Hello Linkmaster,
I appreciate the welcoming response!
SpyBot indicates the file is a " Bad Favorite (File, nothing done)
C:\WINDOWS\Favorites\Search the Web.url"
I will post the SpyBot report below, though there doesn't seem to be enough available space to include all of it.
Thanks. rcobb5am7
--- Search result list ---
CoolWWWSearch.Aff.Winshow: Bad Favorite (File, nothing done)
C:\WINDOWS\Favorites\Search the Web.url
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-08-19 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-12-30 Includes\Cookies.sbi (*)
2005-12-30 Includes\Dialer.sbi (*)
2005-12-30 Includes\Hijackers.sbi (*)
2005-12-30 Includes\Keyloggers.sbi (*)
2005-12-30 Includes\Malware.sbi (*)
2005-12-30 Includes\Revision.sbi (*)
2005-12-30 Includes\Security.sbi (*)
2005-12-30 Includes\Spybots.sbi (*)
2005-12-30 Includes\Trojans.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-12-30 Includes\PUPS.sbi (*)
--- System information ---
Windows 98 (Build: 2222) A
/ DirectX: Windows Update 904706
/ Windows Media Player: Windows Media Update 885492
/ DataAccess: Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution
--- Startup entries list ---
Located: HK_LM:Run, AVG7_AMSVR
command: C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
file: C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
size: 318976
MD5: f23275b6104732688be895112adbacd4
Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
file: C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE
size: 338432
MD5: 4e87855221e91513647dda62db6b7f6f
Located: HK_LM:Run, AVG7_EMC
command: C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
file: C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
size: 263680
MD5: 9599c15e10b16738a3b9402ad22a90f5
Located: HK_LM:Run, ConfigSafe
command: C:\CFGSAFE\AUTOCHK.EXE
file: C:\CFGSAFE\AUTOCHK.EXE
size: 10784
MD5: 7fc96cde47efc5951a725d4d03bd61b2
Located: HK_LM:Run, ConMgr.exe
command: "C:\PROGRAM FILES\EARTHLINK 5.0\CONMGR.EXE"
file: C:\PROGRAM FILES\EARTHLINK 5.0\CONMGR.EXE
size: 290816
MD5: 770f202d5ff88b646c6b936038e3bd78
Located: HK_LM:Run, IBMUltraBayHotSwapSound
command: c:\windows\SYSTEM\IBMBAYSN.EXE
file: c:\windows\SYSTEM\IBMBAYSN.EXE
size: 29696
MD5: 1d74317be3f67616d3f804937bf96031
Located: HK_LM:Run, NAV DefAlert
command: C:\PROGRA~1\NORTON~1\DEFALERT.EXE
file: C:\PROGRA~1\NORTON~1\DEFALERT.EXE
size: 53248
MD5: 235bfe081b7bef048eb36df309d22039
Located: HK_LM:Run, Norton Auto-Protect
command: C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
file: C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
size: 49152
MD5: fc34fa5d1906faab6abfe2ff0b4df397
Located: HK_LM:Run, Norton eMail Protect
command: C:\Program Files\Norton AntiVirus\POPROXY.EXE
file: C:\Program Files\Norton AntiVirus\POPROXY.EXE
size: 77824
MD5: 192511d27a93d7b0d3f1ce9353d45af2
Located: HK_LM:Run, ScanRegistry
command: c:\windows\scanregw.exe /autorun
file: c:\windows\scanregw.exe
size: 86016
MD5: f123231689e2ab2fa5c636b99314501f
Located: HK_LM:Run, SoundFusion
command: RunDll32 cwcprops.cpl,CrystalControlWnd
file:
Located: HK_LM:Run, SystemTray
command: SysTray.Exe
file: C:\WINDOWS\SYSTEM\SysTray.Exe
size: 27648
MD5: c7e1448ef194081ca615b2601e9751fd
Located: HK_LM:Run, TP98UTIL
command: C:\THINKPAD\TP98.EXE /s
file: C:\THINKPAD\TP98.EXE
size: 170496
MD5: c0dbd1c2088e04adb28f85b9161d4fc2
Located: HK_LM:Run, TpHotkey
command: C:\THINKPAD\tphkmgr.exe
file: C:\THINKPAD\tphkmgr.exe
size: 34304
MD5: 97826a429ede9d6d3f5968c2926761e8
Located: HK_LM:Run, TrackPointSrv
command: daemon.exe
file: C:\WINDOWS\SYSTEM\daemon.exe
size: 183296
MD5: 417460d53a9134fcc971157fac4b8472
Located: HK_LM:RunServices, HP Port Resolver
command: C:\WINDOWS\SYSTEM\hpbpro.exe
file: C:\WINDOWS\SYSTEM\hpbpro.exe
size: 77824
MD5: b262b25f76e16bfc4601e1456e05b759
Located: HK_LM:RunServices, HP Status Server
command: C:\WINDOWS\SYSTEM\hpboid.exe
file: C:\WINDOWS\SYSTEM\hpboid.exe
size: 61440
MD5: 3e99ffcedc39d8d57bae6f1754bef6f9
Located: HK_LM:RunServices, KB891711
command: c:\windows\SYSTEM\KB891711\KB891711.EXE
file: c:\windows\SYSTEM\KB891711\KB891711.EXE
size: 9088
MD5: cbd841775a04e82b2828fc301aafee70
Located: HK_LM:RunServices, SchedulingAgent
command: mstask.exe
file: C:\WINDOWS\SYSTEM\mstask.exe
size: 110352
MD5: 368b7f9d87e507c0b2924e86a579508b
Located: HK_LM:RunServices, ScriptBlocking
command: "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
file: C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
size: 54408
MD5: 3db0459e2661531bfe88ae0a182d019a
Located: HK_LM:Run, ConMgr.exe (DISABLED)
command: "C:\PROGRAM FILES\EARTHLINK 5.0\CONMGR.EXE"
file: C:\PROGRAM FILES\EARTHLINK 5.0\CONMGR.EXE
size: 290816
MD5: 770f202d5ff88b646c6b936038e3bd78
Located: HK_LM:Run, HP Network Registry Agent (DISABLED)
command: C:\WINDOWS\SYSTEM\hpnra.exe
file: C:\WINDOWS\SYSTEM\hpnra.exe
size: 45056
MD5: c01c859636dd8b9b9e942740b121cbae
Located: HK_LM:Run, HP Proxy Server (DISABLED)
command: C:\Program Files\Hewlett-Packard\ProxyService\ProxyService.lnk
file: C:\Program Files\Hewlett-Packard\ProxyService\ProxyService.lnk
size: 525
MD5: f3bb0182141795eba4ce0fd0a655f080
Located: HK_LM:Run, HP Status (DISABLED)
command: C:\WINDOWS\SYSTEM\HPSTATUS.EXE
file: C:\WINDOWS\SYSTEM\HPSTATUS.EXE
size: 106496
MD5: d233f3864b52909b440e6ad45da47cd4
Located: HK_LM:Run, IrMon (DISABLED)
command: IrMon.exe
file: C:\WINDOWS\SYSTEM\IrMon.exe
size: 135168
MD5: 06607bd392a972f46a26b323edd733d3
Located: HK_LM:Run, LoadPowerProfile (DISABLED)
command: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
file: C:\WINDOWS\Rundll32.exe
size: 24576
MD5: 3857d93aa630abbd63467db4aeffce2c
Located: HK_LM:Run, LTWinModem1 (DISABLED)
command: ltmsg.exe 9
file: C:\WINDOWS\SYSTEM\ltmsg.exe
size: 104448
MD5: b10f8406b080b4a5fead923398ed2582
Located: HK_LM:Run, LTWinModem3 (DISABLED)
command: ltmsg.exe 7
file: C:\WINDOWS\SYSTEM\ltmsg.exe
size: 104448
MD5: b10f8406b080b4a5fead923398ed2582
Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
file: C:\WINDOWS\SYSTEM\QTTASK.EXE
size: 98304
MD5: 76a3a30b58405c2c6d833895253a51a9
Located: HK_LM:Run, StillImageMonitor (DISABLED)
command: C:\WINDOWS\SYSTEM\STIMON.EXE
file: C:\WINDOWS\SYSTEM\STIMON.EXE
size: 114688
MD5: 3a395315c2d9e63c0ce4704afa404ffa
Located: HK_LM:Run, TaskMonitor (DISABLED)
command: c:\windows\taskmon.exe
file: c:\windows\taskmon.exe
size: 28672
MD5: f795110611101279aa15997801abaca0
Located: HK_LM:RunServices, LoadPowerProfile (DISABLED)
command: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
file: C:\WINDOWS\Rundll32.exe
size: 24576
MD5: 3857d93aa630abbd63467db4aeffce2c
Located: HK_LM:RunServices, SchedulingAgent (DISABLED)
command: mstask.exe
file: C:\WINDOWS\SYSTEM\mstask.exe
size: 110352
MD5: 368b7f9d87e507c0b2924e86a579508b
Located: HK_CU:Run, FreeRAM XP
command: "C:\PROGRAM FILES\FREERAM XP PRO 1.40.EXE" -win
file: C:\PROGRAM FILES\FREERAM XP PRO 1.40.EXE
size: 1353728
MD5: 73900e227172cd8579d05f66d3fb7678
Located: Startup (user), Iomega Startup Options.lnk
command: C:\Tools_95\IMGSTART.EXE
file: C:\Tools_95\IMGSTART.EXE
size: 14848
MD5: 092d95609e0a55d7150b6a270a20b571
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link:
http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 11/3/03 2:17:44 PM
Date (last access): 1/9/06
Date (last write): 11/3/03 2:17:44 PM
Filesize: 54248
Attributes: archive
MD5: FC7850324464E4D19A24A03D882B5CC4
CRC32: 452E8571
Version: 6.0.1.1091
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link:
http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name: SDHELPER.DLL
Date (created): 8/19/05 4:26:14 PM
Date (last access): 1/9/06
Date (last write): 5/31/05 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0
--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla
Internet Explorer Classes for Java (Internet Explorer Classes for Java)
DPF name: Internet Explorer Classes for Java
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\iejava.cab
info link:
info source: Patrick M. Kolla
{00000161-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\msaudio.inf
Codebase:
http://codecs.microsoft.com/codecs/i386/msaudio.cab
description: Microsoft Audio Codec
classification: Legitimate
known filename: MSAUDIO.CAB
info link:
info source: Patrick M. Kolla
{3334504D-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\mpeg4ax.inf
Codebase:
http://codecs.microsoft.com/codecs/i386/mpeg4ax.cab
description: Microsoft MPEG4 Video Codec
classification: Legitimate
known filename: MPEG4AX.CAB
info link:
info source: Patrick M. Kolla
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.1_02)
DPF name: Java Runtime Environment 1.3.1_02
CLSID name: Java Plug-in 1.3.1_02
Installer:
Codebase:
http://java.sun.com/products/plugin/1.3 ... 02-win.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\JavaSoft\JRE\1.3.1_02\bin\
Long name: NPJava131_02.dll
Short name: NPJAVA~1.DLL
Date (created): 1/28/04 6:55:20 AM
Date (last access): 1/9/06
Date (last write): 11/26/01 10:24:30 PM
Filesize: 53338
Attributes: archive
MD5: CAFFD6C4A881EB5E8AEDE346343C2796
CRC32: 2E8A0377
Version: 1.3.1.2
{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1)
DPF name: Java Runtime Environment 1.3.1
CLSID name: Java Plug-in 1.3.1
Installer:
Codebase:
http://java.sun.com/products/plugin/1.3 ... 31-win.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\JavaSoft\JRE\1.3.1\bin\
Long name: NPJava131.dll
Short name: NPJAVA~1.DLL
Date (created): 12/5/02 3:33:40 PM
Date (last access): 1/9/06
Date (last write): 5/6/01 11:14:22 AM
Filesize: 53338
Attributes: archive
MD5: 8D7694975F0E5C1F153AADD68A460887
CRC32: 2AD23CCB
Version: 1.3.1.0
{33564D57-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf
Codebase:
http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
description: Microsoft WMV Video Codec
classification: Legitimate
known filename: WMV9DMO.CAB
info link:
info source: Patrick M. Kolla
{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_02)
DPF name: Java Runtime Environment 1.3.1_02
CLSID name: Java Plug-in 1.3.1_02
Installer:
Codebase:
http://java.sun.com/products/plugin/1.3 ... 02-win.cab
description:
classification: Legitimate
known filename: npjava131_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\JavaSoft\JRE\1.3.1_02\bin\
Long name: NPJava131_02.dll
Short name: NPJAVA~1.DLL
Date (created): 1/28/04 6:55:20 AM
Date (last access): 1/9/06
Date (last write): 11/26/01 10:24:30 PM
Filesize: 53338
Attributes: archive
MD5: CAFFD6C4A881EB5E8AEDE346343C2796
CRC32: 2E8A0377
Version: 1.3.1.2
{9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class)
DPF name:
CLSID name: Update Class
Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
Codebase:
http://v4.windowsupdate.microsoft.com/C ... 5807638889
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\SYSTEM\
Long name: iuctl.dll
Short name: IUCTL.DLL
Date (created): 8/21/03 4:47:54 PM
Date (last access): 1/9/06
Date (last write): 8/21/03 4:47:54 PM
Filesize: 162400
Attributes:
MD5: DB2F1F57D3057FEBC19C61AB9AA77198
CRC32: 5A03D776
Version: 5.3.3790.13
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
DPF name:
CLSID name: Office Update Installation Engine
Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
Codebase:
http://office.microsoft.com/officeupdat ... /opuc3.cab
description:
classification: Legitimate
known filename: opuc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\
Long name: opuc.dll
Short name: OPUC.DLL
Date (created): 11/17/05 11:12:26 PM
Date (last access): 1/9/06
Date (last write): 11/17/05 11:12:26 PM
Filesize: 533504
Attributes:
MD5: 24F3058766D5FC3FD0F37F6D6EE6FE9B
CRC32: F1FAEDE3
Version: 12.0.3208.1014
--- Process list ---
PID: -3166265 (2121260491) C:\WINDOWS\SYSTEM\KERNEL32.DLL
size: 471040
MD5: 375B0813980AE17DCC689E913AB9DD7B
PID: -34625 (-3166265) C:\WINDOWS\SYSTEM\MSGSRV32.EXE
size: 11920
MD5: 15020A139F22CDBF9C70AA8D80F6AE0E
PID: -36793 (-34625) C:\WINDOWS\SYSTEM\SPOOL32.EXE
size: 45056
MD5: DB3BEE092F0E90CF799D69F99C001DAE
PID: -59329 (-36793) C:\WINDOWS\SYSTEM\MPREXE.EXE
size: 28672
MD5: 562D04789250A81CE629D60646A0D191
PID: -80513 (-59329) C:\WINDOWS\SYSTEM\HPBPRO.EXE
size: 77824
MD5: B262B25F76E16BFC4601E1456E05B759
PID: -70361 (-59329) C:\WINDOWS\SYSTEM\HPBOID.EXE
size: 61440
MD5: 3E99FFCEDC39D8D57BAE6F1754BEF6F9
PID: -72041 (-59329) C:\WINDOWS\SYSTEM\MSTASK.EXE
size: 110352
MD5: 368B7F9D87E507C0B2924E86A579508B
PID: -110857 (-59329) c:\windows\SYSTEM\KB891711\KB891711.EXE
size: 9088
MD5: CBD841775A04E82B2828FC301AAFEE70
PID: -105017 (-70361) C:\WINDOWS\SYSTEM\RPCSS.EXE
size: 20480
MD5: CE9C4007585F538F769CC80F01D09D33
PID: -79829 (-34625) C:\WINDOWS\SYSTEM\mmtask.tsk
size: 1184
MD5: 38BAE36E67C8B1AE3ABC077837953B89
PID: -156969 (-34625) C:\WINDOWS\EXPLORER.EXE
size: 180224
MD5: B22B28F61B1BB06723019307F0FAACFC
PID: -129925 (-156969) C:\WINDOWS\SYSTEM\SYSTRAY.EXE
size: 27648
MD5: C7E1448EF194081CA615B2601E9751FD
PID: -177305 (-156969) C:\WINDOWS\RUNDLL32.EXE
size: 24576
MD5: 3857D93AA630ABBD63467DB4AEFFCE2C
PID: -189333 (-156969) C:\THINKPAD\TPHKMGR.EXE
size: 34304
MD5: 97826A429EDE9D6D3F5968C2926761E8
PID: -193137 (-156969) C:\WINDOWS\SYSTEM\DAEMON.EXE
size: 183296
MD5: 417460D53A9134FCC971157FAC4B8472
PID: -180449 (-156969) C:\CFGSAFE\AUTOCHK.EXE
size: 10784
MD5: 7FC96CDE47EFC5951A725D4D03BD61B2
PID: -187273 (-156969) C:\WINDOWS\SYSTEM\IBMBAYSN.EXE
size: 29696
MD5: 1D74317BE3F67616D3F804937BF96031
PID: -204953 (-189333) C:\THINKPAD\TPONSCR.EXE
size: 50176
MD5: 558ACFCF6994E5B239E193A95995D0EF
PID: -114477 (-156969) C:\THINKPAD\TP98.EXE
size: 170496
MD5: C0DBD1C2088E04ADB28F85B9161D4FC2
PID: -176401 (-156969) C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
size: 49152
MD5: FC34FA5D1906FAAB6ABFE2FF0B4DF397
PID: -240901 (-156969) C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
size: 77824
MD5: 192511D27A93D7B0D3F1CE9353D45AF2
PID: -289305 (-156969) C:\PROGRAM FILES\EARTHLINK 5.0\CONMGR.EXE
size: 290816
MD5: 770F202D5FF88B646C6B936038E3BD78
PID: -184413 (-156969) C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
size: 338432
MD5: 4E87855221E91513647DDA62DB6B7F6F
PID: -296517 (-156969) C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
size: 263680
MD5: 9599C15E10B16738A3B9402AD22A90F5
PID: -324237 (-156969) C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
size: 318976
MD5: F23275B6104732688BE895112ADBACD4
PID: -318981 (-156969) C:\PROGRAM FILES\FREERAM XP PRO 1.40.EXE
size: 1353728
MD5: 73900E227172CD8579D05F66D3FB7678
PID: -396981 (-129925) C:\WINDOWS\SYSTEM\WMIEXE.EXE
size: 16384
MD5: 3DFE9CA6728C02CCD8309DC66B1DFEB1
PID: -514849 (-289305) C:\WINDOWS\SYSTEM\RNAAPP.EXE
size: 45056
MD5: 04F808EF7BEF391DEAE249EEEB7947E3
PID: -538821 (-514849) C:\WINDOWS\SYSTEM\TAPISRV.EXE
size: 122880
MD5: E411A84B98C3A2CB4CA23B9FFE772F80
PID: -562081 (-499741) C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\NETSCAPE.EXE
size: 5619616
MD5: DCBB8A5DD8EA8B9C4F6D704FB20D54BC
PID: -578253 (-156969) C:\PROGRAM FILES\NETSCAPE\NETSCAPE 6\NETSCP6.EXE
size: 380928
MD5: B40A5FEDE541D72D91E53C95A1D9028D
PID: -554257 (-156969) C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 1/9/06 8:37:51 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.earthlink.net/partner/more/m ... earch.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.earthlink.net/partner/more/m ... earch.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://start.earthlink.net/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://start.earthlink.net/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.earthlink.net/partner/more/m ... earch.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\First Home Page
http://start.earthlink.net/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.earthlink.net/search/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.earthlink.net/search/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://start.earthlink.net/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://start.earthlink.net/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.earthlink.net/search/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.earthlink.net/partner/more/m ... earch.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MS.w95.spi.osp
GUID: {FF017DE1-CAE9-11CF-8A99-00AA0062C609}
Filename: c:\windows\SYSTEM\mswsosp.dll
Description: Microsoft Windows 9x/ME name space provider
DB filename: %windir%\system\mswsosp.dll
DB protocol: MS.w95.spi.*
Protocol 1: MS.w95.spi.tcp
GUID: {FF017DE0-CAE9-11CF-8A99-00AA0062C609}
Filename: c:\windows\SYSTEM\msafd.dll
Description: Microsoft Windows 9x/ME network protocol
DB filename: %windir%\system\msafd.dll
DB protocol: MS.w95.spi.*
Protocol 2: MS.w95.spi.udp
GUID: {FF017DE0-CAE9-11CF-8A99-00AA0062C609}
Filename: c:\windows\SYSTEM\msafd.dll
Description: Microsoft Windows 9x/ME network protocol
DB filename: %windir%\system\msafd.dll
DB protocol: MS.w95.spi.*
Protocol 3: MS.w95.spi.raw
GUID: {FF017DE0-CAE9-11CF-8A99-00AA0062C609}
Filename: c:\windows\SYSTEM\msafd.dll
Description: Microsoft Windows 9x/ME network protocol
DB filename: %windir%\system\msafd.dll
DB protocol: MS.w95.spi.*
Protocol 4: MS.w95.spi.rsvptcp
GUID: {ECBDCBA0-334A-11D0-BD88-0000C082E69A}
Filename: c:\windows\SYSTEM\rsvpsp.dll
Description: Microsoft Windows 9x/ME network protocol
DB filename: %windir%\system\rsvoso.dll
DB protocol: MS.w95.spi.*
Protocol 5: MS.w95.spi.rsvpudp
GUID: {ECBDCBA0-334A-11D0-BD88-0000C082E69A}
Filename: c:\windows\SYSTEM\rsvpsp.dll
Description: Microsoft Windows 9x/ME network protocol
DB filename: %windir%\system\rsvoso.dll
DB protocol: MS.w95.spi.*
Namespace Provider 0: DNS Name Space Provider.
GUID: {FF017DE2-CAE9-11CF-8A99-00AA0062C609}
Filename: c:\windows\SYSTEM\rnr20.dll
Description: Microsoft Windows 9x/ME name space provider
DB filename: %windir%\system\rnr20.dll
DB protocol: DNS Name Space Provider.
--- Uninstall list ---
(DXM_Runtime)
(ICW)
Microsoft Internet Explorer 5 and Internet Tools (IE40)
uninstall cmd: rundll32 setupwbv.dll,IE5Maintenance "C:\Program Files\Internet Explorer\Setup\SETUP.EXE" /g "C:\WINDOWS\IE Uninstall Log.Txt"
(DirectDrawEx)
(IE5BAKEX)
(SchedulingAgent)
(MobileOptionPack)
(MSJavaVM)
(MSTASK)
(VGX)
(MSWALLET)
(ComicChat)
NetMeeting 3.0 (NetMeeting)
Microsoft Outlook Express 5 (OutlookExpress)
uninstall cmd: "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /UNINSTALL /PROMPT
(AddressBook)
uninstall cmd: "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT
(WebPost)
(Branding)
ThinkPad Configuration (ThinkPad Configuration)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\THINKPAD\Uninst.isu -cC:\THINKPAD\tpinst32.dll
IBM TrackPoint Support (TrackPoint)
uninstall cmd: rundll setupx.dll,InstallHinfSection DefaultUninstall 132 c:\windows\INF\tp4.inf
Access ThinkPad (Access ThinkPad)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Ibmtools\Access ThinkPad\DeIsL1.isu" -c"C:\Ibmtools\Access ThinkPad\bin\AccUtils.dll
ConfigSafe (ConfigSafe)
uninstall cmd: C:\WINDOWS\ILUNINST.EXE C:\CFGSAFE
IBM Update Connector (IBM Update Connector)
uninstall cmd: "C:\IBMTOOLS\UPDATER\JRE\bin\jre.exe" -cp "c:\IBMTOOLS\UPDATER" uninstall -idb "c:\IBMTOOLS\UPDATER\install.idb"
IBM Global Network Dialer (IBM Global Network Dialer)
uninstall cmd: C:\PROGRA~1\IBMGLO~1\UNWISE.EXE C:\PROGRA~1\IBMGLO~1\INSTALL.LOG "IBM Global Network Dialer"
PC-Doctor for Windows (PCDoctor)
uninstall cmd: C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\PC-DOC~1\INSTALL.LOG
ThinkPad on the Net (ThinkPad on the Net)
uninstall cmd: C:\WINDOWS\uninst.exe -fC:\ibmtools\thinknet\DeIsL1.isu
ThinkPad UltraBay Hot/Warm Swap Driver (IBMBAY)
uninstall cmd: RunDll setupx.dll,InstallHinfSection Uninstall_ubay 2 c:\windows\INF\ibmbay.inf
Norton AntiVirus 2001 (Norton AntiVirus)
uninstall cmd: "C:\WINDOWS\NAVUSTUB.EXE" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Norton AntiVirus\nav95.isu" -c"C:\Program Files\Norton AntiVirus\NAVINS95.DLL"
RingCentral Fax (RingCentral Fax)
uninstall cmd: C:\PROGRA~1\RZS\RCPRO\uninst\rc_unins.exe -fC:\PROGRA~1\RZS\RCPRO\uninst\rc_unins.ins
Intel SpeedStep technology Applet (Intel SpeedStep technology Applet)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\SYSTEM\Intel(R) SpeedStep(TM) technology Applet.isu"
(Chl99)
DVDExpress (DVD Express A/V Pak)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Mediamatics\DVDExpress\Uninst.isu"
Iomega Tools for Windows 95 (Iomega95)
uninstall cmd: C:\WINDOWS\uninst.exe -fC:\Tools_95\DeIsL1.isu -c"C:\Tools_95\Uninst.dll
Visioneer PaperPort 5.1 (Visioneer PaperPort 5.1)
uninstall cmd: C:\PAPRPORT\UnInstal.exe C:\WINDOWS\uninst.exe -fC:\PAPRPORT\DATA\DeIsL1.isu
Quicken Deluxe 98 (Quicken Deluxe 98)
uninstall cmd: C:\WINDOWS\uninst.exe -fC:\QUICKENW\DeIsL1.isu
Microsoft Office 97, Professional Edition (Office8.0)
uninstall cmd: C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
LiveReg (Symantec Corporation) 2.1.5.1502 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSETUP.EXE /REMOVE
publisher: Symantec Corporation
Rescue Disk (Norton Rescue)
(fontcore)
(IEData)
(IE4Data)
(IE_EXTRA)
(ICWIconFix)
(ShockwaveFlash)
QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\SYSTEM\QuickTime\Uninstall.log
EarthLink 5.0 (EarthLink 5.0)
uninstall cmd: C:\Program Files\EarthLink 5.0\EUNINSTALL.EXE /UC:\Program Files\EarthLink 5.0\SETUP.CFG
National Geographic Maps (Any files created by the program will be left on your system.) (Uninstall National Geographic Maps)
uninstall cmd: C:\WINDOWS\uninst.exe -fC:\NGMAPS\DeIsL1.isu
Adobe Acrobat 5.0 5.0 (Adobe Acrobat 5.0)
version (major): 5
install location: C:\Program Files\Adobe\Acrobat 5.0
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\98\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\98\Uninst.dll"
publisher: Adobe Systems, Inc.
help link:
http://www.adobe.com/prodindex/acrobat/main.html
Windows Media Player system update (9 Series) (WMP7)
uninstall cmd: C:\PROGRA~1\WINDOW~1\setup_wm.exe /Uninstall
HP PrecisionScan Pro 3.0 3.0.2.0000 ({22DAFE84-E618-11D3-B2A7-080009FB4A19})
version: 50331650
version (major): 3
estimated size: 71199
install date: 20021204
install source: E:\HPPSPRO\
uninstall cmd: MsiExec.exe /I{22DAFE84-E618-11D3-B2A7-080009FB4A19}
publisher: Hewlett-Packard
help link:
http://www.hp.com/cposupport/eschome.html
help telephone: 208-323-2551
Corel Applications (Corel Applications)
uninstall cmd: C:\WINDOWS\Corel\Uninst32.exe
OmniForm 4.0 (OmniForm 4.0)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Caere\OmniForm\Uninst.isu" -c"C:\Program Files\Caere\OmniForm\OfSetup.dll"
Scan Manager 5.1 5.1 ({81D62C32-0984-11D3-86CD-00105AD33021})
version: 83951616
version (major): 5
version (minor): 1
estimated size: 6307
install date: 20021204
install source: E:\CAERE\OMNIFORM\SCANMGR\
uninstall cmd: MsiExec.exe /I{81D62C32-0984-11D3-86CD-00105AD33021}
publisher: ScanSoft, Inc.
WebShop (WebShop)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Boomerang Software\WebShop\Uninst.isu"
Data Access Objects (DAO) 3.5 (Data Access Objects (DAO) 3.5)
uninstall cmd: C:\Program Files\Common Files\MICROSOFT SHARED\DAO\Remove.EXE C:\WINDOWS\UNINST.E