View Full Version : System Integrity Scan Wizard?
I have a problem which started with some programs simply not starting when directed. Program would seem to begin, then task would end spontaniously. WinTasks will not run. IE would not run so I uninstalled then reinstalled it.
Then I had many popup windows within internet explorer (not firefox though).
I also had a flashing icon in system tray informing: Security Alert: Network-i.Virus@fp" and says "Critical System Error!" and directs me to virusburst.com
I then followed the instructions here: http://www.newbie.org/help/lofiversion/index.php?t3155.html and had some success.
I still have some popups during IE and Wintasks will still not load. Also Roboform toolbar will not load.
I am currently running an online scan at http://www3.ca.com/securityadvisor/virusinfo/scan.aspx (just finished the scan, and no virus found)
I have updated Norton ( It was not up to date :\ ), Zone Alarm and have all Windows updates available. I have also run Spybot S&D.
My HJT Log is below.... I'm sure there is something more I can do to set this right... I'm outa ideas. :scratch:
Could someone please help me restore stability to my system?
Scrampy
PS, I have found these 2 files: 12520437.cpx 12520850.cpx in windows/system32 and they looked odd... I googled them, and got lots of info about virus's etc. But I think they are probably just system files. I'm not game to do more without guidence. Any help would be appreciated.
Logfile of HijackThis v1.97.7
Scan saved at 12:50:13 AM, on 20/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\CFusion\cfam\program\ccmgr.exe
C:\CFusion\Bin\cfserver.exe
C:\CFusion\Bin\cfexec.exe
C:\CFusion\Bin\cfrdsservice.exe
C:\CFusion\JRun\bin\JRun.exe
C:\CFusion\jrun\bin\jrun.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\SatSrv.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\CFusion\cfam\bin\CANamingAdapter.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Macro Express3\MacExp.exe
C:\CFusion\cfam\Program\dfp.exe
C:\CFusion\cfam\Program\wsm.exe
C:\CFusion\cfam\Program\wsprobe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mr Amazing\Desktop\metapad.exe
C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3FA6F93A-68F2-8C85-B0E3-02FED19F7B39} - C:\WINDOWS\system32\qnqllg.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [deexxkb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\deexxkb.dll,jdvzsfg
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [VIP Team To Do List] C:\Program Files\VIP Quality Software\VIP Team To Do List\VIP Team To Do List.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Macro Express 3.lnk = C:\Program Files\Macro Express3\MacExp.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RoboForm Toolbar (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160385091186
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
I have recently taken the following actions and have hopefully fixed the problem:
I had HJT fix the following entry:
O4 - HKLM\..\Run: [deexxkb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\deexxkb.dll,jdvzsfg
then I rebooted in safe mode and deleted C:\WINDOWS\system32\deexxkb.dll
I do not seem to have any problems with the popup any longer, but I'm still a little unsure if I have missed anything.
Any other guidence or just an "OK" from someone in the know would be very much appreciated.
Thanks for this forum... a very valuable resource. :)
Scrampy
LonnyRJones
2006-10-25, 16:49
Hi Scrampy
Replace your old version of Hijackthis and post another log please
HijackThis 1.99.1
http://www.merijn.org/files/HijackThis.exe
What version of SpyBot S&D is it you have ?
:bigthumb:
Thanks for offering your help LonnyRJones.
I have:
Updated HJT and posted log.
Updated Spybot (1.4 - previously was 1.2) and run scan, and fixed any issues found.
I am currently running Full Norton system scan as I have just been warned by Norton that there are some other threats running.
ishost.exe
win4EF8.tmp.exe
QNQLLG.DLL
trojan.BUSKY
Troj/Dloadr-XS
Here is log:
Logfile of HijackThis v1.99.1
Scan saved at 12:31:31 PM, on 26/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\CFusion\Bin\cfexec.exe
C:\CFusion\Bin\cfrdsservice.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\SatSrv.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program FIles\TraySaver\TraySaver.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\GetHotmail\GetMail\GetMail.exe
C:\Program Files\Macro Express3\MacExp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3FA6F93A-68F2-8C85-B0E3-02FED19F7B39} - C:\WINDOWS\system32\qnqllg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [getmail] "C:\Program Files\GetHotmail\GetMail\GetMail.exe"
O4 - Global Startup: Macro Express 3.lnk = C:\Program Files\Macro Express3\MacExp.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160385091186
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineil32 - C:\WINDOWS\SYSTEM32\wineil32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - C:\CFusion\Bin\cfexec.exe
O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - C:\CFusion\Bin\cfrdsservice.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\WINDOWS\System32\SatSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Thanks again for your assistance.
Sincerely,
Scrampy
LonnyRJones
2006-10-26, 04:50
Next: Fallow the instructions here, afterwards post the logs mentioned near the bottom
http://forums.spybot.info/showthread.php?t=4015
AVG Anti-Spyware picked up a few things. A valuable addition. Thank you
There seem to be a lot of programs set to run on startup (noticed in S&D), are all of these needed? how would I disable the ones not needed?
Here are the logs you requested (quite large):
Logfile of HijackThis v1.99.1
Scan saved at 7:54:49 AM, on 27/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program FIles\TraySaver\TraySaver.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\CFusion\Bin\cfexec.exe
C:\CFusion\Bin\cfrdsservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\GetHotmail\GetMail\GetMail.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\SatSrv.exe
C:\Program Files\Macro Express3\MacExp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Macro Express3\macedit.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\Documents and Settings\Mr Amazing\Desktop\metapad.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3FA6F93A-68F2-8C85-B0E3-02FED19F7B39} - C:\WINDOWS\system32\qnqllg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [getmail] "C:\Program Files\GetHotmail\GetMail\GetMail.exe"
O4 - Global Startup: Macro Express 3.lnk = C:\Program Files\Macro Express3\MacExp.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160385091186
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - C:\CFusion\Bin\cfexec.exe
O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - C:\CFusion\Bin\cfrdsservice.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\WINDOWS\System32\SatSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 7:17:39 AM 27/10/2006
+ Scan result:
HKU\S-1-5-21-117609710-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned.
D:\System Volume Information\_restore{87FB0325-8902-4D6F-A043-BBE51F1652FC}\RP7\A0000192.exe -> Adware.InstantBuzz : Cleaned.
HKU\S-1-5-21-117609710-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA} -> Adware.Isearch : Cleaned.
C:\System Volume Information\_restore{87FB0325-8902-4D6F-A043-BBE51F1652FC}\RP85\A0016515.exe -> Downloader.PurityScan.dc : Cleaned.
C:\System Volume Information\_restore{87FB0325-8902-4D6F-A043-BBE51F1652FC}\RP76\A0008728.rbf -> Downloader.Small : Cleaned.
C:\System Volume Information\_restore{87FB0325-8902-4D6F-A043-BBE51F1652FC}\RP71\A0008030.exe -> Downloader.Zlob.aqj : Cleaned.
C:\System Volume Information\_restore{87FB0325-8902-4D6F-A043-BBE51F1652FC}\RP72\A0008151.exe -> Downloader.Zlob.aqj : Cleaned.
C:\System Volume Information\_restore{87FB0325-8902-4D6F-A043-BBE51F1652FC}\RP72\A0008315.exe -> Downloader.Zlob.aqj : Cleaned.
C:\System Volume Information\_restore{87FB0325-8902-4D6F-A043-BBE51F1652FC}\RP72\A0008346.exe -> Downloader.Zlob.aqj : Cleaned.
C:\System Volume Information\_restore{87FB0325-8902-4D6F-A043-BBE51F1652FC}\RP72\A0008347.exe -> Downloader.Zlob.aqj : Cleaned.
C:\System Volume Information\_restore{87FB0325-8902-4D6F-A043-BBE51F1652FC}\RP72\A0008121.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Cleaned.
C:\System Volume Information\_restore{87FB0325-8902-4D6F-A043-BBE51F1652FC}\RP72\A0008353.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Cleaned.
:mozilla.137:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.107:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.108:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.109:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.115:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.272:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.373:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.456:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@travelcomau.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.139:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.140:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.149:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.64:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.65:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.66:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.202:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.203:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.402:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.403:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.358:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.359:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.360:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.361:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
(continued)
:mozilla.62:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.62:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.292:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.383:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.384:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.385:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.164:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.164:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.165:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.165:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.166:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.16:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.17:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.18:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.20:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.21:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.22:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.23:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.24:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.85:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.86:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.110:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.114:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.127:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.128:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.166:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.167:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.168:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.169:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.61:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.22:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.63:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.73:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.247:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.249:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.322:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.333:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.336:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.397:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.398:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.80:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.88:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.89:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.92:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.93:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.94:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.95:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.96:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.313:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.314:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.316:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.63:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.64:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.65:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.123:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.282:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.207:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.208:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.209:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.138:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.91:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.118:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.119:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.120:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.57:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.89:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.90:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.91:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.141:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.452:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.453:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.454:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.125:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.126:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.127:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.128:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.129:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.167:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.151:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.152:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.153:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.154:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.155:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.39:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.446:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.447:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.448:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.449:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.450:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.50:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.51:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.52:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.53:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.56:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.150:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.151:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.152:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.153:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.154:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.155:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.156:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.157:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.111:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@sexlist[2].txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.105:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.106:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.116:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.119:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@counter14.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@counter15.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.138:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.139:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.124:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.275:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.160:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.161:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.162:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox
(continued)
\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.163:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.217:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.218:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.219:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.220:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.36:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.182:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.183:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.193:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.97:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.382:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.36:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.36:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.37:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.37:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.413:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.48:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.134:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.95:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned.
:mozilla.283:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.112:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.113:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.114:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.262:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.263:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.187:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\wineil32.dll -> Trojan.Agent.vg : Cleaned.
::Report end
--- Search result list ---
Bearshare: User settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\AppEvents\EventLabels\BearShareChatNotifyMsg
Bearshare: User settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\BearShare
Bearshare: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\BearShare
Bearshare: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Magnet\Handlers\Bearshare
Bearshare: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BearShare
Bearshare: Program directory (Directory, nothing done)
C:\Program Files\BearShare\
Bearshare: Library (File, nothing done)
C:\Program Files\BearShare\BSidle.dll
Bearshare: Executable (File, nothing done)
C:\Program Files\BearShare\Webstats.bat
Bearshare: Executable (File, nothing done)
C:\Program Files\BearShare\Webstats.exe
Bearshare: Configuration file (File, nothing done)
C:\Program Files\BearShare\Webstats.ini
Bearshare: Program directory (Directory, nothing done)
C:\Program Files\BearShare\db\
Bearshare: Text file (File, nothing done)
C:\Program Files\BearShare\db\Hostiles-Chat.txt
Bearshare: Configuration file (File, nothing done)
C:\Program Files\BearShare\db\searches.ini
Bearshare: Program directory (Directory, nothing done)
C:\Program Files\BearShare\Extras\
Bearshare: Program directory (Directory, nothing done)
C:\Program Files\BearShare\Logs\
Bearshare: Text file (File, nothing done)
C:\Program Files\BearShare\Logs\hosts-state.txt
Bearshare: Text file (File, nothing done)
C:\Program Files\BearShare\Logs\memory.txt
Bearshare: Text file (File, nothing done)
C:\Program Files\BearShare\Logs\ordinal.txt
Bearshare: Text file (File, nothing done)
C:\Program Files\BearShare\Logs\streams.txt
Bearshare: Program directory (Directory, nothing done)
C:\Program Files\BearShare\Playlists\
Bearshare: Program directory (Directory, nothing done)
C:\Program Files\BearShare\sounds\
Bearshare: Sound file (File, nothing done)
C:\Program Files\BearShare\sounds\notify.wav
Bearshare: Temporary folder (Directory, nothing done)
C:\Program Files\BearShare\Temp\
Bearshare: Program directory (Directory, nothing done)
C:\Program Files\BearShare\Webstats\
Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2
ErrorSafe: Tracking cookie (Firefox: default) (Cookie, fixed)
ErrorSafe: Tracking cookie (Firefox: default) (Cookie, fixed)
ErrorSafe: Tracking cookie (Firefox: default) (Cookie, fixed)
ErrorSafe: Tracking cookie (Firefox: default) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-10-26 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-10-20 Includes\Cookies.sbi (*)
2006-10-13 Includes\Dialer.sbi (*)
2006-10-20 Includes\DialerC.sbi (*)
2006-10-13 Includes\Hijackers.sbi (*)
2006-10-20 Includes\HijackersC.sbi (*)
2006-10-20 Includes\Keyloggers.sbi (*)
2006-10-20 Includes\KeyloggersC.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-10-20 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-10-20 Includes\PUPSC.sbi (*)
2006-10-20 Includes\Revision.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-10-20 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-10-20 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-10-13 Includes\Trojans.sbi (*)
2006-10-20 Includes\TrojansC.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Internet Explorer 6 / SP0: Windows XP Hotfix - KB834707
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/917283
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/922770
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917537)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)
--- Startup entries list ---
Located: HK_LM:Run, !AVG Anti-Spyware
command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6266880
MD5: 01d90ae5dccbce0c7b52874fec35a608
Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 69632
MD5: 8b4cbba1ea526830c7f97e7822e2493a
Located: HK_LM:Run, AlcWzrd
command: ALCWZRD.EXE
file: C:\WINDOWS\ALCWZRD.EXE
size: 2809344
MD5: 917a7d41d5099439f244560440f663fa
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 59040
MD5: 42d55a54df63361a3207f830508ba4a4
Located: HK_LM:Run, High Definition Audio Property Page Shortcut
command: HDAShCut.exe
file: C:\WINDOWS\system32\HDAShCut.exe
size: 61952
MD5: 9c3b2302b60fb0efb13bc880a5e3e93e
Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90
Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5
Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1420560
MD5: 81aa8ba06a824e637e2ba290d4fa9e3e
Located: HK_LM:Run, Zone Labs Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 980752
MD5: 03d57ee212609e5b00d409dd3d827e4d
Located: HK_LM:Run, iTunesHelper (DISABLED)
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 229952
MD5: ceccc68b54e8e27c93dbede85f160c96
Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: d2c900031fd445b5464abb5629388be3
Located: HK_LM:Run, SoundMan (DISABLED)
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 86016
MD5: de3c57d3a24fb471cb48ad4fcc0e6fa4
Located: HK_CU:Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
command: "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
file: C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
size: 94208
MD5: 15a1a88d97d440c735058ccf3f74a6ee
Located: HK_CU:Run, getmail
command: "C:\Program Files\GetHotmail\GetMail\GetMail.exe"
file: C:\Program Files\GetHotmail\GetMail\GetMail.exe
size: 1056768
MD5: c2e88f86717d38d62d5f94ecc13ded7f
Located: HK_CU:Run, RoboForm
command: "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
file: C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
size: 144448
MD5: af4f61b237fe6e2ffa4032ae6f4d59a1
Located: Startup (common), Macro Express 3.lnk
command: C:\Program Files\Macro Express3\MacExp.exe
file: C:\Program Files\Macro Express3\MacExp.exe
size: 3160064
MD5: 59e39e79053ac26870ca0eb1e02769cd
Located: System.ini, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
Located: System.ini, wineil32
command: wineil32.dll
file: wineil32.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 15/05/2003 12:47:54 AM
Date (last access): 27/10/2006 6:37:20 AM
Date (last write): 15/05/2003 12:47:54 AM
Filesize: 50376
Attributes: archive
MD5: 0C0E1B2BCAED8DF401BE94D538BCB412
CRC32: 1D771322
Version: 6.0.0.878
{3FA6F93A-68F2-8C85-B0E3-02FED19F7B39} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: qnqllg.dll
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 26/10/2006 11:19:30 AM
Date (last access): 27/10/2006 7:46:54 AM
Date (last write): 31/05/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
(continued)
CRC32: D4589A41
Version: 1.4.0.0
{601ED020-FB6C-11D3-87D8-0050DA59922B} (Ipswitch.WsftpBrowserHelper)
BHO name: Ipswitch.WsftpBrowserHelper
CLSID name: WsftpBrowserHelper Class
description: WS_FTP
classification: Legitimate
known filename: wsbho2k0.dll
info link: http://www.ipswitch.com/Products/WS_FTP/
info source: TonyKlein
Path: C:\Program Files\WS_FTP Pro\
Long name: wsbho2k0.dll
Short name:
Date (created): 10/10/2006 11:26:10 PM
Date (last access): 27/10/2006 6:37:20 AM
Date (last write): 23/05/2003 2:11:34 PM
Filesize: 131118
Attributes: archive
MD5: B5250C88CC9D254DE68DB50F2CED47A1
CRC32: 34EF386E
Version: 8.0.0.0
{724d43a9-0d85-11d4-9908-00400523e39a} ()
BHO name:
CLSID name:
description: RoboForm
classification: Legitimate
known filename: RoboForm.dll
info link: http://www.roboform.com/
info source: TonyKlein
Path: C:\Program Files\Siber Systems\AI RoboForm\
Long name: roboform.dll
Short name:
Date (created): 11/10/2006 11:45:30 AM
Date (last access): 27/10/2006 6:37:20 AM
Date (last write): 31/03/2006 2:45:18 PM
Filesize: 4666424
Attributes: archive
MD5: 7E1DD7CF40E5D9766B197D7061BD2AE2
CRC32: 30943871
Version: 6.6.8.0
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 2/03/2006 1:53:00 PM
Date (last access): 27/10/2006 6:37:20 AM
Date (last write): 10/11/2005 1:22:12 PM
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5
{A5366673-E8CA-11D3-9CD9-0090271D075B} (IeCatch2 Class)
BHO name:
CLSID name: IeCatch2 Class
description: FlashGet
classification: Open for discussion
known filename: Jccatch.dll
info link: http://www.amazesoft.com/
info source: TonyKlein
Path: C:\PROGRA~1\FlashGet\
Long name: Jccatch.dll
Short name:
Date (created): 9/10/2006 5:30:48 PM
Date (last access): 27/10/2006 6:37:20 AM
Date (last write): 16/01/2002 7:12:18 PM
Filesize: 65536
Attributes: archive
MD5: F2FAFE3CB6412C89F43D88CCEBE308F3
CRC32: B1AEC78B
Version: 1.1.4.0
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 20/10/2006 6:05:22 PM
Date (last access): 27/10/2006 6:37:20 AM
Date (last write): 12/10/2006 11:38:04 AM
Filesize: 2108480
Attributes: readonly archive
MD5: 4CB9CC5E19F70337BFE200A4DAD58025
CRC32: 07D15995
Version: 4.0.1020.2544
{AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
BHO name:
CLSID name: AcroIEToolbarHelper Class
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 15/05/2003 1:03:46 AM
Date (last access): 27/10/2006 6:37:20 AM
Date (last write): 15/05/2003 1:03:46 AM
Filesize: 147456
Attributes: archive
MD5: 44BCFF08947790E74BD7CC7532D2B793
CRC32: 0C91890B
{BDF3E430-B101-42AD-A544-FADC6B084872} (NAV Helper)
BHO name: NAV Helper
CLSID name: CNavExtBho Class
description: Norton Antivirus
classification: Legitimate
known filename: NavShExt.dll
info link: http://www.symantec.com/nav/nav_9xnt/
info source: TonyKlein
Path: C:\Program Files\Norton AntiVirus\
Long name: NAVSHEXT.DLL
Short name:
Date (created): 18/08/2004 8:44:48 AM
Date (last access): 27/10/2006 6:37:20 AM
Date (last write): 19/10/2005 12:54:30 PM
Filesize: 218736
Attributes: archive
MD5: EB77A64845D96A77C148A3905641FD45
CRC32: 777D84AF
Version: 11.0.16.2
--- ActiveX list ---
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?LinkID=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 10/10/2006 11:50:50 PM
Date (last access): 26/10/2006 1:07:50 PM
Date (last write): 23/05/2006 4:00:12 PM
Filesize: 513024
Attributes:
MD5: 96A0076C2C07AD09225687809F86F54C
CRC32: 25C6E2A1
Version: 1.5.540.0
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160385091186
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: wuweb.dll
Short name:
Date (created): 26/05/2005 4:19:32 AM
Date (last access): 26/10/2006 1:08:42 PM
Date (last write): 26/05/2005 4:19:32 AM
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 5.8.0.2469
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class)
DPF name:
CLSID name: WScanCtl Class
Installer: C:\WINDOWS\Downloaded Program Files\webscan.inf
Codebase: http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
description:
classification: Legitimate
known filename: webscan.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: webscan.dll
Short name:
Date (created): 21/07/2006 6:50:14 PM
Date (last access): 27/10/2006 7:26:08 AM
Date (last write): 21/07/2006 6:50:14 PM
Filesize: 180282
Attributes: archive
MD5: C2AB04247A8FE05AFC924447568D18C5
CRC32: 5C6624F7
Version: 1.1.0.1048
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 2/03/2006 1:52:58 PM
Date (last access): 26/10/2006 8:29:04 PM
Date (last write): 10/11/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab
description:
classification: Legitimate
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 24/08/2006 8:28:54 AM
Date (last access): 27/10/2006 7:26:08 AM
Date (last write): 24/08/2006 8:28:54 AM
Filesize: 141424
Attributes: archive
MD5: CB0EBD772D7D003BD11A999FF515A89A
CRC32: 3CFE74C1
Version: 58.6.0.0
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 2/03/2006 1:52:58 PM
Date (last access): 27/10/2006 7:48:00 AM
Date (last write): 10/11/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 2/03/2006 1:52:58 PM
Date (last access): 27/10/2006 7:48:00 AM
Date (last write): 10/11/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9.ocx
Short name:
Date (created): 22/06/2006 1:44:22 PM
Date (last access): 26/10/2006 10:15:30 PM
Date (last write): 22/06/2006 1:44:22 PM
Filesize: 2201224
Attributes: readonly archive
MD5: 99F80CA1EBE95677668F54CAC6F4AD6D
CRC32: B7385E3B
Version: 9.0.16.0
--- Process list ---
PID: 0 ( 0) [System]
PID: 212 ( 4) \SystemRoot\System32\smss.exe
PID: 260 ( 212) \??\C:\WINDOWS\system32\csrss.exe
PID: 284 ( 212) \??\C:\WINDOWS\system32\winlogon.exe
PID: 332 ( 284) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 344 ( 284) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 512 ( 332) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 588 ( 332) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 624 ( 332) C:\Program Files\Windows Defender\MsMpEng.exe
size: 45840
MD5: 948D315495195662BA2A683A7A156BEA
PID: 684 ( 332) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 912 ( 892) C:\Program FIles\TraySaver\TraySaver.exe
size: 102400
MD5: 135A4FB8F70D40462DE9E8364E8826C5
PID: 932 ( 912) C:\WINDOWS\explorer.exe
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1084 ( 932) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 1400 ( 932) C:\Documents and Settings\Mr Amazing\Desktop\metapad.exe
size: 95744
MD5: D35941ADCF891138DFE6D6E503877C81
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 27/10/2006 7:48:01 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 6: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 7: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6B3D18EE-AF90-4F7C-844A-87112EBF7BB7}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6B3D18EE-AF90-4F7C-844A-87112EBF7BB7}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DA1C72AD-7170-4253-AE25-9B821610DFE0}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
(continued)
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DA1C72AD-7170-4253-AE25-9B821610DFE0}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9F1A6043-C6CF-4ABB-AC08-20502BB1493A}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9F1A6043-C6CF-4ABB-AC08-20502BB1493A}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DA1C72AD-7170-4253-AE25-9B821610DFE0}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DA1C72AD-7170-4253-AE25-9B821610DFE0}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B3D18EE-AF90-4F7C-844A-87112EBF7BB7}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B3D18EE-AF90-4F7C-844A-87112EBF7BB7}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2E7BD7F-4C8B-4465-B20E-70CB4AB7F135}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2E7BD7F-4C8B-4465-B20E-70CB4AB7F135}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D216691-6476-4FAE-953C-D664C1AC7337}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D216691-6476-4FAE-953C-D664C1AC7337}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C4E38E61-70FF-4B87-A129-944E4FAA41E1}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C4E38E61-70FF-4B87-A129-944E4FAA41E1}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 3: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename: C:\WINDOWS\system32\pnrpnsp.dll
Namespace Provider 4: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename: C:\WINDOWS\system32\pnrpnsp.dll
--- Uninstall list ---
101 Email Address Extractor V2.2.4 1.0.0.0 (101 Email Address Extractor V2.2.4)
install date: Fri Oct 13 07:55:42 EST 2006
install location: C:\Program Files\101 Bulk Email Software\101 Email Address Extractor V2.2.4
uninstall cmd: "C:\Program Files\101 Bulk Email Software\101 Email Address Extractor V2.2.4\UninstallerData\Uninstall EAE.exe"
publisher: KMGC Inc
contact: daveloo86@yahoo.com
ACDSee (ACDSee)
uninstall cmd: C:\PROGRA~1\ACDSYS~1\ACDSee\UNWISE.EXE C:\PROGRA~1\ACDSYS~1\ACDSee\INSTALL.LOG
Ad-aware 6 Professional 6.0.1.158 (Ad-aware 6 Professional)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
publisher: Lavasoft Sweden
comments: Ad-aware VI Professional
help link: http://www.lavasoftusa.com
(AddressBook)
Advanced Administrative Tools 5.50 (Advanced Administrative Tools)
uninstall cmd: C:\PROGRA~1\G-LOCK~1\ADVANC~1\UNWISE.EXE C:\PROGRA~1\G-LOCK~1\ADVANC~1\INSTALL.LOG
publisher: G-Lock Software
comments: Advanced Administrative Tools
AI RoboForm (All Users) (AI RoboForm)
uninstall cmd: "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
help link: http://www.roboform.com/php/rtss/main/
ATI Display Driver 8.231-060221a1-030895C-ATI (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: http://www.grisoft.com
BearShare 5.0.2.3 (BearShare)
uninstall cmd: C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG
publisher: Free Peers, Inc.
help link: http://bearshare.com/help.htm
(Branding)
Camtasia Studio 1.0 (Camtasia Studio)
version (major): 1
install location: C:\Program Files\TechSmith\Camtasia Studio
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\Rar$EX00.547
uninstall cmd: C:\Program Files\TechSmith\Camtasia Studio\CSuninst.EXE
publisher: TechSmith Corporation
comments: Thank you for using Camtasia Studio!
contact: CamtasiaStudio@techsmith.com
help link: http://www.techsmith.com/techsupp
Canon iP2200 (CANONBJ_Deinstall_CNMCP74.DLL)
uninstall cmd: C:\WINDOWS\System32\CNMCP74.exe "-PRINTERNAMECanon iP2200" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP2200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
(Connection Manager)
(DirectAnimation)
(DirectDrawEx)
DivX 5.0.2 Pro Bundle (DivX 5.0.2 Pro Bundle)
uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log
(DXM_Runtime)
Canon Utilities Easy-PhotoPrint (Easy-PhotoPrint)
uninstall cmd: C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox (Easy-PrintToolBox)
uninstall cmd: C:\WINDOWS\BJPSUNST.EXE
Easy-WebPrint (Easy-WebPrint)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Email Address Collector v3.2 (Email Address Collector_is1)
uninstall cmd: "C:\Program Files\Email Address Collector\unins000.exe"
publisher: DS Development
help link: www.emailaddressmanager.com
FlashGet(JetCar) (FlashGet(JetCar))
uninstall cmd: C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
(Fontcore)
GetMail 3.25 (GetMail 3.25)
uninstall cmd: C:\Program Files\GetHotmail\GetMail\Uninstal.exe
HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Program Files\hijackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.
(ICW)
(IE40)
(IE4Data)
(IE5BAKEX)
(IEData)
Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339
(KB884016)
(KB884267)
(KB885353)
Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835
Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836
Windows XP Hotfix - KB885884 20040924.025457 (KB885884)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885884
Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185
(KB886612)
(KB887078)
Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472
(KB887626)
High Definition Audio Driver Package - KB888111 20040219.000000 (KB888111WXPSP2)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB888111
Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302
(KB888656)
(KB889858)
Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046
Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859
(KB891122)
Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781
(KB892313)
(KB893240)
(KB893241)
Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756
(KB893803)
Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467
Update for Windows XP (KB894391) 1 (KB894391)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391
(KB895181)
(KB895316)
(KB895572)
Hotfix for Windows XP (KB896344) 2 (KB896344)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896344
Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358
Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423
Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424
Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428
(KB897586)
Update for Windows XP (KB898461) 1 (KB898461)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461
(KB898549)
Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587
Security Update for Windows XP (KB899589) 1 (KB899589)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899589
Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591
(KB900399)
Update for Windows XP (KB900485) 2 (KB900485)
install date: 20061011
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485
Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725
Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017
Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214
(KB902344)
Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400
Security Update for Windows XP (KB904706) 2 (KB904706)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706
Update for Windows XP (KB904942) 2 (KB904942)
install date: 20061010
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904942
Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414
Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749
(KB907658)
Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519
Update for Windows XP (KB908531) 2 (KB908531)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531
Microsoft Base Smart Card Cryptographic Service Provider Package (KB909520)
uninstall cmd: "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
Update for Windows XP (KB910437) 1 (KB910437)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437
Update for Windows XP (KB911280) 2 (KB911280)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280
Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562
Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564
(continued)
Security Update for Windows Media Player 10 (KB911565) (KB911565)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911565
Security Update for Windows XP (KB911567) 1 (KB911567)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567
(KB911854)
Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927
Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919
Security Update for Windows XP (KB913433) (KB913433)
uninstall cmd: C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913433
Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580
Security Update for Windows XP (KB914388) 1 (KB914388)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914388
Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389
Hotfix for Windows XP (KB914440) 10 (KB914440)
install date: 20061010
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914440
Update for Windows XP (KB916595) 1 (KB916595)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916595
Security Update for Windows XP (KB917159) 1 (KB917159)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917159
Security Update for Microsoft .NET Framework 2.0 (KB917283) 1 (KB917283.T1_1ToU93_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/917283
Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344
Security Update for Windows XP (KB917422) 1 (KB917422)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917422
Security Update for Windows XP (KB917537) 1 (KB917537)
install date: 20061019
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917537
Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953
Security Update for Windows XP (KB918439) 1 (KB918439)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439
Security Update for Windows XP (KB918899) 1 (KB918899)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918899
Security Update for Windows XP (KB919007) 1 (KB919007)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=919007
Security Update for Windows XP (KB920214) 1 (KB920214)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920214
Security Update for Windows XP (KB920670) 1 (KB920670)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920670
Security Update for Windows XP (KB920683) 1 (KB920683)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920683
Security Update for Windows XP (KB920685) 1 (KB920685)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920685
Update for Windows XP (KB920872) 1 (KB920872)
install date: 20061011
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920872
Security Update for Windows XP (KB921398) 1 (KB921398)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921398
Security Update for Windows XP (KB921883) 1 (KB921883)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=921883
Update for Windows XP (KB922582) 1 (KB922582)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922582
Security Update for Windows XP (KB922616) 1 (KB922616)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922616
Security Update for Microsoft .NET Framework 2.0 (KB922770) 1 (KB922770.T1_1ToU168_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/922770
Security Update for Windows XP (KB922819) 1 (KB922819)
install date: 20061010
uninstall cmd: "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=922819
Security Update for Windows XP (KB923191) 1 (KB923191)
install date: 20061010
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923191
Security Update for Windows XP (KB923414) 1 (KB923414)
install date: 20061010
uninstall cmd: "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=923414
Security Update for Windows XP (KB924191) 1 (KB924191)
install date: 20061010
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924191
Security Update for Windows XP (KB924496) 1 (KB924496)
install date: 20061010
uninstall cmd: "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=924496
Security Update for Windows XP (KB925486) 1 (KB925486)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=925486
LiveReg (Symantec Corporation) 3.0.0 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
publisher: Symantec Corporation
LiveUpdate 3.0 (Symantec Corporation) 3.0.0.171 (LiveUpdate)
install location: "C:\Program Files\Symantec\LiveUpdate"
uninstall cmd: "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
publisher: Symantec Corporation
Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Macro Express 3 3.0 (Macro Express 3)
uninstall cmd: C:\PROGRA~1\MACROE~1\UNWISE.EXE C:\PROGRA~1\MACROE~1\INSTALL.LOG
publisher: Insight Software Solutions, Inc.
comments: Create macros to automate tasks in a Windows system.
contact: e-mail support: info@wintools.com
help link: www.macros.com/support.htm
help telephone: 801-927-5009
Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
Microsoft .NET Framework 2.0 (Microsoft .NET Framework 2.0)
install location: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=45396
(Microsoft NetShow Player 2.0)
mIRC (mIRC)
uninstall cmd: "C:\Program Files\mIRC\anaconda\mirc.exe" -uninstall
(MobileOptionPack)
Mozilla Firefox (1.5.0.7) 1.5.0.7 (en-US) (Mozilla Firefox (1.5.0.7))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.7 (en-US)"
publisher: Mozilla
(MPlayer2)
(MSI30-Beta1)
(MSI30-Beta2)
(MSI30-KB884016)
(MSI30-RC1)
(MSI30-RC2)
(MSI30a-KB884016)
(MSI31-Beta)
(MSI31-RC1)
(Nero - Burning Rom!UninstallKey)
uninstall cmd: C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
(NeroBackItUp!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
(NeroMediaHome!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
(NeroRecode!UninstallKey)
uninstall cmd: C:\WINDOWS\UNRecode.exe /UNINSTALL
(NeroShowTime!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
(NeroVision!UninstallKey)
uninstall cmd: C:\WINDOWS\UNNeroVision.exe /UNINSTALL
(NetMeeting)
AI RoboForm Adapter for Firefox/Mozilla/Netscape (NetscapeRoboformPlugin)
uninstall cmd: "C:\Program Files\Siber Systems\Gecko Adapter\AiRoboForm-Mozilla-Adapter.exe" -u
(OutlookExpress)
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Pegasus Mail (Pegasus Mail)
uninstall cmd: C:\PMAIL\Programs\DeSetup.exe C:\PMAIL\Programs
publisher: David Harris
help link: http://www.pmail.com
PopUp Power (PopUp Power)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\HermitWare\PopUp Power\DeIsL1.isu" -c"C:\Program Files\HermitWare\PopUp Power\_ISREG32.DLL"
(PROSetDX)
Registry Mechanic 5.0 5.0 (Registry Mechanic_is1)
install location: C:\Program Files\Registry Mechanic\
uninstall cmd: "C:\Program Files\Registry Mechanic\unins000.exe"
publisher: PC Tools Pty. Ltd.
help link: http://www.pctools.com/registry-mechanic/support/
Sam Spade version 1.14 (Sam Spade version 1.14_is1)
uninstall cmd: "C:\Program Files\Blighty Design\unins000.exe"
SAMSUNG CDMA Modem Driver Set (SAMSUNG CDMA Modem)
uninstall cmd: C:\WINDOWS\system32\Samsung\SSCDUninstall.exe
Samsung Mobile USB Modem Software (Samsung Mobile USB Modem)
uninstall cmd: C:\WINDOWS\system32\Samsung\SSM_Uninstall.exe
(SchedulingAgent)
(Sevinst)
Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
publisher: Adobe Systems
help link: http://www.adobe.com/go/flashplayer_support/
Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
Norton AntiVirus 2005 (Symantec Corporation) 11.0.1 (SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B})
install location: C:\Program Files\Norton AntiVirus
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\Rar$EX57.625
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
publisher: Symantec Corporation
Test Drive 6 (Test Drive 6)
install location: C:\Program Files\Infogrames\Test Drive 6
install source: C:\Documents and Settings\Mr Amazing\Local Settings\Temp\Rar$EX00.437\Test Drive 6 Car Racing GAME full CD\Setup\
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Infogrames\Test Drive 6\Uninst.isu" -c"C:\Program Files\Infogrames\Test Drive 6\Uninst.dll"
publisher: Infogrames
TraySaver Beta 10 (TraySaver Beta 10_is1)
uninstall cmd: "C:\Program FIles\TraySaver\unins000.exe"
Windows Genuine Advantage Validation Tool (KB892130) 1.5.0530.0 (WGA)
install date: 20061009
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=892130
Windows Genuine Advantage Notifications (KB905474) 1.5.0540.0 (WgaNotify)
install date: 20061010
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905474
Windows Media Format 11 runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
help link: http://go.microsoft.com/fwlink/?LinkId=62768
Windows Media Player 11 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 2 20040803.231319 (Windows XP Service Pack)
uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811113
WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe
Windows Media Format 11 runtime (WMFDist11)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:
Windows Media Player 11 (wmp11)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http:
Ipswitch WS_FTP Pro (WS_FTP Pro)
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\PROGRA~1\WS_FTP~1\uninst.isu" -c"C:\PROGRA~1\WS_FTP~1\FTPInstUtils.dll"
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348) (Wudf01000)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
comments: Build machine winmain(wmbla)
XviD 1.1 final uninstall 1.1 (XviD_is1)
install location: C:\Program Files\XviD\
uninstall cmd: "C:\Program Files\XviD\unins000.exe"
publisher: XviD team (Koepi)
help link: http://forum.doom9.org/forumdisplay.php?f=52
ZoneAlarm Pro 6.0.631.002 (ZoneAlarm Pro)
uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
publisher: Zone Labs, Inc
help link: C:\Program Files\Zone Labs\ZoneAlarm\Help\zaclients.chm
Steganos Security Suite 2006 (8.0.4) 8.0.4 ({00000000-5736-4205-1000-0FF9B7C016DD})
version: 134217732
version (major): 8
estimated size: 40666
install date: 20061009
install location: C:\Program Files\Steganos Security Suite 2006\
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\_is405\
uninstall cmd: MsiExec.exe /I{00000000-5736-4205-1000-0FF9B7C016DD}
publisher: Steganos GmbH
Intel(R) PRO Network Connections ({111A3D14-7596-43B0-92BA-418435C90672})
version: 184614912
version (major): 11
version (minor): 1
estimated size: 9773
install date: 20061011
install location: C:\Program Files\Intel\
install source: C:\documents and settings\mr amazing\desktop\drivers\APPS\PROSETDX\Win32\
uninstall cmd: MsiExec.exe /I{111A3D14-7596-43B0-92BA-418435C90672}
publisher: Intel
contact: Intel Customer Support
help link: http://support.intel.com
Eudora 7.0 ({1F0CC18B-D13E-48D4-82B9-1A955B05D061})
version: 117440512
install location: C:\Program Files\Qualcomm\Eudora
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F0CC18B-D13E-48D4-82B9-1A955B05D061}\setup.exe" -l0x9
Symantec 11.0.1 ({228F6876-A313-40A3-91C0-C3CBE6997D09})
version: 184549377
version (major): 11
estimated size: 2976
install date: 20061009
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\Rar$EX57.625\Support\MSRedist\
uninstall cmd: MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
publisher: Symantec Corp
Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Internet Worm Protection 11.0.1 ({2908F0CB-C1D4-447F-97A2-CFC135C9F8D4})
version: 184549377
version (major): 11
estimated size: 11381
install date: 20061009
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\Rar$EX57.625\NAV\
uninstall cmd: MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
publisher: Symantec Corp
(last one)
2.1.20060807 ({2CCBABCB-6427-4A55-B091-49864623C43F})
version: 20060807
version (major): 2
version (minor): 1
SymNet 5.4.0 ({2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2})
version: 84148224
version (major): 5
version (minor): 4
estimated size: 2744
install date: 20061009
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\Rar$EX57.625\Support\SymNet\
uninstall cmd: MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
publisher: Symantec Corporation
J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 122301
install date: 20061009
install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_06plus-b05/windows-i586//
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_06\README.txt
Norton AntiVirus Help 11.00.00 ({34EEB1F5-E939-40A1-A6BA-957282A4B2C8})
version: 184549376
version (major): 11
estimated size: 932
install date: 20061009
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\Rar$EX57.625\Support\Help\
uninstall cmd: MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
publisher: Symantec Corp.
WebFldrs XP 9.50.5318 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154277062
version (major): 9
version (minor): 50
estimated size: 2508
install date: 20061009
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows
Samsung PC Studio 3.0.0.51106 ({3618C740-C65F-4134-95B4-C42F857EA62D})
version: 50331648
version (major): 3
estimated size: 2589
install date: 20061011
install location: C:\Program Files\Samsung\Samsung PC Studio 3\
install source: C:\Program Files\Samsung\Samsung PC Studio 3\{3618C740-C65F-4134-95B4-C42F857EA62D}\
publisher: Samsung Electronics Co., Ltd.
contact: Customer Support Department
help link: http://www.samsungmobile.co.kr
help telephone: 1-555-555-4505
Macromedia Flash MX 6 ({3BE480ED-E17A-431A-981C-5C2EDDBCD3BF})
install location: C:\Program Files\Macromedia\Flash MX
install source: C:\Program Files\Macromedia
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
publisher: Macromedia
help link: http://www.macromedia.com/go/flash_support
8.00.0005 ({403EF592-953B-4794-BCEF-ECAB835C2095})
version: 134217733
version (major): 8
install date: 20061011
install source: C:\documents and settings\mr amazing\desktop\drivers\APPS\PROSETDX\Win32\
uninstall cmd: MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
publisher: Intel
comments: Pseudo NCS Install
contact: Customer Support Department
help link: http://www.intel.com
help telephone: 1-555-555-4505
Macromedia FreeHand 10 10 ({4D826618-59C6-11D4-976E-00C04F8EEB39})
install location: C:\Program Files\Macromedia\FreeHand 10
install source: C:\Program Files\Macromedia
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" UNINSTALL
publisher: Macromedia
help link: http://www.macromedia.com/support/freehand/
VIP Team To Do List 2.4.3 ({4E528C36-8402-4760-9D1C-265EE1161D1A})
version: 33816579
install date: 20061011
install location: C:\Program Files\VIP Quality Software\VIP Team To Do List
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\bye57B.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E528C36-8402-4760-9D1C-265EE1161D1A}\setup.exe" -l0x9 -removeonly
publisher: VIP Quality Software
QuickTime 7.1.3.130 ({55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE})
version: 117506051
version (major): 7
version (minor): 1
estimated size: 71799
install date: 20061018
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\IXP906.TMP\
uninstall cmd: MsiExec.exe /I{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE}
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273
iTunes 7.0.1.8 ({5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6})
version: 117440513
version (major): 7
estimated size: 48669
install date: 20061018
install location: C:\Program Files\iTunes\
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\IXP906.TMP\
uninstall cmd: MsiExec.exe /I{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6}
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.apple.com/support/
help telephone: 1-800-275-2273
Microsoft .NET Framework 2.0 2.0.50727 ({7131646D-CD3C-40F4-97B9-CD9E4E6262EF})
version: 33605159
version (major): 2
estimated size: 218792
install date: 20061011
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\IXP000.TMP\
publisher: Microsoft Corporation
Sony Sound Forge 8.0 8.0.53 ({767572FD-4D01-4FA3-B0A6-4B09FB2CFC37})
version: 134217781
version (major): 8
estimated size: 60692
install date: 20061011
install source: C:\Program Files\Sony Setup\Sound Forge 8.0\
uninstall cmd: MsiExec.exe /X{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}
publisher: Sony
help link: http://mediasoftware.sonypictures.com/support
SPBBC 1.00.0000 ({77772678-817F-4401-9301-ED1D01A8DA56})
version: 16777216
version (major): 1
estimated size: 1463
install date: 20061009
install location: C:\Program Files\Norton AntiVirus\
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\Rar$EX57.625\Support\SPBBC\
uninstall cmd: MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
publisher: Your Company Name
Samsung Samples Installer 1.00.0000 ({7AC15160-A49B-4A89-B181-D4619C025FFF})
version: 16777216
install date: 20061011
install location: C:\Program Files\Samsung\Samsung PC Studio 3
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\bye29.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -l0x9 -removeonly
publisher: Samsung Electronics Co., Ltd.
Nero 7 Demo 7.00.1461 ({84B2CF01-194D-2284-B313-F2E0D78D1033})
version: 117441973
version (major): 7
estimated size: 261200
install date: 20061012
install location: C:\Program Files\Nero\Nero 7\
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\Nero7.tmp\
uninstall cmd: MsiExec.exe /I{84B2CF01-194D-2284-B313-F2E0D78D1033}
publisher: Nero AG
comments: Nero AG
contact: techsupport@nero.com
help link: http://www.nero.com/
Macromedia Dreamweaver MX 6.0 ({8B4AB829-DFD3-436D-B808-D9733D76C590})
version (major): 6
install location: C:\Program Files\Macromedia\Dreamweaver MX
install source: C:\Program Files\Macromedia
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
publisher: Macromedia
WinTasks Trial 5.03 ({8C92D38B-C1DE-490A-B6D1-AAAA8E17DCE2})
version: 84082688
version (major): 5
version (minor): 3
estimated size: 4704
install date: 20061020
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /X{8C92D38B-C1DE-490A-B6D1-AAAA8E17DCE2}
publisher: Uniblue Systems Ltd
help link: www.liutilities.com/support/
Microsoft Office XP Professional with FrontPage 10.0.4330.0 ({90280409-6000-11D3-8CFE-0050048383C9})
version: 167776490
version (major): 10
estimated size: 243079
install date: 20061009
install location: INSTALLLOCATION
install source: F:\
uninstall cmd: MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM
Macromedia Fireworks MX 6 ({930B2432-43D4-11D5-9871-00C04F8EEB39})
install location: C:\Program Files\Macromedia\Fireworks MX
install source: C:\Program Files\Macromedia
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
publisher: Macromedia
help link: http://www.macromedia.com/go/fireworks_support
Macromedia Extension Manager 1.5 ({A5BA14E0-7384-11D4-BAE7-00409631A2C8})
version (major): 1
version (minor): 5
install location: C:\Program Files\Macromedia\Extension Manager
install source: C:\Program Files\Macromedia
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
publisher: Macromedia
Windows Defender Signatures 1.20.0.0 ({A5CC2A09-E9D3-49EC-923D-03874BBD4C2C})
version: 18087936
version (major): 1
version (minor): 20
estimated size: 2820
install date: 20061009
install source: C:\Program Files\Windows Defender\
uninstall cmd: MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
publisher: Microsoft Corporation
Intel(R) Processor ID Utility 3.01.0000 ({A92A4DB0-CD37-42D1-BE1D-603D53C24328})
version: 50397184
version (major): 3
version (minor): 1
estimated size: 3072
install date: 20061021
install location: C:\Program Files\Intel Corporation\Intel Processor ID Utility\
install source: C:\Documents and Settings\Mr Amazing\Local Settings\Temporary Internet Files\Content.IE5\892J0P2R\
uninstall cmd: MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}
publisher: Intel Corporation
Adobe Acrobat 6.0 Professional - English, Français, Deutsch 006.000.000 ({AC76BA86-1033-F400-7760-000000000001})
version: 100663296
version (major): 6
estimated size: 277658
install date: 20061009
install location: C:\Program Files\Adobe\Acrobat 6.0\
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\Rar$EX01.578\Adobe Acrobat 6.0 Professional\
uninstall cmd: MsiExec.exe /I{AC76BA86-1033-F400-7760-000000000001}
publisher: Adobe Systems
comments: This is a placeholder for ARP comments for Acrobat.
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-800-833-6687
readme: C:\Program Files\Adobe\Acrobat 6.0\Readme.htm
SiSoftware Sandra Lite 2007.SP1 (Win64/32/CE) 10.105.2007.9 ({C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1)
install location: C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\
uninstall cmd: "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\unins000.exe"
publisher: SiSoftware
comments: SiSoftware Sandra Lite 2007.SP1 (SiSoftware Ltd Edition)
contact: sandra.soft@sisoftware.net
help link: http://www.sisoftware.net/?location=contact
Samsung PC Studio 3.0.0.51106 ({C4A4722E-79F9-417C-BD72-8D359A090C97})
version: 50331648
install date: 20061011
install location: C:\Program Files\Samsung\Samsung PC Studio 3
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\bye4.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
publisher: Samsung Electronics Co., Ltd.
comments: Samsung PC Studio 3 Maintenance
contact: Samsung Electronics Co., Ltd.
help link: http://www.samsungmobile.co.kr
help telephone: +82 2051 4151
Norton AntiVirus 2005 11.0.1 ({C6F5B6CF-609C-428E-876F-CA83176C021B})
version: 184549377
version (major): 11
estimated size: 58876
install date: 20061009
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\Rar$EX57.625\NAV\
uninstall cmd: MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
publisher: Symantec Corporation
Symantec Network Drivers Update 5.5.1.6 ({CA0A1E54-CE0F-4366-B09C-A87B61DC5633})
version: 84213761
version (major): 5
version (minor): 5
estimated size: 2754
install date: 20061019
install source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt634\
publisher: Symantec Corporation
Windows Defender 1.1.1051.0 ({CAB99E06-B92F-4AE0-89AD-D9AC5991046F})
version: 16843803
version (major): 1
version (minor): 1
estimated size: 10281
install date: 20061009
install source: D:\APpLICATIONS\
uninstall cmd: MsiExec.exe /I{CAB99E06-B92F-4AE0-89AD-D9AC5991046F}
publisher: Microsoft Corporation
Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 60751
install date: 20061011
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm
MSN Messenger 7.5 7.5.0324.0 ({CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5})
version: 117768516
version (major): 7
version (minor): 5
estimated size: 15613
install date: 20061009
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
publisher: Microsoft Corporation
DriverGuide Toolkit ({D13D318A-43CB-4D0C-9EF6-E1B01FF25279})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D13D318A-43CB-4D0C-9EF6-E1B01FF25279}\setup.exe"
Norton AntiVirus SYMLT MSI 11.0.1 ({D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8})
version: 184549377
version (major): 11
estimated size: 1187
install date: 20061009
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\Rar$EX57.625\NAV\
uninstall cmd: MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
publisher: Symantec Corp.
Symantec Script Blocking Installer 11.0.1 ({D327AFC9-7BAA-473A-8319-6EB7A0D40138})
version: 184549377
version (major): 11
estimated size: 497
install date: 20061009
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\Rar$EX57.625\Support\ScrBlock\
uninstall cmd: MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
publisher: Symantec
ccCommon 103.0.1.26 ({DC367608-64A7-4BF7-92F4-8BAA25BA02DB})
version: 1728053249
version (major): 103
estimated size: 5770
install date: 20061009
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\Rar$EX57.625\Support\ccCommon\
uninstall cmd: MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
publisher: Symantec
Norton AntiVirus Parent MSI 11.0.1 ({E5EE9939-259F-4DE2-8023-5C49E16A4F43})
version: 184549377
version (major): 11
estimated size: 709
install date: 20061009
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\Rar$EX57.625\NAV\
uninstall cmd: MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
publisher: Symantec Corp.
Genie Backup Manager Pro 7.0 ({EA23FDC1-BD29-44E9-AB25-7E4EB53179D9}_is1)
install location: C:\Program Files\Genie-Soft\GBMPro7\
uninstall cmd: "C:\Program Files\Genie-Soft\GBMPro7\unins000.exe"
publisher: Genie-Soft
help link: http://www.Genie-Soft.com
Samsung PC Studio 3 USB Driver Installer 1.00.0000 ({EBA29752-DDD2-4B62-B2E3-9841F92A3E3A})
version: 16777216
install date: 20061011
install location: C:\Program Files\Samsung\Samsung PC Studio 3
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\bye1D.tmp\Disk1\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
publisher: Samsung Electronics Co., Ltd.
comments: Samsung PC Studio 3 Maintenance
contact: Samsung Electronics Co., Ltd.
help link: http://www.samsungmobile.co.kr
help telephone: +82 2051 4151
Adobe Photoshop CS CS ({EFB21DE7-8C19-4A88-BB28-A766E16493BC})
version: 134217728
version (major): 8
install location: C:\Program Files\Adobe\Photoshop CS
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\Rar$EX00.735\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
publisher: Adobe Systems, Inc.
Realtek High Definition Audio Driver 2.06 ({F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC})
version: 33947648
install date: 20061011
install location: C:\Program Files\Realtek\InstallShield\
install source: C:\Documents and Settings\Mr Amazing\Desktop\AUD_allOS_5.10.0.5247_PV_Realtek\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
publisher: Realtek Semiconductor Corp.
Norton WMI Update 2005.1.0.111 ({F64306A5-4C32-41bb-B153-53986527FAB4})
version (major): 2005
version (minor): 1
estimated size: 641
install date: 20061009
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\Rar$EX57.625\Support\SymSC\
uninstall cmd: MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
publisher: Symantec Corporation
LonnyRJones
2006-10-27, 07:32
why arent you letting SpyBot fix bearshare ?
I need to see smithfraudfix's log
c:\rapport.txt
I like bearshare :) I was under the impression that if I had Spybot "fix" it, it would be deleted and I would therefore not have use of the program. Is this true? I have, however been considering an alternative anyway. Maybe its best if I delete it too. What do you suggest?
Here is rapport.txt:
SmitFraudFix v2.113
Scan done at 22:21:01.87, Thu 26/10/2006
Run from C:\Documents and Settings\Mr Amazing\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\ismini.exe Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Thanks for looking into this for me LonnyRJones, I really do appreciate your time.
Scrampy
LonnyRJones
2006-10-27, 10:18
I suggest you uninstall bearshare then let SpBot fix its remnants
Some alternative's here although i do not trust any filesharring programs
http://forums.spybot.info/showthread.php?t=282
Are there any current problems ?
"There seem to be a lot of programs set to run on startup (noticed in S&D), are all of these needed?"
If not since you mentioned it we can discuse Optional fixs
Thanks for the info on file sharing. I will do as you have suggested.
The problem seems to have cleared up now after following your instructions. Much appreciated.
I am still concerned about the number of programs running in startup. I would like to optimise my system by having as few aplications running as possible, while they are not being used. Simply starting them as needed. I realise that some applications need to run in order to update etc so that is something I'll need to consider too.
I'm really happy that my pc is no longer infected. :D: :bigthumb:
LonnyRJones
2006-10-27, 11:13
Run SpyBot > advanced mode > tools > system startup
and put a check next to any that dont have one, close SpyBot.
Make and post a new hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 7:17:14 PM, on 27/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program FIles\TraySaver\TraySaver.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\CFusion\Bin\cfexec.exe
C:\CFusion\Bin\cfrdsservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\GetHotmail\GetMail\GetMail.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\SatSrv.exe
C:\Program Files\Macro Express3\MacExp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3FA6F93A-68F2-8C85-B0E3-02FED19F7B39} - C:\WINDOWS\system32\qnqllg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [getmail] "C:\Program Files\GetHotmail\GetMail\GetMail.exe"
O4 - Global Startup: Macro Express 3.lnk = C:\Program Files\Macro Express3\MacExp.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160385091186
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - C:\CFusion\Bin\cfexec.exe
O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - C:\CFusion\Bin\cfrdsservice.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\WINDOWS\System32\SatSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
LonnyRJones
2006-10-27, 11:38
Start Hijackthis and place a check next to these items If there.
O2 - BHO: (no name) - {3FA6F93A-68F2-8C85-B0E3-02FED19F7B39} - C:\WINDOWS\system32\qnqllg.dll (file missing)
O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing)
Optional fix's >
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
Im not familur with these programs, check in there options and see if they have a option to uncheck starting with windows.
O4 - HKCU\..\Run: [getmail] "C:\Program Files\GetHotmail\GetMail\GetMail.exe"
O4 - Global Startup: Macro Express 3.lnk = C:\Program Files\Macro Express3\MacExp.exe
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you fixed Quicktime
Open Quicktime and select, Edit,Preferences, Quicktime Preferences,select Browser Plug-in and uncheck all boxes.
(where the option is may be slightly differant depending on the version)
You have windows defender., avg antispyware , thats fine but only one of there resident shields should be used.
To turn off avg's
Disable AVG Anti-Spyware guard since it may interfere with our cleaning (We can enable it when you're clean)
Open AVG Anti-Spyware
Click Shield
Click under "resident shield is"
Change it to [B]inactive
Close AVG Anti-Spyware
Thanks LonnyRJones,
All is well. I havent notice any problems now since fixing what you described. I'm very thankful for your help.
Do you have any other advice in regards to keeping my pc clean?
Thanks again for helping me get this fixed.
Sincerely,
Scrampy
LonnyRJones
2006-10-28, 00:07
Good to hear there are no problems
Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month
To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279
As the problem appears to be resolved this topic has been archived.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Glad we could help.