 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
Dana
Newbie
Joined: 06 Dec 2005
Last Visit: 10 Dec 2005
Posts: 5
|
 Posted: Tue Dec 06, 2005 8:02 pm Post subject: W32.Sinnaka.A@mm virus - Spyaxe - Freeking me out! Help |
 |
|
I have run all virus removal programs and can't get rid of the Spyaxe crap. Here is my Hijackthis log and thank you so much for this service you provide.
Logfile of HijackThis v1.99.1
Scan saved at 8:12:23 PM, on 12/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Serv-U\ServUTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost;<local>
O2 - BHO: HomepageBHO - {724510c3-f3c8-4fb7-879a-d99f29008a2f} - C:\WINDOWS\system32\hp7073.tmp
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ServUTrayIcon] C:\PROGRA~1\Serv-U\ServUTray.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Unknown owner - C:\PROGRA~1\Aluria Software\ASE\ASEServ.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe |
|
| Back to top |
|
 |
Mosaic1
SWW Distinguished Expert
Joined: 29 Jun 2004
Last Visit: 01 Nov 2009
Posts: 2204
|
| Posted: Wed Dec 07, 2005 5:38 pm Post subject: |
|
|
Did you install the Serv-U Ftp program?
Copy these instructions to notepad and save them to your desktop for easy reference.
You will be restarting into Safe mode later. Here's help if you need it.
To use the F8 key to start Windows XP in Safe mode
Restart the computer.
Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening.
As soon as the BIOS loads, begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again.
Using the arrow keys on the keyboard, select Safe mode and then press Enter.
------
Download
smitrem.zip
Save the file to your desktop.
Double click on smitRem.exe to extract the files it contains.
This will create a folder named smitrem on your desktop.
We'll use it later.
------------
Download CCleaner.
http://www.filehippo.com/download_ccleaner.html
Install CCleaner
Launch CCleaner and look in the upper right corner and click on the "Options" button.
Click "Advanced" and remove the check by "Only delete files in Windows temp folders older than 48 hours".
Click OK
Do not run CCleaner yet. You will run it later in safe mode.
Download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/
Install ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido
It will prompt you to update click the OK button and it will go to the main screen
On the left side of the main screen click update
Click on Start and let it update.
DO NOT run a scan yet. You will do that later in safe mode.
--------------------------
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop
Start Ccleaner and click Run Cleaner
Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.
Go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar.If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.
Restart back into regular windows.
Go for a free online Virus scan here:
http://www.pandasoftware.com/activescan/
Allow it to clean
Panda will have the option to create a log afer the scan has finished. Click the See Report button. Then click the save Report button. It will be saved under the name activescan.txt Do that and post that log into your next reply here.
Post a new HiJackThis log along with the results from ActiveScan and the ewido scan
open C:\smitfiles.txt and post the contents of that file |
|
| Back to top |
|
|
Dana
Newbie
Joined: 06 Dec 2005
Last Visit: 10 Dec 2005
Posts: 5
|
| Posted: Wed Dec 07, 2005 10:19 pm Post subject: It's getting better |
|
|
I didn't install the the Serv-U Ftp program and am not even sure what it does or is for. I deleted it from my progam file.
Panda scan indicated 1 dialer still.
Spyaxe page has disappeared and my system has gotten much faster. I am listing the requested logs below for review. Thank you already for getting rid of the spyaxe bug. You are providing a great service here for us novice folks. You will get good karma for this.
Logfile of HijackThis v1.99.1
Scan saved at 1:06:36 AM, on 12/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost;<local>
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Unknown owner - C:\PROGRA~1\Aluria Software\ASE\ASEServ.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
__________________________________________________
Active scan report
Incident Status Location
Dialer:dialer.bew Not disinfected C:\WINDOWS\SYSTEM32\search.html
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 11:19:27 PM, 12/7/2005
+ Report-Checksum: 243DCAD4
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
C:\Documents and Settings\Dave\My Documents\AVG\hp2531.tmp -> Trojan.Puper.bq : Cleaned with backup
C:\Documents and Settings\Dave\My Documents\AVG\hp760A.tmp -> Downloader.Zlob.cf : Cleaned with backup
C:\Documents and Settings\Dave\My Documents\AVG\nvctrl.exe -> Downloader.Zlob.cf : Cleaned with backup
C:\Documents and Settings\Dave\My Documents\AVG\Requestedfiles.zip/hp760A.tmp -> Downloader.Zlob.cf : Cleaned with backup
C:\Documents and Settings\Dave\My Documents\AVG\Requestedfiles.zip/hp2531.tmp -> Trojan.Puper.bq : Cleaned with backup
C:\Documents and Settings\Dave\My Documents\AVG\Requestedfiles.zip/nvctrl.exe -> Downloader.Zlob.cf : Cleaned with backup
C:\Program Files\Serv-U\ServUDaemon.exe -> Backdoor.ServU-based : Cleaned with backup
::Report End
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Wed 12/07/2005
The current time is: 21:28:09.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
Security Toolbar
~~~ Shortcuts ~~~
Security Troubleshooting.url
Online Security Center.url
Security Troubleshooting.url
Online Security Center.url
~~~ Favorites ~~~
Antivirus Test Online.url
~~~ system32 folder ~~~
msvol.tlb
ld****.tmp
ncompat.tlb
nvctrl.exe
mscornet.exe
hp***.tmp
~~~ Icons in System32 ~~~
ts.ico
ot.ico
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 720 'explorer.exe'
Starting registry repairs
Deleting files
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!  |
|
| Back to top |
|
|
Mosaic1
SWW Distinguished Expert
Joined: 29 Jun 2004
Last Visit: 01 Nov 2009
Posts: 2204
|
| Posted: Thu Dec 08, 2005 2:36 pm Post subject: |
|
|
This one can be fixed using hijackthis:
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
See if you can delete this file:
C:\WINDOWS\SYSTEM32\search.html
Serv-u is a server program and I am not too thrilled that we don't know what it was doing there. I don't see any other signs of an infection which might be connected to that program. It is one of thsoe legitimate program which Hackers misuse.
But the logs I asked for are not that deep.
So let's go crazy on this one.
You may have to reply more than once to fit in all this information.
Download Autoruns from this page:
http://www.sysinternals.com/Utilities/Autoruns.html
Unzip to a folder and the double click on autoruns.exe
Wait until the program has finished running (the status line will show 'Ready')
Under the 'Options' menu, make sure that 'Include Empty Sections' is checked.
Wait again until ready.
Be sure the 'Everything' tab is selected.
Select 'File -> Save' and save the output file.
Copy the contents of the Autoruns text file and post its contents in your next reply here.
-----
Download Rootkitreveal
http://www.sysinternals.com/utilities/rootkitrevealer.html
Extract rootkitreveal
Double click on rootkit revealer and press scan.
It will take some time to do a complete scan. When finished press file/save and post the contents of the log please.
-------
Try this app: blacklight Beta from here:
http://www.f-secure.com/blacklight/try.shtml
click "I accept" at bottom of page which takes you to download site.
Download the app to the desktop.
Double click it, accept the agreement, make sure "scan through windows explorer IS checked then hit "scan"
It should only take at most 5 minuites.
If any results Don't rename anything yet!
Sometimes legit items are listed along with baddies.
Just hit next> finish.
Log will be created on desktop that starts with fsbl-datetime.log
Post its results here. |
|
| Back to top |
|
|
Dana
Newbie
Joined: 06 Dec 2005
Last Visit: 10 Dec 2005
Posts: 5
|
| Posted: Sat Dec 10, 2005 10:19 am Post subject: |
|
|
To Mosaic1,
Sorry for the delay but I had to go out off town on business. Here are the latest logs you requested from Autoruns, Rootkitreveal, and blacklight beta. I did a new HJT log just in case you needed it. Thanks again for your continued assistance. It is greatly appreciated.
Autoruns:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
+ C:\WINDOWS\system32\userinit.exe Userinit Logon Application Microsoft Corporation c:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
+ Explorer.exe Windows Explorer Microsoft Corporation c:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ AVG7_CC AVG Control Center GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgcc.exe
+ AVG7_EMC AVG E-Mail Scanner GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgemc.exe
+ gcasServ Microsoft AntiSpyware Service Microsoft Corporation c:\program files\microsoft antispyware\gcasserv.exe
+ MMTray mm_tray MUSICMATCH, Inc. c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
+ QuickTime Task Apple Computer, Inc. c:\program files\quicktime\qttask.exe
+ SunJavaUpdateSched Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc. c:\program files\java\jre1.5.0_06\bin\jusched.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
+ WinZip Quick Pick.lnk WinZip Executable WinZip Computing LP c:\program files\winzip\wzqkpick.exe
C:\Documents and Settings\Dave\Start Menu\Programs\Startup
+ Adobe Gamma.lnk Adobe Gamma Loader Adobe Systems, Inc. c:\program files\common files\adobe\calibration\adobe gamma loader.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ Google Desktop Search c:\program files\google\google desktop search\googledesktop.exe
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ Address Book 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe
+ Browser Customizations Microsoft Internet Explorer Customization DLL Microsoft Corporation c:\windows\system32\iedkcs32.dll
+ Fax ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll
+ Internet Explorer Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe
+ Internet Explorer Windows Setup API Microsoft Corporation c:\windows\system32\setupapi.dll
+ Internet Explorer 6 IE 5.0 Per-User Install Utility Microsoft Corporation c:\windows\system32\ie4uinit.exe
+ Microsoft Outlook Express 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe
+ Microsoft Windows Media Player ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll
+ NetMeeting 3.01 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll
+ Outlook Express Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe
+ Themes Setup Microsoft(C) Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe
+ Windows Desktop Update Microsoft(C) Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe
+ Windows Media Player Microsoft Windows Media Player Setup Utility Microsoft Corporation c:\windows\inf\unregmp2.exe
+ Windows Messenger 4.7 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
+ Browseui preloader Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Component Categories cache daemon Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ CDBurn Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ PostBootReminder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ SysTray Systray shell service object Microsoft Corporation c:\windows\system32\stobject.dll
+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ ewido shell guard c:\program files\ewido\security suite\shellhook.dll
+ Microsoft AntiSpyware Service Hook Microsoft AntiSpyware Shell Extension Microsoft Corporation c:\program files\microsoft antispyware\shellextension.dll
+ shell32.dll Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ %DESC_PublishDropTarget% Photo Printing Wizard Microsoft Corporation c:\windows\system32\photowiz.dll
+ &Address Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ .CAB file viewer Cabinet File Viewer Shell Extension Microsoft Corporation c:\windows\system32\cabview.dll
+ Accessible Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ ActiveX Cache Folder Object Control Viewer Microsoft Corporation c:\windows\system32\occache.dll
+ Adaptec DirectCD Shell Extension DirectCD Shell Extention DLL Roxio c:\program files\roxio\easy cd creator 5\directcd\shellex.dll
+ Address Bar Parser Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Address EditBox Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Administrative Tools Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Audio Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ Augmented Shell Folder Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Augmented Shell Folder 2 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Auto Update Property Sheet Extension Automatic Updates Control Panel Microsoft Corporation c:\windows\system32\wuaucpl.cpl
+ AVG7 Find Extension AVG Shell Extension GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgse.dll
+ AVG7 Shell Extension AVG Shell Extension GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgse.dll
+ Avi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ BandProxy Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Briefcase Windows Briefcase Microsoft Corporation c:\windows\system32\syncui.dll
+ CDF Extension Copy Hook Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Channel File Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll
+ Channel Handler Object Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll
+ Channel Menu Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll
+ Channel Properties Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll
+ Channel Shortcut Channel Definition File Viewer Microsoft Corporation c:\windows\system32\cdfview.dll
+ Code Download Agent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Compatibility Page Compatibility Tab Shell Extension DLL Microsoft Corporation c:\windows\system32\slayerxp.dll
+ Compressed (zipped) Folder Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll
+ Compressed (zipped) Folder Right Drag Handler Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll
+ Compressed (zipped) Folder SendTo Target Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll
+ ConnectionAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Crypto PKO Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll
+ Crypto Sign Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll
+ Custom MRU AutoCompleted List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Darwin App Publisher Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl
+ DfsShell Distributed File System shell extension Microsoft Corporation c:\windows\system32\dfsshlex.dll
+ Directory Context Menu Verbs Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll
+ Directory Object Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Directory Property UI Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll
+ Directory Query UI Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Directory Start/Search Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Disk Copy Extension Windows DiskCopy Microsoft Corporation c:\windows\system32\diskcopy.dll
+ Disk Quota UI Windows Shell Disk Quota UI DLL Microsoft Corporation c:\windows\system32\dskquoui.dll
+ Display Adapter CPL Extension Advanced display adapter properties Microsoft Corporation c:\windows\system32\deskadp.dll
+ Display Monitor CPL Extension Advanced display monitor properties Microsoft Corporation c:\windows\system32\deskmon.dll
+ Display Panning CPL Extension File not found: deskpan.dll
+ Display TroubleShoot CPL Extension Advanced display performance properties Microsoft Corporation c:\windows\system32\deskperf.dll
+ Download Status Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ DS Security Page Directory Service Security UI Microsoft Corporation c:\windows\system32\dssec.dll
+ E-mail Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Explorer Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Extensions Manager Folder Extensions Manager Microsoft Corporation c:\windows\system32\extmgr.dll
+ Favorites Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Fonts Windows Font Folder Microsoft Corporation c:\windows\system32\fontext.dll
+ Fonts Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ For &People... Find People Microsoft Corporation c:\program files\outlook express\wabfind.dll
+ FTP Folders Webview Microsoft Internet Explorer FTP Folder Shell Extension Microsoft Corporation c:\windows\system32\msieftp.dll
+ Fusion Cache Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll
+ GDI+ file thumbnail extractor Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll
+ Get a Passport Wizard Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
+ Global Folder Settings Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ History Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ HTML Thumbnail Extractor Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll
+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll
+ ICC Profile Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll
+ ICM Monitor Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll
+ ICM Printer Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll
+ ICM Scanner Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll
+ IE4 Suite Splash Screen Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ In-pane search Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Installed Apps Enumerator Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl
+ Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Internet Name Space Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ InternetShortcut Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ ISFBand OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Corporation c:\windows\msagent\agentpsh.dll
+ Microsoft AutoComplete Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Browser Architecture Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Microsoft BrowserBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Data Link Microsoft Data Access - OLE DB Core Services Microsoft Corporation c:\program files\common files\system\ole db\oledb32.dll
+ Microsoft DocProp Inplace Calendar Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Droplist Combo Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace ML Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Time Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft DocProp Shell Ext Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll
+ Microsoft History AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Internet Toolbar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Multiple AutoComplete List Container Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Outlook Custom Icon Handler Microsoft Outlook Shell Hook for Start/Find Microsoft Corporation c:\program files\microsoft office\office\olkfstub.dll
+ Microsoft Shell Folder AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Microsoft Url History Service Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Microsoft Url Search Hook Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Midi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ MMC Icon Handler MMC Shell Extension DLL Microsoft Corporation c:\windows\system32\mmcshext.dll
+ MRU AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Multimedia File Property Sheet Control Panel Drivers Applet Microsoft Corporation c:\windows\system32\mmsys.cpl
+ MyDocs Copy Hook My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll
+ MyDocs Drop Target My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll
+ MyDocs Properties My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll
+ Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll
+ Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll
+ NTFS Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll
+ Offline Files Folder Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll
+ Offline Files Folder Options Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll
+ Offline Files Menu Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll
+ OLE Docfile Property Page OLE DocFile Property Page Microsoft Corporation c:\windows\system32\docprop.dll
+ PlusPack CPL Extension Windows Theme API Microsoft Corporation c:\windows\system32\themeui.dll
+ Portable Media Devices Portable Media Devices Shell Extension Microsoft Corporation c:\windows\system32\audiodev.dll
+ Portable Media Devices Menu Portable Media Devices Shell Extension Microsoft Corporation c:\windows\system32\audiodev.dll
+ PostAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Previous Versions Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll
+ Previous Versions Property Page Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll
+ Print Ordering via the Web Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
+ Printers Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll
+ Registry Tree Options Utility Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Remote Sessions CPL Extension Remote Sessions CPL Extension Microsoft Corporation c:\windows\system32\remotepg.dll
+ Run... Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll
+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll
+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll
+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll
+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll
+ Scheduled Tasks Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll
+ Search Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Search Assistant OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Search Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll
+ Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll
+ Set Program Access and Defaults Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Share-to-Web Upload Folder S2WNSRES Hewlett-Packard c:\program files\hewlett-packard\hp share-to-web\hpgs2wns.dll
+ Shell Application Manager Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl
+ Shell Automation Inproc Service Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Shell Band Site Menu Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Shell DeskBar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Shell DeskBarApp Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Shell DocObject Viewer Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Shell extensions for Microsoft Windows Network objects Network object shell UI Microsoft Corporation c:\windows\system32\ntlanui2.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll
+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll
+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll
+ Shell extensions for Windows Script Host Microsoft (r) Shell Extension for Windows Script Host Microsoft Corporation c:\windows\system32\wshext.dll
+ Shell Image Data Factory Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll
+ Shell Image Property Handler Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll
+ Shell Image Verbs Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll
+ Shell properties for a DS object Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Shell Publishing Wizard Object Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
+ Shell Rebar BandSite Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Shell Scrap DataHandler Shell scrap object handler Microsoft Corporation c:\windows\system32\shscrap.dll
+ Subscription Folder Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Subscription Mgr Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Summary Info Thumbnail handler (DOCFILES) Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll
+ Taskbar and Start Menu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ Tasks Folder Icon Handler Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll
+ Tasks Folder Shell Extension Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll
+ Temporary Internet Files Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Temporary Internet Files Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ The Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Track Popup Bar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ TrayAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ TridentImageExtractor Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ User Accounts Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
+ User Assist Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Video Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ Video Thumbnail Extractor Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ Wav Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ Web Printer Shell Extension Print UI DLL Microsoft Corporation c:\windows\system32\printui.dll
+ Web Publishing Wizard Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
+ Web Search Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ WebCheck SyncMgr Handler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ WebCheckChannelAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ WebCheckWebCrawler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll
+ Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll
+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll
+ WinZip WinZip Shell Extension DLL WinZip Computing LP c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL WinZip Computing LP c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL WinZip Computing LP c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL WinZip Computing LP c:\program files\winzip\wzshlstb.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Web Folders c:\program files\common files\microsoft shared\web folders\msonsext.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ {24F14F01-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ {24F14F02-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ {66742402-F9B9-11D1-A202-0000F81FEDEE} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ SSVHelper Class Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc. c:\program files\java\jre1.5.0_06\bin\ssv.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
+ shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ Windows Messenger Windows Messenger Microsoft Corporation c:\program files\messenger\msmsgs.exe
HKLM\System\CurrentControlSet\Services
+ ASEService Removes spyware during reboot that cannot be removed while Windows is running c:\program files\aluria software\ase\aseserv.exe
+ AudioSrv Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ Avg7Alrt AVG Alert Manager GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgamsvr.exe
+ Avg7UpdSvc AVG Update Service GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgupsvc.exe
+ AVGFwSrv AVG Firewall Service GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgfwsrv.exe
+ BITS Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. Microsoft Corporation c:\windows\system32\svchost.exe
+ Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ CiSvc Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. Microsoft Corporation c:\windows\system32\cisvc.exe
+ CryptSvc Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ DcomLaunch Provides launch functionality for DCOM services. Microsoft Corporation c:\windows\system32\svchost.exe
+ Dhcp Manages network configuration by registering and updating IP addresses and DNS names. Microsoft Corporation c:\windows\system32\svchost.exe
+ Dnscache Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ ERSvc Allows error reporting for services and applictions running in non-standard environments. Microsoft Corporation c:\windows\system32\svchost.exe
+ Eventlog Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Microsoft Corporation c:\windows\system32\services.exe
+ ewido security suite control ewido control ewido networks c:\program files\ewido\security suite\ewidoctrl.exe
+ Fax Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network. Microsoft Corporation c:\windows\system32\fxssvc.exe
+ helpsvc Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ lanmanserver Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ lanmanworkstation Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ LmHosts Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Microsoft Corporation c:\windows\system32\svchost.exe
+ PlugPlay Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Microsoft Corporation c:\windows\system32\services.exe
+ PolicyAgent Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Microsoft Corporation c:\windows\system32\lsass.exe
+ ProtectedStorage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Microsoft Corporation c:\windows\system32\lsass.exe
+ RpcSs Provides the endpoint mapper and other miscellaneous RPC services. Microsoft Corporation c:\windows\system32\svchost.exe
+ SamSs Stores security information for local user accounts. Microsoft Corporation c:\windows\system32\lsass.exe
+ Schedule Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ seclogon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ SENS Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Microsoft Corporation c:\windows\system32\svchost.exe
+ SharedAccess Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Microsoft Corporation c:\windows\system32\svchost.exe
+ ShellHWDetection Generic Host Process for Win32 Services Microsoft Corporation c:\windows\system32\svchost.exe
+ Spooler Loads files to memory for later printing. Microsoft Corporation c:\windows\system32\spoolsv.exe
+ srservice Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties Microsoft Corporation c:\windows\system32\svchost.exe
+ stisvc Provides image acquisition services for scanners and cameras. Microsoft Corporation c:\windows\system32\svchost.exe
+ Themes Provides user experience theme management. Microsoft Corporation c:\windows\system32\svchost.exe
+ TrkWks Maintains links between NTFS files within a computer or across computers in a network domain. Microsoft Corporation c:\windows\system32\svchost.exe
+ UMWdf Enables Windows user mode drivers. Microsoft Corporation c:\windows\system32\wdfmgr.exe
+ w32time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Microsoft Corporation c:\windows\system32\svchost.exe
+ WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ winmgmt Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ wscsvc Monitors system security settings and configurations. Microsoft Corporation c:\windows\system32\svchost.exe
+ wuauserv Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. Microsoft Corporation c:\windows\system32\svchost.exe
+ WZCSVC Provides automatic configuration for the 802.11 adapters Microsoft Corporation c:\windows\system32\svchost.exe
HKLM\System\CurrentControlSet\Services
+ ACPI ACPI Driver for NT Microsoft Corporation c:\windows\system32\drivers\acpi.sys
+ aeaudio Andrea Audio Stub Driver Andrea Electronics Corporation c:\windows\system32\drivers\aeaudio.sys
+ aec Microsoft Acoustic Echo Canceller Microsoft Corporation c:\windows\system32\drivers\aec.sys
+ AFD AFD Networking Support Environment Microsoft Corporation c:\windows\system32\drivers\afd.sys
+ AsyncMac RAS Asynchronous Media Driver Microsoft Corporation c:\windows\system32\drivers\asyncmac.sys
+ atapi IDE/ATAPI Port Driver Microsoft Corporation c:\windows\system32\drivers\atapi.sys
+ Atmarpc ATM ARP Client Protocol Microsoft Corporation c:\windows\system32\drivers\atmarpc.sys
+ audstub AudStub Driver Microsoft Corporation c:\windows\system32\drivers\audstub.sys
+ Avg7Core AVG Scanning Engine GRISOFT, s.r.o. c:\windows\system32\drivers\avg7core.sys
+ Avg7RsW AVG Resident Shield Unload Helper GRISOFT, s.r.o. c:\windows\system32\drivers\avg7rsw.sys
+ Avg7RsXP AVG Resident Anti-Virus Shield GRISOFT, s.r.o. c:\windows\system32\drivers\avg7rsxp.sys
+ AvgTdi AVG Network connection watcher GRISOFT, s.r.o. c:\windows\system32\drivers\avgtdi.sys
+ bcm4sbxp Broadcom Corporation NDIS 5.1 ethernet driver Broadcom Corporation c:\windows\system32\drivers\bcm4sbxp.sys
+ BCMModem Modem Device Driver Broadcom Corporation c:\windows\system32\drivers\bcmsm.sys
+ Cdrom SCSI CD-ROM Driver Microsoft Corporation c:\windows\system32\drivers\cdrom.sys
+ Disk PnP Disk Driver Microsoft Corporation c:\windows\system32\drivers\disk.sys
+ DMusic Microsoft Kernel DLS Synthesizer Microsoft Corporation c:\windows\system32\drivers\dmusic.sys
+ drmkaud Microsoft Kernel DRM Audio Descrambler Filter Microsoft Corporation c:\windows\system32\drivers\drmkaud.sys
+ EL90XBC 3Com EtherLink PCI Driver 3Com Corporation c:\windows\system32\drivers\el90xbc5.sys
+ Fdc Floppy Disk Controller Driver Microsoft Corporation c:\windows\system32\drivers\fdc.sys
+ Flpydisk Floppy Driver Microsoft Corporation c:\windows\system32\drivers\flpydisk.sys
+ Ftdisk FT Disk Driver Microsoft Corporation c:\windows\system32\drivers\ftdisk.sys
+ Gpc Generic Packet Classifier Microsoft Corporation c:\windows\system32\drivers\msgpc.sys
+ HidUsb USB Miniport Driver for Input Devices Microsoft Corporation c:\windows\system32\drivers\hidusb.sys
+ HPZid412 IEEE-1284.4-1999 Driver (Windows 2000) HP c:\windows\system32\drivers\hpzid412.sys
+ HPZipr12 IEEE-1284.4-1999 Print Class Driver HP c:\windows\system32\drivers\hpzipr12.sys
+ HPZius12 1284.4<->Usb Datalink Driver (Windows 2000) HP c:\windows\system32\drivers\hpzius12.sys
+ HTTP This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\drivers\http.sys
+ i8042prt i8042 Port Driver Microsoft Corporation c:\windows\system32\drivers\i8042prt.sys
+ i81x Miniport Driver for Intel Graphics Driver Intel(R) Corporation c:\windows\system32\drivers\i81xnt5.sys
+ iAimFP0 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation c:\windows\system32\drivers\wadv01nt.sys
+ iAimFP1 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation c:\windows\system32\drivers\wadv02nt.sys
+ iAimFP2 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation c:\windows\system32\drivers\wadv05nt.sys
+ iAimFP3 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation c:\windows\system32\drivers\wsiintxx.sys
+ iAimFP4 Local Flat Panel Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation c:\windows\system32\drivers\wvchntxx.sys
+ iAimTV0 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation c:\windows\system32\drivers\watv01nt.sys
+ iAimTV1 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation c:\windows\system32\drivers\watv02nt.sys
+ iAimTV2 File not found: System32\DRIVERS\wATV03nt.sys
+ iAimTV3 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation c:\windows\system32\drivers\watv04nt.sys
+ iAimTV4 Digital Display Minidriver for Intel(R) Graphics Driver Intel(R) Corporation c:\windows\system32\drivers\wch7xxnt.sys
+ ialm Controller Hub for Intel Graphics Driver Intel Corporation c:\windows\system32\drivers\ialmnt5.sys
+ Imapi IMAPI Kernel Driver Microsoft Corporation c:\windows\system32\drivers\imapi.sys
+ intelppm Processor Device Driver Microsoft Corporation c:\windows\system32\drivers\intelppm.sys
+ ip6fw Provides intrusion prevention service for a home or small office network. Microsoft Corporation c:\windows\system32\drivers\ip6fw.sys
+ IpFilterDriver IP Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\ipfltdrv.sys
+ IpInIp IP in IP Tunnel Driver Microsoft Corporation c:\windows\system32\drivers\ipinip.sys
+ IpNat IP Network Address Translator Microsoft Corporation c:\windows\system32\drivers\ipnat.sys
+ IPSec IPSEC driver Microsoft Corporation c:\windows\system32\drivers\ipsec.sys
+ IRENUM Infra-Red Bus Enumerator Microsoft Corporation c:\windows\system32\drivers\irenum.sys
+ isapnp PNP ISA Bus Driver Microsoft Corporation c:\windows\system32\drivers\isapnp.sys
+ Kbdclass Keyboard Class Driver Microsoft Corporation c:\windows\system32\drivers\kbdclass.sys
+ kmixer Kernel Mode Audio Mixer Microsoft Corporation c:\windows\system32\drivers\kmixer.sys
+ MODEMCSA Unimodem CSA Filter Microsoft Corporation c:\windows\system32\drivers\modemcsa.sys
+ Mouclass Mouse Class Driver Microsoft Corporation c:\windows\system32\drivers\mouclass.sys
+ mouhid HID Mouse Filter Driver Microsoft Corporation c:\windows\system32\drivers\mouhid.sys
+ MSKSSRV MS KS Server Microsoft Corporation c:\windows\system32\drivers\mskssrv.sys
+ MSPCLOCK MS Proxy Clock Microsoft Corporation c:\windows\system32\drivers\mspclock.sys
+ MSPQM MS Proxy Quality Manager Microsoft Corporation c:\windows\system32\drivers\mspqm.sys
+ mssmbios System Management BIOS Driver Microsoft Corporation c:\windows\system32\drivers\mssmbios.sys
+ NdisTapi Remote Access NDIS TAPI Driver Microsoft Corporation c:\windows\system32\drivers\ndistapi.sys
+ Ndisuio NDIS Usermode I/O Protocol Microsoft Corporation c:\windows\system32\drivers\ndisuio.sys
+ NdisWan Remote Access NDIS WAN Driver Microsoft Corporation c:\windows\system32\drivers\ndiswan.sys
+ NetBT NetBios over Tcpip Microsoft Corporation c:\windows\system32\drivers\netbt.sys
+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys
+ NwlnkFlt IPX Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkflt.sys
+ NwlnkFwd IPX Traffic Forwarder Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkfwd.sys
+ omci OMCI Device Driver Dell Computer Corporation c:\windows\system32\drivers\omci.sys
+ P3 Processor Device Driver Microsoft Corporation c:\windows\system32\drivers\p3.sys
+ Parport Parallel Port Driver Microsoft Corporation c:\windows\system32\drivers\parport.sys
+ PCI NT Plug and Play PCI Enumerator Microsoft Corporation c:\windows\system32\drivers\pci.sys
+ PCIIde Generic PCI IDE Bus Driver Microsoft Corporation c:\windows\system32\drivers\pciide.sys
+ pfc Padus(R) ASPI Shell Padus, Inc. c:\windows\system32\drivers\pfc.sys
+ PptpMiniport WAN Miniport (PPTP) Microsoft Corporation c:\windows\system32\drivers\raspptp.sys
+ Processor Processor Device Driver Microsoft Corporation c:\windows\system32\drivers\processr.sys
+ PSched QoS Packet Scheduler Microsoft Corporation c:\windows\system32\drivers\psched.sys
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
+ RasAcd Remote Access Auto Connection Driver Microsoft Corporation c:\windows\system32\drivers\rasacd.sys
+ Rasl2tp WAN Miniport (L2TP) Microsoft Corporation c:\windows\system32\drivers\rasl2tp.sys
+ RasPppoe Remote Access PPPOE Driver Microsoft Corporation c:\windows\system32\drivers\raspppoe.sys
+ Raspti Direct Parallel Microsoft Corporation c:\windows\system32\drivers\raspti.sys
+ RDPCDD RDP Miniport Microsoft Corporation c:\windows\system32\drivers\rdpcdd.sys
+ rdpdr Microsoft RDP Device redirector Microsoft Corporation c:\windows\system32\drivers\rdpdr.sys
+ redbook Redbook Audio Filter Driver Microsoft Corporation c:\windows\system32\drivers\redbook.sys
+ Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys
+ serenum Serial Port Enumerator Microsoft Corporation c:\windows\system32\drivers\serenum.sys
+ Serial Serial Device Driver Microsoft Corporation c:\windows\system32\drivers\serial.sys
+ smwdm SoundMAX Integrated Digital Audio Analog Devices, Inc. c:\windows\system32\drivers\smwdm.sys
+ splitter Microsoft Kernel Audio Splitter Microsoft Corporation c:\windows\system32\drivers\splitter.sys
+ swenum Plug and Play Software Device Enumerator Microsoft Corporation c:\windows\system32\drivers\swenum.sys
+ swmidi Microsoft GS Wavetable Synthesizer Microsoft Corporation c:\windows\system32\drivers\swmidi.sys
+ sysaudio System Audio WDM Filter Microsoft Corporation c:\windows\system32\drivers\sysaudio.sys
+ Tcpip TCP/IP Protocol Driver Microsoft Corporation c:\windows\system32\drivers\tcpip.sys
+ TermDD Terminal Server Driver Microsoft Corporation c:\windows\system32\drivers\termdd.sys
+ Update Update Driver Microsoft Corporation c:\windows\system32\drivers\update.sys
+ USB_RNDIS_XP Remote NDIS USB Driver Microsoft Corporation c:\windows\system32\drivers\usb8023.sys
+ usbaudio USB Audio Class Driver Microsoft Corporation c:\windows\system32\drivers\usbaudio.sys
+ usbccgp USB Common Class Generic Parent Driver Microsoft Corporation c:\windows\system32\drivers\usbccgp.sys
+ usbehci EHCI eUSB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbehci.sys
+ usbhub Default Hub Driver for USB Microsoft Corporation c:\windows\system32\drivers\usbhub.sys
+ usbprint USB Printer driver Microsoft Corporation c:\windows\system32\drivers\usbprint.sys
+ usbscan USB Scanner Driver Microsoft Corporation c:\windows\system32\drivers\usbscan.sys
+ USBSTOR USB Mass Storage Class Driver Microsoft Corporation c:\windows\system32\drivers\usbstor.sys
+ usbuhci UHCI USB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbuhci.sys
+ VgaSave Controls the VGA display adapter to provide basic display capabilities. Microsoft Corporation c:\windows\system32\drivers\vga.sys
+ Wanarp Remote Access IP ARP Driver Microsoft Corporation c:\windows\system32\drivers\wanarp.sys
+ wdmaud MMSYSTEM Wave/Midi API mapper Microsoft Corporation c:\windows\system32\drivers\wdmaud.sys
+ WS2IFSL Winsock2 IFS Layer Microsoft Corporation c:\windows\system32\drivers\ws2ifsl.sys
+ {6080A529-897E-4629-A488-ABA0C29B635E} Intel Graphics Platform (SoftBIOS) Driver for Windows 2000(R) & Windows XP(TM) Intel Corporation c:\windows\system32\drivers\ialmsbw.sys
+ {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} Intel Graphics Chipset (KCH) Driver for Windows 2000(R) & Windows XP(TM) Intel Corporation c:\windows\system32\drivers\ialmkchw.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ autocheck autochk * Auto Check Utility Microsoft Corporation c:\windows\system32\autochk.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
+ Your Image File Name Here without a path Symbolic Debugger for Windows 2000 Microsoft Corporation c:\windows\system32\ntsd.exe
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
+ advapi32 Advanced Windows 32 Base API Microsoft Corporation c:\windows\system32\advapi32.dll
+ comdlg32 Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg32.dll
+ gdi32 GDI Client DLL Microsoft Corporation c:\windows\system32\gdi32.dll
+ imagehlp Windows NT Image Helper Microsoft Corporation c:\windows\system32\imagehlp.dll
+ kernel32 Windows NT BASE API Client DLL Microsoft Corporation c:\windows\system32\kernel32.dll
+ lz32 LZ Expand/Compress API DLL Microsoft Corporation c:\windows\system32\lz32.dll
+ ole32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\ole32.dll
+ oleaut32 Microsoft Corporation c:\windows\system32\oleaut32.dll
+ olecli32 Object Linking and Embedding Client Library Microsoft Corporation c:\windows\system32\olecli32.dll
+ olecnv32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olecnv32.dll
+ olesvr32 Object Linking and Embedding Server Library Microsoft Corporation c:\windows\system32\olesvr32.dll
+ olethk32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olethk32.dll
+ rpcrt4 Remote Procedure Call Runtime Microsoft Corporation c:\windows\system32\rpcrt4.dll
+ shell32 Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ url Internet Shortcut Shell Extension DLL Microsoft Corporation c:\windows\system32\url.dll
+ urlmon OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ user32 Windows XP USER API Client DLL Microsoft Corporation c:\windows\system32\user32.dll
+ version Version Checking and File Installation Libraries Microsoft Corporation c:\windows\system32\version.dll
+ wininet Internet Extensions for Win32 Microsoft Corporation c:\windows\system32\wininet.dll
+ wldap32 Win32 LDAP API DLL Microsoft Corporation c:\windows\system32\wldap32.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ crypt32chain Crypto API32 Microsoft Corporation c:\windows\system32\crypt32.dll
+ cryptnet Crypto Network Related API Microsoft Corporation c:\windows\system32\cryptnet.dll
+ cscdll Offline Network Agent Microsoft Corporation c:\windows\system32\cscdll.dll
+ igfxcui igfxsrvc Module Intel Corporation c:\windows\system32\igfxsrvc.dll
+ ScCertProp Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
+ Schedule Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
+ sclgntfy Secondary Logon Service Notification DLL Microsoft Corporation c:\windows\system32\sclgntfy.dll
+ SensLogn Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
+ termsrv Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
+ wlballoon Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
HKCU\Control Panel\Desktop\Scrnsave.exe
+ C:\WINDOWS\System32\LOGON.SCR Logon Screen Saver Microsoft Corporation c:\windows\system32\logon.scr
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ Grisoft Firewall AFU over [MSAFD Tcpip [RAW/IP]] AVG Firewall Filter Unit GRISOFT, s.r.o. c:\windows\system32\avgfwafu.dll
+ Grisoft Firewall AFU over [MSAFD Tcpip [TCP/IP]] AVG Firewall Filter Unit GRISOFT, s.r.o. c:\windows\system32\avgfwafu.dll
+ Grisoft Firewall AFU over [MSAFD Tcpip [UDP/IP]] AVG Firewall Filter Unit GRISOFT, s.r.o. c:\windows\system32\avgfwafu.dll
+ Grisoft Firewall AFU over [RSVP TCP Service Provider] AVG Firewall Filter Unit GRISOFT, s.r.o. c:\windows\system32\avgfwafu.dll
+ Grisoft Firewall AFU over [RSVP UDP Service Provider] AVG Firewall Filter Unit GRISOFT, s.r.o. c:\windows\system32\avgfwafu.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{1AAFF766-34D1-4415-B09C-F22F807C70B4}] DATAGRAM 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{1AAFF766-34D1-4415-B09C-F22F807C70B4}] SEQPACKET 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{1EED63FF-DD1C-4E1D-BA35-89D4CFCADC91}] DATAGRAM 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{1EED63FF-DD1C-4E1D-BA35-89D4CFCADC91}] SEQPACKET 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{38037F35-2102-4B10-9293-6505455D6F08}] DATAGRAM 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{38037F35-2102-4B10-9293-6505455D6F08}] SEQPACKET 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] SEQPACKET 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{93DB4DB9-E887-49A6-9599-E74F41149F6A}] DATAGRAM 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{93DB4DB9-E887-49A6-9599-E74F41149F6A}] SEQPACKET 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] DATAGRAM 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] SEQPACKET 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ RSVP TCP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll
+ RSVP UDP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ BJ Language Monitor Langage Monitor for Canon Bubble-Jet Printer Microsoft Corporation c:\windows\system32\cnbjmon.dll
+ hpzlnt05 HP c:\windows\system32\hpzlnt05.dll
+ Local Port Local Spooler DLL Microsoft Corporation c:\windows\system32\localspl.dll
+ Microsoft Shared Fax Monitor Microsoft Fax Print Monitor Microsoft Corporation c:\windows\system32\fxsmon.dll
+ PJL Language Monitor PJL Language monitor Microsoft Corporation c:\windows\system32\pjlmon.dll
+ Standard TCP/IP Port Standard TCP/IP Port Monitor DLL Microsoft Corporation c:\windows\system32\tcpmon.dll
+ USB Monitor Standard Dynamic Printing Port Monitor DLL Microsoft Corporation c:\windows\system32\usbmon.dll
blacklight Beta:
12/10/05 12:53:03 [Info]: BlackLight Engine 1.0.29 initialized
12/10/05 12:53:03 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/10/05 12:53:03 [Note]: 7019 4
12/10/05 12:53:03 [Note]: 7005 0
12/10/05 12:53:41 [Note]: 7007 0
12/10/05 12:53:59 [Info]: BlackLight Engine 1.0.29 initialized
12/10/05 12:53:59 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/10/05 12:53:59 [Note]: 7019 4
12/10/05 12:53:59 [Note]: 7005 0
12/10/05 12:54:12 [Note]: 7006 0
12/10/05 12:54:12 [Note]: 7011 2008
12/10/05 12:54:13 [Note]: FSRAW library version 1.7.1013
12/10/05 12:56:06 [Note]: 7007 0
Rootkitreveal did not find anything in its scan.
________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 1:17:58 PM, on 12/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Unknown owner - C:\PROGRA~1\Aluria Software\ASE\ASEServ.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
Thanks again,
Dana |
|
| Back to top |
|
|
Mosaic1
SWW Distinguished Expert
Joined: 29 Jun 2004
Last Visit: 01 Nov 2009
Posts: 2204
|
| Posted: Sat Dec 10, 2005 10:52 am Post subject: |
|
|
Hi Dana,
No problem. You're welcome. Your logs look clean. So farv as I can tell you are ok. If you find you are having problems later, come back and let us know.
Once you have rebooted a time or two, be sure everything is in working order. It is time to flush your system restore points. Once you do that you will not be able to correct any problems you may have now by going back to a point before today.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.
Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn off System restore.
Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.
----------------------------
Also here is an excellent source for tips to tighten security. Follow the advice and get the free downloads to help avoid some of these problems in the future.
http://www.computercops.biz/postt7736.html
Mo |
|
| Back to top |
|
|
Dana
Newbie
Joined: 06 Dec 2005
Last Visit: 10 Dec 2005
Posts: 5
|
| Posted: Sat Dec 10, 2005 11:10 am Post subject: One last question |
|
|
Mo
One last question.
I updated Windows XP while I was infected. Should I redo this, etc.?
Thanks for all your help.
Happy Holidays
Dana |
|
| Back to top |
|
|
Mosaic1
SWW Distinguished Expert
Joined: 29 Jun 2004
Last Visit: 01 Nov 2009
Posts: 2204
|
| Posted: Sat Dec 10, 2005 11:13 am Post subject: |
|
|
Hi Dana,
No. If windows is behaving you should be ok. I take it you installed Service Pack2?
Mo |
|
| Back to top |
|
|
Dana
Newbie
Joined: 06 Dec 2005
Last Visit: 10 Dec 2005
Posts: 5
|
| Posted: Sat Dec 10, 2005 11:26 am Post subject: |
|
|
Sorry to bother you again. I ran Spybot before I proceeded with the restore points and it still identifies Smitfraud. Here is my log:
--- Search result list ---
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-1814702396-3894915990-2500229305-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\*!=W=4
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-12-08 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-12-02 Includes\Cookies.sbi (*)
2005-12-02 Includes\Dialer.sbi (*)
2005-12-02 Includes\Hijackers.sbi (*)
2005-12-02 Includes\Keyloggers.sbi (*)
2005-12-02 Includes\Malware.sbi (*)
2005-12-02 Includes\PUPS.sbi (*)
2005-12-02 Includes\Revision.sbi (*)
2005-12-02 Includes\Security.sbi (*)
2005-12-02 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-12-02 Includes\Trojans.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB886906)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB834707
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB889293
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB896688
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB896727
/ Outlook Express 6 / SP1: Windows XP Hotfix - KB897715
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows Media Player: Windows Media Update 828026
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP2: Windows Blaster Worm Removal Tool (KB833330)
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
--- Startup entries list ---
Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
size: 346671
MD5: 2596fcf253ef464d9ddffacf3d0921e8
Located: HK_LM:Run, AVG7_EMC
command: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
file: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
size: 233524
MD5: 4e4f6991561a78186f18f26dff3b7b5a
Located: HK_LM:Run, gcasServ
command: "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
file: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 473928
MD5: e8177b5150cab1509d2e9807c3f6366c
Located: HK_LM:Run, MMTray
command: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
file: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
size: 143360
MD5: 688b8208969898cc2b03e043c3ce3fe6
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: c2a735b94ae4f4729ed152bff6a08e4d
Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61a3a9d5d98bf0331df5b716144a8100
Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09ca174a605b480318731e691dc98539
Located: HK_CU:Run, Google Desktop Search
command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 118784
MD5: a02e5f13158a2ff047fffe8878fec499
Located: Startup (common), WinZip Quick Pick.lnk
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 122880
MD5: 6613e98493ec4a94395955b17f836cf9
Located: Startup (user), Adobe Gamma.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 11/10/2005 1:03:56 PM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5
--- ActiveX list ---
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab
description:
classification: Open for discussion
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 11/11/2005 8:28:22 AM
Date (last access): 11/11/2005 8:28:22 AM
Date (last write): 11/11/2005 8:28:22 AM
Filesize: 135168
Attributes: archive
MD5: 5793AB11CE5B5029ED2B9EB4CF67641C
CRC32: 1E2240F6
Version: 58.3.0.0
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name:
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 11/10/2005 1:03:56 PM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name:
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 11/10/2005 1:03:56 PM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
--- Process list ---
PID: 0 ( 0) [System]
PID: 696 ( 4) \SystemRoot\System32\smss.exe
PID: 768 ( 696) \??\C:\WINDOWS\system32\csrss.exe
PID: 792 ( 696) \??\C:\WINDOWS\system32\winlogon.exe
PID: 836 ( 792) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 848 ( 792) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1008 ( 836) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1056 ( 836) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1196 ( 836) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1260 ( 836) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1292 ( 836) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1612 ( 836) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1724 ( 836) C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
size: 330291
MD5: 9023309E63E3C808A359835460288264
PID: 1740 ( 836) C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
size: 39987
MD5: 0C07536704F29608E79A3561EB5F1039
PID: 1764 ( 836) C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
size: 811059
MD5: FB743B024E06E1C997F0F94099553E3A
PID: 1788 ( 836) C:\WINDOWS\system32\cisvc.exe
size: 5632
MD5: 3192BD04D032A9C4A85A3278C268A13A
PID: 1848 ( 836) C:\Program Files\ewido\security suite\ewidoctrl.exe
size: 13888
MD5: 26830B750372AB1BF29C95DEEBEB802F
PID: 1940 ( 836) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2024 ( 836) C:\WINDOWS\System32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 196 ( 836) C:\WINDOWS\system32\fxssvc.exe
size: 267776
MD5: FCBD571FA0EE8DC238944AE5FAB74461
PID: 1232 ( 836) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 2008 (1660) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 596 (2008) C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
size: 346671
MD5: 2596FCF253EF464D9DDFFACF3D0921E8
PID: 744 (2008) C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
size: 233524
MD5: 4E4F6991561A78186F18F26DFF3B7B5A
PID: 1092 (2008) C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
size: 143360
MD5: 688B8208969898CC2B03E043C3CE3FE6
PID: 1116 (2008) C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: C2A735B94AE4F4729ED152BFF6A08E4D
PID: 1132 (2008) C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 473928
MD5: E8177B5150CAB1509D2E9807C3F6366C
PID: 1168 (2008) C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61A3A9D5D98BF0331DF5B716144A8100
PID: 1300 (2008) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 118784
MD5: A02E5F13158A2FF047FFFE8878FEC499
PID: 1500 (2008) C:\Program Files\WinZip\WZQKPICK.EXE
size: 122880
MD5: 6613E98493EC4A94395955B17F836CF9
PID: 2272 (1008) C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
size: 756552
MD5: 6287BD6D1CE9CE18EA02908BF415BCB0
PID: 2572 (1300) C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
size: 380928
MD5: 13539462480CA425F587AEF29F65826D
PID: 2592 (1300) C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
size: 129536
MD5: 61B4EB1E81B41225C90E0105DD52104A
PID: 2848 (1788) C:\WINDOWS\system32\cidaemon.exe
size: 8192
MD5: 582304F6F1946FA5068CF143D729D7ED
PID: 1540 (2008) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 2432 (1008) C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
size: 151040
MD5: 79FD76DFA81BDD6881BF410B9E20E260
PID: 2256 (1008) C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
size: 143872
MD5: 3E61914FEF1D105D4A9258BDA35AB1AB
PID: 4080 (2008) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 12/10/2005 2:22:13 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://search.msn.com/spbasic.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://broadband.zoomtown.com/index.php
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://home.microsoft.com/search/lobby/search.asp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://broadband.zoomtown.com/index.php
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: Grisoft Firewall AFU over [MSAFD Tcpip [TCP/IP]]
GUID: {2049EC72-0DAF-4B37-BD0D-F1E14398DBB2}
Filename: C:\WINDOWS\System32\avgfwafu.dll
Protocol 1: Grisoft Firewall AFU over [MSAFD Tcpip [UDP/IP]]
GUID: {2049EC72-0DAF-4B37-BD0D-F1E14398DBB2}
Filename: C:\WINDOWS\System32\avgfwafu.dll
Protocol 2: Grisoft Firewall AFU over [MSAFD Tcpip [RAW/IP]]
GUID: {2049EC72-0DAF-4B37-BD0D-F1E14398DBB2}
Filename: C:\WINDOWS\System32\avgfwafu.dll
Protocol 3: Grisoft Firewall AFU over [RSVP UDP Service Provider]
GUID: {2049EC72-0DAF-4B37-BD0D-F1E14398DBB2}
Filename: C:\WINDOWS\System32\avgfwafu.dll
Protocol 4: Grisoft Firewall AFU over [RSVP TCP Service Provider]
GUID: {2049EC72-0DAF-4B37-BD0D-F1E14398DBB2}
Filename: C:\WINDOWS\System32\avgfwafu.dll
--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE C:\PROGRA~1\Lavasoft\Ad-Aware SE Personal\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com
(AddressBook)
Adobe Acrobat 5.0 5.1 (Adobe Acrobat 5.0)
version (major): 5
version (minor): 1
install location: C:\Program Files\Adobe\Acrobat 5.0
install source: C:\Documents and Settings\Dave\Local Settings\Temp\pftB~tmp\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/prodindex/acrobat/main.html
Adobe InDesign CS2 Trial 004.000.000 (Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC})
version: 4
version (major): 4
install location: C:\Program Files\Adobe\Adobe InDesign CS2 Trial\
uninstall cmd: msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
publisher: Adobe Systems Incorporated
comments: Adobe InDesign CS2 Installer
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html?c=us
help telephone: 1-800-833-6687
Adobe Photoshop 7.0 7.0 (Adobe Photoshop 7.0)
version (major): 7
install location: C:\Program Files\Adobe\Photoshop 7.0
install source: D:\Photoshop\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
publisher: Adobe Systems, Inc.
Adobe Download Manager 1.2 (Remove Only) (AdobeESD)
uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Advanced System Optimizer (Registered Version) 1.20 (Advanced System Optimizer (Registered Version)_is1)
uninstall cmd: "C:\Program Files\Advanced System Optimizer\unins000.exe"
publisher: © Systweak
help link: http://www.systweak.com
3.31 (Aluria's Spyware Eliminator Update)
publisher: Aluria Software
contact: support@aluriasoftware.com
help link: www.aluriasoftware.com
AnswerWorks Runtime (AnswerWorks)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
AVG Anti-Virus 7.0 (AVG7Uninstall)
uninstall cmd: C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BCM V.92 56K Modem (BCM V.92 56K Modem)
uninstall cmd: C:\WINDOWS\BCMSMU.exe quiet
(Branding)
(Britannica Ready Reference)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45893FEB-30FD-4034-8661-3BA4238FE67A}\SETUP.EXE" -l0x9 -uninst -y -a -f"b2003ce.isu"
CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"
(Connection Manager)
Dell Support 5.0.0 (766) (DellSupport)
uninstall cmd: rundll32 C:\PROGRA~1\Dell Support\AUInst.dll,ExUninstall
(DirectAnimation)
(DirectDrawEx)
(DXM_Runtime)
ESPNMotion 2.1.4.0001 (ESPNMotion)
uninstall cmd: C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
publisher: ESPN Internet Ventures
ewido security suite (ewidosecuritysuite)
install location: C:\Program Files\ewido\security suite
uninstall cmd: C:\Program Files\ewido\security suite\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net
AutoCAD Express Tools - AutoCAD 2002 (ExpressTools - AutoCAD 2002)
uninstall cmd: "C:\WINDOWS\etUnInst.exe" "-fC:\Program Files\AutoCAD 2002\DeIsL1.isu" "C:\Program Files\AutoCAD 2002\Express\acetmain.ini"
(Fontcore)
GameSpy Arcade (GameSpy Arcade)
uninstall cmd: C:\PROGRA~1\GameSpy Arcade\UNWISE.EXE C:\PROGRA~1\GameSpy Arcade\INSTALL.LOG
Google Desktop Search - (Google Desktop)
uninstall cmd: C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe -uninstall
publisher: Google
help link: http://desktop.google.com/help.html?hl=en
HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\DOCUME~1\Dave\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.
hp instant support 4.03.03 (hp instant support)
uninstall cmd: C:\PROGRA~1\HEWLET~1\HPINST~1\Uninstall.exe CeS
publisher: Motive Communications, Inc.
hp psc 2200 series (hp psc 2200 series_Driver)
uninstall cmd: rundll32 hpzcon05.dll,VendorJettison hp psc 2200 series
(ICW)
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
(InstallShield Uninstall Information)
Broadcom Advanced Control Suite 3.13.0000 (InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939})
version: 51183616
version (major): 3
version (minor): 13
estimated size: 1656
install date: 20021219
install source: C:\DELL\6w936\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
publisher: Broadcom
comments: The Broadcom Advanced Control Suite(BACS) is an application that contains a set of utilities supporting diagnostics and monitoring for Broadcom network adapters.
contact: Dell Customer Support
help link: http://www.support.dell.com
help telephone: ...
readme: ...
Backyard Basketball 2004 1.00.0000 (InstallShield_{B2AB8AF6-AE06-438F-A3D5-C9FBFBDB0AC0})
version: 16777216
version (major): 1
estimated size: 14116
install date: 20041225
install source: D:\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B2AB8AF6-AE06-438F-A3D5-C9FBFBDB0AC0}
publisher: Atari
contact: Customer Support Department
help link: http://www.ina-support.com/
help telephone: 425-951-7108
JumpStart Learning Games ABC's (JSLG_ABC)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\KA\JSLG_ABC\DeIsL1.isu
publisher: Knowledge Adventure
Windows Blaster Worm Removal Tool (KB833330) (KB833330)
uninstall cmd: C:\WINDOWS\$NtUninstallKB833330$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=833330
Microsoft Data Access Components KB870669 (KB870669)
uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB870669
Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333
Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339
(KB884016)
Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250
Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835
Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836
Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185
Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472
Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742
Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113
Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302
Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20050829
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046
Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20051205
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859
Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781
Security Update for Windows XP (KB893066) 2 (KB893066)
install date: 20050829
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066
Windows XP Hotfix - KB893086 1 (KB893086)
install date: 20050829
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086
Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20050830
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756
(KB893803)
Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467
Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20050830
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358
Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20050830
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422
Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20050830
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423
Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20051111
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424
Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20050829
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428
Security Update for Windows XP (KB896688) 1 (KB896688)
install date: 20051206
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896688
Security Update for Step By Step Interactive Training (KB898458) 20050502.101010 (KB898458)
install date: 20050830
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/898458
Update for Windows XP (KB898461) 1 (KB898461)
install date: 20050828
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461
Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20050830
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587
Security Update for Windows XP (KB899588) 1 (KB899588)
install date: 20050829
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899588
Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20050830
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591
Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20051017
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725
Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20051017
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017
Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20050829
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214
Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20051015
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400
Security Update for Windows XP (KB904706) 1 (KB904706)
install date: 20051017
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706
Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20051017
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414
Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20051017
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749
Microsoft .NET Framework 1.0 Hotfix (KB886906) (M886906)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M886906\M886906Uninstall.msp"
Disney's Magic Artist 3D (Magic Artist 3D)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\MAGICA~1\DeIsL1.isu
McAfee SecurityCenter (Mcafee SecurityCenter)
uninstall cmd: C:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
(McAfee.com Privacy Service)
Microsoft .NET Framework (English) v1.0.3705 (Microsoft .NET Framework Full v1.0.3705 (1033))
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\repair.htm
(Microsoft Interactive Training)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
(Microsoft NetShow Player 2.0)
(MobileOptionPack)
(MPlayer2)
(MSI30-Beta1)
(MSI30-Beta2)
(MSI30-KB884016)
(MSI30-RC1)
(MSI30-RC2)
(MSI30a-KB884016)
(MSI31-Beta)
(MSI31-RC1)
(MsJavaVM)
MSN Connection Center 1.0 (MSNIACC)
uninstall cmd: C:\Program Files\MSN\MSNIA\CC\MSNCC\ccrestore.exe /Uninstall
publisher: Microsoft Corporation
contact: MSN Customer Support
help link: http://membercenter.msn.com
help telephone: 1-800-494-2962
MSN (MSNINST)
uninstall cmd: C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
(MSNMS)
Microsoft Text-to-Speech Engine 4.0 (English) (MSTTS)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
(NetMeeting)
(OutlookExpress)
Panda ActiveScan (Panda ActiveScan)
uninstall cmd: C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
publisher: Panda Software S.L.
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Personalized Learning Center (Personalized Learning Center)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Personalized Learning Center\Uninst.isu"
JumpStart Phonics (PHONICS)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\KA\PHONICS\DeIsL1.isu
publisher: Knowledge Adventure
Microsoft Picture It! Library 9 9.0.1305 (PictureIt_POD_v9)
install source: C:\Program Files\MSN\MSNCoreFiles\MSNInst\MSN9Components\
uninstall cmd: C:\WINDOWS\System32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?prd=10964&pver=9.0&plcid=0x409&ar=AddRemove&sar=Library
Microsoft Picture It! Express 9 9.0.1305 (PictureIt_v9)
install location: C:\Program Files\Microsoft Picture It! 9\
install source: C:\Program Files\MSN\MSNCoreFiles\MSNInst\MSN9Components\
uninstall cmd: C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0900}
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?prd=10964&pver=9.0&plcid=0x409&ar=AddRemove&sar=PictureIt
JumpStart Preschool Year 2 v1.0 (PRE_K_1.0)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\KA\PRE_K\DeIsL1.isu
HP Photo and Imaging 1.0 - PSC 2000 Series (PSC 2000 Series)
uninstall cmd: C:\Program Files\Hewlett-Packard\Digital Imaging\AiODriver\Drivers\Uninst\enu\hposcr01.exe -forcereboot -datfile hposcr01.dat
QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Reader Rabbit Math Ages 6-9 (Reader Rabbit Math Ages 6-9)
uninstall cmd: C:\Program Files\The Learning Company\Reader Rabbit Math Ages 6-9\uninstal.exe
(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
(SchedulingAgent)
Security Toolbar (Security Toolbar)
uninstall cmd: "C:\Program Files\Security Toolbar\Uninstall.bat" "C:\Program Files\Security Toolbar"
Shockwave (Shockwave)
uninstall cmd: C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
(ShockwaveFlash)
Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
Spyware Eliminator (Spyware Eliminator )
uninstall cmd: C:\PROGRA~1\Aluria Software\ASE\UNWISE.EXE C:\PROGRA~1\Aluria Software\ASE\INSTALL.LOG
Memory Zipper Plus 7.11 7.11.1 (Systweak Memory Zipper Plus 7.11.1 Optimized for~70A2860B_is1)
uninstall cmd: "C:\Program Files\Memzip\unins000.exe"
publisher: Systweak
Lernout & Hauspie TruVoice American English TTS Engine (tv_enua)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Viewpoint Media Player (Remove Only) (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe -u
McAfee VirusScan (VirusScan Online)
uninstall cmd: C:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=1 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
Volo View Express (Volo View Express)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\Volo View Express\DeIsL1.isu"
Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 2 20040803.231319 (Windows XP Service Pack)
uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811113
WinZip 10.0 (6685) (WinZip)
version (major): 10
install location: C:\PROGRA~1\WINZIP\
uninstall cmd: "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
publisher: WinZip Computing LP
help link: http://www.winzip.com/xsupport.htm
WordPerfect Office 2002 (WordPerfect Office 2002)
uninstall cmd: C:\WINDOWS\Corel\Uninst32.exe
Window Studio (WSDeInstallKey)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\Window Studio\DeIsL1.isu"
MSN Encarta Plus Support Files 9.0.0801 ({00000000-785F-478A-BAA2-87F1A136068C})
version: 150995745
version (major): 9
estimated size: 520
install date: 20040727
install source: C:\Documents and Settings\Dave\Application Data\MSNInstaller\
uninstall cmd: MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
publisher: Microsoft Corporation
Microsoft Office 2000 Professional 9.00.2720 ({00010409-78E1-11D2-B60F-006097C998E7})
version: 150997664
version (major): 9
estimated size: 148397
install date: 20030110
install source: D:\
uninstall cmd: MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office\ofread9.txt
Dell Solution Center 1.00.0000 ({11F1920A-56A2-4642-B6E0-3B31A12C9288})
version: 16777216
version (major): 1
install date: 20021219
uninstall cmd: MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
publisher: Dell
help link: http://www.support.dell.com
help telephone: http://www.support.dell.com
McAfee QuickClean 4.0 4.00.6000 ({122DFE14-63EF-4CEC-B972-D9F14C8EB7D7})
version: 67114864
version (major): 4
estimated size: 8360
install date: 20040313
install location: C:\Program Files\McAfee\McAfee QuickClean\
install source: C:\WINDOWS\Downloaded Installations\{EE87B5C0-E641-4998-970B-FA1B104019B3}\
uninstall cmd: MsiExec.exe /I{122DFE14-63EF-4CEC-B972-D9F14C8EB7D7}
publisher: McAfee Consumer Division
comments: McAfee QuickClean 4.0
contact: techsupport@mcafeehelp.com
help link: http://www.mcafeehelp.com
help telephone: (408)992-8599
readme: C:\Program Files\McAfee\McAfee QuickClean\Readme.txt
Dell Picture Studio - Dell Image Expert 3.4.1 ({151C555A-A9E7-4A2E-B6D7-165D04A3C956})
version: 50593793
version (major): 3
version (minor): 4
estimated size: 4
install date: 20021219
uninstall cmd: MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
publisher: Jasc Software Inc
comments:
contact: Customer Support Department
help link: http://dell.shutterfly.com/help
help telephone: 1-952-294-2692
readme: -
Backyard Football 2004 1.00.0000 ({211C4AB9-E3FD-44CE-A495-75B8F545886A})
version: 16777216
version (major): 1
estimated size: 14044
install date: 20031228
install source: D:\
publisher: Atari
contact: Customer Support Department
help link: http://www.ina-support.com/
help telephone: 425-951-7108
Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
WordPerfect Office 2002 10 ({29D88826-2AB9-11D5-8854-00902761A46D})
version: 167772160
version (major): 10
version (minor): 10
estimated size: 234098
install date: 20021219
install source: d:\
uninstall cmd: C:\WINDOWS\Corel\uninst32.exe
publisher: Corel
help link: http://www.corel.com
help telephone: 555-555-1234
J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 122273
install date: 20051208
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_06-b05/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_06\README.txt
MathPlayer 1.1 beta 3 ({32F66A20-7614-11D4-BD11-00104BD3F987})
version (major): 1
version (minor): 10
install date: 20040727
uninstall cmd: C:\Program Files\Design Science\MathPlayer\Setup.exe -u
publisher: Design Science, Inc.
help link: http://www.dessci.com/support
help telephone: (562) 433-0685
WebFldrs XP 9.50.6513 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2508
install date: 20020903
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows
Dell Modem-On-Hold 1.39 ({3F92ABBB-6BBF-11D5-B229-002078017FBF})
version (major): 1
version (minor): 39
install location: C:\Program Files\Dell Modem-On-Hold
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
publisher: BVRP Software, Inc
Britannica Ready Reference ({45893FEB-30FD-4034-8661-3BA4238FE67A})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45893FEB-30FD-4034-8661-3BA4238FE67A}\SETUP.EXE" -l0x9 -uninst
MUSICMATCH® Jukebox ({45EBDA59-D33B-433A-956E-B2F236468B56})
uninstall cmd: C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
BACS 3.13.0000 ({468190DA-FB4C-45BA-8E40-4B165FF1A939})
version: 51183616
version (major): 3
version (minor): 13
estimated size: 1656
install date: 20021219
install source: C:\DELL\6w936\
publisher: Broadcom
comments: The Broadcom Advanced Control Suite(BACS) is an application that contains a set of utilities supporting diagnostics and monitoring for Broadcom network adapters.
contact: Dell Customer Support
help link: http://www.support.dell.com
help telephone: ...
readme: ...
DIGReqEx 9.0.0917.2 ({4F1CECBC-670F-4daa-81D6-944B12450917})
version: 150995861
version (major): 9
estimated size: 200
install date: 20040727
install source: C:\Program Files\MSN\MSNCoreFiles\MSNInst\MSN9Components\
publisher: Your Company Name
help link: http://www.yourcompany.com
help telephone: 555-555-1234
Microsoft AntiSpyware 1.0 ({536F7C74-844B-4683-B0C5-EA39E19A6FE3})
version: 16777216
version (major): 1
estimated size: 17789
install date: 20051206
install source: C:\WINDOWS\Downloaded Installations\{C0FA7138-477B-4FEC-8F23-640C21C2287B}\
uninstall cmd: MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
publisher: Microsoft Corporation
contact: Microsoft Support
help link: http://www.microsoft.com
({55BC7EFA-D832-4EE3-9DEA-49B0C07539D9})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55BC7EFA-D832-4EE3-9DEA-49B0C07539D9}\setup.exe" -l0x9 -L0x9anything
AutoCAD 2002 15.0.6.030 ({5783F2D7-0101-0409-0000-0060B0CE6BBA})
version: 251658246
version (major): 15
estimated size: 213713
install date: 20021225
install source: D:\
uninstall cmd: MsiExec.exe /I{5783F2D7-0101-0409-0000-0060B0CE6BBA}
publisher: Autodesk
MyDVD ({5E835305-63BB-4E55-BBB7-EEBBE67774DB})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\setup.exe" -l0x9 -L0x9 /SMAINT
Easy CD Creator 5 Basic 5.3.2.34 ({609F7AC8-C510-11D4-A788-009027ABA5D0})
version: 83951616
version (major): 5
version (minor): 1
install date: 20021219
uninstall cmd: MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
publisher: Roxio Inc
help link: http://www.roxio.com/en/support
help telephone:
Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91})
version: 16974078
version (major): 1
version (minor): 3
estimated size: 519
install date: 20051205
install source: C:\DOCUME~1\Dave\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
publisher: Microsoft
comments: Your Comments
contact: Customer Support Department
help link: http://www.microsoft.com/genuine/downloads/whyValidate.aspx/help
help telephone: 1-425.882.8080
PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Adobe Stock Photos 1.0 001.000.000 ({786C5747-1033-0000-B58E-000000000001})
version: 16777216
version (major): 1
estimated size: 5397
install date: 20051110
install location: C:\Program Files\Adobe\Adobe Stock Photos\
install source: C:\InDesign CS2 Tryout\Stock Photography\
uninstall cmd: MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com
help telephone: 1-555-555-4505
Modem Helper ({7F142D56-3326-11D5-B229-002078017FBF})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Adobe InDesign CS2 Trial 004.000.000 ({7F4C8163-F259-49A0-A018-2857A90578BC})
version: 67108864
version (major): 4
estimated size: 571658
install date: 20051110
install location: C:\Program Files\Adobe\Adobe InDesign CS2 Trial\
install source: C:\InDesign CS2 Tryout\
publisher: Adobe Systems Incorporated
comments: Adobe InDesign CS2 Installer
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html?c=us
help telephone: 1-800-833-6687
HP Photo and Imaging 1.0 - PSC 2000 Series 1.00.0000 ({82DFB852-9594-4668-9C66-28BB6E94BCB2})
version: 16777216
version (major): 1
estimated size: 162239
install date: 20021225
install location: C:\Program Files\Hewlett-Packard\Digital Imaging\
install source: D:\
uninstall cmd: MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2}
publisher: Hewlett-Packard Company
comments: http://www.hp.com
help link: http://www.hp.com
help telephone:
({8851E12C-0EF9-11D4-A788-009027ABA5D0})
Adobe Common File Installer 1.00.001 ({8EDBA74D-0686-4C99-BFDD-F894678E5101})
version: 16777217
version (major): 1
estimated size: 136557
install date: 20051110
install location: C:\Program Files\Common Files\Adobe\
install source: C:\InDesign CS2 Tryout\commonfilesinstaller\
uninstall cmd: MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
publisher: Adobe System Incorporated
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com/help
help telephone: 1-555-555-4505
Help and Support Customization 1.00.0000 ({90D55A3F-1D99-4C94-A77E-46DC14F0BF08})
version: 16777216
version (major): 1
install date: 20021219
publisher: Dell
contact: http://www.support.dell.com
help link: http://www.support.dell.com
help telephone: http://www.support.dell.com
Pella CopyCAD Plug-in 6.0 ({97B93014-2573-465E-A467-9233A2C20628})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97B93014-2573-465E-A467-9233A2C20628}\Setup.exe"
DVDSentry 1.00.0001 ({98DF85D9-96C0-4F57-A92E-C3539477EF5E})
version: 16777217
version (major): 1
install date: 20021219
uninstall cmd: MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
publisher: Dell
help link: http://www.support.dell.com
help telephone: www.support.dell.com
Readiris 7.5 ({9BFFB382-0B2C-11D6-AB3E-000102B0F79A})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\setup.exe" -l0x9
Microsoft Picture It! Library 9 9.0.1305 ({9F7FC79B-3059-4264-9450-39EB368E3220})
version: 150996249
version (major): 9
estimated size: 31239
install date: 20040727
install source: C:\Program Files\MSN\MSNCoreFiles\MSNInst\MSN9Components\
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?prd=10964&pver=9.0&plcid=0x409&ar=AddRemove&sar=Library
help telephone: (425)
MSN Messenger 6.1 6.1.0211 ({ABEB838C-A1A7-4C5D-B7E1-8B4314600211})
version: 100729043
version (major): 6
version (minor): 1
estimated size: 5611
install date: 20040727
install source: C:\Documents and Settings\Dave\Application Data\MSNInstaller\
uninstall cmd: MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600211}
publisher: Microsoft Corporation
Backyard Basketball 2004 1.00.0000 ({B2AB8AF6-AE06-438F-A3D5-C9FBFBDB0AC0})
version: 16777216
version (major): 1
estimated size: 14116
install date: 20041225
install source: D:\
publisher: Atari
contact: Customer Support Department
help link: http://www.ina-support.com/
help telephone: 425-951-7108
SketchUp 5 5 ({B357C4B4-9024-4B64-9B3F-A6729031C3DD})
version: 83886080
install location: C:\Program Files\@Last Software\SketchUp 5
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\Professional\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B357C4B4-9024-4B64-9B3F-A6729031C3DD}\setup.exe" -l0x9
Microsoft .NET Framework (English) 1.0.3705 ({B43357AA-3A6D-4D94-B56E-43C44D09E548})
version: 16780921
version (major): 1
estimated size: 58018
install date: 20051208
install source: C:\DELL\6w650\
uninstall cmd: MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
publisher: Microsoft
Adobe Bridge 1.0 001.000.000 ({B74D4E10-1033-0000-0000-000000000001})
version: 16777216
version (major): 1
estimated size: 64689
install date: 20051110
install location: C:\Program Files\Adobe\Adobe Bridge\
install source: C:\InDesign CS2 Tryout\Bridge\
uninstall cmd: MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html
help telephone: 1-555-555-4505
DIGOpt 9.0.0917.2 ({C769B501-2BE8-46ed-9E69-118F008A0917})
version: 150995861
version (major): 9
estimated size: 1339
install date: 20040727
install source: C:\Program Files\MSN\MSNCoreFiles\MSNInst\MSN9Components\
publisher: Your Company Name
help link: http://www.yourcompany.com
help telephone: 555-555-1234
Paint Shop Pro 7 7.05.0000 ({D6DE02C7-1F47-11D4-9515-00105AE4B89A})
version: 117768192
version (major): 7
version (minor): 5
install date: 20021219
uninstall cmd: MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
publisher: Jasc Software Inc
comments: Jasc Software Inc
contact: Customer Support Department
help link: http://www.jasc.com/support2.asp
help telephone: 1-952-930-9171
readme: Readme.doc
Microsoft Picture It! Express 9 9.0.1305 ({DBA8B9E1-C6FF-4624-9598-73D3B41A0900})
version: 150996249
version (major): 9
estimated size: 46591
install date: 20040727
install source: C:\Program Files\MSN\MSNCoreFiles\MSNInst\MSN9Components\
publisher: Microsoft Corporation
comments: Microsoft Picture It! Express 9
help link: http://go.microsoft.com/fwlink/?prd=10964&pver=9.0&plcid=0x409&ar=AddRemove&sar=PictureIt
help telephone:
({DCDC8E79-4600-4C02-9824-CD3BB8971D4E})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCDC8E79-4600-4C02-9824-CD3BB8971D4E}\Setup.exe" -l0x9 -L0x9anything
Classic PhoneTools 4.16 ({E3436EE2-D5CB-4249-840B-3A0140CC34C3})
version (major): 4
version (minor): 16
install location: C:\Program Files\Classic PhoneTools
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
publisher: BVRP Software
help link: http://www.bvrp.com
Digital Line Detect 1.02.000 ({E646DCF0-5A68-11D5-B229-002078017FBF})
version (major): 1
version (minor): 2
install location: C:\Program Files\Digital Line Detect
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
publisher: BVRP Software, Inc
Adobe Help Center 1.0 001.000.000 ({E9787678-1033-0000-8E67-000000000001})
version: 16777216
version (major): 1
estimated size: 21738
install date: 20051110
install location: C:\Program Files\Adobe\Adobe Help Center\
install source: C:\InDesign CS2 Tryout\Help Center\
uninstall cmd: MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
publisher: Adobe Systems
comments: Your Comments
contact: Customer Support Department
help link: http://www.adobe.com
help telephone: 1-555-555-4505
HP Photo and Imaging 1.0 - PSC 2000 Series Drivers 1.00.0000 ({ED93995E-8BF2-480F-8EA4-7D29E29A7052})
version: 16777216
version (major): 1
estimated size: 56824
install date: 20021225
install location: C:\Program Files\Hewlett-Packard\Digital Imaging\
install source: D:\
uninstall cmd: MsiExec.exe /X{ED93995E-8BF2-480F-8EA4-7D29E29A7052}
publisher: Hewlett-Packard Company
comments: http://www.hp.com
help link: http://www.hp.com
help telephone:
--- System Services ---
Service (registry key): .NET CLR Data
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET CLR Networking
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NETFramework
Start: 0
Type: 0
Error Control: 0
Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0
Service (registry key): abp480n5
Display name: abp480n5
Image path: \SystemRoot\System32\DRIVERS\ABP480N5.SYS
Start: 4
Type: 1
Error Control: 1
Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: System32\DRIVERS\ACPI.sys
Image size: 187776
Image MD5: A10C7534F7223F4A73A948967D00E69B
Start: 0
Type: 1
Error Control: 1
Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1
Service (registry key): Adobe LM Service
Display name: Adobe LM Service
Description: AdobeLM Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
Image size: 72704
Image MD5: 8B46D5A1D3EF08232C04D0EAFB871FB2
Start: 3
Type: 16
Error Control: 1
Service (registry key): adpu160m
Display name: adpu160m
Image path: \SystemRoot\System32\DRIVERS\adpu160m.sys
Start: 4
Type: 1
Error Control: 1
Service (registry key): aeaudio
Image path: system32\drivers\aeaudio.sys
Image size: 4816
Image MD5: 11C04B17ED2ABBB4833694BCD644AC90
Start: 3
Type: 1
Error Control: 1
Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142464
Image MD5: 841F385C6CFAF66B58FBD898722BB4F0
Start: 3
Type: 1
Error Control: 1
Service (registry key): AFD
Display name: AFD Networking Support Environment
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 1
Type: 1
Error Control: 1
Service (registry key): AFS2K
Display name: AFS2k
Start: 1
Type: 1
Error Control: 1
Service (registry key): agp440
Display name: Intel AGP Bus Filter
Image path: \SystemRoot\System32\DRIVERS\agp440.sys
Start: 4
Type: 1
Error Control: 1
Service (registry key): agpCPQ
Display name: Compaq AGP Bus Filter
Image path: \SystemRoot\System32\DRIVERS\agpCPQ.sys
Start: 4
Type: 1
Error Control: 1
Service (registry key): Aha154x
Display name: Aha154x
Image path: \SystemRoot\System32\DRIVERS\aha154x.sys
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78u2
Display name: aic78u2
Image path: \SystemRoot\System32\DRIVERS\aic78u2.sys
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78xx
Display name: aic78xx
Image path: \SystemRoot\System32\DRIVERS\aic78xx.sys
Start: 4
Type: 1
Error Control: 1
Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: F1958FBF86D5C004CF19A5951A9514B7
Start: 3
Type: 16
Error Control: 1
Service (registry key): AliIde
Display name: AliIde
Image path: \SystemRoot\System32\DRIVERS\aliide.sys
Start: 4
Type: 1
Error Control: 1
Service (registry key): alim1541
Display name: ALI AGP Bus Filter
Image path: \SystemRoot\System32\DRIVERS\alim1541.sys
Start: 4
Type: 1
Error Control: 1
Service (registry key): amdagp
Display name: AMD AGP Bus Filter Driver
Image path: \SystemRoot\System32\DRIVERS\amdagp.sys
Start: 4
Type: 1
Error Control: 1
Service (registry key): amsint
Display name: amsint
Image path: \SystemRoot\System32\DRIVERS\amsint.sys
Start: 4
Type: 1
Error Control: 1
Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Service (registry key): asc
Display name: asc
Image path: \SystemRoot\System32\DRIVERS\asc.sys
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3350p
Display name: asc3350p
Image path: \SystemRoot\System32\DRIVERS\asc3350p.sys
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3550
Display name: asc3550
Image path: \SystemRoot\System32\DRIVERS\asc3550.sys
Start: 4
Type: 1
Error Control: 1
Service (registry key): ASEService
Display name: Aluria Spyware Eliminator Service
Description: Removes spyware during reboot that cannot be removed while Windows is running
Object name: LocalSystem
Image path: C:\PROGRA~1\Aluria Software\ASE\ASEServ.exe
Image size: 184398
Image MD5: 73200D4655DD8E10841FBD8C556214EF
Start: 2
Type: 272
Error Control: 1
Service (registry key): Aspi32
Start: 0
Type: 0
Error Control: 0
Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: System32\DRIVERS\asyncmac.sys
Image size: 14336
Image MD5: 02000ABF34AF4C218C35D257024807D6
Start: 3
Type: 1
Error Control: 1
Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: System32\DRIVERS\atapi.sys
Image size: 95360
Image MD5: CDFE4411A69C224BD1D11B2DA92DAC51
Start: 0
Type: 1
Error Control: 1
Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0
Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: System32\DRIVERS\atmarpc.sys
Image size: 59904
Image MD5: EC88DA854AB7D7752EC8BE11A741BB7F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): AudioSrv
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function pr |
|
| Back to top |
|
|
Mosaic1
SWW Distinguished Expert
Joined: 29 Jun 2004
Last Visit: 01 Nov 2009
Posts: 2204
|
| Posted: Sat Dec 10, 2005 11:39 am Post subject: |
|
|
If this is the issue:
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-1814702396-3894915990-2500229305-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\*!=W=4
Ignore that. That entry is putting a domain into the restricted sites zone and that is good, not bad. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
