329390)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329390$\spuninst\spuninst.exe

Windows XP Hotfix (SP2) Q329441 20021114.125038 (Q329441)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329441$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q329441 at http://support.microsoft.com

Windows XP Hotfix (SP2) [See Q329834 for more information] (Q329834)
uninstall cmd: C:\WINDOWS\$NtUninstallQ329834$\spuninst\spuninst.exe

Windows XP Hotfix (SP2) Q331953 20021107.174736 (Q331953)
uninstall cmd: C:\WINDOWS\$NtUninstallQ331953$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q331953 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q810565 20021127.115011 (Q810565)
uninstall cmd: C:\WINDOWS\$NtUninstallQ810565$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q810565 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q810577 20021118.135247 (Q810577)
uninstall cmd: C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q810577 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q810833 20021203.201545 (Q810833)
uninstall cmd: C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q810833 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q811493 20030424.101451 (Q811493)
uninstall cmd: C:\WINDOWS\$NtUninstallQ811493$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811493

Windows XP Hotfix (SP2) Q814033 20030131.164620 (Q814033)
uninstall cmd: C:\WINDOWS\$NtUninstallQ814033$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: For more information, see Q814033 at http://support.microsoft.com

Windows XP Hotfix (SP2) Q815021 20030501.165608 (Q815021)
uninstall cmd: C:\WINDOWS\$NtUninstallQ815021$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=815021

Windows XP Hotfix (SP2) Q817287 20030325.164011 (Q817287)
uninstall cmd: C:\WINDOWS\$NtUninstallQ817287$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=817287

Windows XP Hotfix (SP2) Q817606 20030331.103753 (Q817606)
uninstall cmd: C:\WINDOWS\$NtUninstallQ817606$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=817606

Windows XP Hotfix (SP2) Q819696 20030513.102848 (Q819696)
uninstall cmd: C:\WINDOWS\$NtUninstallQ819696$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=819696

Windows Media Player Hotfix [See wm828026 for more information] (Q828026)
uninstall cmd: C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe
publisher: Microsoft Corporation

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log

Reference Manager 9 (Reference Manager 9)
uninstall cmd: C:\PROGRA~1\REFERE~1\UNWISE.EXE C:\PROGRA~1\REFERE~1\INSTALL.LOG

Registrar Lite 2.00 (Registrar Lite 2.00)
uninstall cmd: "C:\Program Files\Registrar Lite\unwise.exe" C:\PROGRA~1\REGIST~1\INSTALL.LOG
publisher: Resplendence Software Projects Sp.
help link: http://www.resplendence.com

(SchedulingAgent)

(Sevinst)

(ShockwaveFlash)

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

SpywareBlaster v3.4 3.4.0 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC

SpywareGuard v2.2 2.2 (SpywareGuard_is1)
uninstall cmd: "C:\Program Files\SpywareGuard\unins000.exe"
publisher: Javacool Software LLC

StatView (StatViewDeinstKey)
uninstall cmd: C:\WINDOWS\uninst.exe -fC:\StatView\DeIsL1.isu

Norton Internet Security Professional (Symantec Corporation) 7.0.3.8 (SymSetup.{AED74EFF-83ED-4ed6-8413-285C24BCEB6E})
install location: C:\Program Files\Norton Internet Security Professional
install source: D:
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\SymSetup\{AED74EFF-83ED-4ed6-8413-285C24BCEB6E}.exe /X
publisher: Symantec Corporation

WinZip 8.1 SR-1 (5266) (WinZip)
version (major): 8
version (minor): 1
install location: C:\PROGRA~1\WINZIP\
uninstall cmd: "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
publisher: WinZip Computing, Inc.
help link: http://www.winzip.com/xsupport.htm

({11E83B33-972B-4512-A447-FF0FD0246EE9})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9

Windows Installer Clean Up 2.05.00.0000 ({121634B0-2F4A-11D3-ADA3-00C04F52DD53})
version: 33882112
version (major): 2
version (minor): 5
estimated size: 129
install date: 20041204
uninstall cmd: MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
publisher: Microsoft Corporation

Norton Internet Security 7.0.3.8 ({12E2B9E9-05B1-407d-B0FD-B5F350535125})
version: 117440515
version (major): 7
estimated size: 4815
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
publisher: Symantec Corporation

Norton WMI Update 2005.1.2.20 ({1526D87C-A955-4FAB-BF18-697BA457E352})
version (major): 2005
version (minor): 1
estimated size: 2080
install date: 20041204
uninstall cmd: MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
publisher: Symantec Corporation

Microsoft IntelliPoint 4.1 4.10.0851 ({1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F})
version: 67765075
version (major): 4
version (minor): 10
estimated size: 6052
install date: 20030714
install source: d:\mouse\Setup\
publisher: Microsoft Corporation
help link: http://microsoft.com/support
help telephone:

Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

({23EFDB58-0874-4883-9810-EDA510B19FAE})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9

({27B9131D-CEFA-42C5-8D7D-56EFD80BAA25})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27B9131D-CEFA-42C5-8D7D-56EFD80BAA25}\setup.exe" -l0x9

({2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9

({2BFBC62A-3353-443D-93BE-7AC641D9F342})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9

WebFldrs XP 9.50.6513 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2508
install date: 20030705
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

Norton AntiSpam 2004.1.0.147 ({3B29A786-5803-4e9e-9B58-3014A5B4E519})
version (major): 2004
version (minor): 1
estimated size: 1166
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
publisher: Symantec Corporation

Norton Internet Security Professional 7.0.3.8 ({449F3A9E-9903-4a0d-A209-08030D45A935})
version: 117440515
version (major): 7
estimated size: 1073
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
publisher: Symantec Corporation

Norton Internet Security 7.0.3.8 ({48185814-A224-447a-81DA-71BD20580E1B})
version: 117440515
version (major): 7
estimated size: 2589
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
publisher: Symantec Corporation

Norton Internet Security 7.0.3.8 ({526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F})
version: 117440515
version (major): 7
estimated size: 1731
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
publisher: Symantec Corporation

Norton AntiSpam 2004.1.0.147 ({5677563D-0CB1-485f-9E18-C5025306BB3F})
version (major): 2004
version (minor): 1
estimated size: 2802
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
publisher: Symantec Corporation

Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91})
version: 16974078
version (major): 1
version (minor): 3
estimated size: 519
install date: 20050805
uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
publisher: Microsoft
comments: Your Comments
contact: Customer Support Department
help link: http://www.microsoft.com/genuine/downlo ... .aspx/help
help telephone: 1-425.882.8080

EPSON Smart Panel ({6C11D561-620B-47DA-A693-4C597F3CDF40})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\setup.exe" -l0x9 Uninstall

Intel(R) 82845G Graphics Driver Software ({8A708DD8-A5E6-11D4-A706-000629E95E20})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A708DD8-A5E6-11D4-A706-000629E95E20}\Setup.exe" -inteluninstall

Microsoft Office XP Media Content 10.0.2619.0 ({90300409-6000-11D3-8CFE-0050048383C9})
version: 167774779
version (major): 10
estimated size: 625193
install date: 20030714
install location: INSTALLLOCATION
install source: D:\
uninstall cmd: MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: ARPREADMESETTING

Microsoft Office XP Professional 10.0.3520.0 ({91110409-6000-11D3-8CFE-0050048383C9})
version: 167775680
version (major): 10
estimated size: 542529
install date: 20030924
install source: D:\
uninstall cmd: MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM

Microsoft Publisher 2002 10.0.2627.01 ({91190409-6000-11D3-8CFE-0050048383C9})
version: 167774787
version (major): 10
estimated size: 344747
install date: 20040615
install location: INSTALLLOCATION
install source: D:\
uninstall cmd: MsiExec.exe /I{91190409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM

Norton Internet Security 7.0.3.8 ({91AA4B1F-B918-4e0b-A304-F8D4EC5D7726})
version: 117440515
version (major): 7
estimated size: 385
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
publisher: Symantec Corporation

McAfee QuickClean 3.02.6000 ({951DA770-6E72-11D6-B279-0010A4C6B25D})
version: 50336648
version (major): 3
estimated size: 42451
install date: 20030721
install source: D:\Qcl\
uninstall cmd: MsiExec.exe /I{951DA770-6E72-11D6-B279-0010A4C6B25D}
publisher: McAfee Consumer Division
contact: techsupport@mcafeehelp.com
help link: http://www.mcafee-at-home.com/support/default.asp
help telephone: (972) 855-2500
readme: C:\Program Files\McAfee\QuickClean\README.TXT

Intel Application Accelerator ({9984DF60-1C5B-11D3-ACA1-908A4FC10801})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST

EPSON TWAIN 5 ({9A3EABC0-CA06-11D4-BF77-00104B130C19})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\setup.exe" -l0x9 UNINSTALL

Microsoft IntelliType Pro 2.2 2.20.447.0 ({9DE006A5-B384-4EDE-A760-0F217136B9EA})
version: 34865599
version (major): 2
version (minor): 20
estimated size: 6697
install date: 20030714
install source: d:\keyboard\Setup\
publisher: Microsoft
help link: http://microsoft.com/support
help telephone:

CC_ccProxyMSI 2.1.1.700 ({A398F2DC-D706-4bb2-AC38-5532CD229D08})
version: 33619969
version (major): 2
version (minor): 1
estimated size: 1745
install date: 20041204
install source: D:\Support\Proxy\
uninstall cmd: MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
publisher: Symantec

Nero - Burning Rom 5.5.9 ({A4D7B764-4140-11D4-88EB-0050DA3579C0})
version: 84213769
version (major): 5
version (minor): 5
estimated size: 45261
install date: 20030714
install source: D:\NeroExpress55\
uninstall cmd: MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
publisher: ahead software gmbh
contact: Hotline
help link: http://www.nero.com
help telephone:

Adobe Acrobat 7.0.1 and Reader 7.0.1 Update 7.0.2 ({AC76BA86-0000-7EC8-7489-000000000702})
version: 117440514
version (major): 7
estimated size: 1841
install date: 20050425
install source: C:\Program Files\Adobe\{0C55731F-7B21-4936-839A-BA09B2EAED59}\
uninstall cmd: MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000702}
publisher: Adobe Systems
comments: Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-800-833-6687

Adobe Reader 7.0 7.0.0 ({AC76BA86-7AD7-1033-7B44-A70000000000})
version: 117440512
version (major): 7
estimated size: 63195
install date: 20050424
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

Norton Internet Security Professional 7.0.3.8 ({AED74EFF-83ED-4ed6-8413-285C24BCEB6E})
version: 117440515
version (major): 7
estimated size: 4402
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{AED74EFF-83ED-4ed6-8413-285C24BCEB6E}
publisher: Symantec Corporation

({B100B05B-E290-41EF-9366-8BC4C76D7769})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9

({B14F9B26-D695-4C4A-8B11-0FE6CDCC797B})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9

EPSON Copy Utility ({B69CC1A5-0404-11D6-ABCB-005004C21D30})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" ADDREMOVEDLG

({BDFC3C8D-823E-4FCF-870B-E756B27CB57E})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDFC3C8D-823E-4FCF-870B-E756B27CB57E}\setup.exe" -l0x9

Norton AntiVirus 10.00.10 ({C6B28661-7910-442E-ADDD-72EAA8395380})
version: 167772170
version (major): 10
estimated size: 59698
install date: 20041204
install source: D:\NAV\
uninstall cmd: MsiExec.exe /X{C6B28661-7910-442E-ADDD-72EAA8395380}
publisher: Symantec Corporation

Symantec Network Drivers Update 5.5.1.6 ({CA0A1E54-CE0F-4366-B09C-A87B61DC5633})
version: 84213761
version (major): 5
version (minor): 5
estimated size: 2806
install date: 20050509
publisher: Symantec Corporation

Symantec Script Blocki
Mojo
Regular Member
 
Posts: 50
Joined: July 4th, 2005, 7:34 am

Unread postby Mojo » August 8th, 2005, 4:37 pm

It looks as though the HJT log did not reach you. here it is:

Logfile of HijackThis v1.99.1
Scan saved at 21:21:00, on 08/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\McAfee\QuickClean\PlgUni.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Intense Language Office\COMMON\Offman.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\MLC\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\PlgUni.exe" /START
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [ILO_Office_Manager] IntEdReg.exe /OFFMAN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Play_PC_Backup] C:\Program Files\PC Backup\pcbackup.exe -silent
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.c ... egucfg.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3232885125
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - http://register.btinternet.com/template ... rol023.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A11F12AD-5D92-4572-93D6-A1429841FD3E}: NameServer = 213.120.62.99 213.120.62.102
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Mojo
Regular Member
 
Posts: 50
Joined: July 4th, 2005, 7:34 am

Unread postby Middle Of Nowhere » August 8th, 2005, 4:42 pm

Evening Mojo

Thanks for your logs :D , i will go over them and report back shortly.
User avatar
Middle Of Nowhere
Retired Graduate
 
Posts: 677
Joined: May 30th, 2005, 2:08 pm
Location: Derbyshire, UK

Unread postby Mojo » August 8th, 2005, 5:00 pm

The Spybot log I sent you was "cut off". Here is the remainder:

Mojo



Symantec Network Drivers Update 5.5.1.6 ({CA0A1E54-CE0F-4366-B09C-A87B61DC5633})
version: 84213761
version (major): 5
version (minor): 5
estimated size: 2806
install date: 20050509
publisher: Symantec Corporation

Symantec Script Blocking Installer 1.0.0 ({D327AFC9-7BAA-473A-8319-6EB7A0D40138})
version: 16777216
version (major): 1
estimated size: 385
install date: 20041204
install source: D:\Support\ScrBlock\
uninstall cmd: MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
publisher: Symantec

({D3568156-59C3-42DF-A520-2C25B6706C91})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9

CC_ccStart 2.1.1.700 ({D6414CC7-F215-467F-88B1-546ED863F35B})
version: 33619969
version (major): 2
version (minor): 1
install date: 20041204
install source: D:\Support\ccStart\
uninstall cmd: MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
publisher: Symantec Corporation

ccCommon 2.1.1.700 ({DC367608-64A7-4BF7-92F4-8BAA25BA02DB})
version: 33619969
version (major): 2
version (minor): 1
estimated size: 5225
install date: 20041204
install source: D:\Support\ccCommon\
uninstall cmd: MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
publisher: Symantec

({E213C271-AEFA-481D-A9B4-914D88925B8D})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9

Norton Internet Security 7.0.3.8 ({E36E8951-3C0E-4615-A912-948C1609D659})
version: 117440515
version (major): 7
estimated size: 4211
install date: 20041204
install source: D:\Support\WebTools\
uninstall cmd: MsiExec.exe /I{E36E8951-3C0E-4615-A912-948C1609D659}
publisher: Symantec Corporation

Norton Internet Security 5.2.1.207 ({E47EE8FB-ACC0-4608-859C-4E2851B18A6A})
version: 84017153
version (major): 5
version (minor): 2
estimated size: 2220
install date: 20041204
install source: D:\Support\SymNet\
uninstall cmd: MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
publisher: Symantec Corporation

Norton Internet Security 7.0.3.8 ({E5EE9939-259F-4DE2-8023-5C49E16A4F43})
version: 117440515
version (major): 7
estimated size: 1
install date: 20041204
install source: D:\NAV\
uninstall cmd: MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
publisher: Symantec Corporation

ScanToWeb ({EBAE381B-60A6-4863-AA9F-FCAB755BC9E5})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG

100,000 Clipart - Volume 2 3.12.0000 ({FA9D74C9-858C-4346-B9F6-3F2C1D2F2249})
version: 51118080
version (major): 3
version (minor): 12
estimated size: 80656
install date: 20040606
install source: D:\
publisher: GSP
comments: GSP
contact: Customer Support Department
help link: http://www.gsp.cc/faq
help telephone: NA

({FAD9402A-1A9B-4ABE-A410-393A3622FA5A})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9

Avance AC'97 Audio ({FB08F381-6533-4108-B7DD-039E11FBC27E})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE

Norton Internet Security 7.0.3.8 ({FC2C0536-583C-46c0-844A-62CECAE01F22})
version: 117440515
version (major): 7
estimated size: 644
install date: 20041204
install source: D:\Setup\
uninstall cmd: MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
publisher: Symantec Corporation

MSRedist 1.0.0.0 ({FC37ABD0-2108-4beb-B010-1254E0662B5A})
version: 16777216
version (major): 1
estimated size: 4639
install date: 20041204
install source: D:\Support\MSRedist\
uninstall cmd: MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
publisher: Symantec Corporation



--- System Services ---
Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: System32\DRIVERS\ACPI.sys
Image size: 179328
Image MD5: 94DDD4B3ACBD7A9558E1762CD58386F9
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1

Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142208
Image MD5: FF773FEDA15E8BD97FD54FE87A0ACDBE
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Display name: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 2
Type: 1
Error Control: 1

Service (registry key): Aha154x
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): ALCXWDM
Display name: Service for Avance AC97 Audio (WDM)
Image path: system32\drivers\ALCXWDM.SYS
Image size: 659228
Image MD5: 057307FFF9B3A57176F4D795FCDF7BCC
Start: 3
Type: 1
Error Control: 1

Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 41984
Image MD5: 497AEAD5ECEF9512F6B364977A5308EE
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): amsint
Start: 4
Type: 1
Error Control: 1

Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1

Service (registry key): Arp1394
Display name: 1394 ARP Client Protocol
Description: 1394 ARP Client Protocol
Image path: System32\DRIVERS\arp1394.sys
Image size: 57344
Image MD5: E47AE30589D7195BB044847FBB63A06E
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): asc
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Start: 4
Type: 1
Error Control: 1

Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: System32\DRIVERS\asyncmac.sys
Image size: 13568
Image MD5: 03F403B07A884FC2AA54A0916C410931
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: System32\DRIVERS\atapi.sys
Image size: 86912
Image MD5: 95B858761A00E1D4F81F79A0DA019ACA
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0

Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: System32\DRIVERS\atmarpc.sys
Image size: 57216
Image MD5: 8D735CA1CBDB0081B0E3B9FF0EB222D0
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Display name: Audio Stub Driver
Image path: System32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Start: 3
Type: 1
Error Control: 1

Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0

Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1

Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Uses idle network bandwidth to transfer data.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: Rpcss

Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): cbidf2k
Start: 4
Type: 1
Error Control: 1

Service (registry key): ccEvtMgr
Display name: Symantec Event Manager
Description: Symantec Event Manager
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
Image size: 255600
Image MD5: 620CC860890D50FD18D5D9508C5551B2
Start: 2
Type: 16
Error Control: 0
Depends On services: RPCSS,ccSetMgr

Service (registry key): ccProxy
Display name: Symantec Network Proxy
Description: Symantec Network Proxy Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
Image size: 218736
Image MD5: 35AD77BDC4EE11E7FA111E4CE4026E8C
Start: 2
Type: 272
Error Control: 0

Service (registry key): ccPwdSvc
Display name: Symantec Password Validation
Description: Symantec Password Validation Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
Image size: 87664
Image MD5: 2AE05429A4EBCFB28A19896CB9FE86B7
Start: 3
Type: 16
Error Control: 0

Service (registry key): ccSetMgr
Display name: Symantec Settings Manager
Description: Symantec Settings Manager
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
Image size: 235120
Image MD5: CDAB825C28154669AB35EA731B8E452B
Start: 2
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): cd20xrnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): Cdaudio
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): Cdrom
Display name: CD-ROM Driver
Image path: System32\DRIVERS\cdrom.sys
Image size: 47488
Image MD5: 6506E033AD04CFEC9EE56DBEFD1083DD
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): Changer
Start: 1
Type: 1
Error Control: 0

Service (registry key): CiSvc
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 5120
Image MD5: 325F1D50AFD0D6CE830938262AC2AE14
Start: 3
Type: 288
Error Control: 1
Depends On services: RPCSS

Service (registry key): ClipSrv
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 30720
Image MD5: 08EBC742345AB7EF2EC29BC92D6D33DD
Start: 3
Type: 16
Error Control: 1
Depends On services: NetDDE

Service (registry key): CmdIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): COMSysApp
Display name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 4608
Image MD5: 6AE95FAF782E6F6AC6E4B3ACBF3D1573
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): ContentFilter
Start: 0
Type: 0
Error Control: 0

Service (registry key): ContentIndex
Start: 0
Type: 0
Error Control: 0

Service (registry key): Cpqarray
Start: 4
Type: 1
Error Control: 1

Service (registry key): CryptSvc
Display name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): dac2w2k
Start: 4
Type: 1
Error Control: 0

Service (registry key): dac960nt
Start: 4
Type: 1
Error Control: 1

Service (registry key): Dhcp
Display name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd,NetBT

Service (registry key): Disk
Display name: Disk Driver
Image path: System32\DRIVERS\disk.sys
Image size: 33792
Image MD5: D1B16340CEACEECBF52340A0CBDF43E1
Start: 0
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): dmadmin
Display name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Object name: LocalSystem
Image path: %SystemRoot%\System32\dmadmin.exe /com
Image size: 204800
Image MD5: 67648497FDC9A9235A2642950E326756
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay,DmServer

Service (registry key): dmboot
Image path: System32\drivers\dmboot.sys
Image size: 780928
Image MD5: E18132D39407AADCA6B1D19ADF408A8A
Start: 4
Type: 1
Error Control: 1

Service (registry key): dmio
Display name: Logical Disk Manager Driver
Image path: System32\drivers\dmio.sys
Image size: 146304
Image MD5: ACA44E9A8E2FF7C833664263C8478629
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmload
Image path: System32\drivers\dmload.sys
Image size: 5888
Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F
Start: 0
Type: 1
Error Control: 1

Service (registry key): dmserver
Display name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): DMusic
Display name: Microsoft Kernel DLS Syntheiszer
Image path: system32\drivers\DMusic.sys
Image size: 50048
Image MD5: EF05974D47D56FA8387F170F05BAE5E7
Start: 3
Type: 1
Error Control: 1

Service (registry key): Dnscache
Display name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip

Service (registry key): dpti2o
Start: 4
Type: 1
Error Control: 1

Service (registry key): drmkaud
Display name: Microsoft Kernel DRM Audio Descrambler
Image path: system32\drivers\drmkaud.sys
Image size: 2816
Image MD5: FD859E517FA2ABB53654AFA7EC9E3A94
Start: 3
Type: 1
Error Control: 1

Service (registry key): ERSvc
Display name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): Eventlog
Display name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 101376
Image MD5: E3DF4A0252D287C44606EE55355E1623
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Display name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): ewido security suite control
Display name: ewido security suite control
Object name: LocalSystem
Image path: C:\Program Files\ewido\security suite\ewidoctrl.exe
Image size: 16448
Image MD5: 867D9D1FA818F8629BB7A4A26E94B06A
Start: 2
Type: 272
Error Control: 0

Service (registry key): ewido security suite driver
Display name: ewido security suite driver
Image path: \??\C:\Program Files\ewido\security suite\guard.sys
Image size: 3072
Image MD5: 2FF233E31AEFFF332F187E8E2ABFA6C5
Start: 1
Type: 1
Error Control: 0

Service (registry key): ewido security suite guard
Display name: ewido security suite guard
Object name: LocalSystem
Image path: C:\Program Files\ewido\security suite\ewidoguard.exe
Image size: 163904
Image MD5: 13EE66A939D7C3A2ED62C967DEBD52BB
Start: 2
Type: 272
Error Control: 0

Service (registry key): Fastfat
Start: 4
Type: 2
Error Control: 1

Service (registry key): FastUserSwitchingCompatibility
Display name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: TermService

Service (registry key): Fdc
Display name: Floppy Disk Controller Driver
Image path: System32\DRIVERS\fdc.sys
Image size: 26240
Image MD5: 19C5C7EAC0190A42522290BF002F64EA
Start: 3
Type: 1
Error Control: 1

Service (registry key): Fips
Start: 1
Type: 1
Error Control: 1

Service (registry key): Flpydisk
Display name: Floppy Disk Driver
Image path: System32\DRIVERS\flpydisk.sys
Image size: 19712
Image MD5: 8F70D1F7606F7442E2F7383F3701D728
Start: 3
Type: 1
Error Control: 1

Service (registry key): Freedom
Display name: Freedom Miniport
Image path: System32\DRIVERS\FREEDOM.SYS
Start: 1
Type: 1
Error Control: 1

Service (registry key): Fs_Rec
Start: 1
Type: 8
Error Control: 0

Service (registry key): Ftdisk
Display name: Volume Manager Driver
Image path: System32\DRIVERS\ftdisk.sys
Image size: 125056
Image MD5: 6AC26732762483366C3969C9E4D2259D
Start: 0
Type: 1
Error Control: 1

Service (registry key): Gpc
Display name: Generic Packet Classifier
Description: Generic Packet Classifier
Image path: System32\DRIVERS\msgpc.sys
Image size: 33792
Image MD5: 13591E0A02E85DE2A388F3EC4BD206DF
Start: 3
Type: 1
Error Control: 1

Service (registry key): helpsvc
Display name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): HidServ
Display name: HID Input Service
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): hidusb
Display name: Microsoft HID Class Driver
Image path: System32\DRIVERS\hidusb.sys
Image size: 9600
Image MD5: 1DE6783B918F540149AA69943BDFEBA8
Start: 3
Type: 1
Error Control: 0

Service (registry key): hpn
Start: 4
Type: 1
Error Control: 1

Service (registry key): i2omgmt
Start: 1
Type: 1
Error Control: 1

Service (registry key): i2omp
Start: 4
Type: 1
Error Control: 1

Service (registry key): i8042prt
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: System32\DRIVERS\i8042prt.sys
Image size: 51072
Image MD5: 7080F46568108CC6EA73E460EE6EE702
Start: 1
Type: 1
Error Control: 1

Service (registry key): ialm
Image path: System32\DRIVERS\ialmnt5.sys
Image size: 79643
Image MD5: 6F33395A8DF4F7B8982C99AB8C5AC446
Start: 3
Type: 1
Error Control: 0

Service (registry key): IdeBusDr
Image path: System32\DRIVERS\IdeBusDr.sys
Image size: 13782
Image MD5: 4EC233EF7C2A2C36FA962DE2AE5D982A
Start: 0
Type: 1
Error Control: 1

Service (registry key): IdeChnDr
Display name: Intel(R) Ultra ATA Controller
Image path: System32\DRIVERS\IdeChnDr.sys
Image size: 93594
Image MD5: E1B24E6478AB2E5E09C21D2028E2F208
Start: 0
Type: 1
Error Control: 1

Service (registry key): Imapi
Display name: CD-Burning Filter Driver
Image path: System32\DRIVERS\imapi.sys
Image size: 39808
Image MD5: 3CB4410747F2330D97B10B656D5BB2AC
Start: 1
Type: 1
Error Control: 1

Service (registry key): ImapiService
Display name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\imapi.exe
Image size: 123904
Image MD5: 8993C30844386527A2D1CE69CBA4C871
Start: 3
Type: 16
Error Control: 1

Service (registry key): incdrm
Display name: InCD EasyWrite Reader
Start: 1
Type: 1
Error Control: 1

Service (registry key): inetaccs
Start: 0
Type: 0
Error Control: 0

Service (registry key): ini910u
Start: 4
Type: 1
Error Control: 1

Service (registry key): Inport
Start: 0
Type: 0
Error Control: 0

Service (registry key): IntelIde
Image path: System32\DRIVERS\intelide.sys
Image size: 4736
Image MD5: 3049227DA71A4A68515DCDCE3030EACD
Start: 0
Type: 1
Error Control: 1

Service (registry key): Intels51
Display name: Intel(R) 536EP Modem
Image path: System32\DRIVERS\Intels51.sys
Image size: 670203
Image MD5: CB5C2935491F0F998F1B62BFFA258464
Start: 3
Type: 1
Error Control: 1

Service (registry key): iomdisk
Display name: Iomega Devices Disk Filter Services
Description: Iomega Devices Disk Filter Driver
Image path: System32\DRIVERS\iomdisk.sys
Image size: 33474
Image MD5: A43104F11B97E57A78FAB9C3DBBF2D25
Start: 0
Type: 1
Error Control: 1

Service (registry key): Iomega Activity Disk2
Display name: Iomega Activity Disk2
Object name: LocalSystem
Image path: "C:\PROGRA~1\Iomega\System32\ActivityDisk.exe"
Image size: 61440
Image MD5: B6E1B4A08DCCB11E374AC29DA97EDB1E
Start: 2
Type: 16
Error Control: 1

Service (registry key): IPFilter
Display name: Microsoft IntelliPoint Features driver
Image path: System32\DRIVERS\IPFilter.sys
Image size: 11136
Image MD5: 9EA02E03ED52D25551A6E46CF3B94B01
Start: 3
Type: 1
Error Control: 1

Service (registry key): IpFilterDriver
Display name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Image path: System32\DRIVERS\ipfltdrv.sys
Image size: 32896
Image MD5: 731F22BA402EE4B62748ADAF6363C182
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpInIp
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: System32\DRIVERS\ipinip.sys
Image size: 19584
Image MD5: F56DD863BA732A4E8EE58D486C31250F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IpNat
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: System32\DRIVERS\ipnat.sys
Image size: 79488
Image MD5: FC672AD6E9676814A0C844912F2ABCFF
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IPSec
Display name: IPSEC driver
Description: IPSEC driver
Image path: System32\DRIVERS\ipsec.sys
Image size: 57984
Image MD5: 1C4802409CFD4A7051F458B744CFCAA5
Start: 1
Type: 1
Error Control: 1

Service (registry key): IRENUM
Display name: IR Enumerator Service
Image path: System32\DRIVERS\irenum.sys
Image size: 10496
Image MD5: B43201394646B7E98C89056EDDA686B5
Start: 3
Type: 1
Error Control: 1

Service (registry key): ISAPISearch
Start: 0
Type: 0
Error Control: 0

Service (registry key): isapnp
Display name: PnP ISA/EISA Bus Driver
Image path: System32\DRIVERS\isapnp.sys
Image size: 35840
Image MD5: E504F706CCB699C2596E9A3DA1596E87
Start: 0
Type: 1
Error Control: 3

Service (registry key): Kbdclass
Display name: Keyboard Class Driver
Image path: System32\DRIVERS\kbdclass.sys
Image size: 23424
Image MD5: 1E7F78C2FC393356CD884C6FDE7966F9
Start: 1
Type: 1
Error Control: 1

Service (registry key): kbdhid
Display name: Keyboard HID Driver
Image path: System32\DRIVERS\kbdhid.sys
Image size: 13952
Image MD5: 4E33C6DEA3BCC50776F02A1C1AE28671
Start: 1
Type: 1
Error Control: 0

Service (registry key): kmixer
Display name: Microsoft Kernel Wave Audio Mixer
Image path: system32\drivers\kmixer.sys
Image size: 159360
Image MD5: 10E0FEB086D8C1419B958C9034E4668A
Start: 3
Type: 1
Error Control: 1

Service (registry key): KSecDD
Start: 0
Type: 1
Error Control: 1

Service (registry key): lanmanserver
Display name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1

Service (registry key): lanmanworkstation
Display name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1

Service (registry key): lbrtfdc
Start: 1
Type: 1
Error Control: 0

Service (registry key): ldap
Start: 0
Type: 0
Error Control: 0

Service (registry key): LicenseService
Start: 0
Type: 0
Error Control: 0

Service (registry key): LmHosts
Display name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd

Service (registry key): MDM
Display name: Machine Debug Manager
Description: Manages local and remote debugging for Visual Studio debuggers
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
Image size: 270336
Image MD5: 450BF05CA4F923D70605BAC8185FA7DB
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): Messenger
Display name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS

Service (registry key): mnmdd
Start: 1
Type: 1
Error Control: 0

Service (registry key): mnmsrvc
Display name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\mnmsrvc.exe
Image size: 32768
Image MD5: 743AEA1D5DB177ED3F1A0A25B3F5D6A6
Start: 3
Type: 272
Error Control: 1

Service (registry key): Modem
Start: 3
Type: 1
Error Control: 0

Service (registry key): MODEMCSA
Display name: Unimodem Streaming Filter Device
Image path: system32\drivers\MODEMCSA.sys
Image size: 16128
Image MD5: 1992E0D143B09653AB0F9C5E04B0FD65
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mouclass
Display name: Mouse Class Driver
Image path: System32\DRIVERS\mouclass.sys
Image size: 22016
Image MD5: 81FB25D6EE5E0728D2C0630C58D7D908
Start: 1
Type: 1
Error Control: 1

Service (registry key): mouhid
Display name: Mouse HID Driver
Image path: System32\DRIVERS\mouhid.sys
Image size: 12160
Image MD5: B1C303E17FB9D46E87A98E4BA6769685
Start: 3
Type: 1
Error Control: 0

Service (registry key): MountMgr
Start: 0
Type: 1
Error Control: 1

Service (registry key): mraid35x
Start: 4
Type: 1
Error Control: 1

Service (registry key): MRxDAV
Display name: WebDav Client Redirector
Description: WebDav Client Redirector
Image path: System32\DRIVERS\mrxdav.sys
Image size: 172672
Image MD5: D30CBA20CC355D3648B9FED5BB55A9D5
Start: 3
Type: 2
Error Control: 1

Service (registry key): MRxSmb
Display name: MRXSMB
Description: MRXSMB
Image path: System32\DRIVERS\mrxsmb.sys
Image size: 436608
Image MD5: E5D956E9839C75CCABDDEDC07E17670C
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSDTC
Display name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\NetworkService
Image path: C:\WINDOWS\System32\msdtc.exe
Image size: 6144
Image MD5: 073D2F5B53580583FEB704084CBA39CE
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): Msfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): MSIServer
Display name: Windows Installer
Description: Installs, repairs and removes software according to instructions contained in .MSI files.
Object name: LocalSystem
Image path: C:\WINDOWS\System32\msiexec.exe /V
Image size: 78848
Image MD5: F5F0146580E7023ADB963879840777F8
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): MSKSSRV
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 7040
Image MD5: 9686DED76AFB73B48905C77A002C3AD5
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPCLOCK
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5120
Image MD5: BD8A0DCF208C27E20416BF9E8AED9CF9
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPQM
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 4608
Image MD5: F6A726B8832DB1F88326B8BE98B11981
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mup
Display name: Mup
Start: 0
Type: 2
Error Control: 1

Service (registry key): navapsvc
Display name: Norton AntiVirus Auto Protect Service
Description: Handles Norton AntiVirus Auto-Protect events.
Object name: LocalSystem
Image path: "C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe"
Image size: 158848
Image MD5: 106188EE7FCE8C769DEFEC27C1EDB67C
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): NAVENG
Display name: NAVENG
Image path: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050803.009\NAVENG.Sys
Image size: 73760
Image MD5: 904B9A1657F52147898196239487C86A
Start: 3
Type: 1
Error Control: 1

Service (registry key): NAVEX15
Display name: NAVEX15
Image path: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050803.009\NavEx15.Sys
Image size: 632000
Image MD5: 80D74B829F94645E75983B58B4C8BEE2
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDIS
Display name: NDIS System Driver
Start: 0
Type: 1
Error Control: 1

Service (registry key): NdisTapi
Display name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Image path: System32\DRIVERS\ndistapi.sys
Image size: 9600
Image MD5: 08D43BBDACDF23F34D79E44ED35C1B4C
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ndisuio
Display name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Image path: System32\DRIVERS\ndisuio.sys
Image size: 12288
Image MD5: E6B6D5E4C9C199B7BB56D7862EA68FBC
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisWan
Display name: Remote Access NDIS WAN Driver
Description: Remote Access NDIS WAN Driver
Image path: System32\DRIVERS\ndiswan.sys
Image size: 87552
Image MD5: 15787DECA8C5428BEEAA8044F544FD85
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDProxy
Start: 3
Type: 1
Error Control: 1

Service (registry key): NetBIOS
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: System32\DRIVERS\netbios.sys
Image size: 33152
Image MD5: E351339FA17C4A70940E15B5E3DAE6E2
Start: 1
Type: 2
Error Control: 1

Service (registry key): NetBT
Display name: NetBT
Description: NetBios over Tcpip
Image path: System32\DRIVERS\netbt.sys
Image size: 149248
Image MD5: C6ED759F45B762CD5C1F69023AB90F4C
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): NetDDE
Display name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 107008
Image MD5: F2231F717DACA380856EC3256A4DA8B7
Start: 3
Type: 32
Error Control: 1
Depends On services: NetDDEDSDM

Service (registry key): NetDDEdsdm
Display name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\netdde.exe
Image size: 107008
Image MD5: F2231F717DACA380856EC3256A4DA8B7
Start: 3
Type: 32
Error Control: 1

Service (registry key): Netlogon
Display name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 11776
Image MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): Netman
Display name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): NIC1394
Display name: 1394 Net Driver
Image path: System32\DRIVERS\nic1394.sys
Image size: 57984
Image MD5: FF4CECA01030BE87D530E2C5859738DB
Start: 3
Type: 1
Error Control: 1

Service (registry key): Nla
Display name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,Afd

Service (registry key): NPDriver
Display name: Norton Unerase Protection Driver
Image path: \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS
Image size: 34578
Image MD5: 410AB482D8A1E1655A7158A7B5C72CE7
Start: 3
Type: 1
Error Control: 1
Depends On services: SYMEVENT

Service (registry key): Npfs
Start: 1
Type: 2
Error Control: 1

Service (registry key): NProtectService
Display name: Norton Unerase Protection
Object name: LocalSystem
Image path: C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
Image size: 135168
Image MD5: 4914A155F9B73317B14F94BBA4A79639
Start: 2
Type: 272
Error Control: 1

Service (registry key): Ntfs
Start: 4
Type: 2
Error Control: 1

Service (registry key): NtLmSsp
Display name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 11776
Image MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
Start: 3
Type: 32
Error Control: 1

Service (registry key): NtmsSvc
Display name: Removable Storage
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Null
Start: 1
Type: 1
Error Control: 1

Service (registry key): NwlnkFlt
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: System32\DRIVERS\nwlnkflt.sys
Image size: 12416
Image MD5: B305F3FAD35083837EF46A0BBCE2FC57
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd

Service (registry key): NwlnkFwd
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: System32\DRIVERS\nwlnkfwd.sys
Image size: 32512
Image MD5: C99B3415198D1AAB7227F2C88FD664B9
Start: 3
Type: 1
Error Control: 1

Service (registry key): ohci1394
Display name: VIA OHCI Compliant IEEE 1394 Host Controller
Image path: System32\DRIVERS\ohci1394.sys
Image size: 55680
Image MD5: 52C36C911F83F200130B2F84E01F3511
Start: 0
Type: 1
Error Control: 1

Service (registry key): Parallel
Start: 0
Type: 0
Error Control: 0

Service (registry key): Parport
Display name: Parallel port driver
Image path: System32\DRIVERS\parport.sys
Image size: 76032
Image MD5: 67FD105F525A94C0246C9088E85A2F3B
Start: 3
Type: 1
Error Control: 1

Service (registry key): PartMgr
Start: 0
Type: 1
Error Control: 1

Service (registry key): ParVdm
Start: 2
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"

Service (registry key): PCI
Display name: PCI Bus Driver
Image path: System32\DRIVERS\pci.sys
Image size: 62976
Image MD5: 9390447F3B1BE5064A3EBE98C555A1E5
Start: 0
Type: 1
Error Control: 3

Service (registry key): PCIDump
Start: 1
Type: 1
Error Control: 0

Service (registry key): PCIIde
Image path: System32\DRIVERS\pciide.sys
Image size: 3328
Image MD5: CCF5F451BB1A5A2A522A76E670000FF0
Start: 0
Type: 1
Error Control: 1

Service (registry key): Pcmcia
Start: 4
Type: 1
Error Control: 1

Service (registry key): PDCOMP
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDFRAME
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRELI
Start: 3
Type: 1
Error Control: 0

Service (registry key): PDRFRAME
Start: 3
Type: 1
Error Control: 0

Service (registry key): perc2
Start: 4
Type: 1
Error Control: 1

Service (registry key): perc2hib
Start: 4
Type: 1
Error Control: 1

Service (registry key): PerfDisk
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfNet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfOS
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfProc
Start: 0
Type: 0
Error Control: 0

Service (registry key): PlugPlay
Display name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Object name: LocalSystem
Image path: %SystemRoot%\system32\services.exe
Image size: 101376
Image MD5: E3DF4A0252D287C44606EE55355E1623
Start: 2
Type: 32
Error Control: 1

Service (registry key): PolicyAgent
Display name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 11776
Image MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Tcpip,IPSec

Service (registry key): PptpMiniport
Display name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Image path: System32\DRIVERS\raspptp.sys
Image size: 46208
Image MD5: A33601C20FCA262A3FABE3730C2FAA62
Start: 3
Type: 1
Error Control: 1

Service (registry key): Processor
Display name: Processor Driver
Image path: System32\DRIVERS\processr.sys
Image size: 30592
Image MD5: 0F8A31AB9D8963F66AD93D3F69A1914C
Start: 1
Type: 1
Error Control: 1

Service (registry key): ProtectedStorage
Display name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 11776
Image MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): PSched
Display name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Image path: System32\DRIVERS\psched.sys
Image size: 66048
Image MD5: 944440247FE6988C88B376ED85A0CD1A
Start: 3
Type: 1
Error Control: 1
Depends On services: Gpc

Service (registry key): Ptilink
Display name: Direct Parallel Link Driver
Description: Direct Parallel Link Driver
Image path: System32\DRIVERS\ptilink.sys
Image size: 17792
Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
Start: 3
Type: 1
Error Control: 1

Service (registry key): ql1080
Start: 4
Type: 1
Error Control: 1

Service (registry key): Ql10wnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql12160
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql1240
Start: 4
Type: 1
Error Control: 1

Service (registry key): ql1280
Start: 4
Type: 1
Error Control: 1

Service (registry key): RasAcd
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: System32\DRIVERS\rasacd.sys
Image size: 8832
Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C
Start: 1
Type: 1
Error Control: 1

Service (registry key): RasAuto
Display name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv

Service (registry key): Rasl2tp
Display name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Image path: System32\DRIVERS\rasl2tp.sys
Image size: 48384
Image MD5: 4C242C79A9C0D98D52D6F8CB9248D528
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasMan
Display name: Remote Access Connection Manager
Description: Creates a network connection.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv

Service (registry key): RasPppoe
Display name: Remote Access PPPOE Driver
Description: Remote Access PPPOE Driver
Image path: System32\DRIVERS\raspppoe.sys
Image size: 38912
Image MD5: 888335B3BE346119CF7B4EFF3A3FCA7C
Start: 3
Type: 1
Error Control: 1

Service (registry key): Raspti
Display name: Direct Parallel
Description: Direct Parallel
Image path: System32\DRIVERS\raspti.sys
Image size: 16512
Image MD5: FDBB1D60066FCFBB7452FD8F9829B242
Start: 3
Type: 1
Error Control: 1

Service (registry key): Rdbss
Display name: Rdbss
Description: Rdbss
Image path: System32\DRIVERS\rdbss.sys
Image size: 170112
Image MD5: 1FD256B6025449DCA3670574C0229D65
Start: 1
Type: 2
Error Control: 1

Service (registry key): RDPCDD
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 4224
Image MD5: 4912D5B403614CE99C28420F75353332
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPDD
Start: 0
Type: 0
Error Control: 0

Service (registry key): rdpdr
Display name: Terminal Server Device Redirector Driver
Image path: System32\DRIVERS\rdpdr.sys
Image size: 182400
Image MD5: 5208D077065EA8775E319F9834F94136
Start: 3
Type: 1
Error Control: 1

Service (registry key): RDPNP
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPWD
Start: 3
Type: 1
Error Control: 0

Service (registry key): RDSessMgr
Display name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\sessmgr.exe
Image size: 129024
Image MD5: FD256272FDDA1448A21D9C19CC9B4C25
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): redbook
Display name: Digital CD Audio Playback Filter Driver
Image path: System32\DRIVERS\redbook.sys
Image size: 56576
Image MD5: AB56D6ED4E86D2B6F819A24A070F35F7
Start: 1
Type: 1
Error Control: 1

Service (registry key): RemoteAccess
Display name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS
Depends On group: NetBIOSGroup

Service (registry key): RemoteRegistry
Display name: Remote Registry
Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): RpcLocator
Display name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\locator.exe
Image size: 68608
Image MD5: 4EB484338FB62ED86A86D28013BFF9FD
Start: 3
Type: 16
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): RpcSs
Display name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost -k rpcss
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1

Service (registry key): RSVP
Display name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Object name: LocalSystem
Image path: %SystemRoot%\System32\rsvp.exe
Image size: 132608
Image MD5: 471B3F9741D762ABE75E9DEEA4787E47
Start: 3
Type: 16
Error Control: 1
Depends On services: TcpIp,Afd,RpcSs

Service (registry key): RTL8023xp
Display name: Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver
Image path: System32\DRIVERS\Rtlnicxp.sys
Image size: 70144
Image MD5: E9877AA069DC11B03DBD1D33B8B2A3CA
Start: 3
Type: 1
Error Control: 1

Service (registry key): rtl8139
Display name: Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver
Image path: System32\DRIVERS\RTL8139.SYS
Image size: 23070
Image MD5: 7A0DB9FC3DC3C620AEA30EA2A6557CAC
Start: 3
Type: 1
Error Control: 1

Service (registry key): SamSs
Display name: Security Accounts Manager
Description: Stores security information for local user accounts.
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 11776
Image MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): SAVRT
Display name: SAVRT
Image path: \??\C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVRT.SYS
Image size: 305288
Image MD5: AC9D162F3DD155E6023AA5AC89F59780
Start: 1
Type: 1
Error Control: 1

Service (registry key): SAVRTPEL
Display name: SAVRTPEL
Image path: \??\C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVRTPEL.SYS
Image size: 37000
Image MD5: 7BD636B57B7FD56C2C2AC9515F6B57D7
Start: 1
Type: 1
Error Control: 1

Service (registry key): SAVScan
Display name: SAVScan
Description: Handles Norton AntiVirus Auto-Protect Archive Scanning
Object name: LocalSystem
Image path: C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
Image size: 194272
Image MD5: DE337E8649E1970C5663999457A9352F
Start: 2
Type: 16
Error Control: 1
Depends On services: SAVRT

Service (registry key): SBService
Display name: ScriptBlocking Service
Object name: LocalSystem
Image path: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
Image size: 66784
Image MD5: 928627472ADBD58BB72D5BB9CB1448F6
Start: 2
Type: 16
Error Control: 1

Service (registry key): SCardDrv
Display name: Smart Card Helper
Description: Enables support for legacy non-plug and play smart-card readers used by this computer. If this service is stopped, this computer will not support legacy reader. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 93184
Image MD5: A885D4EDE9852D81981B32FB0F134703
Start: 3
Type: 32
Error Control: 0
Depends On group: "Smart Card Reader"

Service (registry key): SCardSvr
Display name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\SCardSvr.exe
Image size: 93184
Image MD5: A885D4EDE9852D81981B32FB0F134703
Start: 3
Type: 32
Error Control: 0
Depends On services: PlugPlay

Service (registry key): Schedule
Display name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 288
Error Control: 1
Depends On services: RpcSs

Service (registry key): Secdrv
Display name: Secdrv
Description: SafeDisc driver
Image path: System32\DRIVERS\secdrv.sys
Image size: 27440
Image MD5: D26E26EA516450AF9D072635C60387F4
Start: 3
Type: 1
Error Control: 1

Service (registry key): seclogon
Display name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 288
Error Control: 0

Service (registry key): SENS
Display name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): serenum
Display name: Serenum Filter Driver
Image path: System32\DRIVERS\serenum.sys
Image size: 14976
Image MD5: 65A7C4D86C153C82E33A552C217ABB29
Start: 3
Type: 1
Error Control: 1

Service (registry key): Serial
Display name: Serial port driver
Image path: System32\DRIVERS\serial.sys
Image size: 62464
Image MD5: DC7CBFEC14B1B38BCF32ABA922FFEAAD
Start: 1
Type: 1
Error Control: 0

Service (registry key): Sfloppy
Start: 1
Type: 1
Error Control: 0
Depends On group: "SCSI
Mojo
Regular Member
 
Posts: 50
Joined: July 4th, 2005, 7:34 am

Unread postby Middle Of Nowhere » August 8th, 2005, 5:06 pm

Hi

This is my normal post for when you are clear - which you now are - or seem to be. Please advise of any problems you still have :-

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re enable system restore here:

Managing Windows Millennium System Restore
or
Windows XP System Restore Guide

re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.

Click once on the Security tab

Click once on the Internet icon so it becomes highlighted.

Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialise and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

Download Adaware

Adaware is a free program. It scans for known spyware on your computer. These scans should be run at least once every two weeks. For more information, see this

The program is available for download here

Download Spybot

Spybot is a scanner like adaware. It scans for spyware and other malicious programs. It is important to have both Adaware and Spybot on your computer because each program provides unique detection and pretection measures. Spybot has preventitive tools that stop programs from even installing on your computer.
To see how to set this up as well as more spybot features, see here

Spybot can be downloaded from here

Download SpywareBlaster

Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes "kill bits" in the registry, so that certain activex controls can't install.
If you don't know what activex controls are, see here

You can download SpywareBlaster here

Download iespyad

It puts many bad webpages on your restricted zones list. This means that you can still view the "bad" webpages, but the webpages cannot do certain things (such as use javascripts and cookies).
If you need help understanding how it works, there is a tutorial here

Download it from here

hosts file:

o Every version of windows has a hosts file as part of them.
o In a very basic sense, they are used to locate webpages.
o We can customize a hosts file so that it blocks certain webpages.
o However, it can slow down certain computers.
o This is why using a hosts file is optional!!

Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here

If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:

Click the start button (at the lower left hand corner of your screen)
Click run
In the dialog box, type services.msc
hit enter, then locate dns client
Highlight it, then double-click it.
On the dropdown box, change the setting from automatic to manual.
Click ok


Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below

Software Firewalls

Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:

Antivirus Software

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit Windows Update Site regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Also keep your malware scanning software up to date against the latest nasties



Well Done you got there in the end :occasion5: :occasion2: :occasion7:
User avatar
Middle Of Nowhere
Retired Graduate
 
Posts: 677
Joined: May 30th, 2005, 2:08 pm
Location: Derbyshire, UK

Unread postby Mojo » August 8th, 2005, 6:33 pm

Hello Middle of Nowhere

Once again - thanks a million. All is working and I've now updated with SP2 without any problem. My mental health is slowly returning to normal. I might even get some sleep tonight.
Mojo
Mojo
Regular Member
 
Posts: 50
Joined: July 4th, 2005, 7:34 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware