System Integrity Scan Wizard?

**Scrampy** · 2006-10-20, 00:38

I have a problem which started with some programs simply not starting when directed. Program would seem to begin, then task would end spontaniously. WinTasks will not run. IE would not run so I uninstalled then reinstalled it.

Then I had many popup windows within internet explorer (not firefox though).

I also had a flashing icon in system tray informing: Security Alert: Network-i.Virus@fp" and says "Critical System Error!" and directs me to virusburst.com

I then followed the instructions here: http://www.newbie.org/help/lofiversi...php?t3155.html and had some success.

I still have some popups during IE and Wintasks will still not load. Also Roboform toolbar will not load.

I am currently running an online scan at http://www3.ca.com/securityadvisor/virusinfo/scan.aspx (just finished the scan, and no virus found)

I have updated Norton ( It was not up to date :\ ), Zone Alarm and have all Windows updates available. I have also run Spybot S&D.

My HJT Log is below.... I'm sure there is something more I can do to set this right... I'm outa ideas.

Could someone please help me restore stability to my system?

Scrampy

PS, I have found these 2 files: 12520437.cpx 12520850.cpx in windows/system32 and they looked odd... I googled them, and got lots of info about virus's etc. But I think they are probably just system files. I'm not game to do more without guidence. Any help would be appreciated.

Logfile of HijackThis v1.97.7
Scan saved at 12:50:13 AM, on 20/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\CFusion\cfam\program\ccmgr.exe
C:\CFusion\Bin\cfserver.exe
C:\CFusion\Bin\cfexec.exe
C:\CFusion\Bin\cfrdsservice.exe
C:\CFusion\JRun\bin\JRun.exe
C:\CFusion\jrun\bin\jrun.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\SatSrv.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\CFusion\cfam\bin\CANamingAdapter.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Macro Express3\MacExp.exe
C:\CFusion\cfam\Program\dfp.exe
C:\CFusion\cfam\Program\wsm.exe
C:\CFusion\cfam\Program\wsprobe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mr Amazing\Desktop\metapad.exe
C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3FA6F93A-68F2-8C85-B0E3-02FED19F7B39} - C:\WINDOWS\system32\qnqllg.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [deexxkb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\deexxkb.dll,jdvzsfg
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [VIP Team To Do List] C:\Program Files\VIP Quality Software\VIP Team To Do List\VIP Team To Do List.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Macro Express 3.lnk = C:\Program Files\Macro Express3\MacExp.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RoboForm Toolbar (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1160385091186
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab

**Scrampy** · 2006-10-20, 02:30

I have recently taken the following actions and have hopefully fixed the problem:

I had HJT fix the following entry:

O4 - HKLM\..\Run: [deexxkb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\deexxkb.dll,jdvzsfg

then I rebooted in safe mode and deleted C:\WINDOWS\system32\deexxkb.dll

I do not seem to have any problems with the popup any longer, but I'm still a little unsure if I have missed anything.

Any other guidence or just an "OK" from someone in the know would be very much appreciated.

Thanks for this forum... a very valuable resource.

Scrampy

**LonnyRJones** · 2006-10-25, 16:49

Hi Scrampy
Replace your old version of Hijackthis and post another log please
HijackThis 1.99.1
http://www.merijn.org/files/HijackThis.exe

What version of SpyBot S&D is it you have ?

**Scrampy** · 2006-10-26, 04:34

Thanks for offering your help LonnyRJones.

I have:

Updated HJT and posted log.

Updated Spybot (1.4 - previously was 1.2) and run scan, and fixed any issues found.

I am currently running Full Norton system scan as I have just been warned by Norton that there are some other threats running.

ishost.exe
win4EF8.tmp.exe
QNQLLG.DLL
trojan.BUSKY
Troj/Dloadr-XS

Here is log:

Logfile of HijackThis v1.99.1
Scan saved at 12:31:31 PM, on 26/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\CFusion\Bin\cfexec.exe
C:\CFusion\Bin\cfrdsservice.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\SatSrv.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program FIles\TraySaver\TraySaver.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\GetHotmail\GetMail\GetMail.exe
C:\Program Files\Macro Express3\MacExp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3FA6F93A-68F2-8C85-B0E3-02FED19F7B39} - C:\WINDOWS\system32\qnqllg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [getmail] "C:\Program Files\GetHotmail\GetMail\GetMail.exe"
O4 - Global Startup: Macro Express 3.lnk = C:\Program Files\Macro Express3\MacExp.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1160385091186
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineil32 - C:\WINDOWS\SYSTEM32\wineil32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - C:\CFusion\Bin\cfexec.exe
O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - C:\CFusion\Bin\cfrdsservice.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\WINDOWS\System32\SatSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks again for your assistance.

Sincerely,

Scrampy

**LonnyRJones** · 2006-10-26, 04:50

Next: Fallow the instructions here, afterwards post the logs mentioned near the bottom
http://forums.spybot.info/showthread.php?t=4015

**Scrampy** · 2006-10-27, 00:27

AVG Anti-Spyware picked up a few things. A valuable addition. Thank you
There seem to be a lot of programs set to run on startup (noticed in S&D), are all of these needed? how would I disable the ones not needed?
Here are the logs you requested (quite large):

Logfile of HijackThis v1.99.1
Scan saved at 7:54:49 AM, on 27/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program FIles\TraySaver\TraySaver.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\CFusion\Bin\cfexec.exe
C:\CFusion\Bin\cfrdsservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\GetHotmail\GetMail\GetMail.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\SatSrv.exe
C:\Program Files\Macro Express3\MacExp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Macro Express3\macedit.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\Documents and Settings\Mr Amazing\Desktop\metapad.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3FA6F93A-68F2-8C85-B0E3-02FED19F7B39} - C:\WINDOWS\system32\qnqllg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [getmail] "C:\Program Files\GetHotmail\GetMail\GetMail.exe"
O4 - Global Startup: Macro Express 3.lnk = C:\Program Files\Macro Express3\MacExp.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1160385091186
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineil32 - wineil32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - C:\CFusion\Bin\cfexec.exe
O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - C:\CFusion\Bin\cfrdsservice.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\WINDOWS\System32\SatSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:17:39 AM 27/10/2006

+ Scan result:

HKU\S-1-5-21-117609710-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned.
D:\System Volume Information\_restore{87FB0325-8902-4D6F-A043-BBE51F1652FC}\RP7\A0000192.exe -> Adware.InstantBuzz : Cleaned.
HKU\S-1-5-21-117609710-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA} -> Adware.Isearch : Cleaned.
C:\System Volume Information\_restore{87FB0325-8902-4D6F-A043-BBE51F1652FC}\RP85\A0016515.exe -> Downloader.PurityScan.dc : Cleaned.
C:\System Volume Information\_restore{87FB0325-8902-4D6F-A043-BBE51F1652FC}\RP76\A0008728.rbf -> Downloader.Small : Cleaned.
C:\System Volume Information\_restore{87FB0325-8902-4D6F-A043-BBE51F1652FC}\RP71\A0008030.exe -> Downloader.Zlob.aqj : Cleaned.
C:\System Volume Information\_restore{87FB0325-8902-4D6F-A043-BBE51F1652FC}\RP72\A0008151.exe -> Downloader.Zlob.aqj : Cleaned.
C:\System Volume Information\_restore{87FB0325-8902-4D6F-A043-BBE51F1652FC}\RP72\A0008315.exe -> Downloader.Zlob.aqj : Cleaned.
C:\System Volume Information\_restore{87FB0325-8902-4D6F-A043-BBE51F1652FC}\RP72\A0008346.exe -> Downloader.Zlob.aqj : Cleaned.
C:\System Volume Information\_restore{87FB0325-8902-4D6F-A043-BBE51F1652FC}\RP72\A0008347.exe -> Downloader.Zlob.aqj : Cleaned.
C:\System Volume Information\_restore{87FB0325-8902-4D6F-A043-BBE51F1652FC}\RP72\A0008121.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Cleaned.
C:\System Volume Information\_restore{87FB0325-8902-4D6F-A043-BBE51F1652FC}\RP72\A0008353.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Cleaned.
:mozilla.137:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.107:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.108:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.109:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.115:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.272:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.373:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.456:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@travelcomau.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.139:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.140:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.149:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.64:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.65:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.66:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.202:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.203:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.402:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.403:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.358:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.359:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.360:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.361:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

**Scrampy** · 2006-10-27, 00:30

(continued)
:mozilla.62:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.62:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.292:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.383:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.384:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.385:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.164:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.164:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.165:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.165:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.166:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.16:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.17:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.18:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.20:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.21:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.22:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.23:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.24:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.85:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.86:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.110:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.114:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.127:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.128:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.166:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.167:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.168:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.169:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.61:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.22:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.63:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.73:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.247:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.249:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.322:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.333:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.336:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.397:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.398:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.80:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.88:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.89:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.92:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.93:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.94:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.95:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.96:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.313:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.314:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.316:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.63:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.64:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.65:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.123:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.282:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.207:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.208:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.209:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.138:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.91:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.118:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.119:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.120:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.57:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.89:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.90:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.91:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.141:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.452:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.453:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.454:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.125:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.126:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.127:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.128:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.129:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.167:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.151:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.152:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.153:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.154:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.155:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.39:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.446:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.447:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.448:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.449:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.450:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.50:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.51:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.52:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.53:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.56:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.150:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.151:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.152:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.153:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.154:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.155:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.156:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.157:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.111:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@sexlist[2].txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.105:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.106:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.116:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.119:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@counter14.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@counter15.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.138:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.139:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.124:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.275:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.160:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.161:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.162:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox

**Scrampy** · 2006-10-27, 00:31

(continued)
\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.163:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.217:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.218:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.219:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.220:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.36:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.182:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.183:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.193:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.97:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.382:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.36:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.36:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.37:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.37:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.413:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.48:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.134:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.95:C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\bmrfzlb6.default\cookies.txt -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned.
:mozilla.283:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Pete\Cookies\pete@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.112:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.113:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.114:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.262:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.263:C:\Documents and Settings\Test\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.187:C:\Documents and Settings\Mr Amazing\Application Data\Mozilla\Firefox\Profiles\y3f1d501.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\wineil32.dll -> Trojan.Agent.vg : Cleaned.

::Report end

--- Search result list ---
Bearshare: User settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\AppEvents\EventLabels\BearShareChatNotifyMsg

Bearshare: User settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\BearShare

Bearshare: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\BearShare

Bearshare: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Magnet\Handlers\Bearshare

Bearshare: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BearShare

Bearshare: Program directory (Directory, nothing done)
C:\Program Files\BearShare\

Bearshare: Library (File, nothing done)
C:\Program Files\BearShare\BSidle.dll

Bearshare: Executable (File, nothing done)
C:\Program Files\BearShare\Webstats.bat

Bearshare: Executable (File, nothing done)
C:\Program Files\BearShare\Webstats.exe

Bearshare: Configuration file (File, nothing done)
C:\Program Files\BearShare\Webstats.ini

Bearshare: Program directory (Directory, nothing done)
C:\Program Files\BearShare\db\

Bearshare: Text file (File, nothing done)
C:\Program Files\BearShare\db\Hostiles-Chat.txt

Bearshare: Configuration file (File, nothing done)
C:\Program Files\BearShare\db\searches.ini

Bearshare: Program directory (Directory, nothing done)
C:\Program Files\BearShare\Extras\

Bearshare: Program directory (Directory, nothing done)
C:\Program Files\BearShare\Logs\

Bearshare: Text file (File, nothing done)
C:\Program Files\BearShare\Logs\hosts-state.txt

Bearshare: Text file (File, nothing done)
C:\Program Files\BearShare\Logs\memory.txt

Bearshare: Text file (File, nothing done)
C:\Program Files\BearShare\Logs\ordinal.txt

Bearshare: Text file (File, nothing done)
C:\Program Files\BearShare\Logs\streams.txt

Bearshare: Program directory (Directory, nothing done)
C:\Program Files\BearShare\Playlists\

Bearshare: Program directory (Directory, nothing done)
C:\Program Files\BearShare\sounds\

Bearshare: Sound file (File, nothing done)
C:\Program Files\BearShare\sounds\notify.wav

Bearshare: Temporary folder (Directory, nothing done)
C:\Program Files\BearShare\Temp\

Bearshare: Program directory (Directory, nothing done)
C:\Program Files\BearShare\Webstats\

Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2

ErrorSafe: Tracking cookie (Firefox: default) (Cookie, fixed)

ErrorSafe: Tracking cookie (Firefox: default) (Cookie, fixed)

ErrorSafe: Tracking cookie (Firefox: default) (Cookie, fixed)

ErrorSafe: Tracking cookie (Firefox: default) (Cookie, fixed)

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-10-26 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-10-20 Includes\Cookies.sbi (*)
2006-10-13 Includes\Dialer.sbi (*)
2006-10-20 Includes\DialerC.sbi (*)
2006-10-13 Includes\Hijackers.sbi (*)
2006-10-20 Includes\HijackersC.sbi (*)
2006-10-20 Includes\Keyloggers.sbi (*)
2006-10-20 Includes\KeyloggersC.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-10-20 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-10-20 Includes\PUPSC.sbi (*)
2006-10-20 Includes\Revision.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-10-20 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-10-20 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-10-13 Includes\Trojans.sbi (*)
2006-10-20 Includes\TrojansC.sbi (*)

--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Internet Explorer 6 / SP0: Windows XP Hotfix - KB834707
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/917283
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/922770
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917537)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB918899)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920214)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921398)
/ Windows XP / SP3: Security Update for Windows XP (KB921883)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922616)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB925486)

--- Startup entries list ---
Located: HK_LM:Run, !AVG Anti-Spyware
command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6266880
MD5: 01d90ae5dccbce0c7b52874fec35a608

Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 69632
MD5: 8b4cbba1ea526830c7f97e7822e2493a

Located: HK_LM:Run, AlcWzrd
command: ALCWZRD.EXE
file: C:\WINDOWS\ALCWZRD.EXE
size: 2809344
MD5: 917a7d41d5099439f244560440f663fa

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 59040
MD5: 42d55a54df63361a3207f830508ba4a4

Located: HK_LM:Run, High Definition Audio Property Page Shortcut
command: HDAShCut.exe
file: C:\WINDOWS\system32\HDAShCut.exe
size: 61952
MD5: 9c3b2302b60fb0efb13bc880a5e3e93e

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5

Located: HK_LM:Run, Windows Defender
command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1420560
MD5: 81aa8ba06a824e637e2ba290d4fa9e3e

Located: HK_LM:Run, Zone Labs Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 980752
MD5: 03d57ee212609e5b00d409dd3d827e4d

Located: HK_LM:Run, iTunesHelper (DISABLED)
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 229952
MD5: ceccc68b54e8e27c93dbede85f160c96

Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: d2c900031fd445b5464abb5629388be3

Located: HK_LM:Run, SoundMan (DISABLED)
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 86016
MD5: de3c57d3a24fb471cb48ad4fcc0e6fa4

Located: HK_CU:Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
command: "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
file: C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
size: 94208
MD5: 15a1a88d97d440c735058ccf3f74a6ee

Located: HK_CU:Run, getmail
command: "C:\Program Files\GetHotmail\GetMail\GetMail.exe"
file: C:\Program Files\GetHotmail\GetMail\GetMail.exe
size: 1056768
MD5: c2e88f86717d38d62d5f94ecc13ded7f

Located: HK_CU:Run, RoboForm
command: "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
file: C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
size: 144448
MD5: af4f61b237fe6e2ffa4032ae6f4d59a1

Located: Startup (common), Macro Express 3.lnk
command: C:\Program Files\Macro Express3\MacExp.exe
file: C:\Program Files\Macro Express3\MacExp.exe
size: 3160064
MD5: 59e39e79053ac26870ca0eb1e02769cd

Located: System.ini, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wineil32
command: wineil32.dll
file: wineil32.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 15/05/2003 12:47:54 AM
Date (last access): 27/10/2006 6:37:20 AM
Date (last write): 15/05/2003 12:47:54 AM
Filesize: 50376
Attributes: archive
MD5: 0C0E1B2BCAED8DF401BE94D538BCB412
CRC32: 1D771322
Version: 6.0.0.878

{3FA6F93A-68F2-8C85-B0E3-02FED19F7B39} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: qnqllg.dll

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 26/10/2006 11:19:30 AM
Date (last access): 27/10/2006 7:46:54 AM
Date (last write): 31/05/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759

**Scrampy** · 2006-10-27, 00:32

(continued)
CRC32: D4589A41
Version: 1.4.0.0

{601ED020-FB6C-11D3-87D8-0050DA59922B} (Ipswitch.WsftpBrowserHelper)
BHO name: Ipswitch.WsftpBrowserHelper
CLSID name: WsftpBrowserHelper Class
description: WS_FTP
classification: Legitimate
known filename: wsbho2k0.dll
info link: http://www.ipswitch.com/Products/WS_FTP/
info source: TonyKlein
Path: C:\Program Files\WS_FTP Pro\
Long name: wsbho2k0.dll
Short name:
Date (created): 10/10/2006 11:26:10 PM
Date (last access): 27/10/2006 6:37:20 AM
Date (last write): 23/05/2003 2:11:34 PM
Filesize: 131118
Attributes: archive
MD5: B5250C88CC9D254DE68DB50F2CED47A1
CRC32: 34EF386E
Version: 8.0.0.0

{724d43a9-0d85-11d4-9908-00400523e39a} ()
BHO name:
CLSID name:
description: RoboForm
classification: Legitimate
known filename: RoboForm.dll
info link: http://www.roboform.com/
info source: TonyKlein
Path: C:\Program Files\Siber Systems\AI RoboForm\
Long name: roboform.dll
Short name:
Date (created): 11/10/2006 11:45:30 AM
Date (last access): 27/10/2006 6:37:20 AM
Date (last write): 31/03/2006 2:45:18 PM
Filesize: 4666424
Attributes: archive
MD5: 7E1DD7CF40E5D9766B197D7061BD2AE2
CRC32: 30943871
Version: 6.6.8.0

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 2/03/2006 1:53:00 PM
Date (last access): 27/10/2006 6:37:20 AM
Date (last write): 10/11/2005 1:22:12 PM
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5

{A5366673-E8CA-11D3-9CD9-0090271D075B} (IeCatch2 Class)
BHO name:
CLSID name: IeCatch2 Class
description: FlashGet
classification: Open for discussion
known filename: Jccatch.dll
info link: http://www.amazesoft.com/
info source: TonyKlein
Path: C:\PROGRA~1\FlashGet\
Long name: Jccatch.dll
Short name:
Date (created): 9/10/2006 5:30:48 PM
Date (last access): 27/10/2006 6:37:20 AM
Date (last write): 16/01/2002 7:12:18 PM
Filesize: 65536
Attributes: archive
MD5: F2FAFE3CB6412C89F43D88CCEBE308F3
CRC32: B1AEC78B
Version: 1.1.4.0

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll googletoolbar*.dll (* = number) googletoolbar_en_*.**-big.dll Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 20/10/2006 6:05:22 PM
Date (last access): 27/10/2006 6:37:20 AM
Date (last write): 12/10/2006 11:38:04 AM
Filesize: 2108480
Attributes: readonly archive
MD5: 4CB9CC5E19F70337BFE200A4DAD58025
CRC32: 07D15995
Version: 4.0.1020.2544

{AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
BHO name:
CLSID name: AcroIEToolbarHelper Class
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 15/05/2003 1:03:46 AM
Date (last access): 27/10/2006 6:37:20 AM
Date (last write): 15/05/2003 1:03:46 AM
Filesize: 147456
Attributes: archive
MD5: 44BCFF08947790E74BD7CC7532D2B793
CRC32: 0C91890B

{BDF3E430-B101-42AD-A544-FADC6B084872} (NAV Helper)
BHO name: NAV Helper
CLSID name: CNavExtBho Class
description: Norton Antivirus
classification: Legitimate
known filename: NavShExt.dll
info link: http://www.symantec.com/nav/nav_9xnt/
info source: TonyKlein
Path: C:\Program Files\Norton AntiVirus\
Long name: NAVSHEXT.DLL
Short name:
Date (created): 18/08/2004 8:44:48 AM
Date (last access): 27/10/2006 6:37:20 AM
Date (last write): 19/10/2005 12:54:30 PM
Filesize: 218736
Attributes: archive
MD5: EB77A64845D96A77C148A3905641FD45
CRC32: 777D84AF
Version: 11.0.16.2

--- ActiveX list ---
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?LinkID=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 10/10/2006 11:50:50 PM
Date (last access): 26/10/2006 1:07:50 PM
Date (last write): 23/05/2006 4:00:12 PM
Filesize: 513024
Attributes:
MD5: 96A0076C2C07AD09225687809F86F54C
CRC32: 25C6E2A1
Version: 1.5.540.0

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsu...?1160385091186
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: wuweb.dll
Short name:
Date (created): 26/05/2005 4:19:32 AM
Date (last access): 26/10/2006 1:08:42 PM
Date (last write): 26/05/2005 4:19:32 AM
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 5.8.0.2469

{7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class)
DPF name:
CLSID name: WScanCtl Class
Installer: C:\WINDOWS\Downloaded Program Files\webscan.inf
Codebase: http://www3.ca.com/securityadvisor/v...fo/webscan.cab
description:
classification: Legitimate
known filename: webscan.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: webscan.dll
Short name:
Date (created): 21/07/2006 6:50:14 PM
Date (last access): 27/10/2006 7:26:08 AM
Date (last write): 21/07/2006 6:50:14 PM
Filesize: 180282
Attributes: archive
MD5: C2AB04247A8FE05AFC924447568D18C5
CRC32: 5C6624F7
Version: 1.1.0.1048

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 2/03/2006 1:52:58 PM
Date (last access): 26/10/2006 8:29:04 PM
Date (last write): 10/11/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/actives...ree/asinst.cab
description:
classification: Legitimate
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 24/08/2006 8:28:54 AM
Date (last access): 27/10/2006 7:26:08 AM
Date (last write): 24/08/2006 8:28:54 AM
Filesize: 141424
Attributes: archive
MD5: CB0EBD772D7D003BD11A999FF515A89A
CRC32: 3CFE74C1
Version: 58.6.0.0

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 2/03/2006 1:52:58 PM
Date (last access): 27/10/2006 7:48:00 AM
Date (last write): 10/11/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 2/03/2006 1:52:58 PM
Date (last access): 27/10/2006 7:48:00 AM
Date (last write): 10/11/2005 1:22:12 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/pub...sh/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9.ocx
Short name:
Date (created): 22/06/2006 1:44:22 PM
Date (last access): 26/10/2006 10:15:30 PM
Date (last write): 22/06/2006 1:44:22 PM
Filesize: 2201224
Attributes: readonly archive
MD5: 99F80CA1EBE95677668F54CAC6F4AD6D
CRC32: B7385E3B
Version: 9.0.16.0

--- Process list ---
PID: 0 ( 0) [System]
PID: 212 ( 4) \SystemRoot\System32\smss.exe
PID: 260 ( 212) \??\C:\WINDOWS\system32\csrss.exe
PID: 284 ( 212) \??\C:\WINDOWS\system32\winlogon.exe
PID: 332 ( 284) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 344 ( 284) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 512 ( 332) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 588 ( 332) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 624 ( 332) C:\Program Files\Windows Defender\MsMpEng.exe
size: 45840
MD5: 948D315495195662BA2A683A7A156BEA
PID: 684 ( 332) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 912 ( 892) C:\Program FIles\TraySaver\TraySaver.exe
size: 102400
MD5: 135A4FB8F70D40462DE9E8364E8826C5
PID: 932 ( 912) C:\WINDOWS\explorer.exe
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1084 ( 932) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 1400 ( 932) C:\Documents and Settings\Mr Amazing\Desktop\metapad.exe
size: 95744
MD5: D35941ADCF891138DFE6D6E503877C81
PID: 4 ( 0) System

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 27/10/2006 7:48:01 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 6: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 7: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6B3D18EE-AF90-4F7C-844A-87112EBF7BB7}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6B3D18EE-AF90-4F7C-844A-87112EBF7BB7}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DA1C72AD-7170-4253-AE25-9B821610DFE0}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

**Scrampy** · 2006-10-27, 00:33

(continued)
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DA1C72AD-7170-4253-AE25-9B821610DFE0}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9F1A6043-C6CF-4ABB-AC08-20502BB1493A}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9F1A6043-C6CF-4ABB-AC08-20502BB1493A}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DA1C72AD-7170-4253-AE25-9B821610DFE0}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DA1C72AD-7170-4253-AE25-9B821610DFE0}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B3D18EE-AF90-4F7C-844A-87112EBF7BB7}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6B3D18EE-AF90-4F7C-844A-87112EBF7BB7}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2E7BD7F-4C8B-4465-B20E-70CB4AB7F135}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2E7BD7F-4C8B-4465-B20E-70CB4AB7F135}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D216691-6476-4FAE-953C-D664C1AC7337}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D216691-6476-4FAE-953C-D664C1AC7337}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C4E38E61-70FF-4B87-A129-944E4FAA41E1}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C4E38E61-70FF-4B87-A129-944E4FAA41E1}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename: C:\WINDOWS\system32\pnrpnsp.dll

Namespace Provider 4: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename: C:\WINDOWS\system32\pnrpnsp.dll

--- Uninstall list ---
101 Email Address Extractor V2.2.4 1.0.0.0 (101 Email Address Extractor V2.2.4)
install date: Fri Oct 13 07:55:42 EST 2006
install location: C:\Program Files\101 Bulk Email Software\101 Email Address Extractor V2.2.4
uninstall cmd: "C:\Program Files\101 Bulk Email Software\101 Email Address Extractor V2.2.4\UninstallerData\Uninstall EAE.exe"
publisher: KMGC Inc
contact: daveloo86@yahoo.com

ACDSee (ACDSee)
uninstall cmd: C:\PROGRA~1\ACDSYS~1\ACDSee\UNWISE.EXE C:\PROGRA~1\ACDSYS~1\ACDSee\INSTALL.LOG

Ad-aware 6 Professional 6.0.1.158 (Ad-aware 6 Professional)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
publisher: Lavasoft Sweden
comments: Ad-aware VI Professional
help link: http://www.lavasoftusa.com

(AddressBook)

Advanced Administrative Tools 5.50 (Advanced Administrative Tools)
uninstall cmd: C:\PROGRA~1\G-LOCK~1\ADVANC~1\UNWISE.EXE C:\PROGRA~1\G-LOCK~1\ADVANC~1\INSTALL.LOG
publisher: G-Lock Software
comments: Advanced Administrative Tools

AI RoboForm (All Users) (AI RoboForm)
uninstall cmd: "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
help link: http://www.roboform.com/php/rtss/main/

ATI Display Driver 8.231-060221a1-030895C-ATI (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
publisher: Grisoft Ltd.
help link: http://www.grisoft.com

BearShare 5.0.2.3 (BearShare)
uninstall cmd: C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG
publisher: Free Peers, Inc.
help link: http://bearshare.com/help.htm

(Branding)

Camtasia Studio 1.0 (Camtasia Studio)
version (major): 1
install location: C:\Program Files\TechSmith\Camtasia Studio
install source: C:\DOCUME~1\MRAMAZ~1\LOCALS~1\Temp\Rar$EX00.547
uninstall cmd: C:\Program Files\TechSmith\Camtasia Studio\CSuninst.EXE
publisher: TechSmith Corporation
comments: Thank you for using Camtasia Studio!
contact: CamtasiaStudio@techsmith.com
help link: http://www.techsmith.com/techsupp

Canon iP2200 (CANONBJ_Deinstall_CNMCP74.DLL)
uninstall cmd: C:\WINDOWS\System32\CNMCP74.exe "-PRINTERNAMECanon iP2200" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP2200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

DivX 5.0.2 Pro Bundle (DivX 5.0.2 Pro Bundle)
uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log

(DXM_Runtime)

Canon Utilities Easy-PhotoPrint (Easy-PhotoPrint)
uninstall cmd: C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini

Canon Utilities Easy-PrintToolBox (Easy-PrintToolBox)
uninstall cmd: C:\WINDOWS\BJPSUNST.EXE

Easy-WebPrint (Easy-WebPrint)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"

Email Address Collector v3.2 (Email Address Collector_is1)
uninstall cmd: "C:\Program Files\Email Address Collector\unins000.exe"
publisher: DS Development
help link: www.emailaddressmanager.com

FlashGet(JetCar) (FlashGet(JetCar))
uninstall cmd: C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG

(Fontcore)

GetMail 3.25 (GetMail 3.25)
uninstall cmd: C:\Program Files\GetHotmail\GetMail\Uninstal.exe

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Program Files\hijackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

(KB884016)

(KB884267)

(KB885353)

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB885884 20040924.025457 (KB885884)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885884

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

(KB886612)

(KB887078)

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

(KB887626)

High Definition Audio Driver Package - KB888111 20040219.000000 (KB888111WXPSP2)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB888111

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

(KB888656)

(KB889858)

Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

(KB891122)

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

(KB892313)

(KB893240)

(KB893241)

Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

(KB895181)

(KB895316)

(KB895572)

Hotfix for Windows XP (KB896344) 2 (KB896344)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896344

Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

(KB897586)

Update for Windows XP (KB898461) 1 (KB898461)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

(KB898549)

Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Security Update for Windows XP (KB899589) 1 (KB899589)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899589

Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

(KB900399)

Update for Windows XP (KB900485) 2 (KB900485)
install date: 20061011
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485

Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

(KB902344)

Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Security Update for Windows XP (KB904706) 2 (KB904706)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Update for Windows XP (KB904942) 2 (KB904942)
install date: 20061010
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904942

Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

(KB907658)

Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Update for Windows XP (KB908531) 2 (KB908531)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Microsoft Base Smart Card Cryptographic Service Provider Package (KB909520)
uninstall cmd: "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

Update for Windows XP (KB910437) 1 (KB910437)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Update for Windows XP (KB911280) 2 (KB911280)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280

Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20061009
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564

Thread: System Integrity Scan Wizard?

Thread Tools

Display

System Integrity Scan Wizard?

Posting Permissions