1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Run time error and very slow help

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by mcjosu, Jun 21, 2006.

  1. mcjosu

    mcjosu Techie7 New Member

    Run time error appears frequently and pc slow
    Hijackthis log follows


    Logfile of HijackThis v1.99.1
    Scan saved at 09:24:34, on 21/06/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\vsnpt513.exe
    C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\Program Files\Soulseek\slsk.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\John\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = WWW.BLUEYONDER.CO.UK
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.broadband.blueyonder.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R3 - URLSearchHook: (no name) - {3A375E26-50E2-7739-56F4-0CC05A220394} - bnui.dll (file missing)
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\System32\ipv6monr.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {D400E7E2-5802-6EA8-A8C4-D45B876AE5D7} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SNPT513] C:\WINDOWS\vsnpt513.exe
    O4 - HKLM\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe" -minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [InpriseMon] MsNetHelper.exe
    O4 - HKLM\..\Run: [TemplateDongle] 34763.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [bhoserv] StartCpl.exe
    O4 - HKCU\..\Run: [powerdll] sysconf16.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120580534215
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125817288574
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1103D70A-040F-496D-9C50-30DD29B0F1E7}: NameServer = 85.255.114.58,85.255.112.196
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4461B0CD-F09C-40E3-BD05-6C56B1C4905B}: NameServer = 85.255.114.58,85.255.112.196
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  2. VopThis

    VopThis Senior Member (Canada)

    You are not running HijackThis (HJT) from a desired location. You really need to setup a dedicated folder for HJT items – to avoid horrible clutter and/or potential lost backup issues.

    It's best that the HijackThis tool NOT be located in its current location (particularly on your Desktop or in a TEMP folder). This way you can more easily undo any changes if something goes wrong.
    • Create a new folder in your C: Drive.
    • Name the FOLDER HijackThis (or HJT) such as C:\Program Files\HijackThis or C:\HJT and move the HijackThis.exe file into it.
    • Run HJT from there (and revise your shortcut accordingly).




    You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

    Please download FixWareout from one of these sites:
    http://downloads.subratam.org/Fixwareout.exe



    Save it to your desktop and run it. Click Next, then Install, make sure ’Run fixit’ is checked and click Finish.
    The fix will begin; follow the prompts.
    You will be asked to reboot your computer; please do so.
    Your system may take longer than usual to load; this is normal.

    Once the desktop loads, post the text that will open (report.txt) and a new Hijackthis log in the forum please.





    For Windows 2K/XP

    • Please go to Start -> Control Panel, and choose Network Connections.
    • Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties.
    • Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically.
    • Click OK twice, and restart your computer.
     
  3. mcjosu

    mcjosu Techie7 New Member

    Logfile of HijackThis v1.99.1
    Scan saved at 13:23:19, on 21/06/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\vsnpt513.exe
    C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\Program Files\Soulseek\slsk.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\vsnpt513.exe
    C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\AIM95\aim.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = WWW.BLUEYONDER.CO.UK
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.broadband.blueyonder.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R3 - URLSearchHook: (no name) - {3A375E26-50E2-7739-56F4-0CC05A220394} - bnui.dll (file missing)
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\System32\ipv6monr.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {D400E7E2-5802-6EA8-A8C4-D45B876AE5D7} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SNPT513] C:\WINDOWS\vsnpt513.exe
    O4 - HKLM\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe" -minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [InpriseMon] MsNetHelper.exe
    O4 - HKLM\..\Run: [TemplateDongle] 34763.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [bhoserv] StartCpl.exe
    O4 - HKCU\..\Run: [powerdll] sysconf16.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120580534215
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125817288574
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1103D70A-040F-496D-9C50-30DD29B0F1E7}: NameServer = 85.255.114.58,85.255.112.196
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4461B0CD-F09C-40E3-BD05-6C56B1C4905B}: NameServer = 85.255.114.58,85.255.112.196
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


    Check for missing files
    .....
    C:\WINDOWS\system32\AUTOEXEC.NT not there
    .....
    End check for missing files
    .....
    VXD Check
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
    "VDD"=hex(7):43,3a,5c,50,52,4f,47,52,41,7e,31,5c,53,79,6d,61,6e,74,65,63,5c,53,\
    33,32,45,56,4e,54,31,2e,44,4c,4c,00,00
    .....
    End vxd check
    .....
    please post this at the forum
     
  4. VopThis

    VopThis Senior Member (Canada)

    You are missing a file which is preventing you from running the wareoutfix tool.

    Go to the link below and select your operating system and click the link on that site and follow instructions for obtaining the missing file and try the wareoutfix tool again please. Thanks.

    fixautont.html: http://www.tech-forums.net/computer/topic/29806.html
     
  5. mcjosu

    mcjosu Techie7 New Member

    Missing file obtained and Fixwre out run Report below


    Fixwareout ver 1.003
    Last edited 04/26/2006
    Post this report in the forums please

    Reg Entries that were deleted
    ...

    Microsoft (R) Windows Script Host Version 5.6
    Random Runs removed from HKLM
    ...

    PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
    Example ipsec6.exe is lagitamate

    »»»»» Search by size and names...

    »»»»» Misc files

    »»»»» Checking for older varients covered by the Rem3 tool

    »»»»»
    Search five digit cs, dm and jb files
    This WILL/CAN also list Legit Files, Submit them at Virustotal
    C:\WINDOWS\SYSTEM32\CSYLA.EXE 51,200 2006-02-07


    Logfile of HijackThis v1.99.1
    Scan saved at 21:43:16, on 21/06/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\vsnpt513.exe
    C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hijackthis\HijackThis.exe
    C:\hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R3 - URLSearchHook: (no name) - {3A375E26-50E2-7739-56F4-0CC05A220394} - bnui.dll (file missing)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\System32\ipv6mons.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {D400E7E2-5802-6EA8-A8C4-D45B876AE5D7} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SNPT513] C:\WINDOWS\vsnpt513.exe
    O4 - HKLM\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe" -minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [InpriseMon] MsNetHelper.exe
    O4 - HKLM\..\Run: [TemplateDongle] 34763.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [bhoserv] StartCpl.exe
    O4 - HKCU\..\Run: [powerdll] sysconf16.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120580534215
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125817288574
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1103D70A-040F-496D-9C50-30DD29B0F1E7}: NameServer = 85.255.114.58,85.255.112.196
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  6. VopThis

    VopThis Senior Member (Canada)

    Check out the following unfamiliar files or potential malware FILE PATH variations:


    HIDDEN FILES: To make sure you can see any and all hidden files, please follow the directions here

    • As necessary, determine the FULL FILE PATH for each (unfamiliar) file item listed BELOW. Use Start (BUTTON)>Search or use the F3 key.
    • Please copy and PASTE each FULL FILE PATH or browse/navigate to each file for assessment submission to the site(s) below and to obtain their immediate FEEDBACK on each item submitted. Paste into the 'Select File' box or navigate to the file using the BROWSE button:


      http://www.virustotal.com/flash/index_en.html (10MB file size maximum)

    ==================
    C:\WINDOWS\SYSTEM32\CSYLA.EXE
    ==================


    Let us know what the results were for the file(s) and/or delete those files you determine to be bad (at least two [2] or more negative site responses) and fix any related HJT log items (if also present).

    ALTERNATE SITE: http://virusscan.jotti.org/ (15MB file size maximum)
     
    Last edited: Jun 21, 2006
  7. mcjosu

    mcjosu Techie7 New Member

    Result of virustotal

    VirusTotalVirusTotal is a free file analisys service that works using several antivirus engines.


    Select file : DistributeSSL

    Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu:
    News Hot news in the virus/antivirus sector.
    Estadisticas Statistics of VirusTotal procesing.
    Virustotal More info about Virustotal.


    STATUS: FINISHEDComplete scanning result of "CSYLA.EXE", received in VirusTotal at 06.22.2006, 09:49:26 (CET).

    Antivirus Version Update Result
    AntiVir n - no virus found
    Authentium n - no virus found
    Avast n - no virus found
    AVG n - no virus found
    BitDefender n - no virus found
    CAT-QuickHeal n - no virus found
    ClamAV n - no virus found
    DrWeb n - no virus found
    eTrust-InoculateIT n - no virus found
    eTrust-Vet n - no virus found
    Ewido n - no virus found
    Fortinet n - no virus found
    F-Prot n - no virus found
    Ikarus n - no virus found
    Kaspersky n - no virus found
    McAfee n - no virus found
    Microsoft n - no virus found
    NOD32v2 n - no virus found
    Norman n - no virus found
    Panda n - no virus found
    Sophos n - no virus found
    Symantec n - no virus found
    TheHacker n - no virus found
    UNA n - no virus found
    VBA32 n - no virus found
    VirusBuster n - no virus found


    Aditional Information
    File size: 0 bytes
    MD5: d41d8cd98f00b204e9800998ecf8427e
    SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

    VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
    > Go to: Home Contactar En Español
    --------------------------------------------------------------------------------
    www.virustotal.com :: ©Hispasec Sistemas 2004-06:: e-mail info@virustotal.com

    Logfile of HijackThis v1.99.1
    Scan saved at 08:56:18, on 22/06/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\vsnpt513.exe
    C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Norton AntiVirus\NAVW32.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R3 - URLSearchHook: (no name) - {3A375E26-50E2-7739-56F4-0CC05A220394} - bnui.dll (file missing)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\System32\ipv6mons.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {D400E7E2-5802-6EA8-A8C4-D45B876AE5D7} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SNPT513] C:\WINDOWS\vsnpt513.exe
    O4 - HKLM\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe" -minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [InpriseMon] MsNetHelper.exe
    O4 - HKLM\..\Run: [TemplateDongle] 34763.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [bhoserv] StartCpl.exe
    O4 - HKCU\..\Run: [powerdll] sysconf16.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120580534215
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125817288574
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1103D70A-040F-496D-9C50-30DD29B0F1E7}: NameServer = 85.255.114.58,85.255.112.196
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  8. VopThis

    VopThis Senior Member (Canada)

    Read over the following directions. Ask if anything appears unclear to you.



    We will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Accordingly, it is probably a good idea to print out the following directions or copy them to a text file on your desktop using NOTEPAD. Read these instructions carefully and feel free to ask if you're unsure about anything.

    SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R3 - URLSearchHook: (no name) - {3A375E26-50E2-7739-56F4-0CC05A220394} - bnui.dll (file missing)

    O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\System32\ipv6mons.dll (file missing)
    O2 - BHO: (no name) - {D400E7E2-5802-6EA8-A8C4-D45B876AE5D7} - (no file)

    O4 - HKLM\..\Run: [INPRISEMON] MsNetHelper.exe
    O4 - HKLM\..\Run: [TEMPLATEDONGLE] 34763.exe
    O4 - HKCU\..\Run: [BHOSERV] StartCpl.exe
    O4 - HKCU\..\Run: [POWERDLL] sysconf16.exe

    O17 - HKLM\System\CCS\Services\Tcpip\..\{1103D70A-040F-496D-9C50-30DD29B0F1E7}: NameServer = 85.255.114.58,85.255.112.196

    Make sure that all browser windows and internet links are closed, even this one!
    CLICK ’FIX CHECKED’ with HijackThis.



    HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

    SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).



    Delete TEMPORARY FILES: Now, hunt down the most common temporary file locations and the temporary file clutter contained therein (and of possible malware hiding places):

    Go to Start > Run and type: CLEANMGR.EXE and hit enter.
    When prompted select the C: drive and click ok.
    Check the boxes for:
    • Temporary Internet Files
    • Downloaded Program Files
    • Recycle Bin
    • Temporary Files
    Click OK or Enter


    ***** Clean out the Recycle Bin for items removed below, ONLY once you have regained the full functional use of your PC.




    Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):


    DELETE FILES:

    MsNetHelper.exe
    34763.exe
    StartCpl.exe
    sysconf16.exe





    POST A REVISED HIJACKTHIS LOG for review:
    Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
     
  9. mcjosu

    mcjosu Techie7 New Member

    All actioned as above
    The 4 files metioned for deletion not found on search

    Ran Spybot with the following results


    --- Search result list ---
    CoolWWWSearch.SearchKlick: Data (File, nothing done)
    C:\WINDOWS\awpmq.txt

    CoolWWWSearch.SearchKlick: Data (File, nothing done)
    C:\WINDOWS\eaicq.txt

    CoolWWWSearch.SearchKlick: Data (File, nothing done)
    C:\WINDOWS\tjgtc.txt

    Network Essentials.SmartPops: Data (File, nothing done)
    C:\WINDOWS\Digital Signature 20050221.htm

    Network Essentials.SmartPops: Data (File, nothing done)
    C:\WINDOWS\Digital Signature 20050228.htm


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2006-02-11 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2006-02-06 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2006-02-20 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2006-06-16 Includes\Cookies.sbi (*)
    2006-06-16 Includes\Dialer.sbi (*)
    2006-06-16 Includes\Hijackers.sbi (*)
    2006-06-16 Includes\Keyloggers.sbi (*)
    2006-06-16 Includes\Malware.sbi (*)
    2006-06-16 Includes\PUPS.sbi (*)
    2006-06-16 Includes\Revision.sbi (*)
    2006-06-16 Includes\Security.sbi (*)
    2006-06-16 Includes\Spybots.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2006-06-16 Includes\Trojans.sbi (*)



    --- System information ---
    Windows XP (Build: 2600)
    / DataAccess: Microsoft Data Access Components KB870669
    / DataAccess: Patch Available For XMLHTTP Vulnerability
    / DataAccess: Patch Available For XMLHTTP Vulnerability
    / DataAccess: Security update for Microsoft Data Access Components
    / DataAccess: Security Update for Microsoft Data Access Components
    / Internet Explorer 6 / SP0: Windows XP Hotfix - KB834707
    / Windows Media Player / SP0: Windows Media Player Hotfix [See wm828026 for more information]
    / Windows Media Player: Windows Media Update 320920
    / Windows Media Player: Windows Media Update 819639
    / Windows Media Player: Windows Media Update 828026
    / Windows XP / SP1: Windows XP Hotfix - KB821557
    / Windows XP / SP1: Windows XP Hotfix - KB823182
    / Windows XP / SP1: Windows XP Hotfix - KB823980
    / Windows XP / SP1: Windows XP Hotfix - KB824105
    / Windows XP / SP1: Windows XP Hotfix - KB824141
    / Windows XP / SP1: Windows XP Hotfix - KB824146
    / Windows XP / SP1: Windows XP Hotfix - KB828028
    / Windows XP / SP1: Windows XP Hotfix - KB828035
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q306676 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q308677 for more information]
    / Windows XP / SP1 / Q308678: Windows XP Hotfix (SP1) [See Q308678 for more information]
    / Windows XP / SP1 / Q308928: Windows XP Hotfix (SP1) [See Q308928 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q309056 for more information]
    / Windows XP / SP1 / Q309521: Windows XP Hotfix (SP1) [See Q309521 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q310051 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q310601 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q311542 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q311822 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q311889 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q311967 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q312370 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q313450 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q313596 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q314147 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q314862 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q315000 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q315403 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q316134 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q316253 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q317272 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q317277 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q318138 for more information]
    / Windows XP / SP1: Windows XP Application Compatibility Update[Q319580]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q319825 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q323172 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q324096 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q324380 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q326830 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q328310
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q328940 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329048 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q329170
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329390 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329441 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329834 for more information]
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q331953
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q810577
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q810833
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q811493
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q811630
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q815021
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q817606
    / Windows XP / SP1: Windows XP Hotfix (SP1) Q819696
    / Windows XP / SP2: Windows XP Hotfix - KB823559
    / Windows XP / SP2: Windows XP Hotfix - KB825119
    / Windows XP / SP2: Windows XP Hotfix - KB828741
    / Windows XP / SP2: Windows XP Hotfix - KB833987
    / Windows XP / SP2: Windows XP Hotfix - KB835732
    / Windows XP / SP2: Windows XP Hotfix - KB837001
    / Windows XP / SP2: Windows XP Hotfix - KB839643
    / Windows XP / SP2: Windows XP Hotfix - KB839645
    / Windows XP / SP2: Windows XP Hotfix - KB840315
    / Windows XP / SP2: Windows XP Hotfix - KB840374
    / Windows XP / SP2: Windows XP Hotfix - KB840987
    / Windows XP / SP2: Windows XP Hotfix - KB841356
    / Windows XP / SP2: Windows XP Hotfix - KB841533
    / Windows XP / SP2: Windows XP Hotfix - KB841873
    / Windows XP / SP2: Windows XP Hotfix - KB842773
    / Windows XP / SP2: Windows XP Hotfix - KB873376
    / Windows XP / SP2: Windows XP Hotfix - KB883357
    / Windows XP / SP2: Windows XP Hotfix - KB887822
    / Windows XP / SP2: Windows XP Hotfix (SP2) [See Q323255 for more information]
    / Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329115 for more information]


    --- Startup entries list ---
    Located: HK_LM:Run, ccApp
    command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    size: 59040
    MD5: 42d55a54df63361a3207f830508ba4a4

    Located: HK_LM:Run, com.codeode.cactusspamfilter
    command: "C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe" -minimized
    file: C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe
    size: 655360
    MD5: 0d7a88e2e6b4274f2ad146cfbae15b80

    Located: HK_LM:Run, KernelFaultCheck
    command: %systemroot%\system32\dumprep 0 -k
    file: C:\WINDOWS\system32\dumprep.exe
    size: 30208
    MD5: 2904b939f139b2e72da23f36f5038088

    Located: HK_LM:Run, MSConfig
    command: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    file: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    size: 145408
    MD5: ec1a1197eaba3f2415bbb80007683c63

    Located: HK_LM:Run, QuickTime Task
    command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
    file: C:\Program Files\QuickTime\qttask.exe
    size: 77824
    MD5: 5d22b4258489575412f6d18affc847a2

    Located: HK_LM:Run, SNPT513
    command: C:\WINDOWS\vsnpt513.exe
    file: C:\WINDOWS\vsnpt513.exe
    size: 32768
    MD5: 2dd6fc6d68985bf3f63bf42643fca43f

    Located: HK_LM:Run, SunJavaUpdateSched
    command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    size: 36975
    MD5: 61a3a9d5d98bf0331df5b716144a8100

    Located: HK_CU:Run, CTFMON.EXE
    command: C:\WINDOWS\System32\CTFMON.EXE
    file: C:\WINDOWS\System32\CTFMON.EXE
    size: 13312
    MD5: 85b1054db58d13aa42d7dca778c30f57

    Located: HK_CU:Run, MSMSGS
    command: "C:\Program Files\Messenger\msmsgs.exe" /background
    file: C:\Program Files\Messenger\msmsgs.exe
    size: 1491216
    MD5: 86e14ca9134602a7a75c108279d263e0

    Located: System.ini, crypt32chain
    command: crypt32.dll
    file: crypt32.dll

    Located: System.ini, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll

    Located: System.ini, cscdll
    command: cscdll.dll
    file: cscdll.dll

    Located: System.ini, igfxcui
    command: igfxsrvc.dll
    file: igfxsrvc.dll

    Located: System.ini, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, Schedule
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll

    Located: System.ini, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll

    Located: System.ini, termsrv
    command: wlnotify.dll
    file: wlnotify.dll

    Located: System.ini, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll



    --- Browser helper object list ---
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    BHO name:
    CLSID name: SSVHelper Class
    Path: C:\Program Files\Java\jre1.5.0_06\bin\
    Long name: ssv.dll
    Short name:
    Date (created): 3/2/2006 13:53:00
    Date (last access): 6/22/2006 13:19:54
    Date (last write): 11/10/2005 13:22:12
    Filesize: 184423
    Attributes: archive
    MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
    CRC32: 0111B892
    Version: 5.0.60.5

    {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
    BHO name:
    CLSID name: ST
    Path: C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\
    Long name: stmain.dll
    Short name:
    Date (created): 2/10/2006 20:20:40
    Date (last access): 6/22/2006 13:15:12
    Date (last write): 8/13/2004 18:42:00
    Filesize: 155648
    Attributes: archive
    MD5: 0DA1349495955CB41A5899047C5A1267
    CRC32: C050EECD
    Version: 1.2.3000.1001

    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
    BHO name:
    CLSID name: MSNToolBandBHO
    Path: C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\
    Long name: msntb.dll
    Short name:
    Date (created): 2/10/2006 20:18:20
    Date (last access): 6/22/2006 13:15:12
    Date (last write): 1/17/2006 17:04:16
    Filesize: 282624
    Attributes: archive
    MD5: 6B3B0C6657B3DFEAD7ABC5BFEE45B347
    CRC32: 1DF31317
    Version: 1.2.5000.1021



    --- ActiveX list ---
    {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue)
    DPF name:
    CLSID name: SupportSoft SmartIssue
    Installer: C:\WINDOWS\Downloaded Program Files\tgctlsi.inf
    Codebase: http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: tgctlsi.dll
    Short name:
    Date (created): 6/17/2005 02:25:02
    Date (last access): 6/22/2006 13:44:18
    Date (last write): 6/17/2005 02:25:02
    Filesize: 1069056
    Attributes: archive
    MD5: 8C17D4046D09E3AAE7316A603D1806CD
    CRC32: E0D42AF5
    Version: 6.9.545.0

    {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class)
    DPF name:
    CLSID name: SupportSoft Script Runner Class
    Installer: C:\WINDOWS\Downloaded Program Files\tgctlsr.inf
    Codebase: http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: tgctlsr.dll
    Short name:
    Date (created): 6/17/2005 02:25:00
    Date (last access): 6/22/2006 13:44:18
    Date (last write): 6/17/2005 02:25:00
    Filesize: 413696
    Attributes: archive
    MD5: 47EA24991C9184C8186E5447BE22F364
    CRC32: 60CB0CA4
    Version: 6.9.545.0

    {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class)
    DPF name:
    CLSID name: SysProWmi Class
    Installer: C:\WINDOWS\Downloaded Program Files\SysPro.inf
    Codebase: http://support.dell.com/systemprofiler/SysPro.CAB
    description:
    classification: Open for discussion
    known filename: SysPro.ocx
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\System32\Dell\SystemProfiler\
    Long name: SysPro.ocx
    Short name:
    Date (created): 1/23/2003 14:23:18
    Date (last access): 6/22/2006 13:51:06
    Date (last write): 1/23/2003 14:23:18
    Filesize: 86016
    Attributes: archive
    MD5: 2EE3E0AE6AA35F135CAE24DF2DA9B172
    CRC32: A76A5BDA
    Version: 2.0.0.1

    {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control)
    DPF name:
    CLSID name: Microsoft Office Template and Media Control
    Installer: C:\WINDOWS\Downloaded Program Files\ieawsdc.inf
    Codebase: http://office.microsoft.com/templates/ieawsdc.cab
    description:
    classification: Open for discussion
    known filename: IEAWSDC.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: IEAWSDC.DLL
    Short name:
    Date (created): 10/6/2005 19:19:02
    Date (last access): 6/22/2006 13:44:16
    Date (last write): 10/6/2005 19:19:02
    Filesize: 168448
    Attributes: archive
    MD5: D684C7699541E718A479267FE7EA16BA
    CRC32: 2BBDF271
    Version: 11.0.6009.0

    {0E5F0222-96B9-11D3-8997-00104BD12D94} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\PCPitstop.inf
    Codebase: http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    description: Gateway tools
    classification: Open for discussion
    known filename: PCPITSTOP.DLL
    info link:
    info source: Patrick M. Kolla

    {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class)
    DPF name:
    CLSID name: InstallerBehaviorFactory Class
    Installer: C:\WINDOWS\Downloaded Program Files\MsnInstC.inf
    Codebase: https://signup.msn.com/pages/MsnInstC.cab
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: MsnInstC.dll
    Short name:
    Date (created): 12/14/2005 11:24:52
    Date (last access): 6/22/2006 13:44:16
    Date (last write): 12/14/2005 11:24:52
    Filesize: 323272
    Attributes: archive
    MD5: 76B975A59A1018572F9F84DEB3BEE9A1
    CRC32: 68B0407D
    Version: 11.0.1213.1

    {26CBF141-7D0F-46E1-AA06-718958B6E4D2} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\Setup.inf
    Codebase: http://download.ebay.com/turbo_lister/UK/install.cab
    description:
    classification: Open for discussion
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {33363249-0000-0010-8000-00AA00389B71} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\i263_32.inf
    Codebase: http://codecs.microsoft.com/codecs/i386/i263_32.cab
    description:
    classification: Open for discussion
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2)
    DPF name:
    CLSID name: InstallShield Setup Player 2K2
    Installer:
    Codebase: http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
    description:
    classification: Open for discussion
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {90A29DA5-D020-4B18-8660-6689520C7CD7} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\SysProfLcd.INF
    Codebase: http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    description:
    classification: Open for discussion
    known filename: SYSPRO~1.DLL
    info link:
    info source: Safer Networking Ltd.

    {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
    DPF name:
    CLSID name: ActiveScan Installer Class
    Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
    Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    description:
    classification: Open for discussion
    known filename: ASINST.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: asinst.dll
    Short name:
    Date (created): 4/11/2006 17:10:10
    Date (last access): 6/22/2006 13:44:16
    Date (last write): 4/11/2006 17:10:10
    Filesize: 135168
    Attributes: archive
    MD5: 7267AE9C8DF527C30885DC29687D2A9B
    CRC32: 1B1733A3
    Version: 58.5.0.0

    {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object)
    DPF name:
    CLSID name: CRAVOnline Object
    Installer: C:\WINDOWS\Downloaded Program Files\ravonline.inf
    Codebase: http://www.ravantivirus.com/scan/ravonline.cab
    description:
    classification: Open for discussion
    known filename: ravonline.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: ravonline.dll
    Short name: RAVONL~1.DLL
    Date (created): 9/4/2003 16:00:22
    Date (last access): 6/22/2006 13:44:18
    Date (last write): 9/4/2003 16:00:22
    Filesize: 200704
    Attributes: archive
    MD5: C8D24EB364FB71B810FAFB5222E55F1B
    CRC32: 81A19FC7
    Version: 1.1.0.138

    {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner)
    DPF name:
    CLSID name: a-squared Scanner
    Installer:
    Codebase: http://ax.emsisoft.com/asquared.cab
    Path: C:\WINDOWS\DOWNLO~1\
    Long name: asquared.ocx
    Short name:
    Date (created): 4/4/2006 19:25:04
    Date (last access): 6/22/2006 13:51:06
    Date (last write): 4/4/2006 19:25:04
    Filesize: 857088
    Attributes: archive
    MD5: CA3D35CBE3A6FC9B622DA755B7A554A3
    CRC32: 8A0B8714
    Version: 1.0.0.163

    {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar)
    DPF name:
    CLSID name: MSN Music Mediabar
    Installer: C:\WINDOWS\Downloaded Program Files\MusicManager.inf
    Codebase: http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: MusicManagerPlugin.ocx
    Short name: MUSICM~1.OCX
    Date (created): 4/5/2006 16:12:16
    Date (last access): 6/22/2006 13:51:06
    Date (last write): 4/5/2006 16:12:16
    Filesize: 964304
    Attributes: archive
    MD5: 2F73E4EEAF511CA1A6DD4E7BF976F205
    CRC32: 61446A9F
    Version: 11.1.0.1012

    {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class)
    DPF name:
    CLSID name: PreQualifier Class
    Installer: C:\WINDOWS\Downloaded Program Files\MotivePreQual.inf
    Codebase: http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
    description:
    classification: Open for discussion
    known filename: MotivePreQual.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\System32\
    Long name: MotivePreQual.dll
    Short name: MOTIVE~1.DLL
    Date (created): 8/19/2002 10:50:10
    Date (last access): 6/22/2006 13:51:06
    Date (last write): 8/19/2002 10:50:10
    Filesize: 176128
    Attributes: archive
    MD5: 45C764176F28EE6F0E3119D21298E906
    CRC32: 19B0B3E6
    Version: 4.7.3.32339

    {CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_15)
    DPF name: Java Runtime Environment 1.3.1_15
    CLSID name: Java Plug-in 1.3.1_15
    Installer: c:\winnt\Downloaded Program Files\jinstall_1_3_1_15.inf
    Codebase: http://java.sun.com/products/plugin/autodl/jinstall-1_3_1_15-windows-i586.cab
    Path: C:\Program Files\JavaSoft\JRE\1.3.1_15\bin\
    Long name: NPJava131_15.dll
    Short name: NPJAVA~1.DLL
    Date (created): 9/17/2005 09:02:08
    Date (last access): 6/22/2006 13:51:06
    Date (last write): 12/8/2004 08:40:24
    Filesize: 53365
    Attributes: archive
    MD5: E3FD389B57416687BD51F6077CAE81A3
    CRC32: 5BBA9C9F
    Version: 1.3.1.15

    {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_06
    Installer:
    Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    Path: C:\Program Files\Java\jre1.5.0_06\bin\
    Long name: NPJPI150_06.dll
    Short name: NPJPI1~1.DLL
    Date (created): 3/2/2006 13:52:58
    Date (last access): 6/22/2006 13:51:06
    Date (last write): 11/10/2005 13:22:12
    Filesize: 69746
    Attributes: archive
    MD5: D2CF6BB5E9020E6707B62575F8083954
    CRC32: 7F39DC54
    Version: 5.0.60.5

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_06
    Installer:
    Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    Path: C:\Program Files\Java\jre1.5.0_06\bin\
    Long name: NPJPI150_06.dll
    Short name: NPJPI1~1.DLL
    Date (created): 3/2/2006 13:52:58
    Date (last access): 6/22/2006 13:51:06
    Date (last write): 11/10/2005 13:22:12
    Filesize: 69746
    Attributes: archive
    MD5: D2CF6BB5E9020E6707B62575F8083954
    CRC32: 7F39DC54
    Version: 5.0.60.5

    {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
    DPF name:
    CLSID name: ActiveDataInfo Class
    Installer:
    Codebase: https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    description:
    classification: Open for discussion
    known filename: SymAData.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: SymAData.dll
    Short name:
    Date (created): 11/14/2005 14:40:24
    Date (last access): 6/22/2006 13:44:18
    Date (last write): 11/14/2005 14:40:24
    Filesize: 161384
    Attributes: archive
    MD5: 181B0724CB825F0C6945C8D9017B01AA
    CRC32: 34D1A81B
    Version: 2.6.0.0

    {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class)
    DPF name:
    CLSID name: IMViewerControl Class
    Installer: C:\WINDOWS\Downloaded Program Files\CyclopsV.inf
    Codebase: http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
    description:
    classification: Open for discussion
    known filename: CIMVIEW.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\System32\
    Long name: CIMVIEW.dll
    Short name:
    Date (created): 12/6/2002 13:23:34
    Date (last access): 6/22/2006 13:51:06
    Date (last write): 12/6/2002 13:23:34
    Filesize: 233472
    Attributes: archive
    MD5: 5F17D483D473F7D45CD956471093D42F
    CRC32: 14E11832
    Version: 1.3.0.2041

    {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class)
    DPF name:
    CLSID name: IWinAmpActiveX Class
    Installer: C:\WINDOWS\Downloaded Program Files\ampx.inf
    Codebase: http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    Path: C:\PROGRA~1\COMMON~1\Nullsoft\ActiveX\2.4\
    Long name: AmpX.dll
    Short name:
    Date (created): 3/2/2005 23:14:52
    Date (last access): 6/22/2006 13:51:06
    Date (last write): 3/2/2005 23:14:52
    Filesize: 270408
    Attributes: archive
    MD5: CE886E0AEE678EBEEC2E59241C7F5A54
    CRC32: 7E1839CA
    Version: 2.4.0.6



    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 188 ( 4) \SystemRoot\System32\smss.exe
    PID: 236 ( 188) \??\C:\WINDOWS\system32\csrss.exe
    PID: 260 ( 188) \??\C:\WINDOWS\system32\winlogon.exe
    PID: 304 ( 260) C:\WINDOWS\system32\services.exe
    size: 101376
    MD5: E3DF4A0252D287C44606EE55355E1623
    PID: 316 ( 260) C:\WINDOWS\system32\lsass.exe
    size: 11776
    MD5: 8A590EA109B5E0C7629E022F8A6B17C5
    PID: 484 ( 304) C:\WINDOWS\system32\svchost.exe
    size: 12800
    MD5: 0F7D9C87B0CE1FA520473119752C6F79
    PID: 508 ( 304) C:\WINDOWS\system32\svchost.exe
    size: 12800
    MD5: 0F7D9C87B0CE1FA520473119752C6F79
    PID: 740 ( 720) C:\WINDOWS\Explorer.EXE
    size: 1006080
    MD5: 3CE0DCF9390F94B2D8E40761B60EB39C
    PID: 856 ( 740) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 4393096
    MD5: 09CA174A605B480318731E691DC98539
    PID: 4 ( 0) System


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 6/22/2006 13:51:36

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
    http://search.msn.com/spbasic.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.euro.dell.com/countries/uk/enu/gen/default.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.euro.dell.com/countries/uk/enu/gen/default.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\SYSTEM32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    about:blank
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---


    --- Uninstall list ---
    a-squared free 1.5.1 1.5.1 (a-squared free_is1)
    install location: C:\Program Files\a2 free\
    uninstall cmd: "C:\Program Files\a2 free\unins000.exe"
    publisher: Emsi Software GmbH
    help link: http://forum.emsisoft.com

    Able2Extract Professional v3.0 (Able2Extract Professional v3.0)
    uninstall cmd: C:\Program Files\Investintech.com Inc\Able2Extract Professional 3.0\Uninstal.exe

    Able2Extract v3.0 (Able2Extract v3.0)
    uninstall cmd: C:\Program Files\Investintech.com Inc\Able2Extract 3.0\Uninstal.exe

    AC3Filter (remove only) (AC3Filter)
    uninstall cmd: C:\Program Files\AC3Filter\uninstall.exe

    Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
    uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
    publisher: Lavasoft
    help link: http://www.lavasoft.com

    (AddressBook)

    Adobe Acrobat 4.0, 5.0 5.0 (Adobe Acrobat 5.0)
    version (major): 5
    install location: C:\Program Files\Adobe\Acrobat 5.0
    install source: C:\Documents and Settings\John\Local Settings\Temp\pft7F~tmp\
    uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
    publisher: Adobe Systems, Inc.
    help link: http://www.adobe.com/prodindex/acrobat/main.html

    Anti-Leech Plugin for Internet Explorer (Anti-Leech ALIE)
    uninstall cmd: C:\Program Files\Anti-Leech\ALIE_1.0.2.1\iesetup2.exe uninstall

    AOL Instant Messenger (AOL Instant Messenger)
    uninstall cmd: C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=

    (Branding)

    Broadband Speed Test - v2.81 (Broadband Speed Test_is1)
    uninstall cmd: "C:\Program Files\Broadband Speed Test\unins000.exe"
    publisher: Daniel Elwell - danelwell@blueyonder.co.uk
    help link: http://www.vantage.pwp.blueyonder.co.uk

    CCleaner (remove only) (CCleaner)
    uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"

    (Connection Manager)

    dBpowerAMP Mp4 Codec (dBpowerAMP Mp4 Codec)
    uninstall cmd: "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat

    dBpowerAMP Music Converter (dBpowerAMP Music Converter)
    uninstall cmd: "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat

    (DirectAnimation)

    (DirectDrawEx)

    Direct Connect 1.0 Preview Build 9 (Direct_Connect_1.0_RC_1)
    uninstall cmd: C:\WINDOWS\iun503.exe C:\Program Files\Direct Connect\irunin.ini

    DivX 5.0.2 Bundle (DivX 5.0.2 Bundle)
    uninstall cmd: C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log

    (DjVu)

    (DXM_Runtime)

    EPSON Printer Software (EPSON Printer and Utilities)
    uninstall cmd: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r

    (expinst)

    (Fontcore)

    GetRight (GetRight)
    uninstall cmd: C:\Program Files\GetRight\GETRIGHT.EXE /UNINSTALL

    GoldWave v5.05 (GoldWave v5.05)
    uninstall cmd: "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.05" "C:\Program Files\GoldWave\unstall.log"

    HijackThis 1.99.1 1.99.1 (HijackThis)
    uninstall cmd: C:\hijackthis\HijackThis.exe /uninstall
    publisher: Soeperman Enterprises Ltd.

    (ICW)

    (IE40)

    (IE4Data)

    (IE5BAKEX)

    (IEData)

    (IEREADME)

    (InstallShield Uninstall Information)

    Windows XP Hotfix - KB821557 20030611.135259 (KB821557)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB821557$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=821557

    Windows XP Hotfix - KB823182 20030724.164309 (KB823182)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB823182$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=823182

    Windows XP Hotfix - KB823559 20030701.220428 (KB823559)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB823559$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=823559

    Windows XP Hotfix - KB823980 20030705.121436 (KB823980)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB823980$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=823980

    Windows XP Hotfix - KB824105 20030724.165149 (KB824105)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=824105

    Windows XP Hotfix - KB824141 20030926.115120 (KB824141)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=824141

    Windows XP Hotfix - KB824146 20030825.152953 (KB824146)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB824146$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=824146

    Windows XP Hotfix - KB825119 20030828.113916 (KB825119)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=825119

    Windows XP Hotfix - KB828028 20030919.142100 (KB828028)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB828028$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=828028

    Windows XP Hotfix - KB828035 20031021.154251 (KB828035)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=828035

    Windows XP Hotfix - KB828741 20040305.180454 (KB828741)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=828741

    Windows XP Hotfix - KB833987 20040308.175840 (KB833987)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB833987$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=833987

    Windows XP Hotfix - KB834707 20040929.115007 (KB834707-IE6-20040929.115007)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com/?kbid=834707

    Windows XP Hotfix - KB835732 20040329.172537 (KB835732)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=835732

    Windows XP Hotfix - KB837001 20040318.095048 (KB837001)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB837001$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=837001

    Windows XP Hotfix - KB839643 20040512.132734 (KB839643)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB839643$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=839643

    Windows XP Hotfix - KB839645 20040630.120502 (KB839645)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB839645$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=839645

    Windows XP Hotfix - KB840315 20040622.172632 (KB840315)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB840315$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=840315

    Windows XP Hotfix - KB840374 20040416.121729 (KB840374)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB840374$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=840374

    Windows XP Hotfix - KB840987 20040927.095912 (KB840987)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB840987$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=840987

    Windows XP Hotfix - KB841356 20040929.102221 (KB841356)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB841356$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=841356

    Windows XP Hotfix - KB841533 20040927.100142 (KB841533)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB841533$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=841533

    Windows XP Hotfix - KB841873 20040608.144331 (KB841873)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB841873$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=841873

    Windows XP Hotfix - KB842773 20040701.144218 (KB842773)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=842773

    Microsoft Data Access Components KB870669 (KB870669)
    uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=KB870669

    Windows XP Hotfix - KB873376 20040923.181029 (KB873376)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB873376$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=873376

    Windows XP Hotfix - KB883357 20040804.165131 (KB883357)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB883357$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=883357

    Windows XP Hotfix - KB887822 20041014.125319 (KB887822)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB887822$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=887822

    LimeWire PRO 4.10.9 4.10.9 (LimeWire)
    uninstall cmd: "C:\Program Files\LimeWire\uninstall.exe"
    publisher: Lime Wire, LLC
    help link: http://www.limewire.com/support

    LiveReg (Symantec Corporation) 3.0.0 (LiveReg)
    install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
    uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
    publisher: Symantec Corporation

    LiveUpdate 3.0 (Symantec Corporation) 3.0.0.160 (LiveUpdate)
    install location: "C:\Program Files\Symantec\LiveUpdate"
    uninstall cmd: "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    publisher: Symantec Corporation

    Messenger Plus! (MessengerPlus2)
    uninstall cmd: "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /Uninstall

    (Microsoft Interactive Training)
    uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

    (Microsoft NetShow Player 2.0)

    (MobileOptionPack)

    (MPlayer2)

    (MsJavaVM)

    (MSMSGS)

    MSN Toolbar (MSN Toolbar)
    uninstall cmd: C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\mtbs.exe c

    MSN Add-in for Windows Messenger (MSNEXT)
    uninstall cmd: rundll32.exe "C:\Program Files\Messenger\MSGSC.dll",UnregisterMSNExt

    MicroStaff WINASPI (MWASPI)
    uninstall cmd: C:\MWASPI\uninst.exe

    Nero BurnRights (Ahead Software) (Nero BurnRights!UninstallKey)
    uninstall cmd: C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL

    (NetMeeting)

    Outlook Express Q823353 (oeupdate)
    uninstall cmd: C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q823353.inf

    (OutlookExpress)

    Panda ActiveScan (Panda ActiveScan)
    uninstall cmd: C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan
    publisher: Panda Software S.L.

    (PCHealth)
    uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

    Pop-Up Stopper Free Edition 3.1 (Pop-Up Stopper Free Edition)
    uninstall cmd: C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG
    publisher: Panicware, Inc.
    contact: support@panicware.com
    help link: http://www.panicware.com

    (Pop-Up Stopper Professional)

    PrintMaster Gold 4.03 (PrintMaster Gold 4.03)
    uninstall cmd: c:\pmw\msrun.exe

    MSN Psycho Smilies (PsychoSmilies)
    uninstall cmd: C:\Program Files\MSN Messenger\UnPsycho.exe

    Windows XP Hotfix (SP1) [See Q309521 for more information] (Q309521)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe

    Windows XP Hotfix (SP1) [See Q311889 for more information] (Q311889)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ311889$\spuninst\spuninst.exe

    Windows XP Hotfix (SP1) [See Q311967 for more information] (Q311967)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ311967$\spuninst\spuninst.exe

    Windows XP Hotfix (SP1) [See Q313450 for more information] (Q313450)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ313450$\spuninst\spuninst.exe

    Windows XP Hotfix (SP1) [See Q314862 for more information] (Q314862)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe

    Windows XP Hotfix (SP1) [See Q315000 for more information] (Q315000)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe

    Windows XP Hotfix (SP1) [See Q315403 for more information] (Q315403)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ315403$\spuninst\spuninst.exe

    Windows XP Hotfix (SP1) [See Q317277 for more information] (Q317277)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ317277$\spuninst\spuninst.exe

    Windows XP Hotfix (SP1) [See Q318138 for more information] (Q318138)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ318138$\spuninst\spuninst.exe

    Windows XP Application Compatibility Update[Q319580] (Q319580)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ319580$\spuninst\spuninst.exe

    Windows XP Hotfix (SP1) [See Q323172 for more information] (Q323172)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ323172$\spuninst\spuninst.exe

    Windows XP Hotfix (SP1) [See Q324096 for more information] (Q324096)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ324096$\spuninst\spuninst.exe

    Windows XP Hotfix (SP1) [See Q324380 for more information] (Q324380)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ324380$\spuninst\spuninst.exe

    Windows XP Hotfix (SP1) [See Q326830 for more information] (Q326830)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ326830$\spuninst\spuninst.exe

    Windows XP Hotfix (SP1) Q328310 20021023.175555 (Q328310)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ328310$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: For more information, see Q328310 at http://support.microsoft.com

    Windows XP Hotfix (SP1) [See Q328940 for more information] (Q328940)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ328940$\spuninst\spuninst.exe

    Windows XP Hotfix (SP1) [See Q329048 for more information] (Q329048)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ329048$\spuninst\spuninst.exe

    Windows XP Hotfix (SP2) [See Q329115 for more information] (Q329115)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe

    Windows XP Hotfix (SP1) Q329170 20030102.115458 (Q329170)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: For more information, see Q329170 at http://support.microsoft.com

    Windows XP Hotfix (SP1) [See Q329390 for more information] (Q329390)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ329390$\spuninst\spuninst.exe

    Windows XP Hotfix (SP1) [See Q329441 for more information] (Q329441)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ329441$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: For more information, see Q329441 at http://support.microsoft.com

    Windows XP Hotfix (SP1) [See Q329834 for more information] (Q329834)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ329834$\spuninst\spuninst.exe

    Windows XP Hotfix (SP1) Q331953 20021107.201037 (Q331953)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ331953$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: For more information, see Q331953 at http://support.microsoft.com

    Windows XP Hotfix (SP1) Q810577 20021118.133626 (Q810577)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: For more information, see Q810577 at http://support.microsoft.com

    Windows XP Hotfix (SP1) Q810833 20021203.200852 (Q810833)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: For more information, see Q810833 at http://support.microsoft.com

    Windows XP Hotfix (SP1) Q811493 20030422.110254 (Q811493)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ811493$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=811493

    Windows XP Hotfix (SP1) Q815021 20030502.110257 (Q815021)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ815021$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=815021

    Windows XP Hotfix (SP1) Q817606 20030331.103325 (Q817606)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ817606$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=817606

    Windows XP Hotfix (SP1) Q819696 20030513.122705 (Q819696)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ819696$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=819696

    Windows Media Player Hotfix [See wm828026 for more information] (Q828026)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe
    publisher: Microsoft Corporation

    QuickTime (QuickTime)
    uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log

    RAR Password Cracker 4.12 (RAR Password Cracker)
    version (major): 4
    version (minor): 12
    install location: C:\Program Files\RAR Password Cracker
    uninstall cmd: C:\Program Files\RAR Password Cracker\uninstall.exe
    publisher: dnSoft Research Group
    help link: http://dnsoft.swrus.com/contact.html

    Repair Tool for Outlook Express v.1.5 (Repair Tool for Outlook Express_is1)
    install location: C:\Program Files\Repair Tool for OE\
    uninstall cmd: "C:\Program Files\Repair Tool for OE\unins000.exe"
    publisher: NSoftware
    help link: http://www.nsware.com/support.htm

    (SchedulingAgent)

    (Sevinst)

    (ShockwaveFlash)

    SLD CODEC PACK 1.5.3 (SLD CODEC PACK 1.5.3)
    uninstall cmd: C:\Program Files\SLD CODEC PACK 1.5.3\uninstall.exe

    SmartUndelete 2.5 (SmartUndelete_is1)
    install location: C:\Program Files\SmartUndelete\
    uninstall cmd: "C:\Program Files\SmartUndelete\unins000.exe"
    publisher: SmartSoft
    help link: http://www.SmartUndelete.com

    Solitaire Master 4 (Solitaire Master 4)
    uninstall cmd: C:\PROGRA~1\eGames\SOLITA~1\UNWISE.EXE C:\PROGRA~1\eGames\SOLITA~1\INSTALL.LOG

    Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
    install location: C:\Program Files\Spybot - Search & Destroy\
    uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    publisher: Safer Networking Limited

    StartUp Manager (StartUp Manager)
    uninstall cmd: C:\Program Files\INAC\StartUp Manager\uninstall.exe

    Norton AntiVirus 2005 (Symantec Corporation) 11.0.2 (SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B})
    install location: C:\Program Files\Norton AntiVirus
    install source: C:\DOCUME~1\John\LOCALS~1\Temp\NAV
    uninstall cmd: C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
    publisher: Symantec Corporation

    WinRAR archiver (WinRAR archiver)
    uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

    XoftSpy 3.45 (XoftSpy 3.45_is1)
    uninstall cmd: "C:\Program Files\XoftSpy\unins000.exe"
    publisher: ParetoLogic Inc.
    help link: http://www.paretologic.com

    Yahoo! Toolbar (Yahoo! Companion)
    uninstall cmd: C:\PROGRA~1\Yahoo!\Common\unyt.exe

    Yahoo! Toolbar (Yahoo! Toolbar)

    Zero Assumption Recovery Version 7.3.1 (Zero Assumption Recovery_is1)
    install location: C:\Program Files\ZAR\
    uninstall cmd: "C:\Program Files\ZAR\unins000.exe"
    help link: http://www.z-a-recovery.com/support.htm

    Zero Popup (remove only) (Zero Popup)
    uninstall cmd: "C:\Program Files\Zero Popup\uninst.exe"

    Symantec KB-DocID:2003093015493306 1.0.0.1 ({08C5815C-2C6E-44f8-8748-0E61BC9AFB68})
    version: 16777216
    version (major): 1
    estimated size: 340
    install date: 20050617
    install source: C:\DOCUME~1\John\LOCALS~1\Temp\SymKBFix\
    uninstall cmd: MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
    publisher: Symantec Corporation

    PC Camera (6025 VGA) 2.47.0.0 ({0EB60281-1F3E-4B01-96C4-AC1C1D1B4D2B})
    version: 36634624
    install location: C:\Program Files\Sonix\PC Camera (6025 VGA)
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0EB60281-1F3E-4B01-96C4-AC1C1D1B4D2B}\Setup.exe" -l0x9

    Dell Solution Center 1.00.0000 ({11F1920A-56A2-4642-B6E0-3B31A12C9288})
    version: 16777216
    version (major): 1
    install date: 20021010
    uninstall cmd: MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
    publisher: Dell
    help link: http://www.support.dell.com
    help telephone: http://www.support.dell.com

    Norton WMI Update 2005.1.2.20 ({1526D87C-A955-4FAB-BF18-697BA457E352})
    version (major): 2005
    version (minor): 1
    estimated size: 2080
    install date: 20041113
    install source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\EXITEM~1.1_E\
    uninstall cmd: MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
    publisher: Symantec Corporation

    Symantec 11.0.2 ({228F6876-A313-40A3-91C0-C3CBE6997D09})
    version: 184549378
    version (major): 11
    estimated size: 2976
    install date: 20060207
    install source: C:\DOCUME~1\John\LOCALS~1\Temp\NAV\Support\MSRedist\
    uninstall cmd: MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
    publisher: Symantec Corp

    Internet Worm Protection 11.0.2 ({2908F0CB-C1D4-447F-97A2-CFC135C9F8D4})
    version: 184549378
    version (major): 11
    estimated size: 11381
    install date: 20060207
    install source: C:\DOCUME~1\John\LOCALS~1\Temp\NAV\NAV\
    uninstall cmd: MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
    publisher: Symantec Corp

    SymNet 5.4.0 ({2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2})
    version: 84148224
    version (major): 5
    version (minor): 4
    estimated size: 20
    install date: 20060207
    install source: C:\DOCUME~1\John\LOCALS~1\Temp\NAV\Support\SymNet\
    uninstall cmd: MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
    publisher: Symantec Corporation

    J2SE Runtime Environment 5.0 Update 3 1.5.0.30 ({3248F0A8-6813-11D6-A77B-00B0D0150030})
    version: 17104896
    version (major): 1
    version (minor): 5
    estimated size: 120709
    install date: 20060223
    install source: http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/
    uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
    publisher: Sun Microsystems, Inc.
    contact: http://java.com
    help link: http://java.com
    readme: C:\Program Files\Java\jre1.5.0_03\README.txt

    J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
    version: 17104896
    version (major): 1
    version (minor): 5
    estimated size: 122301
    install date: 20060505
    install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_06plus-b05/windows-i586//
    uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    publisher: Sun Microsystems, Inc.
    contact: http://java.com
    help link: http://java.com
    readme: C:\Program Files\Java\jre1.5.0_06\README.txt

    Norton AntiVirus Help 11.00.00 ({34EEB1F5-E939-40A1-A6BA-957282A4B2C8})
    version: 184549376
    version (major): 11
    estimated size: 932
    install date: 20060207
    install source: C:\DOCUME~1\John\LOCALS~1\Temp\NAV\Support\Help\
    uninstall cmd: MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
    publisher: Symantec Corp.

    WebFldrs XP 9.50.5318 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
    version: 154277062
    version (major): 9
    version (minor): 50
    estimated size: 2524
    install date: 20010831
    install source: C:\WINDOWS\System32\
    publisher: Microsoft Corporation
    help link: http://www.microsoft.com/windows

    Google Earth 3.0.0762 ({3DE5E7D4-7B88-403C-A3FD-2017A8240C5B})
    version: 50332410
    install date: 20060106
    install location: C:\Program Files\Google\Google Earth
    install source: C:\DOCUME~1\John\LOCALS~1\Temp\bye19.tmp\Disk1\
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
    publisher: Google

    MySpaceIM 1.0.312.0 ({3F7A29AC-A839-49A7-B2F4-BD9A35CDE5EC})
    version: 16777528
    version (major): 1
    estimated size: 15705
    install date: 20060605
    install source: C:\Documents and Settings\Paul\My Documents\
    uninstall cmd: MsiExec.exe /I{3F7A29AC-A839-49A7-B2F4-BD9A35CDE5EC}
    publisher: MySpace

    FUJIFILM USB Driver ({5490882C-6961-11D5-BAE5-00E0188E010B})
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"

    EasyGPRS ({56108448-9B38-4FF8-BE61-2ED13C19D0FE})
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56108448-9B38-4FF8-BE61-2ED13C19D0FE}\Setup.exe" -l0x9

    Music Manager 9.20.0002 ({5AFA4872-16B2-419E-ADCA-8E96E739115D})
    version: 152305666
    install location: C:\Program Files\Music Manager
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AFA4872-16B2-419E-ADCA-8E96E739115D}\setup.exe" -l0x9

    PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

    Java 2 Runtime Environment Standard Edition v1.3.1_15 ({68249B75-B714-11D7-88E8-0050DA21757E})
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68249B75-B714-11D7-88E8-0050DA21757E}\Setup.exe" -uninst

    Symantec Network Drivers Update 5.4.4.17 ({7169B8E4-2632-46B1-AA5F-167CB5FE5029})
    version: 84148228
    version (major): 5
    version (minor): 4
    estimated size: 3622
    install date: 20050219
    install source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\EXITEM~1.3_E\
    publisher: Symantec Corporation

    SPBBC 1.00.0000 ({77772678-817F-4401-9301-ED1D01A8DA56})
    version: 16777216
    version (major): 1
    estimated size: 1463
    install date: 20060207
    install location: C:\Program Files\Norton AntiVirus\
    install source: C:\DOCUME~1\John\LOCALS~1\Temp\NAV\Support\SPBBC\
    uninstall cmd: MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
    publisher: Your Company Name

    EPSON PRINT Image Framer Tool2.0 ({7BA1FB62-A363-4D24-8870-45131F0D0137})
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BA1FB62-A363-4D24-8870-45131F0D0137}\setup.exe" -l0x9 anything

    Easy CD Creator 5 Platinum 5.0.0.0000 ({8851E12C-0EF9-11D4-A788-009027ABA5D0})
    version: 83886080
    version (major): 5
    estimated size: 120708
    install date: 20021115
    install source: C:\Documents and Settings\John\My Documents\My Music\tmp\
    uninstall cmd: MsiExec.exe /I{8851E12C-0EF9-11D4-A788-009027ABA5D0}
    publisher: Roxio Inc
    contact: Technical Support
    help link: http://www.roxio.com/en/support
    help telephone:

    EPSON PhotoQuicker3.4 ({8A793FC6-6DF5-11DD-BB6A-00018021113F})
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A793FC6-6DF5-11DD-BB6A-00018021113F}\setup.exe" -l0x9 uninst

    Microsoft Office XP Professional with FrontPage 10.0.2627.0 ({90280409-6000-11D3-8CFE-0050048383C9})
    version: 167774787
    version (major): 10
    estimated size: 183232
    install date: 20030312
    install location: INSTALLLOCATION
    install source: C:\Documents and Settings\John\Desktop\
    uninstall cmd: MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
    publisher: Microsoft Corporation
    help link: http://www.microsoft.com/support
    readme: C:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM

    Help and Support Customization 1.00.0000 ({90D55A3F-1D99-4C94-A77E-46DC14F0BF08})
    version: 16777216
    version (major): 1
    install date: 20021010
    publisher: Dell
    contact: http://www.support.dell.com
    help link: http://www.support.dell.com
    help telephone: http://www.support.dell.com

    SmartCamera Ver 2.1 2.01.0001 ({9527450C-64B3-11D5-9B31-000021116B62})
    version: 33619969
    version (major): 2
    version (minor): 1
    estimated size: 11469
    install date: 20050525
    install source: C:\DOCUME~1\John\LOCALS~1\Temp\_is12D\
    uninstall cmd: MsiExec.exe /X{9527450C-64B3-11D5-9B31-000021116B62}
    publisher: MingjongTechnologies CO.,LTD.
    help link: http://www.mingjong.com.tw
    help telephone: 886-2-29567677

    Turbo Lister 2.0.0 ({99CC78D1-2356-497C-84C1-F239884001EC})
    version: 33554432
    version (major): 2
    estimated size: 20305
    install date: 20040711
    install location: C:\Program Files\eBay\Turbo Lister\
    install source: http://download.ebay.com/turbo_lister/UK/
    publisher: eBay
    comments: eBay Turbo Lister
    contact: Customer Support Department
    help link: http://www.ebay.com/help
    help telephone:
    readme:

    ({B2EFE303-A594-11D5-95EB-005004BC1C65})

    Ulead Photo Express 4.0 SE ({BBC0D330-C37B-4472-BFB9-AA217CF0C95F})
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}\Setup.exe" -l0x9

    MSN Music Mediabar 11.1.0.1012 ({C45B1500-7B63-47C2-AB25-C28CB46AFDEE})
    install date: 20060530
    uninstall cmd: C:\WINDOWS\Downloaded Program Files\MusicManagerUnInstaller.exe "C:\WINDOWS\Downloaded Program Files\MusicManagerPlugin.ocx" "{C45B1500-7B63-47C2-AB25-C28CB46AFDEE}"
    publisher: OD2
    contact: DrDownload
    help link: mailto:msndrdownload@od2.com

    Norton AntiVirus 2005 11.0.2 ({C6F5B6CF-609C-428E-876F-CA83176C021B})
    version: 184549378
    version (major): 11
    estimated size: 58900
    install date: 20060207
    install source: C:\DOCUME~1\John\LOCALS~1\Temp\NAV\NAV\
    uninstall cmd: MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
    publisher: Symantec Corporation

    MSN Messenger 7.5 7.5.0324.0 ({CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5})
    version: 117768516
    version (major): 7
    version (minor): 5
    estimated size: 15977
    install date: 20060210
    install source: C:\DOCUME~1\Paul\LOCALS~1\Temp\IXP000.TMP\
    uninstall cmd: MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
    publisher: Microsoft Corporation

    Cactus Spam Filter ({CEC336A0-86C7-40CA-838D-C11DC0AEC09E})
    install date: 03/02/2006
    install location: C:\Program Files\Cactus Spam Filter
    install source: C:\Documents and Settings\John\Desktop
    uninstall cmd: "C:\Program Files\Cactus Spam Filter\Uninstall.exe" "C:\Program Files\Cactus Spam Filter\install.log"
    publisher: Codeode

    Norton AntiVirus SYMLT MSI 11.0.2 ({D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8})
    version: 184549378
    version (major): 11
    estimated size: 1187
    install date: 20060207
    install source: C:\DOCUME~1\John\LOCALS~1\Temp\NAV\NAV\
    uninstall cmd: MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
    publisher: Symantec Corp.

    Symantec Script Blocking Installer 11.0.2 ({D327AFC9-7BAA-473A-8319-6EB7A0D40138})
    version: 184549378
    version (major): 11
    estimated size: 497
    install date: 20060207
    install source: C:\DOCUME~1\John\LOCALS~1\Temp\NAV\Support\ScrBlock\
    uninstall cmd: MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
    publisher: Symantec

    Paint Shop Pro 7 ESD 7.0.0.0000 ({D6DE02C7-1F47-11D4-9515-00105AE4B89A})
    version: 117440512
    version (major): 7
    estimated size: 45126
    install date: 20021105
    install source: C:\DOCUME~1\Sue\LOCALS~1\Temp\_is7\
    uninstall cmd: MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
    publisher: Jasc Software Inc
    comments: Paint Shop Pro 7
    help link: http://www.jasc.com
    help telephone: 952-930-9171
    readme: C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Readme.doc

    ccCommon 103.0.1.26 ({DC367608-64A7-4BF7-92F4-8BAA25BA02DB})
    version: 1728053249
    version (major): 103
    estimated size: 5530
    install date: 20060207
    install source: C:\DOCUME~1\John\LOCALS~1\Temp\NAV\Support\ccCommon\
    uninstall cmd: MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
    publisher: Symantec

    Ulead Photo Explorer 7.0 SE ({E38E1721-7FE7-11D4-A898-0000E83DCDA6})
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E38E1721-7FE7-11D4-A898-0000E83DCDA6}\Setup.exe" -l0x9

    Norton AntiVirus Parent MSI 11.0.2 ({E5EE9939-259F-4DE2-8023-5C49E16A4F43})
    version: 184549378
    version (major): 11
    estimated size: 709
    install date: 20060207
    install source: C:\DOCUME~1\John\LOCALS~1\Temp\NAV\NAV\
    uninstall cmd: MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
    publisher: Symantec Corp.

    PIF DESIGNER2.0 ({E8FB4BF9-4C95-4F39-B26D-33C31A2CEE09})
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E8FB4BF9-4C95-4F39-B26D-33C31A2CEE09}\setup.exe" -l0x9 anything

    Norton WMI Update 2005.1.0.111 ({F64306A5-4C32-41bb-B153-53986527FAB4})
    version (major): 2005
    version (minor): 1
    estimated size: 5
    install date: 20060207
    install source: C:\DOCUME~1\John\LOCALS~1\Temp\NAV\Support\SymSC\
    uninstall cmd: MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
    publisher: Symantec Corporation

    Microsoft Works 6.0 06.00.1829 ({F8D0829C-9C6F-11D3-8080-00C04FA329AA})
    version: 100665125
    version (major): 6
    install date: 20021010
    uninstall cmd: MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
    publisher: Microsoft Corporation
    comments: Microsoft Works 6.0 installation.
    help link: http://support.microsoft.com/support/works



    --- System Services ---
    Service (registry key): Abiosdsk
    Start: 4
    Type: 1
    Error Control: 0

    Service (registry key): abp480n5
    Display name: abp480n5
    Image path: \SystemRoot\System32\DRIVERS\ABP480N5.SYS
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ac97intc
    Display name: Intel(r) 82801 Audio Driver Install Service (WDM)
    Image path: system32\drivers\ac97intc.sys
    Image size: 96256
    Image MD5: 0F2D66D5F08EBE2F77BB904288DCF6F0
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): ACPI
    Display name: Microsoft ACPI Driver
    Image path: System32\DRIVERS\ACPI.sys
    Image size: 179200
    Image MD5: 45E0D94158CA0EC71FF12DBB81B39ED3
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): ACPIEC
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): adpu160m
    Display name: adpu160m
    Image path: \SystemRoot\System32\DRIVERS\adpu160m.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): aeaudio
    Image path: system32\drivers\aeaudio.sys
    Image size: 4816
    Image MD5: 11C04B17ED2ABBB4833694BCD644AC90
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): aec
    Display name: Microsoft Kernel Acoustic Echo Canceller
    Image path: system32\drivers\aec.sys
    Image size: 122472
    Image MD5: B45A744CA0A15A59D8B0307CE9741E92
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): AFD
    Display name: AFD Networking Support Environment
    Image path: \SystemRoot\System32\drivers\afd.sys
    Start: 2
    Type: 1
    Error Control: 1

    Service (registry key): agp440
    Display name: Intel AGP Bus Filter
    Image path: \SystemRoot\System32\DRIVERS\agp440.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): agpCPQ
    Display name: Compaq AGP Bus Filter
    Image path: \SystemRoot\System32\DRIVERS\agpCPQ.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Aha154x
    Display name: Aha154x
    Image path: \SystemRoot\System32\DRIVERS\aha154x.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): aic78u2
    Display name: aic78u2
    Image path: \SystemRoot\System32\DRIVERS\aic78u2.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): aic78xx
    Display name: aic78xx
    Image path: \SystemRoot\System32\DRIVERS\aic78xx.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Alerter
    Display name: Alerter
    Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalService
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: LanmanWorkstation

    Service (registry key): ALG
    Display name: Application Layer Gateway Service
    Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\alg.exe
    Image size: 40960
    Image MD5: C23EB4661BF60C77280F8A3620D43B8E
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): AliIde
    Display name: AliIde
    Image path: \SystemRoot\System32\DRIVERS\aliide.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): alim1541
    Display name: ALI AGP Bus Filter
    Image path: \SystemRoot\System32\DRIVERS\alim1541.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): amdagp
    Display name: AMD AGP Bus Filter Driver
    Image path: \SystemRoot\System32\DRIVERS\amdagp.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): amsint
    Display name: amsint
    Image path: \SystemRoot\System32\DRIVERS\amsint.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): AppMgmt
    Display name: Application Management
    Description: Provides software installation services such as Assign, Publish, and Remove.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): asc
    Display name: asc
    Image path: \SystemRoot\System32\DRIVERS\asc.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): asc3350p
    Display name: asc3350p
    Image path: \SystemRoot\System32\DRIVERS\asc3350p.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): asc3550
    Display name: asc3550
    Image path: \SystemRoot\System32\DRIVERS\asc3550.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): AsyncMac
    Display name: RAS Asynchronous Media Driver
    Description: RAS Asynchronous Media Driver
    Image path: System32\DRIVERS\asyncmac.sys
    Image size: 13568
    Image MD5: 03F403B07A884FC2AA54A0916C410931
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): atapi
    Display name: Standard IDE/ESDI Hard Disk Controller
    Image path: System32\DRIVERS\atapi.sys
    Image size: 86656
    Image MD5: A64013E98426E1877CB653685C5C0009
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): Atdisk
    Start: 4
    Type: 1
    Error Control: 0

    Service (registry key): Atmarpc
    Display name: ATM ARP Client Protocol
    Description: ATM ARP Client Protocol
    Image path: System32\DRIVERS\atmarpc.sys
    Image size: 57216
    Image MD5: 8D735CA1CBDB0081B0E3B9FF0EB222D0
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): AudioSrv
    Display name: Windows Audio
    Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: PlugPlay,RpcSs

    Service (registry key): audstub
    Display name: Audio Stub Driver
    Image path: System32\DRIVERS\audstub.sys
    Image size: 3072
    Image MD5: D9F724AA26C010A217C97606B160ED68
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Automatic LiveUpdate Scheduler
    Display name: Automatic LiveUpdate Scheduler
    Description: Manages the scheduling of Automatic LiveUpdate sessions
    Object name: LocalSystem
    Image path: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
    Image size: 100032
    Image MD5: 1B58EE9929BAB30D06092E584F7D899F
    Start: 2
    Type: 16
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): BattC
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): Beep
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): BITS
    Display name: Background Intelligent Transfer Service
    Description: Uses idle network bandwidth to transfer data.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: Rpcss

    Service (registry key): Browser
    Display name: Computer Browser
    Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: LanmanWorkstation,LanmanServer

    Service (registry key): cbidf
    Display name: cbidf
    Image path: \SystemRoot\System32\DRIVERS\cbidf2k.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): cbidf2k
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): CCDECODE
    Display name: Closed Caption Decoder
    Image path: System32\DRIVERS\CCDECODE.sys
    Image size: 16256
    Image MD5: 1108137A497C112126B3F1F0E8A021B6
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): ccEvtMgr
    Display name: Symantec Event Manager
    Description: Symantec Event Manager
    Object name: LocalSystem
    Image path: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    Image size: 198304
    Image MD5: B0BEB1D0B3506919A56CDF04ACEA9F70
    Start: 2
    Type: 16
    Error Control: 0
    Depends On services: RPCSS,ccSetMgr

    Service (registry key): ccPwdSvc
    Display name: Symantec Password Validation
    Description: Symantec Password Validation Service
    Object name: LocalSystem
    Image path: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
    Image size: 79520
    Image MD5: 2232800FD8E0F477073FAD7198152EDF
    Start: 3
    Type: 16
    Error Control: 0

    Service (registry key): ccSetMgr
    Display name: Symantec Settings Manager
    Description: Symantec Settings Manager
    Object name: LocalSystem
    Image path: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    Image size: 181920
    Image MD5: 103D570135D9AD6F99AAFB54B7323E99
    Start: 2
    Type: 16
    Error Control: 0
    Depends On services: RPCSS

    Service (registry key): cd20xrnt
    Display name: cd20xrnt
    Image path: \SystemRoot\System32\DRIVERS\cd20xrnt.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Cdaudio
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): Cdfs
    Start: 4
    Type: 2
    Error Control: 1
    Depends On group: "SCSI CDROM Class"

    Service (registry key): CDR4_2K
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): Cdr4_xp
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): Cdralw2k
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): Cdrom
    Display name: CD-ROM Driver
    Image path: System32\DRIVERS\cdrom.sys
    Image size: 47488
    Image MD5: CB762E814F602229A574F4D78D3D6A30
    Start: 1
    Type: 1
    Error Control: 1
    Depends On group: "SCSI miniport"

    Service (registry key): cdudf_XP
    Start: 1
    Type: 2
    Error Control: 1

    Service (registry key): Changer
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): cisvc
    Display name: Indexing Service
    Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\cisvc.exe
    Image size: 5120
    Image MD5: 325F1D50AFD0D6CE830938262AC2AE14
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): Class
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): ClipSrv
    Display name: ClipBook
    Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\clipsrv.exe
    Image size: 30720
    Image MD5: 08EBC742345AB7EF2EC29BC92D6D33DD
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: NetDDE

    Service (registry key): CmdIde
    Display name: CmdIde
    Image path: \SystemRoot\System32\DRIVERS\cmdide.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): COMSysApp
    Display name: COM+ System Application
    Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    Image size: 4608
    Image MD5: 6AE95FAF782E6F6AC6E4B3ACBF3D1573
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: rpcss

    Service (registry key): ContentFilter
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): ContentIndex
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): Cpqarray
    Display name: Cpqarray
    Image path: \SystemRoot\System32\DRIVERS\cpqarray.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): CryptSvc
    Display name: Cryptographic Services
    Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): dac2w2k
    Display name: dac2w2k
    Image path: \SystemRoot\System32\DRIVERS\dac2w2k.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): dac960nt
    Display name: dac960nt
    Image path: \SystemRoot\System32\DRIVERS\dac960nt.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Dhcp
    Display name: DHCP Client
    Description: Manages network configuration by registering and updating IP addresses and DNS names.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: Tcpip,Afd,NetBT

    Service (registry key): Disk
    Display name: Disk Driver
    Image path: System32\DRIVERS\disk.sys
    Image size: 33664
    Image MD5: 43A10CD19D648E57ED039A6CAA667A56
    Start: 0
    Type: 1
    Error Control: 1
    Depends On group: "SCSI miniport"

    Service (registry key): DLKRTS
    Display name: D-Link DFE-538TX 10/100 Adapter
    Image path: System32\DRIVERS\DLKRTS.SYS
    Image size: 25434
    Image MD5: 39D78DCE2B9CED2B19747BC0C9E8FF10
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): dmadmin
    Display name: Logical Disk Manager Administrative Service
    Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\dmadmin.exe /com
    Image size: 204800
    Image MD5: 67648497FDC9A9235A2642950E326756
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,PlugPlay,DmServer

    Service (registry key): dmboot
    Image path: System32\drivers\dmboot.sys
    Image size: 780928
    Image MD5: E18132D39407AADCA6B1D19ADF408A8A
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): dmio
    Display name: Logical Disk Manager Driver
    Image path: System32\DRIVERS\dmio.sys
    Image size: 146304
    Image MD5: ACA44E9A8E2FF7C833664263C8478629
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): dmload
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): dmserver
    Display name: Logical Disk Manager
    Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,PlugPlay

    Service (registry key): DMusic
    Display name: Microsoft Kernel DLS Syntheiszer
    Image path: system32\drivers\DMusic.sys
    Image size: 50048
    Image MD5: EF05974D47D56FA8387F170F05BAE5E7
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Dnscache
    Display name: DNS Client
    Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): dpti2o
    Display name: dpti2o
    Image path: \SystemRoot\System32\DRIVERS\dpti2o.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): drmkaud
    Display name: Microsoft Kernel DRM Audio Descrambler
    Image path: system32\drivers\drmkaud.sys
    Image size: 2816
    Image MD5: AA94E0CBD79DB63100D0EAE061EB69BC
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): dvd_2K
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): EL90XBC
    Display name: 3Com EtherLink XL 90XB/C Adapter Driver
    Image path: System32\DRIVERS\el90xbc5.sys
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): EPSONStatusAgent2
    Display name: EPSON Printer Status Agent2
    Object name: LocalSystem
    Image path: C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    Image size: 94208
    Image MD5: 12CDB5DC7774298223099D6E41ED5CE7
    Start: 2
    Type: 16
    Error Control: 1

    Service (registry key): ERSvc
    Display name: Error Reporting Service
    Description: Allows error reporting for services and applictions running in non-standard environments.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 0
    Depends On services: RpcSs

    Service (registry key): Eventlog
    Display name: Event Log
    Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\services.exe
    Image size: 101376
    Image MD5: E3DF4A0252D287C44606EE55355E1623
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): EventSystem
    Display name: COM+ Event System
    Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): ewido security suite control
    Display name: ewido security suite control
    Object name: LocalSystem
    Image path: C:\Program Files\ewido\security suite\ewidoctrl.exe
    Image size: 16448
    Image MD5: 867D9D1FA818F8629BB7A4A26E94B06A
    Start: 2
    Type: 272
    Error Control: 0

    Service (registry key): ewido security suite driver
    Display name: ewido security suite driver
    Image path: \??\C:\Program Files\ewido\security suite\guard.sys
    Image size: 3072
    Image MD5: 2FF233E31AEFFF332F187E8E2ABFA6C5
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): ewido security suite guard
    Display name: ewido security suite guard
    Object name: LocalSystem
    Image path: C:\Program Files\ewido\security suite\ewidoguard.exe
    Image size: 151616
    Image MD5: 34A50717AD686900F078F5208F8E908E
    Start: 4
    Type: 272
    Error Control: 0

    Service (registry key): Fastfat
    Start: 4
    Type: 2
    Error Control: 1

    Service (registry key): FastUserSwitchingCompatibility
    Display name: Fast User Switching Compatibility
    Description: Provides management for applications that require assistance in a multiple user environment.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: TermService

    Service (registry key): Fdc
    Display name: Floppy Disk Controller Driver
    Image path: System32\DRIVERS\fdc.sys
    Image size: 26240
    Image MD5: 19C5C7EAC0190A42522290BF002F64EA
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): FINEPIX_PCC
    Display name: FinePix Digital Camera 020717
    Image path: System32\Drivers\V4CB011D.SYS
    Image size: 81700
    Image MD5: C05D16C1EF3F5519764FEFDF281CA4D2
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Fips
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): Flpydisk
    Display name: Floppy Disk Driver
    Image path: System32\DRIVERS\flpydisk.sys
    Image size: 19712
    Image MD5: 21E41E89B9B191B685F99B7A8885310B
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Fs_Rec
    Start: 1
    Type: 8
    Error Control: 0

    Service (registry key): Ftdisk
    Display name: Volume Manager Driver
    Image path: System32\DRIVERS\ftdisk.sys
    Image size: 125056
    Image MD5: 6AC26732762483366C3969C9E4D2259D
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): GearAspiWDM
    Display name: GEARAspiWDM
    Image path: system32\drivers\GEARAspiWDM.sys
    Image size: 9344
    Image MD5: B969A0706E677997798C8F9B5CFD00BD
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): GEARSecurity
    Object name: LocalSystem
    Image path: system32\gearsec.exe
    Image size: 49152
    Image MD5: 17B77D83C53AE007C11ED811D992E727
    Start: 2
    Type: 16
    Error Control: 0

    Service (registry key): Gpc
    Display name: Generic Packet Classifier
    Description: Generic Packet Classifier
    Image path: System32\DRIVERS\msgpc.sys
    Image size: 33792
    Image MD5: 13591E0A02E85DE2A388F3EC4BD206DF
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): helpsvc
    Display name: Help and Support
    Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): HidServ
    Display name: Human Interface Device Access
    Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 4
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): hpn
    Display name: hpn
    Image path: \SystemRoot\System32\DRIVERS\hpn.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): hpt3xx
    Display name: hpt3xx
    Image path: \SystemRoot\System32\DRIVERS\hpt3xx.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): i2omgmt
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): i2omp
    Display name: i2omp
    Image path: \SystemRoot\System32\DRIVERS\i2omp.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): i8042prt
    Display name: i8042 Keyboard and PS/2 Mouse Port Driver
    Image path: System32\DRIVERS\i8042prt.sys
    Image size: 50944
    Image MD5: 54AE656490B33F84B4417194AA127B25
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): ialm
    Image path: System32\DRIVERS\ialmnt5.sys
    Image size: 78877
    Image MD5: C7B04F6F4C2262561A792B5863A8A082
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): Imapi
    Image path: system32\drivers\Imapi.sys
    Image size: 39296
    Image MD5: EC8846F604B96B0A74B8C26A2BD3DC22
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): ImapiService
    Display name: IMAPI CD-Burning COM Service
    Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: C:\WINDOWS\System32\Imapi.exe
    Image size: 118784
    Image MD5: F6069827B0A39DC75D251CFB37C4E9C9
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): inetaccs
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): ini910u
    Display name: ini910u
    Image path: \SystemRoot\System32\DRIVERS\ini910u.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Inport
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): IntelIde
    Display name: IntelIde
    Image path: \SystemRoot\System32\DRIVERS\intelide.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): IpFilterDriver
    Display name: IP Traffic Filter Driver
    Description: IP Traffic Filter Driver
    Image path: System32\DRIVERS\ipfltdrv.sys
    Image size: 32896
    Image MD5: 731F22BA402EE4B62748ADAF6363C182
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): IpInIp
    Display name: IP in IP Tunnel Driver
    Description: IP in IP Tunnel Driver
    Image path: System32\DRIVERS\ipinip.sys
    Image size: 19584
    Image MD5: F56DD863BA732A4E8EE58D486C31250F
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): IpNat
    Display name: IP Network Address Translator
    Description: IP Network Address Translator
    Image path: System32\DRIVERS\ipnat.sys
    Image size: 76288
    Image MD5: 561E2AEDE82CAE972D572C60D4E090BF
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): IPSec
    Display name: IPSEC driver
    Description: IPSEC driver
    Image path: System32\DRIVERS\ipsec.sys
    Image size: 56064
    Image MD5: 87AD207BC4437F215508024559D72F30
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): IRENUM
    Display name: IR Enumerator Service
    Image path: System32\DRIVERS\irenum.sys
    Image size: 10496
    Image MD5: B43201394646B7E98C89056EDDA686B5
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): ISAPISearch
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): isapnp
    Display name: PnP ISA/EISA Bus Driver
    Image path: System32\DRIVERS\isapnp.sys
    Image size: 35840
    Image MD5: E504F706CCB699C2596E9A3DA1596E87
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): Kbdclass
    Display name: Keyboard Class Driver
    Image path: System32\DRIVERS\kbdclass.sys
    Image size: 23424
    Image MD5: 9C30CD464D87102497FD7C32910E6253
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): kmixer
    Display name: Microsoft Kernel Wave Audio Mixer
    Image path: system32\drivers\kmixer.sys
    Image size: 159232
    Image MD5: ECD42891ECC1CA80FCB849511D3DF186
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): KSecDD
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): lanmanserver
    Display name: Server
    Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): lanmanworkstation
    Display name: Workstation
    Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): lbrtfdc
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): ldap
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): LicenseService
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): LiveUpdate
    Display name: LiveUpdate
    Description: LiveUpdate Core Engine
    Object name: LocalSystem
    Image path: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
    Image size: 2045632
    Image MD5: 89BFFB6A09652DA7D019A387354D0D19
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): LmHosts
    Display name: TCP/IP NetBIOS Helper
    Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalService
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: NetBT,Afd

    Service (registry key): MASPINT
    Start: 2
    Type: 1
    Error Control: 1

    Service (registry key): Messenger
    Display name: Messenger
    Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: LanmanWorkstation,NetBIOS,PlugPlay,RpcSS

    Service (registry key): mmc_2K
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): mnmdd
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): mnmsrvc
    Display name: NetMeeting Remote Desktop Sharing
    Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: C:\WINDOWS\System32\mnmsrvc.exe
    Image size: 32768
    Image MD5: 743AEA1D5DB177ED3F1A0A25B3F5D6A6
    Start: 3
    Type: 272
    Error Control: 1

    Service (registry key): Modem
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): Mouclass
    Display name: Mouse Class Driver
    Image path: System32\DRIVERS\mouclass.sys
    Image size: 22016
    Image MD5: E534CCBA5714E8BFFF4FB97D6453898F
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): MountMgr
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): mraid35x
    Display name: mraid35x
    Image path: \SystemRoot\System32\DRIVERS\mraid35x.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): MRxDAV
    Display name: WebDav Client Redirector
    Description: WebDav Client Redirector
    Image path: System32\DRIVERS\mrxdav.sys
    Image size: 172672
    Image MD5: D30CBA20CC355D3648B9FED5BB55A9D5
    Start: 3
    Type: 2
    Error Control: 1

    Service (registry key): MRxSmb
    Display name: MRXSMB
    Description: MRXSMB
    Image path: System32\DRIVERS\mrxsmb.sys
    Image size: 391936
    Image MD5: 852F6FCA866E68B3A4A78C2E86EFB874
    Start: 1
    Type: 2
    Error Control: 1

    Service (registry key): MSDTC
    Display name: Distributed Transaction Coordinator
    Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: C:\WINDOWS\System32\msdtc.exe
    Image size: 6144
    Image MD5: 073D2F5B53580583FEB704084CBA39CE
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RPCSS,SamSS

    Service (registry key): Msfs
    Start: 1
    Type: 2
    Error Control: 1

    Service (registry key): MSIServer
    Display name: Windows Installer
    Description: Installs, repairs and removes software according to instructions contained in .MSI files.
    Object name: LocalSystem
    Image path: C:\WINDOWS\System32\msiexec.exe /V
    Image size: 63488
    Image MD5: E7A49533944654EDD82D26338DF0FD05
    Start: 3
    Type: 288
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): MSKSSRV
    Display name: Microsoft Streaming Service Proxy
    Image path: system32\drivers\MSKSSRV.sys
    Image size: 6400
    Image MD5: 73FF6DDEAC27839583FE6A2573EE60CA
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): MSPCLOCK
    Display name: Microsoft Streaming Clock Proxy
    Image path: system32\drivers\MSPCLOCK.sys
    Image size: 5120
    Image MD5: BD8A0DCF208C27E20416BF9E8AED9CF9
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): MSPQM
    Display name: Microsoft Streaming Quality Manager Proxy
    Image path: system32\drivers\MSPQM.sys
    Image size: 4608
    Image MD5: F6A726B8832DB1F88326B8BE98B11981
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): MSTEE
    Display name: Microsoft Streaming Tee/Sink-to-Sink Converter
    Image path: system32\drivers\MSTEE.sys
    Image size: 4992
    Image MD5: 84C60D6CAADA1B4AB387187E883F520A
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Mup
    Display name: Mup
    Start: 0
    Type: 2
    Error Control: 1

    Service (registry key): NABTSFEC
    Display name: NABTS/FEC VBI Codec
    Image path: System32\DRIVERS\NABTSFEC.sys
    Image size: 83712
    Image MD5: 536E726644E1E9A8E4B8287CF2B86A4E
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): navapsvc
    Display name: Norton AntiVirus Auto-Protect Service
    Description: Handles Norton AntiVirus Auto-Protect events.
    Object name: LocalSystem
    Image path: "C:\Program Files\Norton AntiVirus\navapsvc.exe"
    Image size: 177264
    Image MD5: 8FC8458BCB585617AAC9E17A558D9155
    Start: 2
    Type: 16
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): NAVENG
    Display name: NAVENG
    Image path: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060621.024\NAVENG.Sys
    Image size: 77864
    Image MD5: 9FF1BD6BACEBC149813C54C5B861ADA4
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): NAVEX15
    Display name: NAVEX15
    Image path: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060621.024\NavEx15.Sys
    Image size: 799208
    Image MD5: 579434ED647A1E676228E97AD8C61C77
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): NDIS
    Display name: NDIS System Driver
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): NdisIP
    Display name: Microsoft TV/Video Connection
    Image path: System32\DRIVERS\NdisIP.sys
    Image size: 8064
    Image MD5: 46DDE6CDAA4677EB2D9B7DF35A25F9A2
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): NdisTapi
    Display name: Remote Access NDIS TAPI Driver
    Description: Remote Access NDIS TAPI Driver
    Image path: System32\DRIVERS\ndistapi.sys
    Image size: 9600
    Image MD5: 08D43BBDACDF23F34D79E44ED35C1B4C
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Ndisuio
    Display name: NDIS Usermode I/O Protocol
    Description: NDIS Usermode I/O Protocol
    Image path: System32\DRIVERS\ndisuio.sys
    Image size: 12160
    Image MD5: DA77857D9F9BC724D779DF64DA15164B
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): NdisWan
    Display name: Remote Access NDIS WAN Driver
    Description: Remote Access NDIS WAN Driver
    Image path: System32\DRIVERS\ndiswan.sys
    Image size: 88320
    Image MD5: DF101384699C87C70E9BD71DDF0E8509
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): NDProxy
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): NetBIOS
    Display name: NetBIOS Interface
    Description: NetBIOS Interface
    Image path: System32\DRIVERS\netbios.sys
    Image size: 33152
    Image MD5: 9F880D46EF6DCC865B8EF5C5A4956E3B
    Start: 1
    Type: 2
    Error Control: 1

    Service (registry key): NetBT
    Display name: NetBios over Tcpip
    Description: NetBios over Tcpip
    Image path: System32\DRIVERS\netbt.sys
    Image size: 149120
    Image MD5: 26891E42CDA5A9EDE7003229BBEB7EA2
    Start: 1
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): NetDDE
    Display name: Network DDE
    Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\netdde.exe
    Image size: 107008
    Image MD5: 32DE95F3FE559D7A1A3D9366DE355BFC
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: NetDDEDSDM

    Service (registry key): NetDDEdsdm
    Display name: Network DDE DSDM
    Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\netdde.exe
    Image size: 107008
    Image MD5: 32DE95F3FE559D7A1A3D9366DE355BFC
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): Netlogon
    Display name: Net Logon
    Description: Supports pass-through authentication of account logon events for computers in a domain.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\lsass.exe
    Image size: 11776
    Image MD5: 8A590EA109B5E0C7629E022F8A6B17C5
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: LanmanWorkstation

    Service (registry key): Netman
    Display name: Network Connections
    Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 3
    Type: 288
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): Nla
    Display name: Network Location Awareness (NLA)
    Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: Tcpip,Afd

    Service (registry key): nm
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): NPFMntor
    Display name: Norton AntiVirus Firewall Monitor Service
    Description: Detects installation of Symantec Firewall clients
    Object name: LocalSystem
    Image path: C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    Image size: 46704
    Image MD5: 96DB6F2D69F787C61A46CC86D6CFE69F
    Start: 2
    Type: 16
    Error Control: 0

    Service (registry key): Npfs
    Start: 1
    Type: 2
    Error Control: 1

    Service (registry key): Ntfs
    Start: 4
    Type: 2
    Error Control: 1

    Service (registry key): NtLmSsp
    Display name: NT LM Security Support Provider
    Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\lsass.exe
    Image size: 11776
    Image MD5: 8A590EA109B5E0C7629E022F8A6B17C5
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): NtmsSvc
    Display name: Removable Storage
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): Null
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): nv4
    Image path: System32\DRIVERS\nv4.sys
    Image size: 731648
    Image MD5: 4D31783965B0B7CED7DB3F4EE14CF260
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): NwlnkFlt
    Display name: IPX Traffic Filter Driver
    Description: IPX Traffic Filter Driver
    Image path: System32\DRIVERS\nwlnkflt.sys
    Image size: 12416
    Image MD5: B305F3FAD35083837EF46A0BBCE2FC57
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: NwlnkFwd

    Service (registry key): NwlnkFwd
    Display name: IPX Traffic Forwarder Driver
    Description: IPX Traffic Forwarder Driver
    Image path: System32\DRIVERS\nwlnkfwd.sys
    Image size: 32512
    Image MD5: C99B3415198D1AAB7227F2C88FD664B9
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): P3
    Display name: Intel PentiumIII Processor Driver
    Image path: System32\DRIVERS\p3.sys
    Image size: 34816
    Image MD5: F7602866134940FC6B30F9BC58B7228F
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): Parport
    Display name: Parallel port driver
    Image path: System32\DRIVERS\parport.sys
    Image size: 76160
    Image MD5: 1424FFBF560627B07CCE5082FA837F5C
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): PartMgr
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): ParVdm
    Start: 2
    Type: 1
    Error Control: 0
    Depends On services: Parport
    Depends On group: "Parallel arbitrator"

    Service (registry key): PCI
    Display name: PCI Bus Driver
    Image path: System32\DRIVERS\pci.sys
    Image size: 62464
    Image MD5: 1F96EECDF5D1E3385AC44C6A457B381F
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): PCIDump
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): PCIIde
    Image path: System32\DRIVERS\pciide.sys
    Image size: 3328
    Image MD5: CCF5F451BB1A5A2A522A76E670000FF0
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): Pcmcia
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): PDCOMP
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): PDFRAME
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): PDRELI
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): PDRFRAME
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): perc2
    Display name: perc2
    Image path: \SystemRoot\System32\DRIVERS\perc2.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): perc2hib
    Display name: perc2hib
    Image path: \SystemRoot\System32\DRIVERS\perc2hib.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): PerfDisk
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): PerfNet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): PerfOS
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): PerfProc
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): PlugPlay
    Display name: Plug and Play
    Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\services.exe
    Image size: 101376
    Image MD5: E3DF4A0252D287C44606EE55355E1623
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): PolicyAgent
    Display name: IPSEC Services
    Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\lsass.exe
    Image size: 11776
    Image MD5: 8A590EA109B5E0C7629E022F8A6B17C5
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RPCSS,Tcpip,IPSec

    Service (registry key): PptpMiniport
    Display name: WAN Miniport (PPTP)
    Description: WAN Miniport (PPTP)
    Image path: System32\DRIVERS\raspptp.sys
    Image size: 46208
    Image MD5: E0A8E63E75333AB0D742F9DBFB1688BA
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Processor
    Display name: Processor Driver
    Image path: System32\DRIVERS\processr.sys
    Image size: 30592
    Image MD5: 72F923F0A0FDFBE3252579CA1D1D8948
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): ProtectedStorage
    Display name: Protected Storage
    Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\lsass.exe
    Image size: 11776
    Image MD5: 8A590EA109B5E0C7629E022F8A6B17C5
    Start: 2
    Type: 288
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): PSched
    Display name: QoS Packet Scheduler
    Description: QoS Packet Scheduler
    Image path: System32\DRIVERS\psched.sys
    Image size: 65920
    Image MD5: 7FD061B0B0833D5106244B0CF2A1E68C
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: Gpc

    Service (registry key): Ptilink
    Display name: Direct Parallel Link Driver
    Description: Direct Parallel Link Driver
    Image path: System32\DRIVERS\ptilink.sys
    Image size: 17792
    Image MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): pwd_2K
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): ql1080
    Display name: ql1080
    Image path: \SystemRoot\System32\DRIVERS\ql1080.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Ql10wnt
    Display name: Ql10wnt
    Image path: \SystemRoot\System32\DRIVERS\ql10wnt.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ql12160
    Display name: ql12160
    Image path: \SystemRoot\System32\DRIVERS\ql12160.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ql1240
    Display name: ql1240
    Image path: \SystemRoot\System32\DRIVERS\ql1240.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ql1280
    Display name: ql1280
    Image path: \SystemRoot\System32\DRIVERS\ql1280.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): RasAcd
    Display name: Remote Access Auto Connection Driver
    Description: Remote Access Auto Connection Driver
    Image path: System32\DRIVERS\rasacd.sys
    Image size: 8832
    Image MD5: FE0D99D6F31E4FAD8159F690D68DED9C
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): RasAuto
    Display name: Remote Access Auto Connection Manager
    Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RasMan,Tapisrv

    Service (registry key): Rasl2tp
    Display name: WAN Miniport (L2TP)
    Description: WAN Miniport (L2TP)
    Image path: System32\DRIVERS\rasl2tp.sys
    Image size: 48640
    Image MD5: 01BD60CDE35D8B60F46EBDF5358D7127
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): RasMan
    Display name: Remote Access Connection Manager
    Description: Creates a network connection.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: Tapisrv

    Service (registry key): RasPppoe
    Display name: Remote Access PPPOE Driver
    Description: Remote Access PPPOE Driver
    Image path: System32\DRIVERS\raspppoe.sys
    Image size: 38912
    Image MD5: 888335B3BE346119CF7B4EFF3A3FCA7C
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Raspti
    Display name: Direct Parallel
    Description: Direct Parallel
    Image path: System32\DRIVERS\raspti.sys
    Image size: 16512
    Image MD5: FDBB1D60066FCFBB7452FD8F9829B242
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Rdbss
    Display name: Rdbss
    Description: Rdbss
    Image path: System32\DRIVERS\rdbss.sys
    Image size: 163840
    Image MD5: DE300831C74CFF09091E954A1844BDBF
    Start: 1
    Type: 2
    Error Control: 1

    Service (registry key): RDPCDD
    Image path: System32\DRIVERS\RDPCDD.sys
    Image size: 4224
    Image MD5: 4912D5B403614CE99C28420F75353332
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): RDPDD
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): rdpdr
    Display name: Terminal Server Device Redirector Driver
    Image path: System32\DRIVERS\rdpdr.sys
    Image size: 181632
    Image MD5: 57F34F83E278DD804BA4A0593D789312
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): RDPNP
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): RDPWD
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): RDSessMgr
    Display name: Remote Desktop Help Session Manager
    Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
    Object name: LocalSystem
    Image path: C:\WINDOWS\system32\sessmgr.exe
    Image size: 130048
    Image MD5: E6E3C190B143A6190C73F049EC39C37C
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): redbook
    Display name: Digital CD Audio Playback Filter Driver
    Image path: System32\DRIVERS\redbook.sys
    Image size: 55808
    Image MD5: DD2183A5092FEEE8961A1E19ABD1A0FC
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): RemoteAccess
    Display name: Routing and Remote Access
    Description: Offers routing services to businesses in local area and wide area network environments.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 4
    Type: 32
    Error Control: 1
    Depends On services: RpcSS
    Depends On group: NetBIOSGroup

    Service (registry key): RemoteRegistry
    Display name: Remote Registry
    Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): ROOTMODEM
    Display name: Microsoft Legacy Modem Driver
    Image path: System32\Drivers\RootMdm.sys
    Image size: 5888
    Image MD5: D8B0B4ADE32574B2D9C5CC34DC0DBBE7
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): RpcLocator
    Display name: Remote Procedure Call (RPC) Locator
    Description: Manages the RPC name service database.
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\locator.exe
    Image size: 68608
    Image MD5: 0ACFB0D8214501358FE501CF73425C52
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: LanmanWorkstation

    Service (registry key): RpcSs
    Display name: Remote Procedure Call (RPC)
    Description: Provides the endpoint mapper and other miscellaneous RPC services.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost -k rpcss
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): RSVP
    Display name: QoS RSVP
    Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\rsvp.exe
    Image size: 132608
    Image MD5: 471B3F9741D762ABE75E9DEEA4787E47
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: TcpIp,Afd,RpcSs

    Service (registry key): rtl8139
    Display name: Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver
    Image path: System32\DRIVERS\RTL8139.SYS
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): SamSs
    Display name: Security Accounts Manager
    Description: Stores security information for local user accounts.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\lsass.exe
    Image size: 11776
    Image MD5: 8A590EA109B5E0C7629E022F8A6B17C5
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): SAVRT
    Display name: SAVRT
    Image path: \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS
    Image size: 338056
    Image MD5: 3D2EB85B0A130CBA0CD08BCDD2B2E485
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: SAVRTPEL

    Service (registry key): SAVRTPEL
    Display name: SAVRTPEL
    Image path: \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS
    Image size: 50312
    Image MD5: A5D09F85B8717BBF67520B1CC71D641F
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): SAVScan
    Display name: SAVScan
    Description: Handles Norton AntiVirus Auto-Protect Archive Scanning
    Object name: LocalSystem
    Image path: C:\Program Files\Norton AntiVirus\SAVScan.exe
    Image size: 198368
    Image MD5: 63EE66B5229A14809E5D89A9275325AD
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: SAVRT

    Service (registry key): SBService
    Display name: ScriptBlocking Service
    Object name: LocalSystem
    Image path: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    Image size: 67184
    Image MD5: 2B4730E2E359FA0CDA5B1B1D362380EC
    Start: 2
    Type: 16
    Error Control: 1

    Service (registry key): SCardDrv
    Display name: Smart Card Helper
    Description: Enables support for legacy non-plug and play smart-card readers used by this computer. If this service is stopped, this computer will not support legacy reader. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\SCardSvr.exe
    Image size: 93184
    Image MD5: A885D4EDE9852D81981B32FB0F134703
    Start: 3
    Type: 32
    Error Control: 0
    Depends On group: "Smart Card Reader"

    Service (registry key): SCardSvr
    Display name: Smart Card
    Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\SCardSvr.exe
    Image size: 93184
    Image MD5: A885D4EDE9852D81981B32FB0F134703
    Start: 3
    Type: 32
    Error Control: 0
    Depends On services: PlugPlay

    Service (registry key): Schedule
    Display name: Task Scheduler
    Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 288
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): Secdrv
    Display name: Secdrv
    Description: SafeDisc driver
    Image path: System32\DRIVERS\secdrv.sys
    Image size: 27440
    Image MD5: D26E26EA516450AF9D072635C60387F4
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): seclogon
    Display name: Secondary Logon
    Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 288
    Error Control: 0

    Service (registry key): SENS
    Display name: System Event Notification
    Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: EventSystem

    Service (registry key): serenum
    Display name: Serenum Filter Driver
    Image path: System32\DRIVERS\serenum.sys
    Image size: 14976
    Image MD5: 65A7C4D86C153C82E33A552C217ABB29
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Serial
    Display name: Serial port driver
    Image path: System32\DRIVERS\serial.sys
    Image size: 62464
    Image MD5: 1A315877D2EFCC2D0FF892D6BDB845B5
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): Sfloppy
    Start: 1
    Type: 1
    Error Control: 0
    Depends On group: "SCSI miniport"

    Service (registry key): SharedAccess
    Display name: Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
    Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: Netman,NLA,RasMan,ALG

    Service (registry key): ShellHWDetection
    Display name: Shell Hardware Detection
    Description: Provides notifications for AutoPlay hardware events.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 0
    Depends On services: RpcSs

    Service (registry key): Simbad
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): sisagp
    Display name: SIS AGP Bus Filter
    Image path: \SystemRoot\System32\DRIVERS\sisagp.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): SLIP
    Display name: BDA Slip De-Framer
    Image path: System32\DRIVERS\SLIP.sys
    Image size: 10752
    Image MD5: 80B86F9B9EC4CD0E25627E4A7C54826A
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): smwdm
    Image path: system32\drivers\smwdm.sys
    Image size: 493896
    Image MD5: AF723F71210D1ED3DF9C5C91B4A37F93
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): SNDSrvc
    Display name: Symantec Network Drivers Service
    Description: Symantec Network Drivers Service
    Object name: LocalSystem
    Image path: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    Image size: 206552
    Image MD5: 997BF60BEF992C61C3014EF5C56D93EA
    Start: 2
    Type: 16
    Error Control: 0

    Service (registry key): SNPT513
    Display name: PC Camera (6025 VGA)
    Image path: System32\DRIVERS\snpt513.sys
    Image size: 183040
    Image MD5: 088C0AF35D6FF62B48F19A23D91B1DA6
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Sparrow
    Display name: Sparrow
    Image path: \SystemRoot\System32\DRIVERS\sparrow.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): SPBBCDrv
    Display name: SPBBCDrv
    Image path: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    Image size: 341096
    Image MD5: 924E82D6DEC26F82036E69B8D3F04216
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): SPBBCSvc
    Display name: Symantec SPBBCSvc
    Description: Symantec SPBBC
    Object name: LocalSystem
    Image path: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    Image size: 173160
    Image MD5: 08FA56B7C13B4CBF0E5D351AECAD92B1
    Start: 2
    Type: 16
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): splitter
    Display name: Microsoft Kernel Audio Splitter
    Image path: system32\drivers\splitter.sys
    Image size: 5632
    Image MD5: 2C55620B197ED2BA93126B76396BFF6E
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Spooler
    Display name: Print Spooler
    Description: Loads files to memory for later printing.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\spoolsv.exe
    Image size: 51200
    Image MD5: 9B4155BA58192D4073082B8FC5D42612
    Start: 2
    Type: 272
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): sr
    Display name: System Restore Filter Driver
    Image path: System32\DRIVERS\sr.sys
    Image size: 70400
    Image MD5: F899A5D353DCBBA12EACB379E7ABFEEE
    Start: 0
    Type: 2
    Error Control: 1

    Service (registry key): srservice
    Display name: System Restore Service
    Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): Srv
    Display name: Srv
    Description: Srv
    Image path: System32\DRIVERS\srv.sys
    Image size: 322304
    Image MD5: 9484B95298DD39700438E037CF829056
    Start: 3
    Type: 2
    Error Control: 1

    Service (registry key): SSDPSRV
    Display name: SSDP Discovery Service
    Description: Enables discovery of UPnP devices on your home network.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalService
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): stisvc
    Display name: Windows Image Acquisition (WIA)
    Description: Provides image acquisition services for scanners and cameras.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k imgsvc
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): streamip
    Display name: BDA IPSink
    Image path: System32\DRIVERS\StreamIP.sys
    Image size: 14592
    Image MD5: C0E7E159415C1D10A88297B7EBA01066
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): swenum
    Display name: Software Bus Driver
    Image path: System32\DRIVERS\swenum.sys
    Image size: 3840
    Image MD5: 064740C5C02DE46723C4B8200EE876DF
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): swmidi
    Display name: Microsoft Kernel GS Wavetable Synthesizer
    Image path: system32\drivers\swmidi.sys
    Image size: 54272
    Image MD5: 94ABC808FC4B6D7D2BBF42B85E25BB4D
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): SwPrv
    Display name: MS Software Shadow Copy Provider
    Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{A55307EF-A5C3-4560-A016-91C037AF9D84}
    Image size: 4608
    Image MD5: 6AE95FAF782E6F6AC6E4B3ACBF3D1573
    Start: 3
    Type: 16
    Error Control: 0
    Depends On services: rpcss

    Service (registry key): Symantec Core LC
    Display name: Symantec Core LC
    Description: Symantec Core LC
    Object name: LocalSystem
    Image path: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    Image size: 826512
    Image MD5: 4770F773C1417B913196FBF9E13A5ECB
    Start: 2
    Type: 272
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): symc810
    Display name: symc810
    Image path: \SystemRoot\System32\DRIVERS\symc810.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): symc8xx
    Display name: symc8xx
    Image path: \SystemRoot\System32\DRIVERS\symc8xx.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): SYMDNS
    Image path: \SystemRoot\System32\Drivers\SYMDNS.SYS
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): SymEvent
    Image path: \??\C:\Program Files\Symantec\SYMEVENT.SYS
    Image size: 123248
    Image MD5: 9351E17B2C6055CB0DF442E54E5C1961
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): SYMFW
    Image path: \SystemRoot\System32\Drivers\SYMFW.SYS
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): SYMIDS
    Image path: \SystemRoot\System32\Drivers\SYMIDS.SYS
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): SYMIDSCO
    Image path: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20060614.094\symidsco.sys
    Image size: 200184
    Image MD5: EC7976981B56DFAE608CFB0C6BAC0D2B
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): symlcbrd
    Display name: symlcbrd
    Image path: \??\C:\WINDOWS\System32\drivers\symlcbrd.sys
    Image size: 10344
    Image MD5: B226F8A4D780ACDF76145B58BB791D5B
    Start: 2
    Type: 1
    Error Control: 0

    Service (registry key): SYMNDIS
    Image path: \SystemRoot\System32\Drivers\SYMNDIS.SYS
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): SYMREDRV
    Image path: \SystemRoot\System32\Drivers\SYMREDRV.SYS
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): SYMTDI
    Display name: SYMTDI
    Image path: \SystemRoot\System32\Drivers\SYMTDI.SYS
    Start: 1
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): SymWSC
    Display name: SymWMI Service
    Description: Symantec WMI Service
    Object name: LocalSystem
    Image path: C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    Image size: 316544
    Image MD5: 67C5AF84809468061121FBCBECB19285
    Start: 2
    Type: 16
    Error Control: 0
    Depends On services: winmgmt

    Service (registry key): sym_hi
    Display name: sym_hi
    Image path: \SystemRoot\System32\DRIVERS\sym_hi.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): sym_u3
    Display name: sym_u3
    Image path: \SystemRoot\System32\DRIVERS\sym_u3.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): sysaudio
    Display name: Microsoft Kernel System Audio Device
    Image path: system32\drivers\sysaudio.sys
    Image size: 57472
    Image MD5: D0459F71807CCE71FE26A52F2EDEBAD9
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): SysmonLog
    Display name: Performance Logs and Alerts
    Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: NT Authority\NetworkService
    Image path: %SystemRoot%\system32\smlogsvc.exe
    Image size: 86016
    Image MD5: BB5F528DC9BA1F233730223385F3EFC2
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): TapiSrv
    Display name: Telephony
    Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: PlugPlay,RpcSs

    Service (registry key): Tcpip
    Display name: TCP/IP Protocol Driver
    Description: TCP/IP Protocol Driver
    Image path: System32\DRIVERS\tcpip.sys
    Image size: 327168
    Image MD5: E7774698BB0D14B0710A9A31E209F9B6
    Start: 1
    Type: 1
    Error Control: 1
    Depends On services: IPSec

    Service (registry key): TDPIPE
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): TDTCP
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): TermDD
    Display name: Terminal Device Driver
    Image path: System32\DRIVERS\termdd.sys
    Image size: 37896
    Image MD5: 68B71EB2E79F60640B4B3A1A714317E5
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): TermService
    Display name: Terminal Services
    Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): Themes
    Display name: Themes
    Description: Provides user experience theme management.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): TlntSvr
    Display name: Telnet
    Description: Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: C:\WINDOWS\System32\tlntsvr.exe
    Image size: 60928
    Image MD5: 0A69B1943DBC28DAED192CF646D1B0EE
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RPCSS,TCPIP,NTLMSSP

    Service (registry key): TosIde
    Display name: TosIde
    Image path: \SystemRoot\System32\DRIVERS\toside.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): TrkWks
    Display name: Distributed Link Tracking Client
    Description: Maintains links between NTFS files within a computer or across computers in a network domain.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): TSDDD
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): UdfReadr_xp
    Start: 1
    Type: 2
    Error Control: 1

    Service (registry key): Udfs
    Start: 4
    Type: 2
    Error Control: 1

    Service (registry key): ultra
    Display name: ultra
    Image path: \SystemRoot\System32\DRIVERS\ultra.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Update
    Display name: Microcode Update Driver
    Image path: System32\DRIVERS\update.sys
    Image size: 137088
    Image MD5: 164CFAE1D766905F56C432ACFC54F28C
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): upnphost
    Display name: Universal Plug and Play Device Host
    Description: Provides support to host Universal Plug and Play devices.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalService
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: SSDPSRV

    Service (registry key): UPS
    Display name: Uninterruptible Power Supply
    Description: Manages an uninterruptible power supply (UPS) connected to the computer.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\ups.exe
    Image size: 16384
    Image MD5: 3F324808E5C57399430E0C70AD565145
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): usbehci
    Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
    Image path: System32\DRIVERS\usbehci.sys
    Image size: 19072
    Image MD5: CDAA3EF29EABAE9AE825BAF2B8E36735
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): usbhub
    Display name: USB2 Enabled Hub
    Image path: System32\DRIVERS\usbhub.sys
    Image size: 50688
    Image MD5: 1766FAA3A5079D0DB3EFB331DAC587ED
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): usbprint
    Display name: Microsoft USB PRINTER Class
    Image path: System32\DRIVERS\usbprint.sys
    Image size: 24832
    Image MD5: 3768DF6B52CD1A25828157379800E14F
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): USBSTOR
    Display name: USB Mass Storage Driver
    Image path: System32\DRIVERS\USBSTOR.SYS
    Image size: 21760
    Image MD5: 694F2B90124EB086C38C18DA97A13E48
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): usbuhci
    Display name: Microsoft USB Universal Host Controller Miniport Driver
    Image path: System32\DRIVERS\usbuhci.sys
    Image size: 18944
    Image MD5: B8F6119FD7DF389D823BA27A3023E150
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): VgaSave
    Image path: \SystemRoot\System32\drivers\vga.sys
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): viaagp
    Display name: VIA AGP Bus Filter
    Image path: \SystemRoot\System32\DRIVERS\viaagp.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ViaIde
    Display name: ViaIde
    Image path: \SystemRoot\System32\DRIVERS\viaide.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): VolSnap
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): VSS
    Display name: Volume Shadow Copy
    Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\vssvc.exe
    Image size: 275456
    Image MD5: F422CECCF4B02790F80176CF3F4759C0
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): VXD
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): w32time
    Display name: Windows Time
    Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): W3SVC
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): Wanarp
    Display name: Remote Access IP ARP Driver
    Description: Remote Access IP ARP Driver
    Image path: System32\DRIVERS\wanarp.sys
    Image size: 33280
    Image MD5: 484AF08F15D1306FF2E8B64FE62A160C
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): wanatw
    Display name: WAN Miniport (ATW)
    Image path: System32\DRIVERS\wanatw4.sys
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): WDICA
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): wdmaud
    Display name: Microsoft WINMM WDM Audio Compatibility Driver
    Image path: system32\drivers\wdmaud.sys
    Image size: 79616
    Image MD5: 1106767A0647BF3BE4535C91F74FE7DA
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): WebClient
    Display name: WebClient
    Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalService
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: MRxDAV

    Service (registry key): winmgmt
    Display name: Windows Management Instrumentation
    Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 0
    Depends On services: RPCSS,Eventlog

    Service (registry key): Winsock
    Start: 3
    Type: 4
    Error Control: 1

    Service (registry key): WinSock2
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): WmdmPmSN
    Display name: Portable Media Serial Number Service
    Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): Wmi
    Display name: Windows Management Instrumentation Driver Extensions
    Description: Provides systems management information to and from drivers.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): WmiApRpl
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): WmiApSrv
    Display name: WMI Performance Adapter
    Description: Provides performance library information from WMI HiPerf providers.
    Object name: LocalSystem
    Image path: C:\WINDOWS\System32\wbem\wmiapsrv.exe
    Image size: 117248
    Image MD5: B7891998B0F21C8D1A928C0578B0368B
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): WS2IFSL
    Display name: Windows Socket 2.0 Non-IFS Service Provider Support Environment
    Image path: \SystemRoot\System32\drivers\ws2ifsl.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): WSTCODEC
    Display name: World Standard Teletext Codec
    Image path: System32\DRIVERS\WSTCODEC.SYS
    Image size: 18560
    Image MD5: 0D133AF83165827B0B2F58F30CDE9290
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): wuauserv
    Display name: Automatic Updates
    Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
    Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): WZCSVC
    Display name: Wireless Zero Configuration
    Description: Provides automatic configuration for the 802.11 adapters
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,Ndisuio

    Service (registry key): {1103D70A-040F-496D-9C50-30DD29B0F1E7}
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): {4461B0CD-F09C-40E3-BD05-6C56B1C4905B}
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): {6080A529-897E-4629-A488-ABA0C29B635E}
    Display name: Intel(R) Graphics Platform (SoftBIOS) Driver
    Image path: system32\drivers\ialmsbw.sys
    Image size: 90784
    Image MD5: 981210DDF5F7ED0CDF9F407999B3080C
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}
    Display name: Intel(R) Graphics Chipset (KCH) Driver
    Image path: system32\drivers\ialmkchw.sys
    Image size: 69792
    Image MD5: 7BA8437F4E9DB34AC602FFB66CA7120F
    Start: 3
    Type: 1
    Error Control: 1


    Logfile of HijackThis v1.99.1
    Scan saved at 14:06:47, on 22/06/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\vsnpt513.exe
    C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hijackthis\HijackThis.exe

    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SNPT513] C:\WINDOWS\vsnpt513.exe
    O4 - HKLM\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe" -minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120580534215
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125817288574
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  10. VopThis

    VopThis Senior Member (Canada)

    HijackThis log now appears to be clean. How is your PC behaving?




    Nevertheless, let us do one more scan:


    Download and install Ewido anti-spyware 4.0 (uninstall any previous version first).
    • Open ewido anti-spyware
    • Wait a few moments and Ewido Should Auto update itself. If it doesn't, click the update BUTTON at top of screen.

    • This is very important to get the LATEST updates
    • At the Status menu
      • Under "Your computers Security"
        Click change status on Resident shield to inactive (ONLY consider activation once you are clean)
    • Click on the Scanner icon at the top of the window
    • Click on the Settings tab then select Recommended Options and choose Quarantine



    Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan.

    • Click on the Scan tab.
      • Select Complete System Scan. Ewido will now begin to scan your system.

    • If Ewido finds anything, it will pop up a notification. Select Apply all actions (and the items found will be quarantined - and recoverable, if needed back).
    • When the scan has completed, click on the Save Scan Report button and save the scan to your Desktop where it can be easily found.
    • Copy and paste the scan results into your next post.
    • Close Ewido.
     
  11. mcjosu

    mcjosu Techie7 New Member

    Ewido reports x 2 and Hijack this report
    Also Spybot still showing Searchklick and Network Essentials not cleared

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 10:54:13 25/06/2006

    + Scan result:



    C:\tmp\lighhtning\001_ScrittiPol(01-07)\Download_Accelerator.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\tmp\lighhtning\001_ScrittiPol(01-07)\Download_Agreement.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\tmp\lighhtning\001_ScrittiPol(01-07)\Mp3-Hits_Finder.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\tmp\lighhtning\001_ScrittiPol(01-07)\Music-Video_Search.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\tmp\lighhtning\002_ScrittiPol(08-14)\Download_Accelerator.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\tmp\lighhtning\002_ScrittiPol(08-14)\Download_Agreement.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\tmp\lighhtning\002_ScrittiPol(08-14)\Mp3-Hits_Finder.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\tmp\lighhtning\002_ScrittiPol(08-14)\Music-Video_Search.exe -> Adware.Agent : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\Xcite.dll -> Adware.BrowsePal : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP424\A0305500.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP425\A0305539.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP426\A0305689.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP426\A0305702.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP427\A0305728.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP430\A0306726.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP430\A0307726.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP430\A0308728.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP431\A0308786.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP432\A0309786.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP432\A0310786.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP432\A0310794.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP433\A0311794.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP434\A0312794.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP435\A0313795.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP436\A0313858.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP437\A0313913.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP437\A0314913.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP437\A0315913.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP437\A0316913.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP437\A0316963.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP437\A0317963.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP438\A0318005.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP438\A0318036.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP439\A0318070.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP439\A0319038.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP440\A0319123.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP439\A0319083.exe -> Hijacker.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP439\A0318044.dll -> Logger.BZub.an : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@premiumtv.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@adtech[1].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Documents and Settings\Sue\Cookies\sue@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@e-2dj6wfliuhajcgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@e-2dj6wflockajmbo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@e-2dj6wgmyggdpkeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@e-2dj6wjmienczoeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@ehg-playboy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@counter10.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@counter2.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@counter5.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@counter7.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@deli.valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@free.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@programs.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\Paul\Cookies\paul@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP425\A0305538.exe -> Trojan.Small.gq : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP434\A0311824.exe -> Trojan.Small.gq : Cleaned with backup (quarantined).


    ::Report end

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 16:49:50 25/06/2006

    + Scan result:



    C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP442\A0319190.dll -> Adware.BrowsePal : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\John\Cookies\john@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).


    ::Report end
    ---------------------------------------------------------
    Logfile of HijackThis v1.99.1
    Scan saved at 20:15:12, on 25/06/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\vsnpt513.exe
    C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Outlook Express\MSIMN.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Documents and Settings\John\Desktop\HijackThis.exe

    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SNPT513] C:\WINDOWS\vsnpt513.exe
    O4 - HKLM\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe" -minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120580534215
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125817288574
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  12. mcjosu

    mcjosu Techie7 New Member

    Also Norton Antivirus Delete failed '' Strwxcd.dll''
     
  13. VopThis

    VopThis Senior Member (Canada)

    Download the latest version of CWSHredder to your desktop from here:
    http://cwshredder.net/bin/CWShredder.exe

    Run this application, initially, ONLY to search for UPDATES.
    You may have to do this on another PC - it simply downloads the latest EXE and overwrites the current one (512K).





    HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

    SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).




    Go to Start > Run and type: CLEANMGR.EXE and hit enter.
    When prompted select the C: drive and click ok.
    Check the boxes for:
    Temporary Internet Files
    Downloaded Program Files
    Recycle Bin
    Temporary Files
    Click OK or Enter

    *** Re-run CLEANMGR.EXE once you have regained the full functional use of your PC.



    Next, run CWShredder
    -Click on the: ‘Fix’ button
    -Follow the prompts, and press OK




    Navigate to or locate the following Files and Folders:
    - using Windows Explorer: right click on ‘My Computer’>Explore) or using Start (button)>Search …


    Delete these Files (if found):
    Strwxcd.dll

    C:\WINDOWS\awpmq.txt

    C:\WINDOWS\eaicq.txt

    C:\WINDOWS\tjgtc.txt

    C:\WINDOWS\Digital Signature 20050221.htm

    C:\WINDOWS\Digital Signature 20050228.htm





    Re-ren SpyBot in SAFE MODE.


    POST A REVISED HIJACKTHIS LOG for review:
    Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues
     
  14. mcjosu

    mcjosu Techie7 New Member

    Strwxcd.dll not found other files deleted.
    CW Shredder result not found
    Spybot No immediate threats found
    I did notice in C:/Windows 59 folders $NTUninstall anything to worry about?
    Hijackthis log below

    Logfile of HijackThis v1.99.1
    Scan saved at 10:16:02, on 27/06/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\vsnpt513.exe
    C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\hijackthis\HijackThis.exe
    C:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = WWW.BLUEYONDER.CO.UK
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SNPT513] C:\WINDOWS\vsnpt513.exe
    O4 - HKLM\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter\cactusspamfilter.exe" -minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
    O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/UK/install.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120580534215
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125817288574
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/tool/files/MotivePreQual.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  15. VopThis

    VopThis Senior Member (Canada)

    $NTUninstall folders are legitimate system FOLDERS:

    http://windowsxp.mvps.org/Hotfix_backup.htm



    Do you have any APPARENT further issues or continuing diagnostic messages? You do appear to have an additional unnecessary instance of HJT running (running processes) - might want to address that:

    C:\hijackthis\HijackThis.exe
    C:\hijackthis\HijackThis.exe





    Meanwhile,

    To help avoid serious infection again, please look carefully at this post for some excellent preventative measures. Prevention must be made the first line of defense to improve upon.



    ONLY ONCE you are as clean as possible from any needed cleanup steps - As a final cleanup step (after serious infection), it may be advisable to Reset and Re-enable your System Restore to remove any bad files that MAY have been backed up by Windows . The files in System Restore are protected to prevent any programs changing them. And, this is the only complete way to clean these files: (You will lose all previous restore points which could likely be infected, anyway.)

    PLEASE NOTE: you will need to log into your computer with an account that has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. Accordingly and of further note; it can be very unsafe to run with admin rights on any PC that you browse the Internet with.


    (Windows XP)
    To Turn OFF System Restore.
    1. Click the Start button.
    2. Right-click My Computer, and then click Properties.
    3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
    4. Click Apply.

    REBOOT.

    To Turn ON System Restore.
    1. Follow the steps in the previous section, but in step 3, uncheck Turn off System Restore or Turn off System Restore on all drives. Then click OK.
    2. Create new System Restore points.


    (Windows ME)
    See the following link for instructions:
    http://service1.symantec.com/SUPPOR...2001012513122239?OpenDocument&src=sec_doc_nam




    To reduce the re-infection potential for malware and protect your PC against spyware, here are a few helpful suggestions:

    1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft . This will patch many of the security holes through which attackers can gain access to your computer . You CANNOT complete this update using an alternate browser – you must use Internet Explorer.
      http://v5.windowsupdate.microsoft.com/v5co...t.aspx?ln=en-us
      http://www.microsoft.com/windows/ie/default.asp

      • http://www.securityfocus.com/news/11273
        If you surf to questionable (blockable) parts of the Web, you could encounter sites that compromise your PC without any user interaction. In experiments [reported Aug 2005], Microsoft identified 752 specific addresses owned by 287 Web sites that contain programs able to install themselves on a completely unpatched Windows XP system. Also, be aware that the WinXP Service Pack 2 was an update that focused almost exclusively on security. Also reported was that a fully patched Windows XP SP2 system cannot be compromised by any such discovered rogue Web sites.

    2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching (using a real-time AV tool only one at a time), there are some good free Antivirus programs that are decent, including AVG and Avast!.
      AVG: http://free.grisoft.com/doc/1
      Avast: http://www.avast.com/eng/avast_4_home.html

    3. In addition to using Ad-aware, consider using another free malware scanning/removal program :
      Adaware SE: http://www.download.com/Ad-Aware-SE-Person...ubj=dl&tag=top5
      Spybot S&D: http://www.download.com/Spybot-Search-Dest...tml?tag=lst-0-1
      Microsoft Windows Defender beta 2 : http://www.download.com/Microsoft-Windows-Defender/3000-8022_4-10502712.html?tag=lst-0-1

    4. Consider using a free firewall if you are not already using one (use only one firewall at a time – normally you will need to disable the MS firewall). Some good free ones (for incoming and added outgoing traffic protection) are:
      Kerio Personal Firewall: http://www.sunbelt-software.com/Kerio.cfm
      *** After 30 days, Kerio shuts down selected features, but will continue to run in 'free' mode.
      Zone Alarm: http://www.zonelabs.com/store/content/company/products/znalm/comparison.jsp?lid=ho_za

      It is not a bad idea to also consider using a Router/Hardware firewall device where you have a High-Speed Internet access connection. A software firewall may occasionally need to be disabled or it gets/remains disabled by someone or something. Such an added layer of security consistency has a lot of merit to it.

    5. Consider using an alternate free browser for general web surfing but you must use IE for windows updates. The use of Firefox (or similar alternate) mitigates the many types of malware that are now possible when using IE ActiveX based components.
      Mozilla Firefox: http://www.mozilla.org/products/firefox/

    6. Consider increasing your browser security by using these programs:
      SpywareGuard will help protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
      SpywareBlaster will increase browser protection by blocking access to thousands of known malware sites by adding them to IE's restricted sites zone. It essentially blocks known- bad ActiveX program items from being installed or running on your computer. Download it here: http://www.javacoolsoftware.com/spywareblaster.html
    7. A HOSTS file can block Internet access to thousands of known-bad sites by not allowing you any easy browser access to such sites knowingly or unknowingly. Use HJT to determine if a current HOSTS file exists and any contents therein:
      • Run the HiJackThis tool and select ‘Open the Misc Tools section’.
      • Next select ‘Open host file manager’ button.
      • Use the ‘Open in Notepad’ button in XP/W2K or use WORDPAD if necessary [type wordpad.exe in the RUN box (Start>Run)] and load the FILE PATH identified in HJT.
      • Go to http://www.mvps.org/winhelp2002/hosts.txt . # Read the initial instructions #. Copy and paste (append or replace) the RELEVANT host address entry contents of that file into Notepad or Wordpad and save the updated file contents.

        EXCERPT:




    *Remember just like your primary anti-virus software, it is important to:
    • Keep all of these programs up-to-date (using auto-updates where possible), and
    • Use them on a regular (minimum weekly) basis.




    REALITY CHECK:
    • Who else uses your PC? What are the potential risks created by multiple (potentially loose cannon) users and why?
    • What about bad luck, simple mistakes, and bad browsing choices (SEE: www.siteadvisor.com and their BLOG)?


    ABOVE ALL, it is most imperative that users exercise "safe surfing" habits such as banning or at least verifying attachments (with scanning tools) before opening, and by not executing programs unless obtained from a trusted (or researched) source, etc.
     
    Last edited: Jun 27, 2006
  16. mcjosu

    mcjosu Techie7 New Member

    System Restore point created and will consider and action the recommended preventative measures All seems fine and improved.
    One point should any action be taken with regards to other users on therir own individual XP accounts or has the actions taken resolved any issues on their accounts
     
  17. mcjosu

    mcjosu Techie7 New Member

    Also
    Should the settings that were changed to allow hidden files to be displayed, be returned to previous setting
     
  18. VopThis

    VopThis Senior Member (Canada)

    Unfortunately, some tools need to access each specific user's registry profile in case each separate profile has been also infected. That is an issue for some tools such as for HijackThis:

    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background


    The first item, HKLM, is related to the 'local machine' (system-wide). The second, HKCU, is related to 'current user' (suggesting a similar potential impact to each separate user).



    I would assess who else might use your PC and your general overall comfort level with open access points in case of user mistake potential. For me that is a negligible issue.
     
  19. mcjosu

    mcjosu Techie7 New Member

    Thankyou
    Would it be advisable to run HIjack this on each user?
     
  20. VopThis

    VopThis Senior Member (Canada)

    If in doubt or there are suspect issues in a particular user profile, look for HKCU entries like the one that appeared in post #8 or post a separate thread for each profile. SpyBot and Adaware may also have user specific diagnostic issues as well.