[LOGS] desktop hijack - Warning! Spyware detected on your computer.....

[dbain21]

My laptop computer was infected with some malware earlier this week. My desktop background changed to a black background with the following message:

"Warning! Spyware detected on Your computer. Install an antivirus or spyware remover to clean your computer."

I followed the advice in this thread: http://forums.spybot.info/showthread.php?t=1958

I am posting the Spybot log results in a reply to this thread (the file is too large).

Currently, my background is now white (it changes from my wallpaper to white just before all of the startup tasks have finished launching.)

I am unable to open Internet Explorer, it errors out as soon as I attempt to run it. Mozilla Firefox works fine.

Panda AV detected several "low risk" threats, Citifraud.A among several others (I was unable to locate that log file this morning.)

Please advise at your earliest convenience.

Sincerely,
Derek Bain

 

[dbain21]

here is the Spybot log from my laptop computer... part 1 of 4

Spybot log 02.28.2006 (part 1)


--- Search result list ---
Windows.ActiveDesktop: User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-870919532-1302601971-1619202771-500\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2006-02-28 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-02-24 Includes\Cookies.sbi (*)
2006-02-24 Includes\PUPS.sbi (*)
2006-02-24 Includes\Dialer.sbi (*)
2006-02-24 Includes\Hijackers.sbi (*)
2006-02-24 Includes\Keyloggers.sbi (*)
2006-02-24 Includes\Malware.sbi (*)
2006-02-24 Includes\Revision.sbi (*)
2006-02-24 Includes\Security.sbi (*)
2006-02-24 Includes\Spybots.sbi (*)
2006-02-24 Includes\Trojans.sbi (*)
2005-02-17 Includes\Tracks.uti
2003-11-12 Includes\QA Tests.sbi (*)



--- System information ---
Windows 2000 (Build: 2195) Service Pack 4
/ DataAccess: Microsoft XML (MSXML 4.0) Critical Update for Windows
/ Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB867282
/ Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB896727
/ Windows 2000 / SP4: Windows 2000 Service Pack 4
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB823980
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB824146
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB828741
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB835732
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB837001
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB840315
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841873
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB873333
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB885250
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB885834
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB888113
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB890175
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB891711
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB891781
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB893066
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB896358
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB896422
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB896423
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB899588
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB901214


--- Startup entries list ---
Located: HK_LM:Run, ACUMon
command: "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe"
file: C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
size: 208896
MD5: cb66624837bccb6dc536acd9e9f3e3f0

Located: HK_LM:Run, AdaptecDirectCD
command: "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
file: C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
size: 684032
MD5: d600163ae3a335f0d43db1d2e748fa84

Located: HK_LM:Run, AtiPTA
command: Atiptaxx.exe
file: C:\WINNT\system32\Atiptaxx.exe
size: 151552
MD5: 22ff8dd6c721ed352353c6c09d94613a

Located: HK_LM:Run, Compaq Computer Security
command: C:\PROGRA~1\Compaq\Security\Secure32.exe
file: C:\PROGRA~1\Compaq\Security\Secure32.exe
size: 24576
MD5: 84751199265c399efa8d40c236a0a67d

Located: HK_LM:Run, CPQAcDc
command: C:\Program Files\Compaq\PowerCon Enhancements\CPQAcDc.Exe
file: C:\Program Files\Compaq\PowerCon Enhancements\CPQAcDc.Exe
size: 25600
MD5: 6c22eadd06b209200d587c9728b6a55e

Located: HK_LM:Run, gcasServ
command: "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
file: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 469824
MD5: 70c5a9c9cf9e65a9073a2a43da822841

Located: HK_LM:Run, hkss
command: C:\Program Files\Compaq\HotKey Software\hkss.exe
file: C:\Program Files\Compaq\HotKey Software\hkss.exe
size: 180224
MD5: e8450a89a51079ee392d56cc706f1d65

Located: HK_LM:Run, IntelAPMClient
command: "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro
file: C:\Program Files\LANDesk\LDClient\amclient.exe
size: 307200
MD5: 240f3ec63204a5c90349966d245f1022

Located: HK_LM:Run, LANDeskInventoryClient
command: "C:\Program Files\LANDesk\LDClient\LDIScn32.exe" /NTT=SMCLDMS:5007 /S=SMCLDMS /I=HTTP://SMCLDMS/ldlogon/ldappl3.ldz /NOUI
file: C:\Program Files\LANDesk\LDClient\LDIScn32.exe
size: 737280
MD5: 5731e1e9c1d797b808504f1eac6ca3fb

Located: HK_LM:Run, LTWinModem1
command: ltmsg.exe 9
file: C:\WINNT\system32\ltmsg.exe
size: 105472
MD5: ae654165b955ef1d5ae04e56121b000e

Located: HK_LM:Run, Promon.exe
command: Promon.exe
file: C:\WINNT\system32\Promon.exe
size: 29184
MD5: 4ca549a5f91d9126c628d3ac268a69c7

Located: HK_LM:Run, PRPCMonitor
command: PRPCUI.exe
file: C:\WINNT\system32\PRPCUI.exe
size: 32768
MD5: d6a2be69b77fce727f0652202aaf9beb

Located: HK_LM:Run, Realtime Monitor
command: C:\Inoculan\realmon.exe -s
file: C:\Inoculan\realmon.exe
size: 493024
MD5: b7166c6cad2ca92e047cad3082cb6b7e

Located: HK_LM:Run, SDClientMonitor
command: "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
file: C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
size: 253952
MD5: 32279109074583b440bac69b6ce521c8

Located: HK_LM:Run, SideWinderTrayV4
command: C:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe
file: C:\PROGRA~1\MI948F~1\GAMECO~1\common\swtrayv4.exe
size: 24650
MD5: f21b0089d19ebc60ac31a72df213d394

Located: HK_LM:Run, siService.exe
command: "C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"
file: C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
size: 204800
MD5: ffb454249d782426d8fd46d4cf05ca2d

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
file: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
size: 32881
MD5: ed85b344e6edc30c1bc57ec1a2a56bf3

Located: HK_LM:Run, Synchronization Manager
command: mobsync.exe /logon
file: C:\WINNT\system32\mobsync.exe
size: 111376
MD5: 9b2f5b9e745deaaa57fb78329ed03061

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 190976
MD5: b8ebc5153af5552d7aaa118511631696

Located: HK_LM:Run, SynTPLpr
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 81920
MD5: dc8fa869f531a21674902e074bf0ad32

Located: HK_CU:RunOnce, ^SetupICWDesktop
command: C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
file:

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: 3544d6ffd1edf9dafa5e06dffff6e38a

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, wzcnotif
command: wzcdlg.dll
file: wzcdlg.dll



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 12/14/2004 1:56:50 AM
Date (last access): 2/28/2006
Date (last write): 12/14/2004 1:56:50 AM
Filesize: 63136
Attributes: archive
MD5: 42729C3DE75A7A51FC6F9EF6546C9199
CRC32: 4D60BD07
Version: 7.0.0.1333

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name: SDHELPER.DLL
Date (created): 2/28/2006 7:18:32 PM
Date (last access): 2/28/2006
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0



--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINNT\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINNT\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINNT\Downloaded Program Files\erma.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINNT\SYSTEM32\Macromed\Director\
Long name: SwDir.dll
Short name: SWDIR.DLL
Date (created): 1/9/2004 4:39:30 PM
Date (last access): 2/26/2006
Date (last write): 2/11/2003 6:02:58 AM
Filesize: 32768
Attributes: archive
MD5: 92FA0AE21D3A08B65D291724AA7D0E43
CRC32: 7B63A9DB
Version: 8.5.1.102

{31564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINNT\Downloaded Program Files\wmvax.inf
Codebase: http://codecs.microsoft.com/codecs/i386/wmvax.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class)
DPF name:
CLSID name: EPUImageControl Class
Installer: C:\WINNT\Downloaded Program Files\EPUWALcontrol.inf
Codebase: http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
description:
classification: Legitimate
known filename: EPUWalcontrol.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINNT\Downloaded Program Files\
Long name: EPUWALcontrol.dll
Short name: EPUWAL~1.DLL
Date (created): 8/13/2004 6:10:50 PM
Date (last access): 2/28/2006
Date (last write): 8/13/2004 6:10:50 PM
Filesize: 894544
Attributes: archive
MD5: 540A29546F451463084FB90486271620
CRC32: 8A4BE0F3
Version: 1.0.3.12

{6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class)
DPF name:
CLSID name: Ofoto Upload Manager Class
Installer: C:\WINNT\Downloaded Program Files\axofupld.inf
Codebase: http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
description:
classification: Open for discussion
known filename: axofupld.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINNT\Downloaded Program Files\
Long name: axofupld.dll
Short name:
Date (created): 6/16/2005 10:00:06 AM
Date (last access): 2/28/2006
Date (last write): 6/16/2005 10:00:06 AM
Filesize: 184392
Attributes: archive
MD5: D4477289D752C66F686D0F9F1580A3C6
CRC32: 688A020E
Version: 1.0.1.54

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_03
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.2_03\bin\
Long name: NPJPI142_03.dll
Short name: NPJPI1~1.DLL
Date (created): 11/19/2003 5:48:18 PM
Date (last access): 2/28/2006
Date (last write): 11/19/2003 5:48:12 PM
Filesize: 65650
Attributes: archive
MD5: 2AD31341BE41AC9B086128AD86A2B53F
CRC32: 081CFB35
Version: 1.4.2.30

{90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player)
DPF name:
CLSID name: InstallShield International Setup Player
Installer: C:\WINNT\Downloaded Program Files\isetup.inf
Codebase: http://www.lowrance.com/Software/Upgrades/LCX/LCX-15MT_290/isetup.cab
description:
classification: Open for discussion
known filename: isetup.dll
info link:
info source: Safer Networking Ltd.
Path: c:\winnt\DOWNLO~1\
Long name: iSetup.dll
Short name: ISETUP.DLL
Date (created): 2/13/2002 12:19:22 PM
Date (last access): 2/28/2006
Date (last write): 2/13/2002 12:19:22 PM
Filesize: 24576
Attributes: archive
MD5: 5A45F3DF25206A590ED4A94E7C3FC968
CRC32: FAD8DC6C
Version: 6.31.100.1195

{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_03
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi142_03.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.2_03\bin\
Long name: NPJPI142_03.dll
Short name: NPJPI1~1.DLL
Date (created): 11/19/2003 5:48:18 PM
Date (last access): 2/28/2006
Date (last write): 11/19/2003 5:48:12 PM
Filesize: 65650
Attributes: archive
MD5: 2AD31341BE41AC9B086128AD86A2B53F
CRC32: 081CFB35
Version: 1.4.2.30

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINNT\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINNT\system32\macromed\flash\
Long name: Flash.ocx
Short name: FLASH.OCX
Date (created): 6/9/2004 3:59:26 PM
Date (last access): 2/26/2006
Date (last write): 6/9/2004 3:59:26 PM
Filesize: 939224
Attributes: archive
MD5: FC3E17E12C2E31FAC34B416B3DAB829F
CRC32: D1CF3A57
Version: 7.0.19.0

{D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class)
DPF name:
CLSID name: Uploader Class
Installer: C:\WINNT\Downloaded Program Files\WebUploadClient.inf
Codebase: http://photo.walmart.com/photo/uploads/WebUploadClient.cab
description:
classification: Legitimate
known filename: WebUploadClient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINNT\Downloaded Program Files\
Long name: WebUploadClient.dll
Short name: WEBUPL~1.DLL
Date (created): 11/2/2004 3:40:06 PM
Date (last access): 2/28/2006
Date (last write): 11/2/2004 3:40:06 PM
Filesize: 3596288
Attributes: archive
MD5: 7BC785346638E83A435034B37D23D7D1
CRC32: C79AC920
Version: 2.0.0.8

 

[dbain21]

my Spybot log (part 2 of 4)

--- Process list ---
PID: 0 ( 0) [System]
PID: 132 ( 8) \SystemRoot\System32\smss.exe
PID: 160 ( 132) \??\C:\WINNT\system32\csrss.exe
PID: 180 ( 132) \??\C:\WINNT\system32\winlogon.exe
PID: 208 ( 180) C:\WINNT\system32\services.exe
size: 89360
MD5: CFED2D28F5B8A24127E9E06043070643
PID: 220 ( 180) C:\WINNT\system32\lsass.exe
size: 33552
MD5: 0C13D582EDAF90CBEA454A1AC535B913
PID: 352 ( 208) C:\WINNT\system32\svchost.exe
size: 7952
MD5: 9E64AD53CFD9DA2D22E8A924F8C6E62C
PID: 400 ( 208) C:\WINNT\System32\WBEM\WinMgmt.exe
size: 196706
MD5: 05B2001E1BC653FD6091E741B46F71B4
PID: 320 ( 180) C:\Program Files\LANDesk\LDClient\softmon.exe
size: 126976
MD5: D2E4813019D27117165FEC79BAED8E60
PID: 248 ( 192) C:\WINNT\Explorer.EXE
size: 243472
MD5: 59CF2B7DCED9111F48F51B4B570E672D
PID: 336 ( 248) C:\WINNT\system32\NOTEPAD.EXE
size: 50960
MD5: CF8C98E8B3979F15DF77A7DE2E51BCC1
PID: 368 ( 248) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 8 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 2/28/2006 8:38:35 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://search.msn.com/spbasic.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINNT\SYSTEM32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://jump.altavista.com/avie5/searchpane
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\msafd.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]

Protocol 1: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A2DFE529-9285-46FD-ABE0-5EFA38506366}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A2DFE529-9285-46FD-ABE0-5EFA38506366}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{54F951AF-BFDF-4F38-8B39-4C23870DD3AE}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{54F951AF-BFDF-4F38-8B39-4C23870DD3AE}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5489AF3E-3AC0-4ED6-A9A5-3D4382786750}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5489AF3E-3AC0-4ED6-A9A5-3D4382786750}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{51BF02E9-4DFF-4BD3-82DE-66FC7B02301B}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{51BF02E9-4DFF-4BD3-82DE-66FC7B02301B}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{97BC342A-2833-4EC7-B573-13575F98E380}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{97BC342A-2833-4EC7-B573-13575F98E380}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{08BD46D6-4BB0-4346-8D6F-F6FD2A7145BC}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{08BD46D6-4BB0-4346-8D6F-F6FD2A7145BC}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{255B3422-FF8D-48EF-9AEE-4DCA088141BE}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{255B3422-FF8D-48EF-9AEE-4DCA088141BE}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\msafd.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\rnr20.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS



--- Uninstall list ---
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

AOL Instant Messenger (AOL Instant Messenger)
uninstall cmd: C:\Program Files\instant messenger\uninstll.exe -LOG= C:\Program Files\instant messenger\install.log -OEM=

Apple II Oasis (Apple II Oasis)
uninstall cmd: C:\Oldgames\emulators\appleII\AppleII_Oasis\SETUP.EXE /uninstall

Disney's Arcade Frenzy (Arcade Frenzy)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\Disney Interactive\Arcade Frenzy\DeIsL1.isu" -c"C:\Program Files\Disney Interactive\Arcade Frenzy\Uninst.dll

ATI Display Driver (ATI Display Driver)

ATI Win2k Display Driver (ATI Mach64 Display Driver)
uninstall cmd: rundll32 C:\WINNT\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -inf_classISPLAY

(Branding)

(BVNTServer)

Cisco Aironet Installation Wizard (CiscoInstallWizard)
uninstall cmd: C:\WINNT\Cisco\DInstall\Setup.exe /cp

Citrix ICA Client (Citrix ICA Client)
uninstall cmd: C:\WINNT\ISUNINST.EXE -fC:\PROGRA~1\Citrix\ICACLI~1\Uninst.isu -cC:\PROGRA~1\Citrix\ICACLI~1\uninstpn.dll

Citrix ICA Web Client (Citrix ICA Web Client)
uninstall cmd: C:\WINNT\System32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf

IBM AS/400 Client Access Express for Windows (ClientAccessExpress)
uninstall cmd: "C:\Program Files\IBM\Client Access\cwbinarp.exe"

(ClientAccessExpressREDIST)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL11.isu"

(ClientAccessV3R1M05250 Display and Printer Emulator)
uninstall cmd: C:\WINNT\uninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL4.isu"

Clinical Pharmacology (Clinical Pharmacology)
uninstall cmd: C:\WINNT\IsUninst.exe -fg:\apps\CPWIN\Uninst.isu

CliniTrend Report Files (CliniTrend Report Files)
uninstall cmd: G:\Ctnet\CLINIT~1\CLINIT~1\rpt\UNWISE.EXE G:\Ctnet\CLINIT~1\CLINIT~1\rpt\INSTALL.LOG

CliniTrend Server Components (CliniTrend Server Components)
uninstall cmd: G:\Ctnet\CLINIT~1\UNWISE.EXE G:\Ctnet\CLINIT~1\INSTALL.LOG

Compaq Diagnostics For Windows NT (Compaq Diagnostics For Windows NT)
uninstall cmd: C:\WINNT\uninst.exe -fC:\WINNT\Cpqdiag\DeIsL1.isu -cC:\WINNT\Cpqdiag\_ISREG32.DLL

Compaq Internet Favorites (Compaq Internet Favorites)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\Compaq\Compaq Internet Favorites\Uninst.isu"

(Connection Manager)

CPUKILLER 2.05 (CPUKILLER 2.05_is1)
uninstall cmd: "C:\WINNT\UNISTB32.EXE" /U "C:\Program Files\Cpukiller\UNINST0.000" "C:\Program Files\Cpukiller\UNINST1.000"

CRS Advisor for Windows (CRS Advisor for Windows)
uninstall cmd: R:\Clinref\Wksetup\UNINSTAL.EXE C:\WINNT\crsinst.log

(DirectAnimation)

(DirectDrawEx)

NortelFrameSwitch Device Manager (DMV2)
uninstall cmd: C:\WINNT\uninst.exe -fC:\DM\DeIsL2.isu

(DXM_Runtime)

Ixia Performance Endpoint for Windows 6.10.15.068 (Endpoint)
version (major): 6
version (minor): 10
install location: C:\Program Files\Ixia\Endpoint
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\Ixia\Endpoint\DeIsL1.isu" -c"C:\Program Files\Ixia\Endpoint\NPE_unst.dll"
publisher: http://www.ixiacom.com
comments: Copyright (C) Ixia 2003-2005
NetIQ Corporation 1995-2003
help link: http://www.ixiacom.com/support
help telephone: 1 (877) 367 4942

Ethereal 0.10.9 0.10.9 (Ethereal)
uninstall cmd: "C:\Program Files\Ethereal\uninstall.exe"
publisher: The Ethereal developer community, http://www.ethereal.com
help link: mailto:ethereal-users@ethereal.com

CA eTrust Antivirus (eTrust Antivirus)
uninstall cmd: C:\WINNT\IsUninst.exe -fC:\Inoculan\Uninst.isu -c"C:\Inoculan\InoSetup.dll"

ewido anti-malware (ewidoantimalware)
install location: C:\Program Files\ewido anti-malware
uninstall cmd: C:\Program Files\ewido anti-malware\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

(expinst)

ffdshow 20051221 (ffdshow)
install location: C:\Program Files\ffdshow
uninstall cmd: "C:\Program Files\ffdshow\uninstall.exe"
publisher: Milan Cutka

(Fontcore)

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Program Files\Hijackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

Hijackthis 1.99.1 (Hijackthis_is1)
install location: C:\Program Files\Hijackthis\
uninstall cmd: "C:\Program Files\Hijackthis\unins000.exe"
publisher: Soeperman Enterprises Ltd
help link: http://www.merijn.org

 

[dbain21]

my Spybot log (part 3 of 4)

HotKey Support Software 1.00.G1 (HotKey Support Software 1.00.G1)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\Compaq\HotKey Software\Uninst.isu"

HyperLoad (HyperLoad)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\Nabisco\HyperLoad\Uninst.isu"

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(IEREADME)

igiBall (igiBall)
uninstall cmd: C:\igiBall\uninstall.exe

(InstallShield Uninstall Information)

Scheduler Plus Data Components 8.50.0 (InstallShield_{1940D6E6-CFD0-4C33-AF8F-10ABBDC4710C})
version: 137494528
version (major): 8
version (minor): 50
estimated size: 16676
install date: 20040224
install source: D:\DataComponents\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1940D6E6-CFD0-4C33-AF8F-10ABBDC4710C}
publisher: CEO Software Inc.
comments: Your Comments
contact: Customer Support Department
help link: http://www.ceosoft.com/support
help telephone: 1-520-296-7577
readme: Readme.txt

Instant Messenger (Instant Messenger)
uninstall cmd: c:\program files\instant messenger\uninstll.exe -LOG= c:\program files\instant messenger\install.log -OEM=Instant Messenger

Intel SpeedStep technology Applet (Intel SpeedStep technology Applet)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\WINNT\System32\Intel(R) SpeedStep(TM) technology Applet.isu"

InterVideo WinDVD (InterVideo WinDVD)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\InterVideo\WinDVD\Uninst.isu"

IPSU (IPSU)
uninstall cmd: C:\WINNT\IsUninst.exe -fC:\Cisco\IPSU\Uninst.isu

(Java Client)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\Elron Software\WI Administration Console\Uninst.isu"

Java Device Manager 1.0.0.0 (Java Device Manager)
install date: Mon Jul 28 09:09:36 EDT 2003
install location: C:\Program Files\JDM
uninstall cmd: "C:\Program Files\JDM\UninstallerData\Uninstall Java Device Manager.exe"
publisher: Nortel Networks
contact: ylee@nortelnetworks.com

Java Web Start (Java Web Start)
uninstall cmd: "C:\Program Files\Java Web Start\uninst-javaws.exe"

Device Manager (JDMDeinstKey)
uninstall cmd: C:\WINNT\uninst.exe -f"C:\Program Files\JDM\DeIsL1.isu"

Java 2 Runtime Environment Standard Edition v1.3 (JRE 1.3)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3\Uninst.isu"

Java 2 Runtime Environment Standard Edition v1.3.1_02 (JRE 1.3.1_02)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_02\Uninst.isu"

Windows 2000 Hotfix - KB823980 20030705.101654 (KB823980)
uninstall cmd: C:\WINNT\$NtUninstallKB823980$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=823980

Windows 2000 Hotfix - KB824146 20030823.144456 (KB824146)
uninstall cmd: C:\WINNT\$NtUninstallKB824146$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=824146

Windows 2000 Hotfix - KB828741 20040311.130332 (KB828741)
uninstall cmd: C:\WINNT\$NtUninstallKB828741$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=828741

Windows 2000 Hotfix - KB835732 20040323.171849 (KB835732)
uninstall cmd: C:\WINNT\$NtUninstallKB835732$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=835732

Windows 2000 Hotfix - KB837001 (KB837001)
uninstall cmd: C:\WINNT\$NtUninstallKB837001$\spuninst\spuninst.exe
publisher: Microsoft Corporation

Windows 2000 Hotfix - KB840315 20040622.153749 (KB840315)
uninstall cmd: C:\WINNT\$NtUninstallKB840315$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=840315

Windows 2000 Hotfix - KB841873 20040610.95344 (KB841873)
uninstall cmd: C:\WINNT\$NtUninstallKB841873$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=841873

Windows 2000 Hotfix - KB867282 20050127.163319 (KB867282-IE6SP1-20050127.163319)
uninstall cmd: C:\WINNT\$NtUninstallKB867282-IE6SP1-20050127.163319$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=867282

Windows 2000 Hotfix - KB873333 20050113.171731 (KB873333)
uninstall cmd: C:\WINNT\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333

Windows 2000 Hotfix - KB885250 20050119.234138 (KB885250)
uninstall cmd: C:\WINNT\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

Windows 2000 Hotfix - KB885834 20050117.204201 (KB885834)
uninstall cmd: C:\WINNT\$NtUninstallKB885834$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885834

Windows 2000 Hotfix - KB888113 20041116.23251 (KB888113)
uninstall cmd: C:\WINNT\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Windows 2000 Hotfix - KB890175 20041122.80359 (KB890175)
uninstall cmd: C:\WINNT\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175

Windows 2000 Hotfix - KB891711 20041229.10717 (KB891711)
uninstall cmd: C:\WINNT\$NtUninstallKB891711$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891711

Windows 2000 Hotfix - KB891781 20050113.171736 (KB891781)
uninstall cmd: C:\WINNT\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Windows 2000 Hotfix - KB893066 20050512.44451 (KB893066)
uninstall cmd: "C:\WINNT\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066

Windows 2000 Hotfix - KB896358 20050421.70926 (KB896358)
uninstall cmd: "C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Windows 2000 Hotfix - KB896422 20050503.23608 (KB896422)
uninstall cmd: "C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Windows 2000 Hotfix - KB896423 20050713.01536 (KB896423)
uninstall cmd: "C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Windows 2000 Hotfix - KB896727 20050719.165959 (KB896727-IE6SP1-20050719.165959)
uninstall cmd: "C:\WINNT\$NtUninstallKB896727-IE6SP1-20050719.165959$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=896727

Windows 2000 Hotfix - KB899588 20050628.234036 (KB899588)
uninstall cmd: "C:\WINNT\$NtUninstallKB899588$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899588

Windows 2000 Hotfix - KB901214 20050629.02152 (KB901214)
uninstall cmd: "C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Lexmark Printer Software Uninstall (Lexmark Printer Software Uninstall)
uninstall cmd: C:\Program Files\Lexmark\Install\Uninstall.exe

LiveAdvisor (Symantec Corporation) 1.0.0.777 (LiveAdvisor)
install location: C:\Program Files\Common Files\Symantec Shared\LiveAdvisor
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveAdvisor\VcSetup.exe /REMOVE
publisher: Symantec Corporation

LiveUpdate (LiveUpdate)
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\Uninst.exe -u

Access Server Loader (LOADERv1.1A)
uninstall cmd: C:\WINNT\uninst.exe -f"C:\Program Files\Digital\Access Server Loader\DeIsL1.isu"

Compaq 56K (V.90) Mini PCI Modem (LTWinModem)
uninstall cmd: C:\WINNT\ltremove.exe

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

Mozilla Firefox (1.5) 1.5 (en-US) (Mozilla Firefox (1.5))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\WINNT\UninstallFirefox.exe /ua "1.5 (en-US)"
publisher: Mozilla

(MPlayer2)

(MsJavaVM)

NASCAR® Racing 4 (NASCAR Racing 4)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Papyrus\NASCAR Racing 4\Uninst.isu"

(NetMeeting)

Nostalgia, an Intellivision Emulator (Nostalgia, an Intellivision Emulator)
uninstall cmd: "C:\WINNT\System32\SpoonUninstall.exe" <uninstall>C:\WINNT\System32\SpoonUninstall-Nostalgia, an Intellivision Emulator.dat

KODAK EASYSHARE Gallery Upload ActiveX Control (OfotoEZUpload)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINNT\Downloaded Program Files\axofupld.inf, Uninstall

Out of the Park Baseball 6 (Out of the Park Baseball 6)
uninstall cmd: C:\ootp6\UNWISE.EXE C:\ootp6\INSTALL.LOG

(OutlookExpress)

PCFriendly (PCFriendly)
uninstall cmd: C:\Program Files\PCFriendly\inuninst.exe

Compaq PowerCon Enhancements V1.00 (PowerConEnhancementsDeinst)
uninstall cmd: C:\WINNT\uninst.exe -f"C:\Program Files\Compaq\PowerCon Enhancements\DeIsL1.isu"

Microsoft PowerPoint Viewer 97 (PPTView97)
uninstall cmd: C:\Program Files\PowerPoint Viewer\setup\setup.exe

Intel(R) PRO Ethernet Adapter and Software (PROSet)
uninstall cmd: Prounstl.exe

Ixia Qcheck 3.0.1.42 (Qcheck)
version (major): 3
install location: C:\Program Files\Ixia\Qcheck
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\Ixia\Qcheck\DeIsL1.isu" -c"C:\Program Files\Ixia\Qcheck\QC_unst.dll"
publisher: http://www.ixiacom.com
comments: Copyright © 1997-2004 IXIA
help link: http://www.ixiacom.com/support
help telephone: 1 (877) 367-4942

QuickTime (QuickTime)
uninstall cmd: C:\WINNT\unvise32qt.exe C:\WINNT\System32\QuickTime\Uninstall.log

RealPlayer Basic (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0

Compaq Safety & Comfort Guide (Safety & Comfort Guide)
uninstall cmd: C:\WINNT\IsUninst.exe -fC:\WINNT\HELP\Scgunins.isu

(SchedulingAgent)

Compaq Security (SecurityDeinst)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\Compaq\Security\DeIsL1.isu" -c"C:\Program Files\Compaq\Security\uninst32.dll"

Access Server Manager (SERVv2.4)
uninstall cmd: C:\WINNT\uninst.exe -f"C:\Program Files\Digital\Access Server Manager\DeIsL1.isu"

Shockwave (Shockwave)
uninstall cmd: C:\WINNT\SYSTEM32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINNT\SYSTEM32\MACROMED\SHOCKW~1\Install.log

(ShockwaveFlash)

SideWinder Precision Racing Wheel (SideWinder Precision Racing Wheel)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\Microsoft Hardware\Game Controllers\Precision Racing Wheel\Uninst.isu" -c"C:\Program Files\Microsoft Hardware\Game Controllers\Precision Racing Wheel\Uninstall.dll"

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

SpywareBlaster v3.4 3.4.0 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC

gamebase64 v1.2 (ST6UNST #1)
uninstall cmd: C:\WINNT\st6unst.exe -n "C:\Program Files\gamebase64\ST6UNST.LOG"

MAME Classic (ST6UNST #2)
uninstall cmd: C:\WINNT\st6unst.exe -n "C:\Oldgames\arcade\mameclassic\ST6UNST.LOG"

MAME Classic (C:\Program Files\MAME Classic\) (ST6UNST #3)
uninstall cmd: C:\WINNT\st6unst.exe -n "C:\Program Files\MAME Classic\ST6UNST.LOG"

gamebase64 v1.2 (C:\Program Files\gamebase64\) (ST6UNST #4)
uninstall cmd: C:\WINNT\st6unst.exe -n "C:\Program Files\gamebase64\ST6UNST.000"

Synaptics TouchPad (SynTPDeinstKey)
uninstall cmd: C:\WINNT\uninst.exe -f"C:\Program Files\Synaptics\DeIsL1.isu" -c"C:\Program Files\Synaptics\SynTP\SynISDLL.dll

Viewpoint Media Player (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u

Microsoft Visual Basic .NET Standard 2003 - English (Visual Basic .NET Standard 2003 - English)
install location: C:\Program Files\Microsoft Visual Studio .NET 2003\
uninstall cmd: "C:\Program Files\Microsoft Visual Studio .NET 2003\Setup\Visual Basic .NET Standard 2003 - English\setup.exe" /MaintMode
publisher: Microsoft
help link: http://support.microsoft.com/default.aspx?scid=FH;EN-US;vsnet&SD=GN&FR=0&LN=EN-US
readme: C:\Program Files\Microsoft Visual Studio .NET 2003\readme.htm

CSync (WhenUCSync)
uninstall cmd: C:\Program Files\ClockSync\Sync.exe /u

Windows 2000 Service Pack 4 (Windows 2000 Service Pack)
uninstall cmd: C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe

Compaq Remote Services (WinNT Remote Services Deinstall Key)
uninstall cmd: C:\WINNT\uninst.exe -fC:\WINNT\cpqwin\cpqrs\DeIsL1.isu -c"C:\WINNT\cpqwin\cpqrs\uninst32.dll

WinPcap 3.1 3.1.0.27 (WinPcapInst)
uninstall cmd: C:\Program Files\WinPcap\uninstall.exe
publisher: CACE Technologies

WinZip (WinZip)
uninstall cmd: "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

Windows Media Player system update (9 Series) (WMP7)
uninstall cmd: C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall

Ipswitch WS_FTP LE (WS_FTP LE)
uninstall cmd: C:\WINNT\IsUninst.exe -f"C:\Program Files\WS_FTP\Uninst.isu"

Microsoft Office 2000 SR-1 Professional 9.00.3821 ({00010409-78E1-11D2-B60F-006097C998E7})
version: 150998765
version (major): 9
estimated size: 193738
install date: 20040902
install source: D:\
uninstall cmd: MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office\ofread9.txt

Clip Art and Symbols 6.0.1000 ({03E27B31-28C0-11D3-8F72-00C04F8DD7E3})
version: 100664296
version (major): 6
estimated size: 1328
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Callouts and Connectors 6.0.1000 ({03E27B32-28C0-11D3-8F72-00C04F8DD7E3})
version: 100664296
version (major): 6
estimated size: 280
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Borders and Backgrounds 6.0.1000 ({03E27B33-28C0-11D3-8F72-00C04F8DD7E3})
version: 100664296
version (major): 6
estimated size: 1344
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Program Files Professional 6.0.1000 ({15D5B241-07BC-45D2-9D85-4CF906079E16})
version: 100664296
version (major): 6
estimated size: 32
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Microsoft FrontPage Client - English 7.00.9209 ({17B66E83-1BC9-11D5-A54A-0090278A1BB8})
version: 117449721
version (major): 7
estimated size: 1457
install date: 20050131
install source: d:\
publisher: Microsoft

AutoUpdate 1.1 ({18D10072035C4515918F7E37EAFAACFC})
install location: C:\Program Files\DivX

Scheduler Plus Data Components 8.50.0 ({1940D6E6-CFD0-4C33-AF8F-10ABBDC4710C})
version: 137494528
version (major): 8
version (minor): 50
estimated size: 16676
install date: 20040224
install source: D:\DataComponents\
publisher: CEO Software Inc.
comments: Your Comments
contact: Customer Support Department
help link: http://www.ceosoft.com/support
help telephone: 1-520-296-7577
readme: Readme.txt

Software Design 6.0.1000 ({1AEB7BA0-53C8-4F0A-0000-00D0B7CE9FA8})
version: 100664296
version (major): 6
estimated size: 9490
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

CAD Drawing Display 6.0.1000 ({26DC3A40-3ECC-11D3-A300-006008A88CA8})
version: 100664296
version (major): 6
estimated size: 8616
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Block Diagrams 6.0.1000 ({273E1BA0-0415-11D3-A2E3-006008A88CA8})
version: 100664296
version (major): 6
estimated size: 1584
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

({2ACB03BE-4D55-11D4-8272-00C04F72E405})

Help for Visio 2000 (HTML Help) 6.0.0.1 ({2B8697EA-453E-11D3-8CE1-00C04F72C04D})
version: 100663296
version (major): 6
estimated size: 2285
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Project Schedules 6.0.1000 ({2DBB37E1-3B9A-11D3-A318-006008A88CA8})
version: 100664296
version (major): 6
estimated size: 3704
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Database Design Help 6.0.1000 ({309FB294-387C-4DB4-B1DA-60E7432ECF94})
version: 100664296
version (major): 6
estimated size: 779
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

CA Licensing 1.52 ({30C10EE3-EFB3-4B7A-9CDC-50790C2B5200})
version: 20185088
version (major): 1
version (minor): 52
estimated size: 1455
install date: 20030805
install source: D:\Bin\LICENSE\Lang\EN\
publisher: Computer Associates International, Inc.
comments: 0
contact: 0
help link: http://esupport.ca.com
help telephone: 0
readme: 0

Advanced Network Diagramming 6.0.1000 ({325C4969-4808-4A87-9547-F58620C444CA})
version: 100664296
version (major): 6
estimated size: 6928
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Scheduler Plus 8.50.00 ({3DDA504D-ADB6-4912-834B-2F9EBAFC6CF4})
version: 137494528
version (major): 8
version (minor): 50
estimated size: 151801
install date: 20040224
install location: C:\Program Files\CEO Software Inc\Scheduler Plus\
install source: D:\DataComponents\Workstation\
uninstall cmd: MsiExec.exe /I{3DDA504D-ADB6-4912-834B-2F9EBAFC6CF4}
publisher: CEO Software, Inc.
comments: Your Comments
contact: Customer Support Department
help link: http://www.ceosoft.com/
help telephone: 1-520-296-7577

LANDesk(R) Common Base Agent 8 8.5.0.19 ({45734758-4041-4EA8-8E62-DE661FC3879C})
version: 134545408
version (major): 8
version (minor): 5
estimated size: 3016
install date: 20050819
install source: C:\Program Files\LANDesk\LDClient\
publisher: LANDesk Software, Ltd
comments: Common Base Agent 8 Install
contact: LANDesk Software, Ltd

 

[dbain21]

my Spybot log (part 4 of 4)

McAfee WebShield appliance v3.0 Client 3.0.790 ({4EDCDA17-DDDC-48D9-B59B-1A2B923A9F14})
version: 50332438
version (major): 3
estimated size: 9792
install date: 20050830
install source: C:\Program Files\Common Files\Wise Installation Wizard\
uninstall cmd: MsiExec.exe /I{4EDCDA17-DDDC-48D9-B59B-1A2B923A9F14}
publisher: Copyright (C) 2004 Networks Associates Technology Inc. All rights reserved.

Internet Diagrams 6.0.1000 ({5062141B-52D6-4DF2-A6A6-2200202B495C})
version: 100664296
version (major): 6
estimated size: 728
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Microsoft AntiSpyware 1.0 ({536F7C74-844B-4683-B0C5-EA39E19A6FE3})
version: 16777216
version (major): 1
estimated size: 15151
install date: 20050211
install location: C:\Program Files\Microsoft AntiSpyware\
install source: C:\WINNT\Downloaded Installations\{80198C48-0633-46B5-A2A4-EB62DAA02D78}\
uninstall cmd: MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
publisher: Microsoft Corporation
contact: Microsoft Support
help link: http://www.microsoft.com

Block Diagrams Help 6.0.1000 ({5430FF10-2B31-11D3-8F75-00C04F8DD7E3})
version: 100664296
version (major): 6
estimated size: 394
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Flowcharts Help 6.0.1000 ({5430FF11-2B31-11D3-8F75-00C04F8DD7E3})
version: 100664296
version (major): 6
estimated size: 1095
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Forms and Charts Help 6.0.1000 ({5430FF12-2B31-11D3-8F75-00C04F8DD7E3})
version: 100664296
version (major): 6
estimated size: 723
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Maps Help 6.0.1000 ({5430FF13-2B31-11D3-8F75-00C04F8DD7E3})
version: 100664296
version (major): 6
estimated size: 602
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Network Diagrams Help 6.0.1000 ({5430FF14-2B31-11D3-8F75-00C04F8DD7E3})
version: 100664296
version (major): 6
estimated size: 265
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Office Layout Help 6.0.1000 ({5430FF15-2B31-11D3-8F75-00C04F8DD7E3})
version: 100664296
version (major): 6
estimated size: 209
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Organization Charts Help 6.0.1000 ({5430FF16-2B31-11D3-8F75-00C04F8DD7E3})
version: 100664296
version (major): 6
estimated size: 306
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Project Schedules Help 6.0.1000 ({5430FF17-2B31-11D3-8F75-00C04F8DD7E3})
version: 100664296
version (major): 6
estimated size: 459
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Program Files Help 6.0.1000 ({5430FF21-2B31-11D3-8F75-00C04F8DD7E3})
version: 100664296
version (major): 6
estimated size: 1850
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Shape Explorer Help 6.0.1000 ({5430FF22-2B31-11D3-8F75-00C04F8DD7E3})
version: 100664296
version (major): 6
estimated size: 64
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

MapCreate5 ({59551420-C5FE-11D4-8F65-006008A21261})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59551420-C5FE-11D4-8F65-006008A21261}\Setup.exe"

({5B239A98-4222-4D8C-AF38-1A8EC07F956B})

({5D0930A0-1033-433A-8BB9-602665550DD0})

Release Notes Professional 6.0.1000 ({5DA0672F-B0E6-4014-B044-BBAD2906BDC2})
version: 100664296
version (major): 6
estimated size: 48
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

({6041B9C1-775E-4C6A-AECE-70C39CAED90A})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6041B9C1-775E-4C6A-AECE-70C39CAED90A}\SETUP.EXE"

Easy CD Creator 5 Basic 5.3.1.154 ({609F7AC8-C510-11D4-A788-009027ABA5D0})
version: 83951616
version (major): 5
version (minor): 1
estimated size: 26292
install date: 20030414
install source: D:\
uninstall cmd: MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
publisher: Roxio Inc
help link: http://www.roxio.com/en/support
help telephone:

Remote Desktop Connection 5.1.2600.0 ({60B9A48D-559E-43FA-8F28-D657190E4E52})
version: 83954216
version (major): 5
version (minor): 1
estimated size: 923
install date: 20041005
install source: C:\DOCUME~1\dbain.SMC\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{60B9A48D-559E-43FA-8F28-D657190E4E52}
publisher: Microsoft
help link: http://www.microsoft.com
help telephone: http://www.microsoft.com/support

({62369F2F77534556AEF4C58152E3BDE5})

Program Files 06.00.1001 ({63EF6DD2-F1F1-11D2-9F29-006008A88EC8})
version: 100664297
version (major): 6
estimated size: 6610
install date: 20001129
install source: S:\Visio\bin\
publisher: Microsoft Corporation
help link: http://www.visio.com
help telephone: (206) 555-5555

WebFldrs 9.00.3501 ({6F716D8C-398F-11D3-85E1-005004838609})
version: 150998445
version (major): 9
estimated size: 2532
install date: 20000223
install source: C:\WINNT\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

Java 2 Runtime Environment, SE v1.4.2_03 1.4.2_03 ({7148F0A8-6813-11D6-A77B-00B0D0142030})
version (major): 1
version (minor): 4
estimated size: 109960
install date: 20050830
install source: C:\Documents and Settings\dbain.SMC\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\
uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
publisher: Sun Microsystems, Inc.
comments: http://www.java.com
contact: http://www.java.com
help link: http://www.java.com
help telephone: http://www.java.com
readme: Readme.txt

MSXML 4.0 SP2 Parser and SDK 4.20.9818.0 ({716E0306-8318-4364-8B8F-0CC4E9376BAC})
version: 68429402
version (major): 4
version (minor): 20
estimated size: 1334
install date: 20040810
install source: C:\WINNT\System32\Patches\
uninstall cmd: MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
publisher: Microsoft Corporation
help link: http://www.msdn.microsoft.com/xml

Custom Properties Editor 6.0.1000 ({79DFA170-1854-11D3-8F5D-00C04F8DD7E3})
version: 100664296
version (major): 6
estimated size: 392
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Page Layout Wizard 6.0.1000 ({79DFA174-1854-11D3-8F5D-00C04F8DD7E3})
version: 100664296
version (major): 6
estimated size: 360
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Property Reporting Wizard 6.0.1000 ({79DFA176-1854-11D3-8F5D-00C04F8DD7E3})
version: 100664296
version (major): 6
estimated size: 1432
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Save as HTML 6.0.1000 ({79DFA177-1854-11D3-8F5D-00C04F8DD7E3})
version: 100664296
version (major): 6
estimated size: 2312
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Database Wizard 6.0.1000 ({79DFA179-1854-11D3-8F5D-00C04F8DD7E3})
version: 100664296
version (major): 6
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Graphics Filters 1.0.0.0 ({79DFA17B-1854-11D3-8F5D-00C04F8DD7E3})
version: 16777216
version (major): 1
estimated size: 4968
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Spam Inspector 4.00.000 ({7B426478-8C15-4003-9CFA-CF0EFF590A52})
version: 67108864
install location: C:\Program Files\GIANT Company Software\Spam Inspector
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B426478-8C15-4003-9CFA-CF0EFF590A52}\setup.exe" -l0x9

DivX 6.1 ({7B63B2922B174135AFC0E1377DD81EC2})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
publisher: DivX, Inc.

Visio Core Files 06.00.1000 ({7D3DB7D6-494B-11D3-9F62-006008A88EC8})
version: 100664296
version (major): 6
estimated size: 1920
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation
help link: http://www.visio.com
help telephone: (206) 555-5555

Visio 1.0.0.1 ({7DD40F12-25DC-11D3-9F43-006008A88EC8})
version: 16777216
version (major): 1
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

DefaultProductName 1.0.0 ({7E8833A1-AF24-4CAE-82DF-CFE14C14B94D})
version: 16777216
version (major): 1
estimated size: 4
install date: 20050819
install source: C:\Program Files\LANDesk\LDClient\
uninstall cmd: MsiExec.exe /I{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}
publisher: My Manufacturer
help link: http://www.microsoft.com/management

({828633A1-8064-4AB8-8454-CB3E1B2C6508})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{828633A1-8064-4AB8-8454-CB3E1B2C6508}\Setup.exe"

({8851E12C-0EF9-11D4-A788-009027ABA5D0})

DivX Player 6.0 ({8ADFC4160D694100B5B8A22DE9DCABD9})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
publisher: DivXNetworks, Inc.

MapCreate 6 ({8D7330B0-8CAC-4B44-A6ED-AFAA004B3974})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D7330B0-8CAC-4B44-A6ED-AFAA004B3974}\Setup.exe" -l0x9

VDMSound 2.0.4 2.0.4.0 ({8ECBE643-8230-11D5-9D6B-00A024112F81})
version: 33554436
version (major): 2
estimated size: 1387
install date: 20020912
install source: C:\dosutils\vdmsound\
uninstall cmd: MsiExec.exe /I{8ECBE643-8230-11D5-9D6B-00A024112F81}
publisher: VDMSound Project
comments: VDMSound is a SounBlaster emulator for Windows NT DOS boxes
contact: ntvdm@hotmail.com
help link: http://ntvdm.cjb.net/faq/

Release Notes 6.0.1000 ({922859B1-4A9C-11D3-8662-00C04F8DBAD9})
version: 100664296
version (major): 6
estimated size: 104
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Organization Charts 6.0.1000 ({933DA141-0EEB-11D3-A2EC-006008A88CA8})
version: 100664296
version (major): 6
estimated size: 4296
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

 

[dbain21]

my spybot log (5 of 5)

Forms and Charts 6.0.1000 ({933DA142-0EEB-11D3-A2EC-006008A88CA8})
version: 100664296
version (major): 6
estimated size: 3048
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Flowcharts 6.0.1000 ({933DA144-0EEB-11D3-A2EC-006008A88CA8})
version: 100664296
version (major): 6
estimated size: 3904
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Network Diagrams 6.0.1000 ({933DA145-0EEB-11D3-A2EC-006008A88CA8})
version: 100664296
version (major): 6
estimated size: 2288
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Maps 6.0.1000 ({933DA146-0EEB-11D3-A2EC-006008A88CA8})
version: 100664296
version (major): 6
estimated size: 7544
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Office Layout 6.0.1000 ({933DA147-0EEB-11D3-A2EC-006008A88CA8})
version: 100664296
version (major): 6
estimated size: 1104
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Database Design 6.0.1000 ({9B4FBF34-96D5-4AFB-9DF4-704E02BA4500})
version: 100664296
version (major): 6
estimated size: 10097
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Symantec pcAnywhere 9.0 ({A05E8183-866A-11D3-97DF-0000F8D8F2E9})
version: 150994944
version (major): 9
estimated size: 13900
install date: 20001129
install source: D:\Installs\PCANYW~5\Pca32\CD\disk1\
uninstall cmd: MsiExec.exe /I{A05E8183-866A-11D3-97DF-0000F8D8F2E9}
publisher: Symantec
help link: http://www.symantec.com

Adobe Acrobat 7.0.1 and Reader 7.0.1 Update 7.0.2 ({AC76BA86-0000-7EC8-7489-000000000702})
version: 117440514
version (major): 7
estimated size: 1849
install date: 20050822
install source: C:\Program Files\Adobe\{0C55731F-7B21-4936-839A-BA09B2EAED59}\
uninstall cmd: MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000702}
publisher: Adobe Systems
comments: Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-800-833-6687

Adobe Acrobat 7.0.2 and Reader 7.0.2 Update 7.0.3 ({AC76BA86-0000-7EC8-7489-000000000703})
version: 117440515
version (major): 7
estimated size: 2461
install date: 20050822
install source: C:\Program Files\Adobe\{AC703000-70F3-4E65-BC6A-CF781045277C}\
uninstall cmd: MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000703}
publisher: Adobe Systems
comments: Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-800-833-6687

Adobe Acrobat 7.0.3 and Reader 7.0.3 Update 7.0.4 ({AC76BA86-0000-7EC8-7489-000000000704})
version: 117440516
version (major): 7
estimated size: 643
install date: 20050822
install source: C:\Program Files\Adobe\{3CC01997-F7D2-42A3-9618-81FA1CC15D3F}\
uninstall cmd: MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000704}
publisher: Adobe Systems
comments: Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
contact: Customer Support
help link: http://www.adobe.com/support/main.html
help telephone: 1-800-833-6687

Adobe Reader 7.0 7.0.0 ({AC76BA86-7AD7-1033-7B44-A70000000000})
version: 117440512
version (major): 7
estimated size: 64099
install date: 20050802
install location: C:\Program Files\Adobe\Acrobat 7.0\Reader\
install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU_\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
publisher: Adobe Systems Incorporated
comments:
contact:
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

Software Design Help 6.0.1000 ({B06EC9B5-4736-4993-B513-E060A8B1F6F9})
version: 100664296
version (major): 6
estimated size: 1712
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

({B13A7C41581B411290FBC0395694E2A9})

Callouts and Connectors Help 6.0.1000 ({BAC869E2-3A0C-11D3-A315-006008A88CA8})
version: 100664296
version (major): 6
estimated size: 113
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Clip Art and Symbols Help 6.0.1000 ({BAC869E6-3A0C-11D3-A315-006008A88CA8})
version: 100664296
version (major): 6
estimated size: 121
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Internet Diagrams Help 6.0.1000 ({BCF67D2B-02E3-4376-8D03-2980EE522083})
version: 100664296
version (major): 6
estimated size: 225
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Borders and Backgrounds Help 6.0.1000 ({C2A5CE58-3A13-11D3-A315-006008A88CA8})
version: 100664296
version (major): 6
estimated size: 209
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Developing Visio Solutions Help 6.0.1000 ({C5205EE1-2B3E-11D3-8F75-00C04F8DD7E3})
version: 100664296
version (major): 6
estimated size: 1424
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Microsoft .NET Framework 1.1 1.1.4322 ({CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1})
version: 16847074
version (major): 1
version (minor): 1
estimated size: 40392
install date: 20040224
install source: C:\DOCUME~1\dbain.SMC\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
publisher: Microsoft
readme: file://C:\WINNT\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

({CC908038-FFA9-4553-BA10-65DF3441EFB3})

Directory Services Help 6.0.1000 ({CD648428-0166-462B-9470-E45BEF174FD0})
version: 100664296
version (major): 6
estimated size: 128
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Program Files Professional Help 6.0.1000 ({CDC43360-8331-11D3-8831-00500457F9ED})
version: 100664296
version (major): 6
estimated size: 64
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Advanced Network Diagramming Help 6.0.1000 ({D0832BB9-947C-424E-8B35-8F70B1BEC0C0})
version: 100664296
version (major): 6
estimated size: 426
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Add-ons 1.0.0.0 ({D3AA6C82-2A7E-11D3-8F74-00C04F8DD7E3})
version: 16777216
version (major): 1
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Visual Studio.NET Baseline - English 7.1.3088 ({D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A})
version: 117509136
version (major): 7
version (minor): 1
estimated size: 3667
install date: 20050131
install source: d:\
publisher: Microsoft

Microsoft Visio 2000 06.00.1001 ({DBFA7530-0CBF-11D3-8CC0-00C04F72C04D})
version: 100664297
version (major): 6
estimated size: 923
install date: 20001129
install source: S:\Visio\bin\sp\vim\
uninstall cmd: MSIExec.exe /I {DBFA7530-0CBF-11D3-8CC0-00C04F72C04D}
publisher: Microsoft Corporation

({E01ADB17-4514-401F-ADE2-815946A651D6})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E01ADB17-4514-401F-ADE2-815946A651D6}\Setup.exe"

VBA 6.01.00.1234 ({E44BD710-B71A-11d3-9F79-006008A88EC8})
version: 100728832
version (major): 6
version (minor): 1
estimated size: 5088
install date: 20001129
install source: S:\Visio\BIN\SP\VBA\
publisher: Microsoft Corporation

Microsoft Visual Studio Service Pack 3 6.0.0.4 ({E8814A8F-3B06-11D3-8CD7-00C04F72C04D})
version: 100663296
version (major): 6
estimated size: 4208
install date: 20001129
install source: S:\Visio\BIN\SP\SPCORE\
publisher: Visio Corporation

Java 2 Runtime Environment, SE v1.4.1_02 ({EFCE5837-FC21-11D6-9D24-00010240CE95})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext

Visual Basic .NET Standard 2003 - English 7.1.3088 ({F0620409-8B20-48A0-ACA0-09D5FC90D316})
version: 117509136
version (major): 7
version (minor): 1
estimated size: 427215
install date: 20050131
install location: C:\Program Files\Microsoft Visual Studio .NET 2003\
install source: d:\
publisher: Microsoft

Lowrance LCX-15MT Update ({F29BA34F-A508-4C53-A0BD-F7DCD0D13049})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchiSetup -ether"C:\Program Files\InstallShield Installation Information\{F29BA34F-A508-4C53-A0BD-F7DCD0D13049}" -l0x9

Spam Inspector Outlook Express Edition ({F3CFB7BB-0500-4C3C-B8C2-C30B997FA562})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F3CFB7BB-0500-4C3C-B8C2-C30B997FA562}\Setup.exe"

Solutions 1.0.0.0 ({F4455372-251E-11D3-8F71-00C04F8DD7E3})
version: 16777216
version (major): 1
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

Directory Services 6.0.1000 ({F541CA9B-727A-462E-B066-CDF49B5D2C10})
version: 100664296
version (major): 6
estimated size: 3760
install date: 20001129
install source: S:\Visio\bin\
publisher: Visio Corporation

 

[LonnyRJones]

Looks ok Derek
Are there any problems now ?
There are newer versions of both Microsoft AntiSpyware and Suns java available now

 

[dbain21]

still having issues

Lonny,

My remaining issues are as follows:

unable to launch IE
wallpaper changes to white background while startup tasks are loading

Please advise.

Sincerely,
Derek

 

[LonnyRJones]

Hi

In your first post the ewido log didnt get attached, run the program again have it remove anything found and save the log , post or attach it please.

Wall paper problems, did you do this yet ?
In Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" or security if present. click the apperence tab under Windows and buttons change it to Windows XP style (if not already there)> click apply and OK.

Also it might help to change to another theme, control panel > Display , first page there under themes, change it to something else, apply ok,

Rightclick on your IE shortcut > properties and ensure the command is correct with no additional comments etc..
"C:\Program Files\Internet Explorer\iexplore.exe"

When starting IE is there an error ?

Get a startup list and wpfind log while the pc is in safe mode, reboot to safe mode >
Start Hijackthis click config misc tools >
plcase a check in [X] list also minor sections
and [X] list empty sections, then click gernerate startuplist log.
Download "save" winpfind.zip By OldTimer, from
http://www.bleepingcomputer.com/files/winpfind.php
extract the file inside to the desktop open the winpfind folder run the file
winpfind.exe click scan, post the results.

Reboot back to normal and post or attach those log's

 

[dbain21]

Lonny,

I have pasted the results from the winpfind.txt, startup list log from Hijackthis, and results from Ewido in a post below this one.
(having problems attaching files)

I am running Win2k Pro, so I don't think your suggestions regarding my wallpaper are applicable.

Regarding IE, the shortcut properties are correct. When I start IE, I receive an error message "Microsoft Internet Explorer has encountered a problem and needs to close." I have the option to send a report to Microsoft, debug, etc..

Please advise.

Sincerely,
Derek

 

[dbain21]

Lonny,

I have been unable to send attachments to the site all day today, and unable to patch the log files into a message, either.

Can I send the log files to you via an alternate method?

sincerely,
Derek

 

[LonnyRJones]

Attach them at this forum please, there's no size limit there.
http://www.thespykiller.co.uk/forum/index.php?board=1.0

 

[dbain21]

Lonny,

I was able to post the files at the forum. Here is the link.

Derek


http://www.thespykiller.co.uk/forum/index.php?topic=1250.0

 

[LonnyRJones]

Nothing attached there, either try again or post them here, might have to post half a log at a time if they are to large.

 

[dbain21]

Lonny,

Please check the link below now. I zipped and attached the files.

If you are still unable to view the files, please let me know if there are any other alternatives....

Sincerely,

Derek

http://www.thespykiller.co.uk/forum/...p?topic=1250.0

 

[LonnyRJones]

I lost tract of your thread, sorry

Describe your problems attaching or posting log here.
Mention the current problems (again) please

And if possible post not attach a current hijackthis log

StartupList report, 3/6/2006, 3:26:38 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

--------------------------------------------------
Enumerating Windows NT/2000/XP services
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\System32\services.exe (manual start)
Application Management: %SystemRoot%\system32\services.exe (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\System32\ati2plab.exe (autostart)
ati2mpab: System32\DRIVERS\ati2mpab.sys (manual start)
atirage3: System32\DRIVERS\atimpab.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
pcAnywhere Host Service: C:\Program Files\Symantec\pcAnywhere\awhost32.exe (manual start)
awlegacy: \SystemRoot\System32\Drivers\awlegacy.sys (system)
AW_HOST: system32\drivers\aw_host5.sys (disabled)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k BITSgroup (manual start)
Computer Browser: %SystemRoot%\System32\services.exe (autostart)
CA License Client: C:\CA_LIC\lic98rmt.exe (manual start)
CA License Server: C:\CA_LIC\lic98rmtd.exe (manual start)
LANDesk(R) Management Agent: "C:\Program Files\LANDesk\Shared Files\residentagent.exe" (autostart)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
cdrmkaun: \??\C:\DOCUME~1\dbain.SMC\LOCALS~1\Temp\cdrmkaun.sys (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINNT\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
ClntMgmt: \SystemRoot\System32\Drivers\ClntMgmt.sys (system)
Microsoft ACPI Control Method Battery Driver: System32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery Driver: System32\DRIVERS\compbatt.sys (system)
Compaq Remote Diagnostics Enabling Agent: C:\WINNT\CPQDIAG\CPQDFWAG.EXE (autostart)
DHCP Client: %SystemRoot%\System32\services.exe (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\services.exe (autostart)
Microsoft DirectMusic SW Synth (WDM): system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\services.exe (autostart)
Intel(R) PRO Adapter Driver: System32\DRIVERS\e100bnt5.sys (manual start)
EntDrv50: \??\C:\WINNT\system32\drivers\EntDrv50.sys (manual start)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINNT\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Program Files\ewido anti-malware\guard.sys (system)
ewido security suite guard: C:\Program Files\ewido anti-malware\ewidoguard.exe (autostart)
Fax Service: %systemroot%\system32\faxsvc.exe (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
McAfee Desktop Firewall: \??\C:\WINNT\system32\Drivers\Firehk5x.sys (system)
firelm01: \??\C:\WINNT\system32\drivers\firelm01.sys (manual start)
McAfee Desktop Firewall Policy Manager Driver: System32\Drivers\FirePM.sys (system)
McAfee Desktop Firewall Service: "C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\FireSvc.exe" (autostart)
McAfee Desktop Firewall TDI Driver: \??\C:\WINNT\system32\Drivers\FireTDI.sys (system)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
Microsoft SideWinder Value Add - Filter Driver: System32\DRIVERS\GcKernel.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Microsoft SideWinder Virtual HID Device Mini-Driver: System32\DRIVERS\HIDSwvd.sys (manual start)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (autostart)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
idisw2km: System32\DRIVERS\idisw2km.sys (disabled)
Intel Local Scheduler Service: C:\Program Files\LANDesk\LDClient\LocalSch.EXE (autostart)
Intel PDS: C:\WINNT\system32\CBA\pds.exe (autostart)
Intel QIP Client Service: C:\Program Files\LANDesk\LDClient\qipclnt.exe (autostart)
LANDesk Targeted Multicast: C:\Program Files\LANDesk\LDClient\tmcsvc.exe (autostart)
IntelIde: System32\DRIVERS\intelide.sys (system)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (manual start)
IrDA Protocol: System32\DRIVERS\irda.sys (autostart)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
Infrared Monitor: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Ixia Performance Endpoint: C:\PROGRA~1\Ixia\Endpoint\endpoint.exe (autostart)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: System32\DRIVERS\kbdhid.sys (system)
SMS Virtual Input Device: System32\DRIVERS\kbstuff5.sys (manual start)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\services.exe (autostart)
Workstation: %SystemRoot%\System32\services.exe (autostart)
LicCtrl Service: C:\WINNT\runservice.exe (autostart)
TCP/IP NetBIOS Helper Service: %SystemRoot%\System32\services.exe (autostart)
Event Log Watch: C:\CA_LIC\LogWatNT.exe (autostart)
Lucent Modem Driver: System32\DRIVERS\ltmdmnt.sys (manual start)
ESS Maestro Audio Driver (WDM): system32\drivers\maestro.sys (manual start)
McAfee Framework Service: "C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (autostart)
Network Associates McShield: "C:\Program Files\Network Associates\VirusScan\Mcshield.exe" (autostart)
Network Associates Task Manager: "C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe" (autostart)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
Messenger: %SystemRoot%\System32\services.exe (disabled)
NetMeeting Remote Desktop Sharing: C:\WINNT\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
BDA MPE Filter: System32\DRIVERS\MPE.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINNT\System32\msdtc.exe (manual start)
Windows Installer: C:\WINNT\System32\MsiExec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
NaiAvFilter1: system32\drivers\naiavf5x.sys (manual start)
NaiAvTdi1: system32\drivers\mvstdi5x.sys (system)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (autostart)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Monitor Driver: system32\DRIVERS\NMnt.sys (manual start)
NetGroup Packet Filter Driver: system32\drivers\npf.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
papycpu2: \SystemRoot\system32\drivers\papycpu2.sys (system)
papyjoy: \SystemRoot\system32\drivers\papyjoy.sys (system)
Parallel class driver: System32\DRIVERS\parallel.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (system)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Pcmcia: System32\DRIVERS\pcmcia.sys (system)
Cisco Wireless LAN Adapters Driver: System32\DRIVERS\pcx500.sys (manual start)
Cisco 350 Series Lower Device Filter: System32\DRIVERS\pcx500mp.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Policy Agent: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\services.exe (autostart)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (IrDA Modem): System32\DRIVERS\rasirda.sys (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Microsoft Streaming Network Raw Channel Access: system32\drivers\RCA.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry Service: %SystemRoot%\system32\regsvc.exe (autostart)
Remote Packet Capture Protocol v.0 (experimental): "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe -s (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\system32\MSTask.exe (autostart)
Secdrv: \??\C:\WINNT\System32\drivers\SECDRV.SYS (manual start)
RunAs Service: %SystemRoot%\system32\services.exe (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Serial Mouse Driver: system32\DRIVERS\sermouse.sys (manual start)
Internet Connection Sharing: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Symbol LA-41x1/41x3 Spectrum24 Wireless LAN Card Driver: System32\DRIVERS\Sla41nd5.sys (manual start)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
SMC IrCC Miniport Device Driver: System32\DRIVERS\smcirda.sys (manual start)
Smport: \??\C:\Oldgames\emulators\intelliv\intvwin\Smport.sys (manual start)
SNMP Service: %SystemRoot%\System32\snmp.exe (autostart)
SNMP Trap Service: %SystemRoot%\System32\snmptrap.exe (manual start)
Sony Memory Stick Driver(SONYPVM1): System32\DRIVERS\SONYPVM1.SYS (system)
Sony USB Filter Driver (SONYPVU1): System32\DRIVERS\SONYPVU1.SYS (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
Synaptics TouchPad Driver: System32\DRIVERS\SynTP.sys (manual start)
Microsoft System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Telnet: %SystemRoot%\system32\tlntsvr.exe (manual start)
Distributed Link Tracking Client: %SystemRoot%\system32\services.exe (autostart)
Microsoft USB Universal Host Controller Driver: System32\DRIVERS\uhcd.sys (manual start)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Utility Manager: %SystemRoot%\System32\UtilMan.exe (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Windows Time: %SystemRoot%\System32\services.exe (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
Windows Management Instrumentation: %SystemRoot%\System32\WBEM\WinMgmt.exe (autostart)
WMDM PMSP Service: C:\WINNT\System32\mspmspsv.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\system32\Services.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k wugroup (autostart)
Wireless Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

 

[dbain21]

Lonny,

My remaining issues are as follows:

I am unable to launch IE or Windows Media Player

wallpaper changes to white background while startup tasks are loading
(I'm running Win2k Pro, you advised me to try something that
seems to exist only in WinXP)

Your most recent request was for the following logs:
Ewido, StartupLog from Hijackthis, and winpfind.txt results
I will try to attach them in my next reply, and I also attempted to upload them to the Spykiller forum, at this thread:
http://www.thespykiller.co.uk/forum/...p?topic=1250.0

Please review my log files at your earliest convenience.

Sincerely,
Derek

 

[dbain21]

attempting to attach Ewido, startup logs, and Winpfind.txt results

Derek

 

[LonnyRJones]

I am unable to launch IE or Windows Media Player

expand on that if possible, like what happens when you try to run them

wallpaper changes to white background while startup tasks are loading

Does it ever show your wallpaper ?
Try this
For windows 2k: windows Control panel > display > web tab and uncheck
Security Info or security, click apply, go to the background tab and change it to something other that what it is now click apply, now you can change it to whatever you like.

Go here and submit both of these files one at a time and let us know if they are infected
C:\WINNT\system32\WININET.DLL
C:\WINNT\system32\dllcache\WININET.DLL
http://virusscan.jotti.org/

 

[dbain21]

I found the "web" tab under Display. Security or Security info is not listed as an option there. However, I unchecked Enable Active Desktop, then selected a new wallpaper photo, then I re-enabled Active Desktop. Wallpaper now appears in the background as expected.

I re-installed Internet Explorer 6.1, and IE now works properly along with Media Player.

I believe that finally takes care of all of the problems with my laptop computer.

Thanks again for all of your assistance with the removal of the malware and related issues!!

Sincerely,
Derek