Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

help i have trojan horse collected.5.L [RESOLVED]


  • This topic is locked This topic is locked

#31
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,942 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements


#32
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,942 posts
Topic reopened by threadstarters request.
  • 0

#33
duglartis

duglartis

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
thank you for reopening here is the log file
what else do i need to do?
ogfile of HijackThis v1.99.1
Scan saved at 9:09:58 p.m., on 24/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dug And Tania\My Documents\My Downloads\MP10Setup.exe
C:\DOCUME~1\DUGAND~1\LOCALS~1\Temp\IXP000.TMP\setup_wm.exe
C:\Documents and Settings\Dug And Tania\My Documents\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netaccess.co.nz/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\System32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\DUGAND~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Linked ima&ges - C:\Program Files\IEimage\IEimage.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O15 - Trusted Zone: http://www.giftedonl...edusearch.co.nz
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1098860877234
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62AC063D-A459-4836-B78F-3EDA6D280C19}: NameServer = 202.37.101.1 202.37.101.2
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe (file missing)
  • 0

#34
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,942 posts
A few questions.

What are you installing ? (A new version of WMP?)
What trojans did you find and where?

Regards,
  • 0

#35
duglartis

duglartis

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
yes i was trying to reinstall wmp as it no longer works due to an internal application error
avg found the following virus's these are non healable
file name = pwn.exe
path = cwindows\system32\
discovery= Trojan horse IRC/backdoor.sdbot.dpx

file name = A0017687.sys
path = csystem volume information \restore
discovery= Trojan horse collected.5.L

file name = A0017690.exe
path = csystem volume information \restore
discovery= Trojan horse IRC/backdoor.sdbotDQD

file name = A0017691.exe
path = csystem volume information \restore
discovery= Trojan horse IRC/backdoor.sdbotDPX

file name = A0017692.exe
path = csystem volume information \restore
discovery= Trojan horse collected.5.L
  • 0

#36
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,942 posts
The last four are in your restore points, so not very urgent.

Can you finish the installation of WMP, then reboot into safe mode and delete:
c:\windows\system32\pwn.exe

If that is successfull I would advise to install SP2 for XP and IE

After that was successfull we can clean out your restore points.

Regards,
  • 0

#37
duglartis

duglartis

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
hello
i cant finish the wmp installation as it still doesnt work
i could not find the "c:\windows\system32\pwn.exe" I did a search and found this though C:\windows\prefetch\PWN.exe-0565DC88.pf
I have not deleted anything as yet
regards
  • 0

#38
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,942 posts
That means it was present and it has run before AVG killed it off.

Please do an online virusscan and can you post the full text of the error?
That might be another trail to follow.

Regards,
  • 0

#39
duglartis

duglartis

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
hello results from active scan below

Incident Status Location

Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\SYSTEM32\snapple.exe[1.exe]
Possible Virus. No disinfected C:\Codemasters\Toca2\Game\Cms32_nt.dll
I am having the continual popups from AVG again exactly the same as the original problem
wmp error = An internal application error has occured
internet explorer locks up the modem connection as well cant recieve or shut it down to reconnect
hope this info is of some help
looking forward to your reply
regards
  • 0

#40
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,942 posts
Can you please download and install http://www.javacools...areblaster.html
Then use either AdAware, Spybot S&D or MicroSoft AntiSpyware to do a full system scan.

Once it's clean let me know if the problems persist.
SpywareBlaster will (hopefully) prevent you from getting reinfected.

Regards,
  • 0

Advertisements


#41
duglartis

duglartis

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
I have installed spywareblaster and had it running for 2 weeks I have kept this updated
I have tried to fix all the problems with spybot S&D but there are 11 that it wont fix, i even tried it in safe mode to no avail
would it help if i post the log of what spybot S&D wont fix? they appear to be registery keys
thanks for your help
Cheers
  • 0

#42
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,942 posts
Sure. Post them. I'll gladly have a look.

Regards,
  • 0

#43
duglartis

duglartis

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
Hello again i have installed the latest version of spybot S&D 1.4 below is the log file
thanks for your help
i am still having continual reports of the trojan collected from AVG

-- Search result list ---
Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-06-28 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-06-23 Includes\Dialer.sbi (*)
2005-06-23 Includes\Hijackers.sbi (*)
2005-06-23 Includes\Keyloggers.sbi (*)
2005-06-23 Includes\Malware.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-06-09 Includes\Security.sbi (*)
2005-06-15 Includes\Spybots.sbi (*)
2005-06-21 Includes\Trojans.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-06-09 Includes\PUPS.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 1
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution
/ Windows XP / SP1: Windows XP Service Pack 1a
/ Windows XP / SP2: Windows XP Hotfix - KB823980
/ Windows XP / SP2: Windows XP Hotfix - KB824146
/ Windows XP / SP2: Windows XP Hotfix - KB835732


--- Startup entries list ---
Located: HK_LM:Run, AdaptecDirectCD
command: C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
file: C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
size: 684032
MD5: bfa83b551abd8084b4623887d0e3b53c

Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 352768
MD5: 82f0d9baf07f7a63d6ca044251dd5598

Located: HK_LM:Run, AVG7_EMC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 272896
MD5: f4c4aabcca4ea3a675e5bbc3e821e7e1

Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
file: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
size: 188416
MD5: 2d9ce5dde52ceea539e0dd20735a0797

Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 9216
MD5: 62dd404c8e46b76089a3d1fa6bd96739

Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\System32\\NeroCheck.exe
file: C:\WINDOWS\System32\\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 31744
MD5: 0fb22dd37c17f80ad71316049f725170

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 323584
MD5: d6731f0f7a64afa9d6c60a197664ca76

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76a3a30b58405c2c6d833895253a51a9

Located: HK_LM:Run, RegProt
command: c:\documents and settings\dug and tania\my documents\downloads\regprot.exe /start
file:

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
file:

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 151597
MD5: a05da809ac0d86d916d09e3a908d3a06

Located: HK_LM:Run, AVG7_CC (DISABLED)
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 352768
MD5: 82f0d9baf07f7a63d6ca044251dd5598

Located: HK_LM:Run, AVG7_EMC (DISABLED)
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 272896
MD5: f4c4aabcca4ea3a675e5bbc3e821e7e1

Located: HK_LM:RunOnce, SpybotSnD (DISABLED)
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09ca174a605b480318731e691dc98539

Located: HK_LM:Run, MSN Messanger (DISABLED)
command: msnmsng.exe
file:

Located: HK_LM:Run, winupdate service (DISABLED)
command: ssrs.exe
file:

Located: HK_LM:RunServices, MSN Messanger (DISABLED)
command: msnmsng.exe
file:

Located: HK_CU:Run, NVIEW
command: rundll32.exe nview.dll,nViewLoadHook
file: C:\WINDOWS\system32\rundll32.exe
size: 31744
MD5: 0fb22dd37c17f80ad71316049f725170

Located: HK_CU:Run, Start WingMan Profiler (DISABLED)
command:
file:

Located: HK_CU:Run, MSN Messanger (DISABLED)
command: msnmsng.exe
file:

Located: HK_CU:Run, Yahoo! Pager (DISABLED)
command: C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
file:

Located: HK_CU:RunServices, MSN Messanger (DISABLED)
command: msnmsng.exe
file:

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office\Osa9.exe
file: C:\Program Files\Microsoft Office\Office\Osa9.exe
size: 65588
MD5: a89d195caf6a030b152e2a4cabe7018d

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com.../readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 15/05/2003 00:47:54
Date (last access): 28/06/2005
Date (last write): 15/05/2003 00:47:54
Filesize: 50376
Attributes: archive
MD5: 0C0E1B2BCAED8DF401BE94D538BCB412
CRC32: 1D771322
Version: 6.0.0.878

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name: SDHELPER.DLL
Date (created): 28/06/2005 20:16:06
Date (last access): 28/06/2005
Date (last write): 31/05/2005 01:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0



--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\SYSTEM\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Internet Explorer Classes for Java (Internet Explorer Classes for Java)
DPF name: Internet Explorer Classes for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\SYSTEM\iejava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\iejava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso4.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control)
DPF name:
CLSID name: iPIX ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\IPIXX.inf
Codebase: http://www.ipix.com/download/ipixx.cab
description: iPIX ActiveX Control
classification: Unknown
known filename: ipixx.ocx
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\DOWNLO~1\
Long name: ipixx.ocx
Short name:
Date (created): 2/06/2000 11:29:42
Date (last access): 28/06/2005
Date (last write): 2/06/2000 11:29:42
Filesize: 102912
Attributes: archive
MD5: FF183CADA1ED933276B169E304E88910
CRC32: E85AE186
Version: 6.2.0.5

{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class)
DPF name:
CLSID name: MSSecurityAdvisor Class
Installer: C:\WINDOWS\Downloaded Program Files\msSecAdv.inf
Codebase: http://protect.micro...b?1104699695015
Path: C:\WINDOWS\System32\
Long name: mssecadv.dll
Short name:
Date (created): 8/09/2004 17:38:54
Date (last access): 28/06/2005
Date (last write): 8/09/2004 17:38:54
Filesize: 36960
Attributes: archive
MD5: DF203DE80E2E1C9D38492B590B00BB1D
CRC32: 4A7CC4B5
Version: 5.4.3790.14

{33363249-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\i263_32.inf
Codebase: http://codecs.micros...386/i263_32.cab

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://v5.windowsupd...b?1098860877234
Path: C:\WINDOWS\System32\
Long name: wuweb.dll
Short name:
Date (created): 3/08/2004 13:59:06
Date (last access): 28/06/2005
Date (last write): 3/08/2004 13:59:06
Filesize: 120288
Attributes: archive
MD5: 0CD6248038C70B4C688DBD315D90A97A
CRC32: 0EF7DE01
Version: 5.4.3790.2182

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_06
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.2_06\bin\
Long name: npjpi142_06.dll

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://www.pandasoft.../as5/asinst.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 11/04/2005 12:20:22
Date (last access): 28/06/2005
Date (last write): 11/04/2005 12:20:22
Filesize: 118784
Attributes: archive
MD5: 36259D36E842FCF12B3D2F3766E7529F
CRC32: F62E6268
Version: 57.6.0.0

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupd...8297.9412152778
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_04)
DPF name: Java Runtime Environment 1.3.1_04
CLSID name: Java Plug-in 1.3.1_04
Installer: c:\winnt\Downloaded Program Files\jinstall_1_3_1_04.inf
Codebase: http://java.sun.com/...-131_04-win.cab
Path: C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\
Long name: NPJava131_04.dll
Short name: NPJAVA~1.DLL
Date (created): 6/06/2004 04:39:24
Date (last access): 28/06/2005
Date (last write): 17/05/2002 17:04:54
Filesize: 53344
Attributes: archive
MD5: 8C13180FCD467789582CE0BE9632F1A7
CRC32: 1F053EE2
Version: 1.3.1.4

{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_06
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
Path: C:\Program Files\Java\j2re1.4.2_06\bin\
Long name: npjpi142_06.dll

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macr...ash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\flash\
Long name: Flash.ocx
Short name: FLASH.OCX
Date (created): 9/06/2004 15:59:26
Date (last access): 28/06/2005
Date (last write): 9/06/2004 15:59:26
Filesize: 939224
Attributes: archive
MD5: FC3E17E12C2E31FAC34B416B3DAB829F
CRC32: D1CF3A57
Version: 7.0.19.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 364 ( 4) \SystemRoot\System32\smss.exe
PID: 416 ( 364) \??\C:\WINDOWS\system32\csrss.exe
PID: 440 ( 364) \??\C:\WINDOWS\system32\winlogon.exe
PID: 484 ( 440) C:\WINDOWS\system32\services.exe
size: 101376
MD5: E3DF4A0252D287C44606EE55355E1623
PID: 496 ( 440) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
PID: 656 ( 484) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 680 ( 484) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 744 ( 484) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 804 ( 484) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1008 ( 984) C:\WINDOWS\Explorer.exe
size: 1004032
MD5: A82B28BFC2E4455FE43022A498C0EF0A
PID: 1072 ( 484) C:\WINDOWS\system32\spoolsv.exe
size: 51200
MD5: 9B4155BA58192D4073082B8FC5D42612
PID: 1168 ( 484) C:\WINDOWS\System32\alg.exe
size: 41984
MD5: 497AEAD5ECEF9512F6B364977A5308EE
PID: 1180 ( 484) C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
size: 330240
MD5: 9DBD26D7D7967D918C507B1E2A93A37E
PID: 1196 ( 484) C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
size: 84480
MD5: 62E6B23B906B213836470740FE449B43
PID: 1260 ( 484) C:\WINDOWS\System32\nvsvc32.exe
size: 65536
MD5: 23AF100282EF9065371B5454D4089182
PID: 1300 ( 484) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1752 (1008) C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
size: 188416
MD5: 2D9CE5DDE52CEEA539E0DD20735A0797
PID: 1824 (1008) C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
size: 684032
MD5: BFA83B551ABD8084B4623887D0E3B53C
PID: 1928 (1008) C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 272896
MD5: F4C4AABCCA4EA3A675E5BBC3E821E7E1
PID: 1936 (1008) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 151597
MD5: A05DA809AC0D86D916D09E3A908D3A06
PID: 1968 (1008) C:\documents and settings\dug and tania\my documents\downloads\regprot.exe
size: 19614
MD5: BED2D3E8C8C15D657601D3F95B564AF5
PID: 1996 (1976) C:\WINDOWS\System32\rundll32.exe
size: 31744
MD5: 0FB22DD37C17F80AD71316049F725170
PID: 500 (1008) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 648 (1760) C:\WINDOWS\System32\sysmon32.exe
size: 220289
MD5: 024D45CAD049B49E163E647E1FE9A4C9
PID: 460 (1008) C:\Program Files\Mozilla Firefox\firefox.exe
size: 6626916
MD5: AC6D2F50ED55E56C52D4A519526812A8
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 28/06/2005 20:59:33

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://netaccess.co.nz/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsof...search.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft...B_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft...er=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EAB2002F-D0A3-40D9-8BAF-6722B93D42C5}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EAB2002F-D0A3-40D9-8BAF-6722B93D42C5}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1B3BC5E8-C2A8-4CC5-B1A0-1C06C3E09F44}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1B3BC5E8-C2A8-4CC5-B1A0-1C06C3E09F44}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{497A6B4C-B00C-40F1-B12D-8E6AE0CBA0E3}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{497A6B4C-B00C-40F1-B12D-8E6AE0CBA0E3}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DBD227BF-3C1A-4966-9CEE-8EA051EDC922}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DBD227BF-3C1A-4966-9CEE-8EA051EDC922}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E224336-CC8D-45F2-A0C0-BA75B9356ABD}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E224336-CC8D-45F2-A0C0-BA75B9356ABD}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9C5EFFCF-266C-4729-BC54-8A488435A110}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9C5EFFCF-266C-4729-BC54-8A488435A110}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{62AC063D-A459-4836-B78F-3EDA6D280C19}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{62AC063D-A459-4836-B78F-3EDA6D280C19}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace



--- Uninstall list ---
(128PATCH)

98lite Uninstall (98liteUn)
uninstall cmd: C:\WIN98\98lite.exe /UNINSTALL ~GOC:\WIN98\

(AddressBook)
uninstall cmd: "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT

AVG Free Edition (AVG7Uninstall)
uninstall cmd: C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL

(Branding)

CleanUp! (CleanUp!)
uninstall cmd: C:\Program Files\CleanUp!\uninstall.exe

(Connection Manager)

Corel Applications (Corel Applications)
uninstall cmd: C:\WINDOWS\Corel\Uninstal.exe

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

(expinst)

(Fontcore)

HD Tach 2.61 (HD Tach 2.61)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\HD Tach\Uninst.isu"

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: H:\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

hp deskjet 5550 series (Remove only) (hp deskjet 5550 series)
uninstall cmd: C:\Program Files\hp deskjet 5550 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=5550 -huninstall

hp print screen utility (hp print screen utility)
uninstall cmd: C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

IEimage (IEimage)
uninstall cmd: C:\Program Files\IEimage\uninstall.exe

(IEREADME)

(InstallShield Uninstall Information)

LimeWire 4.02.0000 (InstallShield_{46C4FBB6-C800-4887-B52C-96124701AC8F})
version: 67239936
version (major): 4
version (minor): 2
estimated size: 6585
install date: 20050126
install source: C:\WINDOWS\Downloaded Installations\{2EABF679-53F9-4714-985D-54A49DBD4566}\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{46C4FBB6-C800-4887-B52C-96124701AC8F}
publisher: Lime Wire LLC
comments: Your Comments
contact: Customer Support Department
help link: http://www.yourcompany.com/help
help telephone: 555-555-5555

Race Driver 2 1.01.0000 (InstallShield_{D474A0E8-4421-43C0-BE8E-F454F91E2E2A})
version: 16842752
version (major): 1
version (minor): 1
estimated size: 760608
install date: 20040813
install source: G:\
uninstall cmd: C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\DRIVER\7\INTEL 32\IDRIVER.EXE /M{D474A0E8-4421-43C0-BE8E-F454F91E2E2A} /l1033
publisher: Codemasters
comments: Please see manual for further information.
contact: Customer And Technical Support
help link: http://www.codemasters.com
help telephone: +44 (0) 1926 816044

Java 2 Runtime Environment Standard Edition v1.3.1_04 (JRE 1.3.1_04)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_04\Uninst.isu"

K2_SS_ver1 Screen Saver (K2_SS_ver1)
uninstall cmd: C:\WINDOWS\System32\K2_SS_ver1.scr /u

Microsoft Data Access Components KB870669 (KB870669)
uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=870669

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

Mozilla Firefox (1.0.1) 1.0.1 (en-US) (Mozilla Firefox (1.0.1))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\WINDOWS\UninstallFirefox.exe /ua "1.0.1 (en-US)"
publisher: Mozilla

(MPlayer2)

(MSTASK)

(Nero - Burning Rom!UninstallKey)

(NetMeeting)

Network Play System (Patching) (Network Play System (Patching))
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"

NVIDIA Windows 2000/XP Display Drivers (NVIDIA)
uninstall cmd: rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf

(OutlookExpress)

ProSavageDDR and Utilities (P4M266)
uninstall cmd: C:\PROGRA~1\S3\P4M266\s3setvga.exe -s -fC:\PROGRA~1\S3\P4M266\P4M266.uns

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Microsoft PowerPoint Viewer 97 (PPTView97)
uninstall cmd: C:\Program Files\PowerPoint Viewer\setup\setup.exe

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

RealOne Player (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

(SchedulingAgent)

(ShockwaveFlash)

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

SpywareBlaster v3.4 3.4.0 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC

Toca2 (Toca2)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\Codemasters\Toca2\Uninst.isu

Conexant HCF V.92 56K Speakerphone PCI Modem (VEN_14F1&DEV_1085&SUBSYS_108514F1)
uninstall cmd: C:\UIU\HCFMODEM\HXFSETUP.EXE -U -iVEN_14F1&DEV_1085&SUBSYS_108514F1

(VGX)

Windows XP Uninstall (Windows)
install location: C:\undo
uninstall cmd: %SYSTEMROOT%\system32\osuninst.exe

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

WinZip 8.1 (4331) (WinZip)
version (major): 8
version (minor): 1
install location: C:\PROGRA~1\WINZIP\
uninstall cmd: "C:\PROGRAM FILES\WINZIP\WINZIP32.EXE" /uninstall
publisher: WinZip Computing, Inc.
help link: http://www.winzip.com/xsupport.htm

Microsoft Office 2000 Small Business 9.00.2720 ({00030409-78E1-11D2-B60F-006097C998E7})
version: 150997664
version (major): 9
install date: 3/04/04
install source: G:\
uninstall cmd: MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office\ofread9.txt

Microsoft Office 2000 Disc 2 9.00.2720 ({00040409-78E1-11D2-B60F-006097C998E7})
version: 150997664
version (major): 9
install date: 3/04/04
install source: G:\
uninstall cmd: MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support

Indiana Jones and the Emperors Tomb ({0DBF3265-57F1-4D8A-87EA-332B2A669BDE})
install location: C:\Program Files\LucasArts\Indiana Jones and the Emperors Tomb
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DBF3265-57F1-4D8A-87EA-332B2A669BDE}\SETUP.EXE" -l0x9

Colin McRae Rally 2 ({19B72AA9-985A-11D4-9C8A-00D0B75D1498})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19B72AA9-985A-11D4-9C8A-00D0B75D1498}\setup.exe"

WebFldrs XP 9.50.6513 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2516
install date: 20041019
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

LimeWire 4.02.0000 ({46C4FBB6-C800-4887-B52C-96124701AC8F})
version: 67239936
version (major): 4
version (minor): 2
estimated size: 6585
install date: 20050126
install source: C:\WINDOWS\Downloaded Installations\{2EABF679-53F9-4714-985D-54A49DBD4566}\
publisher: Lime Wire LLC
comments: Your Comments
contact: Customer Support Department
help link: http://www.yourcompany.com/help
help telephone: 555-555-5555

upapp 0.20.0000 ({4EF69D40-4DC9-485E-95D3-B1C22F218FC8})
version: 1310720
version (minor): 20
install date: 20041020
install source: g:\upapp\
uninstall cmd: MsiExec.exe /I{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}
publisher: Hewlett-Packard
comments: Your Comments
contact: Customer Support Department
help link: http://www.yourcompany.com/help
help telephone: 1-555-555-4505
readme: Readme.txt

Ulead VideoStudio 6 SE Basic ({5404E185-BD7C-4A72-ABD0-91A411A05726})
version (major): 6
install location: C:\Program Files\Ulead Systems\Ulead VideoStudio 6 SE Basic
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5404E185-BD7C-4A72-ABD0-91A411A05726}\SETUP.EXE"
publisher: Ulead Systems, Inc.

MyDVD ({5E835305-63BB-4E55-BBB7-EEBBE67774DB})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\SETUP.EXE" -l0x9 -L0x9 /SMAINT

Easy CD Creator 5 Basic 5.3.4.21 ({609F7AC8-C510-11D4-A788-009027ABA5D0})
version: 83951616
version (major): 5
version (minor): 1
estimated size: 25513
install date: 20041020
install source: G:\
uninstall cmd: MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
publisher: Roxio Inc
help link: http://www.roxio.com/en/support
help telephone:

PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\SETUP.EXE" -uninstall

Java 2 Runtime Environment, SE v1.4.2_06 1.4.2_06 ({7148F0A8-6813-11D6-A77B-00B0D0142060})
version (major): 1
version (minor): 4
estimated size: 110912
install date: 20050123
install source: http://java.sun.com/...3/windows-i586/
uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
publisher: Sun Microsystems, Inc.
comments: http://www.java.com
contact: http://www.java.com
help link: http://www.java.com
help telephone: http://www.java.com
readme: Readme.txt

Ulead VideoStudio 7 ESD 7.0 ({757AD3D4-036B-42FA-B0A4-96BD6F4605A0})
version: 117440512
version (major): 7
install location: C:\Program Files\Ulead Systems\Ulead VideoStudio 7
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RUNTIME\0700\INTEL32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\SETUP.EXE" -l0x9
publisher: Ulead Systems, Inc.

({8851E12C-0EF9-11D4-A788-009027ABA5D0})

V8 Challenge ({8E15143B-B333-49D2-8CE6-F1A92CBB533C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E15143B-B333-49D2-8CE6-F1A92CBB533C}\setup.exe"

Logitech Gaming Software 4.30 ({93EC14D5-7AAA-4EAD-BB75-013817A96598})
version: 69074944
install location: C:\Program Files\Logitech\Profiler
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EC14D5-7AAA-4EAD-BB75-013817A96598}\Setup.Exe" -l0x9

Nero - Burning Rom 5.5.9 ({A4D7B764-4140-11D4-88EB-0050DA3579C0})
version: 84213769
version (major): 5
version (minor): 5
estimated size: 60277
install date: 20041029
install source: G:\nero551045\Nero55\
uninstall cmd: MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
publisher: ahead software gmbh
contact: Hotline
help link: http://www.nero.com
help telephone:
readme: 0

Adobe Reader 6.0 6.0 ({AC76BA86-7AD7-1033-7B44-000000000001})
version: 100663296
version (major): 6
estimated size: 45165
install date: 20050306
install location: C:\Program Files\Adobe\Acrobat 6.0\Reader\
install source: C:\WINDOWS\Cache\Adobe Reader 6.0\ENUBIG\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
publisher: Adobe Systems Incorporated
comments:
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 6.0\Reader\Readme.htm

World of Outlaws Sprint Cars Demo ({C3B09A49-286F-4D48-ADDC-7CC29BBB3E81})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3B09A49-286F-4D48-ADDC-7CC29BBB3E81}\Setup.exe" -l0x9

Grand Prix 4 ({C7D27207-0F86-4B6F-859C-21800A2C592E})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\Infogrames\Grand Prix 4\setup.exe"

Race Driver 2 1.01.0000 ({D474A0E8-4421-43C0-BE8E-F454F91E2E2A})
version: 16842752
version (major): 1
version (minor): 1
estimated size: 760608
install date: 20040813
install source: G:\
publisher: Codemasters
comments: Please see manual for further information.
contact: Customer And Technical Support
help link: http://www.codemasters.com
help telephone: +44 (0) 1926 816044

Palmcorder USB Device Driver 2.00 ({F68794FD-9BBA-44FB-976C-4FCE2B447476})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F68794FD-9BBA-44FB-976C-4FCE2B447476}\SETUP.EXE"



--- System Services ---
Service (registry key): 61883
Display name: 61883 Unit Device
Image path: System32\DRIVERS\61883.sys
Image size: 46080
Image MD5: DBBFC935C7970D7F801C2EAC77ABF542
Start: 3
Type: 1
Error Control: 1

Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: System32\DRIVERS\ACPI.sys
Image size: 179328
Image MD5: 94DDD4B3ACBD7A9558E1762CD58386F9
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1

Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142208
Image MD5: FF773FEDA15E8BD97FD54FE87A0ACDBE
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Display name: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 2
Type: 1
Error Control: 1

Service (registry key): Aha154x
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): ALCXWDM
Display name: Service for Avance AC97 Audio (WDM)
Image path: system32\drivers\ALCXWDM.SYS
Image size: 243164
Image MD5: 64EA954EBAC3F1E0AB3E1BC9F3D4203A
Start: 3
Type: 1
Error Control: 1

Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 41984
Image MD5: 497AEAD5ECEF9512F6B364977A5308EE
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): AmdK7
Display name: AMD K7 Processor Driver
Image path: System32\DRIVERS\amdk7.sys
Image size: 32512
Image MD5: E1F2A5F066A6656C8CD5056947A73723
Start: 1
Type: 1
Error Control: 1

Service (registry key): amsint
Start: 4
Type: 1
Error Control: 1

Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1

Service (registry key): Arp1394
Display name: 1394 ARP Client Protocol
Description: 1394 ARP Client Protocol
Image path: System32\DRIVERS\arp1394.sys
Image size: 57344
Image MD5: E47AE30589D7195BB044847FBB63A06E
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): asc
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Start: 4
Type: 1
Error Control: 1

Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: System32\DRIVERS\asyncmac.sys
Image size: 13568
Image MD5: 03F403B07A884FC2AA54A0916C410931
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: System32\DRIVERS\atapi.sys
Image size: 86912
Image MD5: 95B858761A00E1D4F81F79A0DA019ACA
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0

Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: System32\DRIVERS\atmarpc.sys
Image size: 57216
Image MD5: 8D735CA1CBDB0081B0E3B9FF0EB222D0
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Display name: Audio Stub Driver
Image path: System32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Start: 3
Type: 1
Error Control: 1

Service (registry key): Avc
Display name: AVC Device
Image path: System32\DRIVERS\avc.sys
Image size: 36224
Image MD5: 0349D2C3F4CE5FEB9BA58BFF86B06544
Start: 3
Type: 1
Error Control: 1

Service (registry key): Avg7Alrt
Display name: AVG7 Alert Manager Server
Object name: LocalSystem
Image path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Image size: 330240
Image MD5: 9DBD26D7D7967D918C507B1E2A93A37E
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): Avg7Core
Display name: AVG7 Kernel
Image path: \SystemRoot\System32\Drivers\avg7core.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Avg7RsW
Display name: AVG7 Wrap Driver
Image path: \SystemRoot\System32\Drivers\avg7rsw.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Avg7RsXP
Display name: AVG7 Rezident Driver
Image path: \SystemRoot\System32\Drivers\avg7rsxp.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Avg7UpdSvc
Display name: AVG7 Update Service
Object name: LocalSystem
Image path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Image size: 84480
Image MD5: 62E6B23B906B213836470740FE449B43
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): AvgTdi
Display name: AVG Network Redirector
Image path: \??\C:\WINDOWS\System32\Drivers\avgtdi.sys
Image size: 4704
Image MD5: 065684F105712B71F8FA7A1FD5133252
Start: 2
Type: 1
Error Control: 1

Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0

Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1

Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Uses idle network bandwidth to transfer data.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,RpcSs

Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): cbidf2k
Start: 4
Type: 1
Error Control: 1

Service (registry key): CCDECODE
Display name: Closed Caption Decoder
Image path: System32\DRIVERS\CCDECODE.sys
Image size: 16384
Image MD5: FDC06E2ADA8C468EBB161624E03976CF
Start: 3
Type: 1
Error Control: 1

Service (registry key): cd20xrnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): Cdaudio
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): Cdr4_xp
Start: 1
Type: 1
Error Control: 1

Service (registry key): Cdralw2k
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdrom
Display name: CD-ROM Driver
Image path: System32\DRIVERS\cdrom.sys
Image size: 47488
Image MD5: 6506E033AD04CFEC9EE56DBEFD1083DD
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): cdudf_xp
Start: 1
Type: 2
Error Control: 1

Service (registry key): Changer
Start: 1
  • 0

#44
duglartis

duglartis

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
hello again i have updated to latest version
computer keeps locking up as well now and i have to keep rebooting
thanks for your help
here is the log
- Search result list ---


--- System information ---
Windows XP (Build: 2600) Service Pack 1
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution
/ Windows XP / SP1: Windows XP Service Pack 1a
/ Windows XP / SP2: Windows XP Hotfix - KB823980
/ Windows XP / SP2: Windows XP Hotfix - KB824146
/ Windows XP / SP2: Windows XP Hotfix - KB835732


--- Startup entries list ---
Located: HK_LM:Run, AdaptecDirectCD
command: C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
file: C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
size: 684032
MD5: bfa83b551abd8084b4623887d0e3b53c

Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 352768
MD5: 82f0d9baf07f7a63d6ca044251dd5598

Located: HK_LM:Run, AVG7_EMC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 272896
MD5: f4c4aabcca4ea3a675e5bbc3e821e7e1

Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
file: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
size: 188416
MD5: 2d9ce5dde52ceea539e0dd20735a0797

Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 9216
MD5: 62dd404c8e46b76089a3d1fa6bd96739

Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\System32\\NeroCheck.exe
file: C:\WINDOWS\System32\\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 31744
MD5: 0fb22dd37c17f80ad71316049f725170

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 323584
MD5: d6731f0f7a64afa9d6c60a197664ca76

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76a3a30b58405c2c6d833895253a51a9

Located: HK_LM:Run, RegProt
command: c:\documents and settings\dug and tania\my documents\downloads\regprot.exe /start
file:

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
file:

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 151597
MD5: a05da809ac0d86d916d09e3a908d3a06

Located: HK_LM:Run, AVG7_CC (DISABLED)
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 352768
MD5: 82f0d9baf07f7a63d6ca044251dd5598

Located: HK_LM:Run, AVG7_EMC (DISABLED)
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 272896
MD5: f4c4aabcca4ea3a675e5bbc3e821e7e1

Located: HK_LM:RunOnce, SpybotSnD (DISABLED)
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09ca174a605b480318731e691dc98539

Located: HK_LM:Run, MSN Messanger (DISABLED)
command: msnmsng.exe
file:

Located: HK_LM:Run, winupdate service (DISABLED)
command: ssrs.exe
file:

Located: HK_LM:RunServices, MSN Messanger (DISABLED)
command: msnmsng.exe
file:

Located: HK_CU:Run, NVIEW
command: rundll32.exe nview.dll,nViewLoadHook
file: C:\WINDOWS\system32\rundll32.exe
size: 31744
MD5: 0fb22dd37c17f80ad71316049f725170

Located: HK_CU:Run, Start WingMan Profiler (DISABLED)
command:
file:

Located: HK_CU:Run, MSN Messanger (DISABLED)
command: msnmsng.exe
file:

Located: HK_CU:Run, Yahoo! Pager (DISABLED)
command: C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
file:

Located: HK_CU:RunServices, MSN Messanger (DISABLED)
command: msnmsng.exe
file:

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office\Osa9.exe
file: C:\Program Files\Microsoft Office\Office\Osa9.exe
size: 65588
MD5: a89d195caf6a030b152e2a4cabe7018d

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com.../readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 15/05/2003 00:47:54
Date (last access): 28/06/2005
Date (last write): 15/05/2003 00:47:54
Filesize: 50376
Attributes: archive
MD5: 0C0E1B2BCAED8DF401BE94D538BCB412
CRC32: 1D771322
Version: 6.0.0.878

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name: SDHELPER.DLL
Date (created): 28/06/2005 20:16:06
Date (last access): 28/06/2005
Date (last write): 31/05/2005 01:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0



--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\SYSTEM\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Internet Explorer Classes for Java (Internet Explorer Classes for Java)
DPF name: Internet Explorer Classes for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\SYSTEM\iejava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\iejava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso4.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control)
DPF name:
CLSID name: iPIX ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\IPIXX.inf
Codebase: http://www.ipix.com/download/ipixx.cab
description: iPIX ActiveX Control
classification: Unknown
known filename: ipixx.ocx
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\DOWNLO~1\
Long name: ipixx.ocx
Short name:
Date (created): 2/06/2000 11:29:42
Date (last access): 28/06/2005
Date (last write): 2/06/2000 11:29:42
Filesize: 102912
Attributes: archive
MD5: FF183CADA1ED933276B169E304E88910
CRC32: E85AE186
Version: 6.2.0.5

{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class)
DPF name:
CLSID name: MSSecurityAdvisor Class
Installer: C:\WINDOWS\Downloaded Program Files\msSecAdv.inf
Codebase: http://protect.micro...b?1104699695015
Path: C:\WINDOWS\System32\
Long name: mssecadv.dll
Short name:
Date (created): 8/09/2004 17:38:54
Date (last access): 28/06/2005
Date (last write): 8/09/2004 17:38:54
Filesize: 36960
Attributes: archive
MD5: DF203DE80E2E1C9D38492B590B00BB1D
CRC32: 4A7CC4B5
Version: 5.4.3790.14

{33363249-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\i263_32.inf
Codebase: http://codecs.micros...386/i263_32.cab

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://v5.windowsupd...b?1098860877234
Path: C:\WINDOWS\System32\
Long name: wuweb.dll
Short name:
Date (created): 3/08/2004 13:59:06
Date (last access): 28/06/2005
Date (last write): 3/08/2004 13:59:06
Filesize: 120288
Attributes: archive
MD5: 0CD6248038C70B4C688DBD315D90A97A
CRC32: 0EF7DE01
Version: 5.4.3790.2182

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_06
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.2_06\bin\
Long name: npjpi142_06.dll

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://www.pandasoft.../as5/asinst.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 11/04/2005 12:20:22
Date (last access): 28/06/2005
Date (last write): 11/04/2005 12:20:22
Filesize: 118784
Attributes: archive
MD5: 36259D36E842FCF12B3D2F3766E7529F
CRC32: F62E6268
Version: 57.6.0.0

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupd...8297.9412152778
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_04)
DPF name: Java Runtime Environment 1.3.1_04
CLSID name: Java Plug-in 1.3.1_04
Installer: c:\winnt\Downloaded Program Files\jinstall_1_3_1_04.inf
Codebase: http://java.sun.com/...-131_04-win.cab
Path: C:\Program Files\JavaSoft\JRE\1.3.1_04\bin\
Long name: NPJava131_04.dll
Short name: NPJAVA~1.DLL
Date (created): 6/06/2004 04:39:24
Date (last access): 28/06/2005
Date (last write): 17/05/2002 17:04:54
Filesize: 53344
Attributes: archive
MD5: 8C13180FCD467789582CE0BE9632F1A7
CRC32: 1F053EE2
Version: 1.3.1.4

{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_06
Installer:
Codebase: http://java.sun.com/...indows-i586.cab
Path: C:\Program Files\Java\j2re1.4.2_06\bin\
Long name: npjpi142_06.dll

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macr...ash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\flash\
Long name: Flash.ocx
Short name: FLASH.OCX
Date (created): 9/06/2004 15:59:26
Date (last access): 28/06/2005
Date (last write): 9/06/2004 15:59:26
Filesize: 939224
Attributes: archive
MD5: FC3E17E12C2E31FAC34B416B3DAB829F
CRC32: D1CF3A57
Version: 7.0.19.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 364 ( 4) \SystemRoot\System32\smss.exe
PID: 460 ( 364) \??\C:\WINDOWS\system32\csrss.exe
PID: 484 ( 364) \??\C:\WINDOWS\system32\winlogon.exe
PID: 528 ( 484) C:\WINDOWS\system32\services.exe
size: 101376
MD5: E3DF4A0252D287C44606EE55355E1623
PID: 540 ( 484) C:\WINDOWS\system32\lsass.exe
size: 11776
MD5: B2B6BA905D0E3F8A32A0EB3B4051807B
PID: 696 ( 528) C:\WINDOWS\system32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 736 ( 528) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 800 ( 528) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 812 ( 528) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 976 ( 528) C:\WINDOWS\system32\spoolsv.exe
size: 51200
MD5: 9B4155BA58192D4073082B8FC5D42612
PID: 1272 (1192) C:\WINDOWS\Explorer.exe
size: 1004032
MD5: A82B28BFC2E4455FE43022A498C0EF0A
PID: 1280 ( 528) C:\WINDOWS\System32\alg.exe
size: 41984
MD5: 497AEAD5ECEF9512F6B364977A5308EE
PID: 1312 ( 528) C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
size: 330240
MD5: 9DBD26D7D7967D918C507B1E2A93A37E
PID: 1412 ( 528) C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
size: 84480
MD5: 62E6B23B906B213836470740FE449B43
PID: 1488 ( 528) C:\WINDOWS\System32\nvsvc32.exe
size: 65536
MD5: 23AF100282EF9065371B5454D4089182
PID: 1524 ( 528) C:\WINDOWS\System32\svchost.exe
size: 12800
MD5: 0F7D9C87B0CE1FA520473119752C6F79
PID: 1656 (1272) C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
size: 188416
MD5: 2D9CE5DDE52CEEA539E0DD20735A0797
PID: 1692 (1272) C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
size: 684032
MD5: BFA83B551ABD8084B4623887D0E3B53C
PID: 1788 (1272) C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 272896
MD5: F4C4AABCCA4EA3A675E5BBC3E821E7E1
PID: 1796 (1272) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 151597
MD5: A05DA809AC0D86D916D09E3A908D3A06
PID: 1812 (1272) C:\documents and settings\dug and tania\my documents\downloads\regprot.exe
size: 19614
MD5: BED2D3E8C8C15D657601D3F95B564AF5
PID: 1880 (1820) C:\WINDOWS\System32\rundll32.exe
size: 31744
MD5: 0FB22DD37C17F80AD71316049F725170
PID: 308 (1480) C:\WINDOWS\System32\sysmon32.exe
size: 220289
MD5: 024D45CAD049B49E163E647E1FE9A4C9
PID: 924 (1272) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 28/06/2005 21:06:08

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://netaccess.co.nz/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsof...search.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft...B_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft...er=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft...=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EAB2002F-D0A3-40D9-8BAF-6722B93D42C5}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EAB2002F-D0A3-40D9-8BAF-6722B93D42C5}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1B3BC5E8-C2A8-4CC5-B1A0-1C06C3E09F44}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1B3BC5E8-C2A8-4CC5-B1A0-1C06C3E09F44}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{497A6B4C-B00C-40F1-B12D-8E6AE0CBA0E3}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{497A6B4C-B00C-40F1-B12D-8E6AE0CBA0E3}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DBD227BF-3C1A-4966-9CEE-8EA051EDC922}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DBD227BF-3C1A-4966-9CEE-8EA051EDC922}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E224336-CC8D-45F2-A0C0-BA75B9356ABD}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E224336-CC8D-45F2-A0C0-BA75B9356ABD}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9C5EFFCF-266C-4729-BC54-8A488435A110}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9C5EFFCF-266C-4729-BC54-8A488435A110}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{62AC063D-A459-4836-B78F-3EDA6D280C19}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{62AC063D-A459-4836-B78F-3EDA6D280C19}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace



--- Uninstall list ---
(128PATCH)

98lite Uninstall (98liteUn)
uninstall cmd: C:\WIN98\98lite.exe /UNINSTALL ~GOC:\WIN98\

(AddressBook)
uninstall cmd: "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT

AVG Free Edition (AVG7Uninstall)
uninstall cmd: C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL

(Branding)

CleanUp! (CleanUp!)
uninstall cmd: C:\Program Files\CleanUp!\uninstall.exe

(Connection Manager)

Corel Applications (Corel Applications)
uninstall cmd: C:\WINDOWS\Corel\Uninstal.exe

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

(expinst)

(Fontcore)

HD Tach 2.61 (HD Tach 2.61)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\HD Tach\Uninst.isu"

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: H:\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

hp deskjet 5550 series (Remove only) (hp deskjet 5550 series)
uninstall cmd: C:\Program Files\hp deskjet 5550 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=5550 -huninstall

hp print screen utility (hp print screen utility)
uninstall cmd: C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

IEimage (IEimage)
uninstall cmd: C:\Program Files\IEimage\uninstall.exe

(IEREADME)

(InstallShield Uninstall Information)

LimeWire 4.02.0000 (InstallShield_{46C4FBB6-C800-4887-B52C-96124701AC8F})
version: 67239936
version (major): 4
version (minor): 2
estimated size: 6585
install date: 20050126
install source: C:\WINDOWS\Downloaded Installations\{2EABF679-53F9-4714-985D-54A49DBD4566}\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{46C4FBB6-C800-4887-B52C-96124701AC8F}
publisher: Lime Wire LLC
comments: Your Comments
contact: Customer Support Department
help link: http://www.yourcompany.com/help
help telephone: 555-555-5555

Race Driver 2 1.01.0000 (InstallShield_{D474A0E8-4421-43C0-BE8E-F454F91E2E2A})
version: 16842752
version (major): 1
version (minor): 1
estimated size: 760608
install date: 20040813
install source: G:\
uninstall cmd: C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\DRIVER\7\INTEL 32\IDRIVER.EXE /M{D474A0E8-4421-43C0-BE8E-F454F91E2E2A} /l1033
publisher: Codemasters
comments: Please see manual for further information.
contact: Customer And Technical Support
help link: http://www.codemasters.com
help telephone: +44 (0) 1926 816044

Java 2 Runtime Environment Standard Edition v1.3.1_04 (JRE 1.3.1_04)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_04\Uninst.isu"

K2_SS_ver1 Screen Saver (K2_SS_ver1)
uninstall cmd: C:\WINDOWS\System32\K2_SS_ver1.scr /u

Microsoft Data Access Components KB870669 (KB870669)
uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.micro...com?kbid=870669

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

Mozilla Firefox (1.0.1) 1.0.1 (en-US) (Mozilla Firefox (1.0.1))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\WINDOWS\UninstallFirefox.exe /ua "1.0.1 (en-US)"
publisher: Mozilla

(MPlayer2)

(MSTASK)

(Nero - Burning Rom!UninstallKey)

(NetMeeting)

Network Play System (Patching) (Network Play System (Patching))
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"

NVIDIA Windows 2000/XP Display Drivers (NVIDIA)
uninstall cmd: rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf

(OutlookExpress)

ProSavageDDR and Utilities (P4M266)
uninstall cmd: C:\PROGRA~1\S3\P4M266\s3setvga.exe -s -fC:\PROGRA~1\S3\P4M266\P4M266.uns

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Microsoft PowerPoint Viewer 97 (PPTView97)
uninstall cmd: C:\Program Files\PowerPoint Viewer\setup\setup.exe

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

RealOne Player (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

(SchedulingAgent)

(ShockwaveFlash)

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

SpywareBlaster v3.4 3.4.0 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC

Toca2 (Toca2)
uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\Codemasters\Toca2\Uninst.isu

Conexant HCF V.92 56K Speakerphone PCI Modem (VEN_14F1&DEV_1085&SUBSYS_108514F1)
uninstall cmd: C:\UIU\HCFMODEM\HXFSETUP.EXE -U -iVEN_14F1&DEV_1085&SUBSYS_108514F1

(VGX)

Windows XP Uninstall (Windows)
install location: C:\undo
uninstall cmd: %SYSTEMROOT%\system32\osuninst.exe

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

WinZip 8.1 (4331) (WinZip)
version (major): 8
version (minor): 1
install location: C:\PROGRA~1\WINZIP\
uninstall cmd: "C:\PROGRAM FILES\WINZIP\WINZIP32.EXE" /uninstall
publisher: WinZip Computing, Inc.
help link: http://www.winzip.com/xsupport.htm

Microsoft Office 2000 Small Business 9.00.2720 ({00030409-78E1-11D2-B60F-006097C998E7})
version: 150997664
version (major): 9
install date: 3/04/04
install source: G:\
uninstall cmd: MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office\ofread9.txt

Microsoft Office 2000 Disc 2 9.00.2720 ({00040409-78E1-11D2-B60F-006097C998E7})
version: 150997664
version (major): 9
install date: 3/04/04
install source: G:\
uninstall cmd: MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support

Indiana Jones and the Emperors Tomb ({0DBF3265-57F1-4D8A-87EA-332B2A669BDE})
install location: C:\Program Files\LucasArts\Indiana Jones and the Emperors Tomb
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DBF3265-57F1-4D8A-87EA-332B2A669BDE}\SETUP.EXE" -l0x9

Colin McRae Rally 2 ({19B72AA9-985A-11D4-9C8A-00D0B75D1498})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19B72AA9-985A-11D4-9C8A-00D0B75D1498}\setup.exe"

WebFldrs XP 9.50.6513 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2516
install date: 20041019
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

LimeWire 4.02.0000 ({46C4FBB6-C800-4887-B52C-96124701AC8F})
version: 67239936
version (major): 4
version (minor): 2
estimated size: 6585
install date: 20050126
install source: C:\WINDOWS\Downloaded Installations\{2EABF679-53F9-4714-985D-54A49DBD4566}\
publisher: Lime Wire LLC
comments: Your Comments
contact: Customer Support Department
help link: http://www.yourcompany.com/help
help telephone: 555-555-5555

upapp 0.20.0000 ({4EF69D40-4DC9-485E-95D3-B1C22F218FC8})
version: 1310720
version (minor): 20
install date: 20041020
install source: g:\upapp\
uninstall cmd: MsiExec.exe /I{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}
publisher: Hewlett-Packard
comments: Your Comments
contact: Customer Support Department
help link: http://www.yourcompany.com/help
help telephone: 1-555-555-4505
readme: Readme.txt

Ulead VideoStudio 6 SE Basic ({5404E185-BD7C-4A72-ABD0-91A411A05726})
version (major): 6
install location: C:\Program Files\Ulead Systems\Ulead VideoStudio 6 SE Basic
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5404E185-BD7C-4A72-ABD0-91A411A05726}\SETUP.EXE"
publisher: Ulead Systems, Inc.

MyDVD ({5E835305-63BB-4E55-BBB7-EEBBE67774DB})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\SETUP.EXE" -l0x9 -L0x9 /SMAINT

Easy CD Creator 5 Basic 5.3.4.21 ({609F7AC8-C510-11D4-A788-009027ABA5D0})
version: 83951616
version (major): 5
version (minor): 1
estimated size: 25513
install date: 20041020
install source: G:\
uninstall cmd: MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
publisher: Roxio Inc
help link: http://www.roxio.com/en/support
help telephone:

PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\SETUP.EXE" -uninstall

Java 2 Runtime Environment, SE v1.4.2_06 1.4.2_06 ({7148F0A8-6813-11D6-A77B-00B0D0142060})
version (major): 1
version (minor): 4
estimated size: 110912
install date: 20050123
install source: http://java.sun.com/...3/windows-i586/
uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
publisher: Sun Microsystems, Inc.
comments: http://www.java.com
contact: http://www.java.com
help link: http://www.java.com
help telephone: http://www.java.com
readme: Readme.txt

Ulead VideoStudio 7 ESD 7.0 ({757AD3D4-036B-42FA-B0A4-96BD6F4605A0})
version: 117440512
version (major): 7
install location: C:\Program Files\Ulead Systems\Ulead VideoStudio 7
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RUNTIME\0700\INTEL32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\SETUP.EXE" -l0x9
publisher: Ulead Systems, Inc.

({8851E12C-0EF9-11D4-A788-009027ABA5D0})

V8 Challenge ({8E15143B-B333-49D2-8CE6-F1A92CBB533C})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E15143B-B333-49D2-8CE6-F1A92CBB533C}\setup.exe"

Logitech Gaming Software 4.30 ({93EC14D5-7AAA-4EAD-BB75-013817A96598})
version: 69074944
install location: C:\Program Files\Logitech\Profiler
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EC14D5-7AAA-4EAD-BB75-013817A96598}\Setup.Exe" -l0x9

Nero - Burning Rom 5.5.9 ({A4D7B764-4140-11D4-88EB-0050DA3579C0})
version: 84213769
version (major): 5
version (minor): 5
estimated size: 60277
install date: 20041029
install source: G:\nero551045\Nero55\
uninstall cmd: MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
publisher: ahead software gmbh
contact: Hotline
help link: http://www.nero.com
help telephone:
readme: 0

Adobe Reader 6.0 6.0 ({AC76BA86-7AD7-1033-7B44-000000000001})
version: 100663296
version (major): 6
estimated size: 45165
install date: 20050306
install location: C:\Program Files\Adobe\Acrobat 6.0\Reader\
install source: C:\WINDOWS\Cache\Adobe Reader 6.0\ENUBIG\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
publisher: Adobe Systems Incorporated
comments:
contact: Customer Support Department
help link: http://www.adobe.com/support/main.html
help telephone:
readme: C:\Program Files\Adobe\Acrobat 6.0\Reader\Readme.htm

World of Outlaws Sprint Cars Demo ({C3B09A49-286F-4D48-ADDC-7CC29BBB3E81})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3B09A49-286F-4D48-ADDC-7CC29BBB3E81}\Setup.exe" -l0x9

Grand Prix 4 ({C7D27207-0F86-4B6F-859C-21800A2C592E})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\Infogrames\Grand Prix 4\setup.exe"

Race Driver 2 1.01.0000 ({D474A0E8-4421-43C0-BE8E-F454F91E2E2A})
version: 16842752
version (major): 1
version (minor): 1
estimated size: 760608
install date: 20040813
install source: G:\
publisher: Codemasters
comments: Please see manual for further information.
contact: Customer And Technical Support
help link: http://www.codemasters.com
help telephone: +44 (0) 1926 816044

Palmcorder USB Device Driver 2.00 ({F68794FD-9BBA-44FB-976C-4FCE2B447476})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F68794FD-9BBA-44FB-976C-4FCE2B447476}\SETUP.EXE"



--- System Services ---
Service (registry key): 61883
Display name: 61883 Unit Device
Image path: System32\DRIVERS\61883.sys
Image size: 46080
Image MD5: DBBFC935C7970D7F801C2EAC77ABF542
Start: 3
Type: 1
Error Control: 1

Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0

Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1

Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: System32\DRIVERS\ACPI.sys
Image size: 179328
Image MD5: 94DDD4B3ACBD7A9558E1762CD58386F9
Start: 0
Type: 1
Error Control: 1

Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1

Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142208
Image MD5: FF773FEDA15E8BD97FD54FE87A0ACDBE
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Display name: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 2
Type: 1
Error Control: 1

Service (registry key): Aha154x
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1

Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1

Service (registry key): ALCXWDM
Display name: Service for Avance AC97 Audio (WDM)
Image path: system32\drivers\ALCXWDM.SYS
Image size: 243164
Image MD5: 64EA954EBAC3F1E0AB3E1BC9F3D4203A
Start: 3
Type: 1
Error Control: 1

Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 41984
Image MD5: 497AEAD5ECEF9512F6B364977A5308EE
Start: 3
Type: 16
Error Control: 1

Service (registry key): AliIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): AmdK7
Display name: AMD K7 Processor Driver
Image path: System32\DRIVERS\amdk7.sys
Image size: 32512
Image MD5: E1F2A5F066A6656C8CD5056947A73723
Start: 1
Type: 1
Error Control: 1

Service (registry key): amsint
Start: 4
Type: 1
Error Control: 1

Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1

Service (registry key): Arp1394
Display name: 1394 ARP Client Protocol
Description: 1394 ARP Client Protocol
Image path: System32\DRIVERS\arp1394.sys
Image size: 57344
Image MD5: E47AE30589D7195BB044847FBB63A06E
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): asc
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3350p
Start: 4
Type: 1
Error Control: 1

Service (registry key): asc3550
Start: 4
Type: 1
Error Control: 1

Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: System32\DRIVERS\asyncmac.sys
Image size: 13568
Image MD5: 03F403B07A884FC2AA54A0916C410931
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: System32\DRIVERS\atapi.sys
Image size: 86912
Image MD5: 95B858761A00E1D4F81F79A0DA019ACA
Start: 0
Type: 1
Error Control: 1

Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0

Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: System32\DRIVERS\atmarpc.sys
Image size: 57216
Image MD5: 8D735CA1CBDB0081B0E3B9FF0EB222D0
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): AudioSrv
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): audstub
Display name: Audio Stub Driver
Image path: System32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Start: 3
Type: 1
Error Control: 1

Service (registry key): Avc
Display name: AVC Device
Image path: System32\DRIVERS\avc.sys
Image size: 36224
Image MD5: 0349D2C3F4CE5FEB9BA58BFF86B06544
Start: 3
Type: 1
Error Control: 1

Service (registry key): Avg7Alrt
Display name: AVG7 Alert Manager Server
Object name: LocalSystem
Image path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Image size: 330240
Image MD5: 9DBD26D7D7967D918C507B1E2A93A37E
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): Avg7Core
Display name: AVG7 Kernel
Image path: \SystemRoot\System32\Drivers\avg7core.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Avg7RsW
Display name: AVG7 Wrap Driver
Image path: \SystemRoot\System32\Drivers\avg7rsw.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Avg7RsXP
Display name: AVG7 Rezident Driver
Image path: \SystemRoot\System32\Drivers\avg7rsxp.sys
Start: 1
Type: 1
Error Control: 1

Service (registry key): Avg7UpdSvc
Display name: AVG7 Update Service
Object name: LocalSystem
Image path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Image size: 84480
Image MD5: 62E6B23B906B213836470740FE449B43
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): AvgTdi
Display name: AVG Network Redirector
Image path: \??\C:\WINDOWS\System32\Drivers\avgtdi.sys
Image size: 4704
Image MD5: 065684F105712B71F8FA7A1FD5133252
Start: 2
Type: 1
Error Control: 1

Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0

Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1

Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Uses idle network bandwidth to transfer data.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,RpcSs

Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 12800
Image MD5: 0F7D9C87B0CE1FA520473119752C6F79
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): cbidf2k
Start: 4
Type: 1
Error Control: 1

Service (registry key): CCDECODE
Display name: Closed Caption Decoder
Image path: System32\DRIVERS\CCDECODE.sys
Image size: 16384
Image MD5: FDC06E2ADA8C468EBB161624E03976CF
Start: 3
Type: 1
Error Control: 1

Service (registry key): cd20xrnt
Start: 4
Type: 1
Error Control: 1

Service (registry key): Cdaudio
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): Cdr4_xp
Start: 1
Type: 1
Error Control: 1

Service (registry key): Cdralw2k
Start: 1
Type: 1
Error Control: 0

Service (registry key): Cdrom
Display name: CD-ROM Driver
Image path: System32\DRIVERS\cdrom.sys
Image size: 47488
Image MD5: 6506E033AD04CFEC9EE56DBEFD1083DD
Start: 1
Type: 1
Error Control: 1
Depends On group: "SCSI miniport"

Service (registry key): cdudf_xp
Start: 1
Type: 2
Error Control: 1

Service (registry key): Changer
Start: 1
Type: 1
Error Control: 0

Service (registry key): CiSvc
Display name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Object name: LocalSystem
Image path: %SystemRoot%\system32\cisvc.exe
Image size: 5120
Image MD5: 325F1D50AFD0D6CE830938262AC2AE14
Start: 3
Type: 288
Error Control: 1
Depends On services: RPCSS

Service (registry key): ClipSrv
Display name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\clipsrv.exe
Image size: 30720
Image MD5: 08EBC742345AB7EF2EC29BC92D6D33DD
Start: 3
Type: 16
Error Control: 1
Depends On services: NetDDE

Service (registry key): CmdIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): COMSysApp
Display name: COM+ System Appl
  • 0

#45
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,942 posts
I'm sorry. There are too much letters and not enough information in there.

Can you give me some specific details.

When tehe computer freezes up?
What the errors are?
What is listed in Event Viewer?

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP