Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware, viruses & blue screen of death [RESOLVED]


  • This topic is locked This topic is locked

#16
marcel

marcel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Well, it seems to be running fine now. I haven't had a single popup during the Panda scan.

Here are the logs:

Logfile of HijackThis v1.99.1
Scan saved at 10:41:23 PM, on 8/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\S24EvMon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\System32\RegSrvc.exe
C:\WINNT\System32\RoamMgr.exe
C:\WINNT\system32\wdfmgr.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Intel\Switching\User\RoamSvc.exe
C:\WINNT\System32\alg.exe
c:\Program Files\Trend Micro\Tmas\tmas.exe
C:\WINNT\System32\wbem\wmiapsrv.exe
C:\WINNT\System32\wbem\wmiprvse.exe
C:\WINNT\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail-lc-2.for...edu/iNotes6.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\System32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - C:\WINNT\System32\RoamMgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\System32\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe


Incident Status Location

Adware:adware/adlogix No disinfected C:\WINNT\SYSTEM32\sp32.xml
Adware:adware/elitebar No disinfected C:\WINNT\etb
Adware:adware/delfinmedia No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\vidctrl
Adware:adware/wintools No disinfected Windows Registry
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\Administrator\Desktop\l2mfix\Process.exe
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\Administrator\Desktop\l2mfix.exe[Process.exe]
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\All Users\Desktop\nailfix\Process.exe
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\423155A4-053D-4EA0-9C21-1D3D49\6230685C-D118-4CAA-9D01-4D8320
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\81E6F29A-A367-4810-A4E6-7261A9\91F3AEEA-5ED7-468B-9F77-7C899A
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\81E6F29A-A367-4810-A4E6-7261A9\C533D257-C838-48EC-A098-09AF83
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\81E6F29A-A367-4810-A4E6-7261A9\D02BB97B-8F8C-48AC-AA26-A12AE3
Adware:Adware/AdDestroyer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\AC26DF84-352A-4AA2-9291-719668\ED1065D9-0BF1-459C-821D-1473F0
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\FD031C88-D8B5-4805-B8C3-5B2B90\2D97E884-80D0-4810-AD15-333A61
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\FD031C88-D8B5-4805-B8C3-5B2B90\DEEA90D9-C589-42B7-9A17-91FD61
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP180\A0056786.dll
Adware:Adware/WinTools No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP180\A0057641.dll
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP180\A0058757.exe
Adware:Adware/HuntBar No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP180\A0058879.dll
Adware:Adware/Abox No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP180\A0058893.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP180\A0061850.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP180\A0061881.dll
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP198\A0067914.exe
Possible Virus. No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP202\A0071304.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP204\A0071498.exe
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP204\A0071541.exe
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP204\A0071542.exe
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP206\A0073029.exe
Adware:Adware/Mirar No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP207\A0073256.dll
Possible Virus. No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP208\A0075525.exe
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP209\A0075607.exe
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP209\A0075626.exe
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP209\A0075628.dll
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP209\A0075629.exe
Hacktool:Hacktool/Processor No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP209\A0075690.exe
Adware:Adware/EnhSrch No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP210\A0075719.dll
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP210\A0075724.exe
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP210\A0075747.exe
Adware:Adware/PurityScan No disinfected C:\WINNT\system32\?hkdsk.exe * DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\PROGRA~1\COMMON~1\AOLSHARE\SHELL\US\shellext.dll Wed Apr 2 2003 2:03:32p A..H. 106,496 104.00 K
________________________________________________

11,502 items found: 11,501 files (1 H/S), 1 directory.
Total of file sizes: 3,072,583,305 bytes 2.86 G

Administrator Account = True

--------------------End log---------------------
  • 0

Advertisements


#17
marcel

marcel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
While I've only had one popup, I decided to some scans. Here's what ewido and Microsoft beta came up with:

- <MSSSRT version="1.0.615" createdate="8/5/2005 7:34:21 AM" os="XP.2600" user="">
- <Audit>
- <AutoRunAudit>
- <StartupFiles>
<StartupFile path="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk" nam="Anti-Spyware Program exe (tmas.exe)" pub="Trend Micro Incorporated" md5="4b2c2a76988b36b6f15ce2389ec7c835" ver="3, 0, 1, 19" sz="1294336" is="0" gfp="">c:\program files\trend micro\tmas\tmas.exe</StartupFile>
</StartupFiles>
- <StartupFilesRegistry>
<StartupFileRegistry ex="1" path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="gcasServ" dat=""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" nam="Microsoft AntiSpyware Service (gcasserv.exe)" pub="Microsoft Corporation" md5="263740ede788a60a6c0a47249fc410bf" ver="1.00.0615" sz="473928" is="0" gfp="">c:\program files\microsoft antispyware\gcasserv.exe</StartupFileRegistry>
<StartupFileRegistry ex="1" path="HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="AVG7_CC" dat="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" nam="AVG Control Center (avgcc.exe)" pub="GRISOFT, s.r.o." md5="6e74941e3e14cb67fb1648b45a041f0d" ver="7,1,0,338" sz="352256" is="0" gfp="">c:\progra~1\grisoft\avgfre~1\avgcc.exe</StartupFileRegistry>
<StartupFileRegistry ex="1" path="HCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" val="Spyware Doctor" dat=""C:\Program Files\Spyware Doctor\swdoctor.exe" /Q" nam="Spyware Doctor (swdoctor.exe)" pub="PCTools" md5="51a882c8513d03f84fa3d049e88a3767" ver="3.2.1.359" sz="1506544" is="0" gfp="">c:\program files\spyware doctor\swdoctor.exe</StartupFileRegistry>
</StartupFilesRegistry>
- <WinlogonUserinitFiles>
<WinlogonUserinitFile ex="1" nam="Userinit Logon Application (userinit.exe)" pub="Microsoft Corporation" md5="39b1ffb03c2296323832acbae50d2aff" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="24576" is="0" gfp="">c:\winnt\system32\userinit.exe</WinlogonUserinitFile>
</WinlogonUserinitFiles>
<StartupWinIniFiles />
<StartupSysIniFiles />
</AutoRunAudit>
- <InternetExplorerAudit version="6.0.2900.2180">
- <BrowserHelperObjects>
<BHO ex="1" clsid="{53707962-6F74-2D53-2644-206D7942484F}" prog="" val="" nam="Bad download blocker (sdhelper.dll)" pub="Safer Networking Limited" md5="250d787a5712d7768ddc133b3e477759" ver="1, 4, 0, 0" sz="853672" is="0" gfp="">c:\progra~1\spybot~1\sdhelper.dll</BHO>
<BHO ex="1" clsid="{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}" prog="" val="PCTools Site Guard" nam="Site Guard (iesdsg.dll)" pub="PC Tools" md5="a4bb3469af8968ef19ea2f618569afe0" ver="3.0.0.56" sz="611584" is="0" gfp="">c:\progra~1\spywar~1\tools\iesdsg.dll</BHO>
<BHO ex="1" clsid="{B56A7D7D-6927-48C8-A975-17DF180C71AC}" prog="" val="PCTools Browser Monitor" nam="iesdpb.dll (iesdpb.dll)" pub="GuideWorks Pty. Ltd." md5="52941bdfa8ff199f6135ed630bb70180" ver="3.0.0.255" sz="671392" is="0" gfp="">c:\progra~1\spywar~1\tools\iesdpb.dll</BHO>
</BrowserHelperObjects>
<IEToolbars />
<IEExtensions />
- <IEExplorerBars>
<IEExplorerBar ex="1" clsid="{4D5C8C25-D075-11d0-B416-00C04FB90376}" prog="" val="&Tip of the Day" nam="Shell Doc Object and Control Library (shdocvw.dll)" pub="Microsoft Corporation" md5="b8523c2149d8eda89d116aa90423155a" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="1483776" is="0" gfp="">c:\winnt\system32\shdocvw.dll</IEExplorerBar>
<IEExplorerBar ex="1" clsid="{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}" prog="" val="Real.com" nam="Shell Doc Object and Control Library (shdocvw.dll)" pub="Microsoft Corporation" md5="b8523c2149d8eda89d116aa90423155a" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="1483776" is="0" gfp="">c:\winnt\system32\shdocvw.dll</IEExplorerBar>
</IEExplorerBars>
- <IEShellBrowsers>
<IEShellBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}" prog="" val="&Address" nam="Shell Browser UI Library (browseui.dll)" pub="Microsoft Corporation" md5="bae0e397993f9e17d61d2869f5e72a3c" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="1019904" is="0" gfp="">c:\winnt\system32\browseui.dll</IEShellBrowser>
<IEShellBrowser ex="0" clsid="{339BB23F-A864-48C0-A59F-29EA915965EC}" prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEShellBrowser ex="0" clsid="" prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp="" />
</IEShellBrowsers>
- <IEWebBrowsers>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp="" />
<IEWebBrowser ex="1" clsid="{01E04581-4EEE-11D0-BFE9-00AA005B4383}" prog="" val="&Address" nam="Shell Browser UI Library (browseui.dll)" pub="Microsoft Corporation" md5="bae0e397993f9e17d61d2869f5e72a3c" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="1019904" is="0" gfp="">c:\winnt\system32\browseui.dll</IEWebBrowser>
<IEWebBrowser ex="0" clsid="" prog="" val="" nam="" pub="" md5="" ver="" sz="" is="0" gfp="" />
</IEWebBrowsers>
<IEMenuExts />
<IEURLSearchHooks />
- <IEURLs>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Start Page">http://www.msn.com/</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Search Page">http://www.microsoft...esearch</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer Default_Page_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explore Local Page">C:\WINNT\system32\blank.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explore Search Bar" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer Default_Search_URL" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer HomeOldSP" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer Start Page">about:blank</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Search Page">http://www.microsoft...esearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Default_Page_URL">http://www.microsoft...msnhome</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Local Page">%SystemRoot%\system32\blank.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer Search Bar" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer Default_Search_URL">http://www.microsoft...esearch</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer HomeOldSP" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer\Search CustomizeSearch" />
<IEURL val="HCU\Software\Microsoft\Internet Explorer\Search SearchAssistant" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer\Search CustomizeSearch">http://ie.search.msn...ust.htm</IEURL>
<IEURL val="HLM\Software\Microsoft\Internet Explorer\Search SearchAssistant">http://ie.search.msn...sst.htm</IEURL>
<IEURL val="HCU\Software\Microsoft\Internet Explorer\SearchUrl" />
<IEURL val="HLM\Software\Microsoft\Internet Explorer\SearchUrl" />
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs blank">res://mshtml.dll/blank.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs DesktopItemNavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs NavigationCanceled">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs NavigationFailure">res://shdoclc.dll/navcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs OfflineInformation">res://shdoclc.dll/offcancl.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs PostNotCached">res://mshtml.dll/repost.htm</IEURL>
<IEURL val="HLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs mozilla" />
</IEURLs>
</InternetExplorerAudit>
- <SystemAudit>
- <ShellExecuteHooks>
<ShellExecuteHook ex="1" clsid="{AEB6717E-7E19-11d0-97EE-00C04FD91972}" prog="" val="URL Exec Hook" nam="Windows Shell Common Dll (shell32.dll)" pub="Microsoft Corporation" md5="9833f278924d028414d7f89bfd4fc46b" ver="6.00.2900.2620 (xpsp_sp2_gdr.050225-1820)" sz="8450048" is="0" gfp="">C:\WINNT\system32\shell32.dll</ShellExecuteHook>
<ShellExecuteHook ex="1" clsid="{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}" prog="" val="Trend Micro Anti-Spyware Shell Extension" nam="Anti-Spyware Shell Extension (sshook.dll)" pub="Trend Micro Incorporated" md5="fee6fc4af3ec8f5f4a8ecb8ada4251ce" ver="3, 0, 1, 0" sz="77824" is="0" gfp="">c:\program files\trend micro\tmas\sshook.dll</ShellExecuteHook>
<ShellExecuteHook ex="1" clsid="{9EF34FF2-3396-4527-9D27-04C8C1C67806}" prog="Microsoft.AntiSpyware.ShellExecuteHook.1" val="Microsoft.AntiSpyware.ShellExecuteHook.1" nam="Microsoft AntiSpyware Shell Extension (shellextension.dll)" pub="Microsoft Corporation" md5="4b202fff9eb43fdc8d3290deaab7487e" ver="1.0.0614.10" sz="101080" is="0" gfp="">c:\program files\microsoft antispyware\shellextension.dll</ShellExecuteHook>
<ShellExecuteHook ex="1" clsid="{54D9498B-CF93-414F-8984-8CE7FDE0D391}" prog="shellhook.ShellExecuteHookImpl.1" val="CShellExecuteHookImpl Object" nam="shellhook.dll" pub="Unavailable" md5="7ae860799865f5d62b4049c0533cfc39" ver="Unavailable" sz="39488" is="0" gfp="">c:\program files\ewido\security suite\shellhook.dll</ShellExecuteHook>
</ShellExecuteHooks>
- <ShellOpenCommands>
<ShellOpenCommand val="HCR\exefile\shell\open\command">"%1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\comfile\shell\open\command">"%1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\batfile\shell\open\command">"%1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\htafile\shell\open\command">C:\WINNT\System32\mshta.exe "%1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\piffile\shell\open\command">"%1" %*</ShellOpenCommand>
<ShellOpenCommand val="HCR\txtfile\shell\open\command">%SystemRoot%\system32\NOTEPAD.EXE %1</ShellOpenCommand>
<ShellOpenCommand val="HCR\mp3file\shell\open\command">"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"</ShellOpenCommand>
<ShellOpenCommand val="HCR\mpegfile\shell\open\command">"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:9 /Open "%L"</ShellOpenCommand>
<ShellOpenCommand val="HCR\mailto\shell\open\command">"C:\PROGRA~1\MICROS~4\Office10\OUTLOOK.EXE" -c IPM.Note /m "%1"</ShellOpenCommand>
<ShellOpenCommand val="HCR\htmlfile\shell\open\command">"C:\Program Files\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\http\shell\open\command">"C:\Program Files\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\https\shell\open\command">"C:\Program Files\Internet Explorer\iexplore.exe" -nohome</ShellOpenCommand>
<ShellOpenCommand val="HCR\ftp\shell\open\command">"C:\Program Files\Internet Explorer\iexplore.exe" %1</ShellOpenCommand>
</ShellOpenCommands>
- <ActiveXInstalls>
- <ActiveXInstall clsid="DirectAnimation Java Classes" prog="" nam="" codebase="file://C:\WINNT\Java\classes\dajava.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="Microsoft XML Parser for Java" prog="" nam="" codebase="file://C:\WINNT\Java\classes\xmldso.cab">
<Files />
</ActiveXInstall>
- <ActiveXInstall clsid="{04E214E5-63AF-4236-83C6-A7ADCBF9BD02}" prog="XSCAN.XscanCtrl.1" nam="HouseCall Control" codebase="http://housecall60.t...l/xscan60.cab">
- <Files>
<File ex="1" nam="Windows NT CRT DLL (msvcrt.dll)" pub="Microsoft Corporation" md5="b0fefa816d61ec66aa765ddf534eab5e" ver="7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="343040" is="0" gfp="">C:\WINNT\system32\msvcrt.dll</File>
<File ex="1" nam="MFCDLL Shared Library - Retail Version (mfc42.dll)" pub="Microsoft Corporation" md5="4602907535fd682195dfff9117365826" ver="6.02.4131.0" sz="1028096" is="0" gfp="">C:\WINNT\system32\mfc42.dll</File>
<File ex="1" nam="RunTSCKL (runtsckl.exe)" pub="Trend Micro Inc." md5="2d72a9270c7fc7292ecf4fb087cf311f" ver="6.0.0.1261" sz="102470" is="0" gfp="">C:\WINNT\runtsckl.exe</File>
<File ex="1" nam="(tmupdate.ini)" pub="" md5="787089a662510400220211ad5a431f06" ver="" sz="269" is="0" gfp="">C:\WINNT\tmupdate.ini</File>
<File ex="1" nam="(aucfg.ini)" pub="" md5="6e1f6b3343187345443ec7c909bf5ea5" ver="" sz="256" is="0" gfp="">C:\WINNT\aucfg.ini</File>
<File ex="1" nam="loadhttp Application (loadhttp.dll)" pub="Trend Micro Inc." md5="a91762435edbe0b0c9e6b19512934319" ver="1.32.0.1000" sz="77824" is="0" gfp="">C:\WINNT\loadhttp.dll</File>
<File ex="1" nam="Microsoft ® C++ Runtime Library (msvcp60.dll)" pub="Microsoft Corporation" md5="1f57eb5b92b2ac7f9d71a77d184d8c13" ver="6.02.3104.0" sz="413696" is="0" gfp="">C:\WINNT\system32\msvcp60.dll</File>
<File ex="1" nam="(TSC.ini)" pub="" md5="dde06a95d74b13a178d4bffafda62186" ver="" sz="679" is="0" gfp="">C:\WINNT\TSC.ini</File>
<File ex="1" nam="(RMAgentOutput.dll)" pub="" md5="d5ed81b5764e618d99a627df4e49de2c" ver="" sz="25157" is="0" gfp="">C:\WINNT\RMAgentOutput.dll</File>
<File ex="1" nam="(dllTSCLIBMT.dll)" pub="" md5="24219f73e4c81251783de0abcfbe2288" ver="" sz="126976" is="0" gfp="">C:\WINNT\dllTSCLIBMT.dll</File>
<File ex="1" nam="patchw32.dll" pub="Unavailable" md5="6c6cac2d5f122cf24b92ee12cb87d8a6" ver="Unavailable" sz="164864" is="0" gfp="">C:\WINNT\patchw32.dll</File>
<File ex="1" nam="xscan OLE Control Module (xscan60.ocx)" pub="Trend Micro Inc." md5="145c288d55a91d6469223136ea93a406" ver="6.0.0.1261" sz="475190" is="0" gfp="">C:\WINNT\Downloaded Program Files\CONFLICT.1\xscan60.ocx</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{17492023-C23A-453E-A040-C7C580BBF700}" prog="LegitCheckControl.LegitCheck.1" nam="Windows Genuine Advantage" codebase="http://go.microsoft....4&clcid=0x409">
- <Files>
<File ex="1" nam="PidGen (GWFSPidGen.DLL)" pub="Microsoft" md5="76cfe0b49089af874d3d135efc38bf3a" ver="1, 5, 0, 42" sz="23304" is="0" gfp="">C:\WINNT\system32\GWFSPidGen.DLL</File>
<File ex="1" nam="Windows Genuine Advantage Validation (LegitCheckControl.DLL)" pub="Microsoft Corporation" md5="873b40b79f93c160ae7f1b88da72e5f8" ver="1.3.0254.0" sz="520456" is="0" gfp="">C:\WINNT\system32\LegitCheckControl.DLL</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{3BFFE033-BF43-11D5-A271-00A024A51325}" prog="iNotes6.iNotes6.1" nam="iNotes6 Class" codebase="http://mail-lc-2.for...u/iNotes6.cab">
- <Files>
<File ex="1" nam="Windows NT CRT DLL (msvcrt.dll)" pub="Microsoft Corporation" md5="b0fefa816d61ec66aa765ddf534eab5e" ver="7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="343040" is="0" gfp="">C:\WINNT\System32\msvcrt.dll</File>
<File ex="1" nam="Domino Web Access Upload Module (inotes6.dll)" pub="IBM Corporation" md5="de7011260683a963a17e0c6824c6d6c9" ver="6, 0, 22, 0" sz="360448" is="0" gfp="">C:\WINNT\Downloaded Program Files\inotes6.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{511073AD-BE56-4D43-AE68-93390514385E}" prog="TechToolsActivex.TechTools" nam="TechToolsActivex.TechTools" codebase="file://C:\Program Files\gateway\helpspot\TechTools.CAB">
- <Files>
<File ex="1" nam="TechTools.ocx" pub="Gateway - Software" md5="d34327616238c8142d285baf86a70387" ver="1.00" sz="45056" is="0" gfp="">C:\WINNT\Downloaded Program Files\TechTools.ocx</File>
<File ex="1" nam="ASYCFILT.DLL" pub="Microsoft Corporation" md5="0bc326cd99125724987ceec7405496b6" ver="5.1.2600.2180" sz="65024" is="0" gfp="">C:\WINNT\System32\ASYCFILT.DLL</File>
<File ex="1" nam="Microsoft Component Category Manager Library (COMCAT.DLL)" pub="Microsoft Corporation" md5="ffad3f4edff2d549b5966f59ccf8389b" ver="5.0 (XPClient.010817-1148)" sz="3584" is="0" gfp="">C:\WINNT\System32\COMCAT.DLL</File>
<File ex="1" nam="msprop32.ocx (MSSTKPRP.DLL)" pub="Microsoft Corporation" md5="d08a99c462298c041139789627168a0b" ver="6.00.8169" sz="94208" is="0" gfp="">C:\WINNT\System32\MSSTKPRP.DLL</File>
<File ex="1" nam="Visual Basic Virtual Machine (msvbvm60.dll)" pub="Microsoft Corporation" md5="e949eee7d1be07e32267fe10d9992c38" ver="6.00.9690" sz="1392671" is="0" gfp="">C:\WINNT\System32\msvbvm60.dll</File>
<File ex="1" nam="Windows NT CRT DLL (msvcrt.dll)" pub="Microsoft Corporation" md5="b0fefa816d61ec66aa765ddf534eab5e" ver="7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="343040" is="0" gfp="">C:\WINNT\System32\msvcrt.dll</File>
<File ex="1" nam="OLEAUT32.DLL" pub="Microsoft Corporation" md5="b3742dee858b243e77c73d2b8f7c8223" ver="5.1.2600.2180" sz="553472" is="0" gfp="">C:\WINNT\System32\OLEAUT32.DLL</File>
<File ex="1" nam="OLEPRO32.DLL" pub="Microsoft Corporation" md5="b48d3193dd1474dcbcc32bf4779ac698" ver="5.1.2600.2180" sz="83456" is="0" gfp="">C:\WINNT\System32\OLEPRO32.DLL</File>
<File ex="1" nam="Microsoft ® Script Runtime (scrrun.dll)" pub="Microsoft Corporation" md5="214577b79cf59e2fc9addd9598c0aeb8" ver="5.6.0.8820" sz="151552" is="0" gfp="">C:\WINNT\System32\scrrun.dll</File>
<File ex="1" nam="Microsoft OLE 3.50 for Windows NT™ and Windows 95™ Operating Systems (STDOLE2.TLB)" pub="Microsoft Corporation" md5="0857394e30de11ca0cd9497e310d6469" ver="3.50.5014" sz="17920" is="0" gfp="">C:\WINNT\System32\STDOLE2.TLB</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}" prog="ActiveScan_Installer.1" nam="ActiveScan Installer Class" codebase="http://www.pandasoft...ee/asinst.cab">
- <Files>
<File ex="1" nam="Panda ActiveScan Instalador (asinst.dll)" pub="Panda Software" md5="48940cd1925a3616b8002b42540cd64c" ver="57, 8, 0, 0" sz="135168" is="0" gfp="">C:\WINNT\Downloaded Program Files\asinst.dll</File>
</Files>
</ActiveXInstall>
- <ActiveXInstall clsid="{D27CDB6E-AE6D-11CF-96B8-444553540000}" prog="ShockwaveFlash.ShockwaveFlash.1" nam="Shockwave Flash Object" codebase="http://download.macr...h/swflash.cab">
<Files />
</ActiveXInstall>
</ActiveXInstalls>
- <PROTOCOLSFilters>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" prog="CorRegistration.CorFltr.1" filter="application/octet-stream" val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime Execution Engine (mscoree.dll)" pub="Microsoft Corporation" md5="8c54138d0271ed4e9c16d8534ff707e4" ver="1.1.4322.2032" sz="155648" is="0" gfp="">c:\winnt\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" prog="CorRegistration.CorFltr.1" filter="application/x-complus" val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime Execution Engine (mscoree.dll)" pub="Microsoft Corporation" md5="8c54138d0271ed4e9c16d8534ff707e4" ver="1.1.4322.2032" sz="155648" is="0" gfp="">c:\winnt\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" prog="CorRegistration.CorFltr.1" filter="application/x-msdownload" val="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" nam="Microsoft .NET Runtime Execution Engine (mscoree.dll)" pub="Microsoft Corporation" md5="8c54138d0271ed4e9c16d8534ff707e4" ver="1.1.4322.2032" sz="155648" is="0" gfp="">c:\winnt\system32\mscoree.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" prog="" filter="Class Install Handler" val="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="00fa78aa7e5004ec6605f8ce5fc054bf" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="607744" is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}" prog="" filter="deflate" val="{8f6b0360-b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="00fa78aa7e5004ec6605f8ce5fc054bf" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="607744" is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}" prog="" filter="gzip" val="{8f6b0360-b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="00fa78aa7e5004ec6605f8ce5fc054bf" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="607744" is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{8f6b0360-b80d-11d0-a9b3-006097942311}" prog="" filter="lzdhtml" val="{8f6b0360-b80d-11d0-a9b3-006097942311}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="00fa78aa7e5004ec6605f8ce5fc054bf" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="607744" is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSFilter>
<PROTOCOLSFilter ex="1" clsid="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" prog="" filter="text/webviewhtml" val="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" nam="Windows Shell Common Dll (shell32.dll)" pub="Microsoft Corporation" md5="9833f278924d028414d7f89bfd4fc46b" ver="6.00.2900.2620 (xpsp_sp2_gdr.050225-1820)" sz="8450048" is="0" gfp="">c:\winnt\system32\shell32.dll</PROTOCOLSFilter>
</PROTOCOLSFilters>
- <PROTOCOLSHandlers>
<PROTOCOLSHandler ex="1" clsid="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}" prog="" filter="about" val="{3050F406-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft ® HTML Viewer (mshtml.dll)" pub="Microsoft Corporation" md5="dcfac5470ee0a159ec4222bc28ae3ee6" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="3012608" is="0" gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}" prog="" filter="cdl" val="{3dd53d40-7b8b-11D0-b013-00aa0059ce02}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="00fa78aa7e5004ec6605f8ce5fc054bf" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="607744" is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{CD00020A-8B95-11D1-82DB-00C04FB1625D}" prog="CDO.KnowledgePluggable.1" filter="cdo" val="{CD00020A-8B95-11D1-82DB-00C04FB1625D}" nam="Microsoft SharePoint Portal Server Object Model (pkmcdo.dll)" pub="Microsoft Corporation" md5="a5944428a77ce0e5337b40f5fc12e327" ver="10.145.3722.0" sz="872448" is="0" gfp="">c:\program files\common files\microsoft shared\web folders\pkmcdo.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{12D51199-0DB5-46FE-A120-47A3D7D937CC}" prog="" filter="dvd" val="{12D51199-0DB5-46FE-A120-47A3D7D937CC}" nam="ActiveX control for streaming video (msvidctl.dll)" pub="Microsoft Corporation" md5="7b5ba7cb7cf42b557c17d08015be8a14" ver="6.05.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="1428480" is="0" gfp="">c:\winnt\system32\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" prog="" filter="file" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="00fa78aa7e5004ec6605f8ce5fc054bf" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="607744" is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}" prog="" filter="ftp" val="{79eac9e3-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="00fa78aa7e5004ec6605f8ce5fc054bf" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="607744" is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}" prog="" filter="gopher" val="{79eac9e4-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="00fa78aa7e5004ec6605f8ce5fc054bf" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="607744" is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}" prog="" filter="http" val="{79eac9e2-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="00fa78aa7e5004ec6605f8ce5fc054bf" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="607744" is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}" prog="" filter="https" val="{79eac9e5-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="00fa78aa7e5004ec6605f8ce5fc054bf" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="607744" is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" prog="MSITFS1.0" filter="its" val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" nam="Microsoft InfoTech Storage System Library (itss.dll)" pub="Microsoft Corporation" md5="d9ad8b8b6135b4ff4a32e8c519345f35" ver="5.2.3790.2453 (srv03_sp1_gdr.050525-1542)" sz="137216" is="0" gfp="">c:\winnt\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" prog="" filter="javascript" val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft ® HTML Viewer (mshtml.dll)" pub="Microsoft Corporation" md5="dcfac5470ee0a159ec4222bc28ae3ee6" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="3012608" is="0" gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" prog="" filter="local" val="{79eac9e7-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="00fa78aa7e5004ec6605f8ce5fc054bf" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="607744" is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}" prog="" filter="mailto" val="{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft ® HTML Viewer (mshtml.dll)" pub="Microsoft Corporation" md5="dcfac5470ee0a159ec4222bc28ae3ee6" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="3012608" is="0" gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{05300401-BCBC-11d0-85E3-00C04FD85AB4}" prog="" filter="mhtml" val="{05300401-BCBC-11d0-85E3-00C04FD85AB4}" nam="Microsoft Internet Messaging API (inetcomm.dll)" pub="Microsoft Corporation" md5="ad83a2a04f68db2dff500c30536fcd6b" ver="6.00.2900.2527 (xpsp_sp2_gdr.040919-1056)" sz="679424" is="0" gfp="">c:\winnt\system32\inetcomm.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" prog="" filter="mk" val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" nam="OLE32 Extensions for Win32 (urlmon.dll)" pub="Microsoft Corporation" md5="00fa78aa7e5004ec6605f8ce5fc054bf" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="607744" is="0" gfp="">c:\winnt\system32\urlmon.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" prog="MSITFS1.0" filter="ms-its" val="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" nam="Microsoft InfoTech Storage System Library (itss.dll)" pub="Microsoft Corporation" md5="d9ad8b8b6135b4ff4a32e8c519345f35" ver="5.2.3790.2453 (srv03_sp1_gdr.050525-1542)" sz="137216" is="0" gfp="">c:\winnt\system32\itss.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3D9F03FA-7A94-11D3-BE81-0050048385D1}" prog="" filter="mso-offdap" val="{3D9F03FA-7A94-11D3-BE81-0050048385D1}" nam="Microsoft Office XP Web Components (owc10.dll)" pub="Microsoft Corporation" md5="cd078156b5517de81576ba25a9bc3d90" ver="10.0.2621" sz="7436272" is="0" gfp="">c:\progra~1\common~1\micros~1\webcom~1\10\owc10.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}" prog="" filter="res" val="{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft ® HTML Viewer (mshtml.dll)" pub="Microsoft Corporation" md5="dcfac5470ee0a159ec4222bc28ae3ee6" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="3012608" is="0" gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{76E67A63-06E9-11D2-A840-006008059382}" prog="" filter="sysimage" val="{76E67A63-06E9-11D2-A840-006008059382}" nam="Microsoft ® HTML Viewer (mshtml.dll)" pub="Microsoft Corporation" md5="dcfac5470ee0a159ec4222bc28ae3ee6" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="3012608" is="0" gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}" prog="" filter="tv" val="{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}" nam="ActiveX control for streaming video (msvidctl.dll)" pub="Microsoft Corporation" md5="7b5ba7cb7cf42b557c17d08015be8a14" ver="6.05.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="1428480" is="0" gfp="">c:\winnt\system32\msvidctl.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" prog="" filter="vbscript" val="{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" nam="Microsoft ® HTML Viewer (mshtml.dll)" pub="Microsoft Corporation" md5="dcfac5470ee0a159ec4222bc28ae3ee6" ver="6.00.2900.2668 (xpsp_sp2_gdr.050430-1553)" sz="3012608" is="0" gfp="">c:\winnt\system32\mshtml.dll</PROTOCOLSHandler>
<PROTOCOLSHandler ex="1" clsid="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}" prog="Wia.WiaProtocol.1" filter="wia" val="{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}" nam="WIA Scripting Layer (wiascr.dll)" pub="Microsoft Corporation" md5="dd469944b09b032e7c7fe85687c2a399" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="75776" is="0" gfp="">c:\winnt\system32\wiascr.dll</PROTOCOLSHandler>
</PROTOCOLSHandlers>
- <PROTOCOLSNameSpaceHandlers>
<PROTOCOLSNameSpaceHandler ex="1" clsid="{9D148291-B9C8-11D0-A4CC-0000F80149F6}" prog="MSITFS1.0" namespace="mk" namespacefilter="NameSpace Filter for MK:@MSITStore:..." val="{79eac9e6-baf9-11ce-8c82-00aa004ba90b}" nam="Microsoft InfoTech Storage System Library (itss.dll)" pub="Microsoft Corporation" md5="d9ad8b8b6135b4ff4a32e8c519345f35" ver="5.2.3790.2453 (srv03_sp1_gdr.050525-1542)" sz="137216" is="0" gfp="">c:\winnt\system32\itss.dll</PROTOCOLSNameSpaceHandler>
</PROTOCOLSNameSpaceHandlers>
- <TCPIPParamaters>
<TCPIPParamater val="DataBasePath">%SystemRoot%\System32\drivers\etc</TCPIPParamater>
<TCPIPParamater val="Domain" />
<TCPIPParamater val="NameServer" />
<TCPIPParamater val="SearchList" />
<TCPIPParamater val="VXD MSTCP: NameServer" />
</TCPIPParamaters>
- <InternetSettings>
<InternetSetting val="ProxyEnable">0</InternetSetting>
<InternetSetting val="ProxyServer" />
<InternetSetting val="ProxyOverride" />
<InternetSetting val="User Agent">Mozilla/4.0 (compatible; MSIE 6.0; Win32)</InternetSetting>
<InternetSetting val="ZoneMap Domain Count">1031</InternetSetting>
</InternetSettings>
- <IESettings>
<IESetting val="UseMyStylesheet" set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Styles" />
<IESetting val="UserStylesheet" set="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Styles" />
<IESetting val="UseMyStylesheet" set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Styles" />
<IESetting val="UserStylesheet" set="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Styles" />
</IESettings>
<AppInitDLLs val="" />
- <ShellServiceObjectDelayLoads>
<ShellServiceObjectDelayLoad ex="1" clsid="{7849596a-48ea-486e-8937-a2a3009f31a9}" prog="" val="PostBootReminder" nam="Windows Shell Common Dll (shell32.dll)" pub="Microsoft Corporation" md5="9833f278924d028414d7f89bfd4fc46b" ver="6.00.2900.2620 (xpsp_sp2_gdr.050225-1820)" sz="8450048" is="0" gfp="">c:\winnt\system32\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{fbeb8a05-beee-4442-804e-409d6c4515e9}" prog="" val="CDBurn" nam="Windows Shell Common Dll (shell32.dll)" pub="Microsoft Corporation" md5="9833f278924d028414d7f89bfd4fc46b" ver="6.00.2900.2620 (xpsp_sp2_gdr.050225-1820)" sz="8450048" is="0" gfp="">c:\winnt\system32\shell32.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" prog="" val="WebCheck" nam="Web Site Monitor (webcheck.dll)" pub="Microsoft Corporation" md5="6501db5182d5a8c0f1f1707286161d66" ver="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" sz="276480" is="0" gfp="">c:\winnt\system32\webcheck.dll</ShellServiceObjectDelayLoad>
<ShellServiceObjectDelayLoad ex="1" clsid="{35CEC8A3-2BE6-11D2-8773-92E220524153}" prog="" val="SysTray" nam="Systray shell service object (stobject.dll)" pub="Microsoft Corporation" md5="297101a925ecffdcdf7f6341ffbb6c1a" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="121856" is="0" gfp="">c:\winnt\system32\stobject.dll</ShellServiceObjectDelayLoad>
</ShellServiceObjectDelayLoads>
<ScheduledTasks />
- <Services>
<Service ex="1" disp="Application Layer Gateway Service" desc="Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall." nam="Application Layer Gateway Service (alg.exe)" pub="Microsoft Corporation" md5="f1958fbf86d5c004cf19a5951a9514b7" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="44544" is="0" gfp="">C:\WINNT\System32\alg.exe</Service>
<Service ex="1" disp="ASP.NET State Service" desc="Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start." nam="aspnet_state.exe (aspnet_state.exe)" pub="Microsoft Corporation" md5="e1a1206a4fb19b675e947b29ccd25fba" ver="1.1.4322.2032" sz="32768" is="0" gfp="">C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe</Service>
<Service ex="1" disp="" desc="" nam="ATI External Event Utility EXE Module (Ati2evxx.exe)" pub="ATI Technologies Inc." md5="c67bde7fb9b34496bddd0f5f5922d3e4" ver="6.14.10.4113" sz="344064" is="0" gfp="">C:\WINNT\system32\Ati2evxx.exe</Service>
<Service ex="1" disp="AVG7 Alert Manager Server" desc="" nam="AVG Alert Manager (avgamsvr.exe)" pub="GRISOFT, s.r.o." md5="9dbd26d7d7967d918c507b1e2a93a37e" ver="7,1,0,321" sz="330240" is="0" gfp="">C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe</Service>
<Service ex="1" disp="AVG7 Update Service" desc="" nam="AVG Update Service (avgupsvc.exe)" pub="GRISOFT, s.r.o." md5="62e6b23b906b213836470740fe449b43" ver="7,1,0,321" sz="84480" is="0" gfp="">C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe</Service>
<Service ex="1" disp="Indexing Service" desc="Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language." nam="Content Index service (cisvc.exe)" pub="Microsoft Corporation" md5="3192bd04d032a9c4a85a3278c268a13a" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="5632" is="0" gfp="">C:\WINNT\system32\cisvc.exe</Service>
<Service ex="1" disp="ClipBook" desc="Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start." nam="Windows NT DDE Server (clipsrv.exe)" pub="Microsoft Corporation" md5="c8dec22c4137d7a90f8bdf41ca4b82ae" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="33280" is="0" gfp="">C:\WINNT\system32\clipsrv.exe</Service>
<Service ex="1" disp="COM+ System Application" desc="Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start." nam="COM Surrogate (dllhost.exe)" pub="Microsoft Corporation" md5="dd87db7387b9eb441c5674888a0d840c" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="5120" is="0" gfp="">C:\WINNT\System32\dllhost.exe</Service>
<Service ex="0" disp="CWShredder Service" desc="" nam="(cwshredder[1].exe)" pub="" md5="" ver="" sz="" is="0" gfp="">C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OV8I4BXM\cwshredder[1].exe</Service>
<Service ex="1" disp="Logical Disk Manager Administrative Service" desc="Configures hard disk drives and volumes. The service only runs for configuration processes and then stops." nam="Logical Disk Manager service process (dmadmin.exe)" pub="Microsoft Corp., Veritas Software" md5="554c7cb178fe3bd12450b81ad63adbc3" ver="2600.2180.503.0" sz="224768" is="0" gfp="">C:\WINNT\System32\dmadmin.exe</Service>
<Service ex="1" disp="Event Log" desc="Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped." nam="Services and Controller app (services.exe)" pub="Microsoft Corporation" md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="108032" is="0" gfp="">C:\WINNT\system32\services.exe</Service>
<Service ex="1" disp="ewido security suite control" desc="" nam="ewido control (ewidoctrl.exe)" pub="ewido networks" md5="867d9d1fa818f8629bb7a4a26e94b06a" ver="3, 0, 0, 1" sz="16448" is="0" gfp="">C:\Program Files\ewido\security suite\ewidoctrl.exe</Service>
<Service ex="1" disp="ewido security suite guard" desc="" nam="guard (ewidoguard.exe)" pub="ewido networks" md5="13ee66a939d7c3a2ed62c967debd52bb" ver="3, 0, 0, 1" sz="163904" is="0" gfp="">C:\Program Files\ewido\security suite\ewidoguard.exe</Service>
<Service ex="1" disp="IMAPI CD-Burning COM Service" desc="Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start." nam="Image Mastering API (imapi.exe)" pub="Microsoft Corporation" md5="fa788520bcac0f5d9d5cde5615c0d931" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="150016" is="0" gfp="">C:\WINNT\System32\imapi.exe</Service>
<Service ex="1" disp="Adapter Switching" desc="Allows a user to set a preference for a wired or wireless network connection." nam="Adapter Switching Service (RoamSvc.exe)" pub="Intel Corporation" md5="94de05bd3310676168679de86f3d3f2b" ver="2.0.80.0" sz="409600" is="0" gfp="">C:\Program Files\Intel\Switching\User\RoamSvc.exe</Service>
<Service ex="1" disp="NetMeeting Remote Desktop Sharing" desc="Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." nam="NetMeeting Remote Desktop Sharing (mnmsrvc.exe)" pub="Microsoft Corporation" md5="f6415361201915b9fe3896b0e4e724ff" ver="5.1.2600.2180" sz="32768" is="0" gfp="">C:\WINNT\System32\mnmsrvc.exe</Service>
<Service ex="1" disp="Distributed Transaction Coordinator" desc="Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start." nam="MS DTC console program (msdtc.exe)" pub="Microsoft Corporation" md5="c7c3d89eb0a6f3dba622ea737fa335b1" ver="2001.12.4414.258" sz="6144" is="0" gfp="">C:\WINNT\System32\msdtc.exe</Service>
<Service ex="1" disp="Windows Installer" desc="Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start." nam="Windows installer (msiexec.exe)" pub="Microsoft Corporation" md5="f5f0146580e7023adb963879840777f8" ver="3.1.4000.1823" sz="78848" is="0" gfp="">C:\WINNT\System32\msiexec.exe</Service>
<Service ex="1" disp="Network DDE" desc="Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." nam="Network DDE - DDE Communication (netdde.exe)" pub="Microsoft Corporation" md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="111104" is="0" gfp="">C:\WINNT\system32\netdde.exe</Service>
<Service ex="1" disp="Network DDE DSDM" desc="Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." nam="Network DDE - DDE Communication (netdde.exe)" pub="Microsoft Corporation" md5="05afb5ad06462257bea7495283c86d50" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="111104" is="0" gfp="">C:\WINNT\system32\netdde.exe</Service>
<Service ex="1" disp="Net Logon" desc="Supports pass-through authentication of account logon events for computers in a domain." nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312" is="0" gfp="">C:\WINNT\System32\lsass.exe</Service>
<Service ex="1" disp="Intel NCS NetService" desc="" nam="NetSvc Module (NetSvc.exe)" pub="Intel® Corporation" md5="737351f39fef765234037770abdd72bd" ver="1.2.26.0" sz="143360" is="0" gfp="">C:\Program Files\Intel\NCS\Sync\NetSvc.exe</Service>
<Service ex="1" disp="NT LM Security Support Provider" desc="Provides security to remote procedure call (RPC) programs that use transports other than named pipes." nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312" is="0" gfp="">C:\WINNT\System32\lsass.exe</Service>
<Service ex="1" disp="Plug and Play" desc="Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability." nam="Services and Controller app (services.exe)" pub="Microsoft Corporation" md5="c6ce6eec82f187615d1002bb3bb50ed4" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="108032" is="0" gfp="">C:\WINNT\system32\services.exe</Service>
<Service ex="1" disp="IPSEC Services" desc="Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver." nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312" is="0" gfp="">C:\WINNT\System32\lsass.exe</Service>
<Service ex="1" disp="Protected Storage" desc="Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users." nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312" is="0" gfp="">C:\WINNT\system32\lsass.exe</Service>
<Service ex="1" disp="Remote Desktop Help Session Manager" desc="Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box." nam="Microsoft Remote Desktop Help Session Manager (sessmgr.exe)" pub="Microsoft Corporation" md5="729798e0933076b8fcfcd9934698f164" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="140800" is="0" gfp="">C:\WINNT\system32\sessmgr.exe</Service>
<Service ex="1" disp="RegSrvc" desc="" nam="RegSrvc Module (RegSrvc.exe)" pub="Intel Corporation" md5="f3fd3182d34df48d9025cef3cfc5e3b9" ver="4, 0, 0, 1" sz="122880" is="0" gfp="">C:\WINNT\System32\RegSrvc.exe</Service>
<Service ex="1" disp="RoamMgr" desc="Provides roaming and VPN related services" nam="RoamMgr Module (RoamMgr.exe)" pub="Intel Corporation" md5="2e840677d7e6367fe8d0780572d4583a" ver="1, 0, 0, 2" sz="139264" is="0" gfp="">C:\WINNT\System32\RoamMgr.exe</Service>
<Service ex="1" disp="Remote Procedure Call (RPC) Locator" desc="Manages the RPC name service database." nam="Rpc Locator (locator.exe)" pub="Microsoft Corporation" md5="793f04a09b15e7c6c11dbdffaf06c0ab" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="75264" is="0" gfp="">C:\WINNT\System32\locator.exe</Service>
<Service ex="1" disp="QoS RSVP" desc="Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets." nam="Microsoft RSVP (rsvp.exe)" pub="Microsoft Corporation" md5="471b3f9741d762abe75e9deea4787e47" ver="5.1.2600.0 (xpclient.010817-1148)" sz="132608" is="0" gfp="">C:\WINNT\System32\rsvp.exe</Service>
<Service ex="1" disp="Spectrum24 Event Monitor" desc="" nam="Event Monitor - Supports driver extensions to NIC Driver for wireless adapters. (S24EvMon.exe)" pub="Intel Corporation" md5="723cea35ff32bb9366540979bcfe9580" ver="3.1.8.0" sz="299075" is="0" gfp="">C:\WINNT\System32\S24EvMon.exe</Service>
<Service ex="1" disp="Security Accounts Manager" desc="Stores security information for local user accounts." nam="LSA Shell (lsass.exe)" pub="Microsoft Corporation" md5="84885f9b82f4d55c6146ebf6065d75d2" ver="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" sz="13312" is="0" gfp="">C:\WINNT\system32\lsass.exe</Service>
<Service ex="1" disp="Smart Card" desc="Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start." nam="Smart Card Resource Management Server (SCardSvr.exe)" pub="Microsoft Corporation" md5="25d8de134df108e3dbc8d7d23b1aa58e&
  • 0

#18
marcel

marcel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I forgot to mention that the items were removed using the various software.
  • 0

#19
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Looking great, you HJT logs are clean now. Just a few more diagnostics and we are almost done. :tazz:

Reboot in SAFE MODE. (How to boot in Safe Mode...)
  • Uninstallation
    We need to uninstall the following programs:
  • Go to Control Panel > Add/Remove Programs
  • Please locate if they exist
    • Elite Tool Bar (if it still exist)
  • Click Uninstall
  • Confirm with OK
Be sure to View Hidden and System Files.

Through Windows Explorer, delete the following folder(s) or files(s) if they exist (in bold):
  • C:\WINNT\SYSTEM32\sp32.xml
  • C:\WINNT\etb\ <-- whole folder
  • C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\vidctrl\ <-- whole folder
Finally, Empty Recycle Bin

REBOOT IN NORMAL MODE.
  • Open HijackThis
  • go to Config, then Misc Tools
  • Open Uninstall Manager, then click Save List...
  • Post the results here
  • close HJT
Open up NOTEPAD, then copy & paste the following commands. Save it to desktop as findpf.bat. Save it as file type all files.

@echo off
cd\
dir %System Root%\PROGRA~1 > pflist.txt
notepad pflist.txt

Now on your desktop double-click findpf.bat then post the results in your next reply.
  • 0

#20
marcel

marcel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Volume in drive C has no label.
Volume Serial Number is 581E-6E20

Directory of C:\PROGRA~1

08/03/2005 09:09 AM <DIR> .
08/03/2005 09:09 AM <DIR> ..
08/05/2005 07:34 PM <DIR> Adobe
02/14/2005 10:31 PM <DIR> AIM
10/29/2004 03:08 PM <DIR> AIM Toolbar
05/08/2005 10:15 PM <DIR> America Online 8.0
10/29/2004 03:06 PM <DIR> AOD
07/10/2003 07:50 AM <DIR> AOL Companion
07/10/2003 07:46 AM <DIR> ATI Technologies
07/31/2005 12:32 PM <DIR> CCleaner
07/28/2005 07:47 PM <DIR> CleanUp!
07/29/2005 08:17 AM <DIR> Common Files
05/13/2003 12:29 PM <DIR> ComPlus Applications
07/10/2003 07:46 AM <DIR> DVD
07/28/2005 09:20 PM <DIR> ewido
07/21/2005 12:42 AM <DIR> gateway
07/10/2003 07:47 AM <DIR> Gateway 450ROG Users Guide
07/10/2003 07:46 AM <DIR> Gateway Rhapsody
07/29/2005 12:31 AM <DIR> Grisoft
07/25/2005 12:32 AM <DIR> HighMAT CD Writing Wizard
07/10/2003 07:47 AM <DIR> Intel
07/25/2005 09:50 PM <DIR> Internet Explorer
10/01/2003 08:20 PM <DIR> Kodak
07/21/2005 01:50 AM <DIR> Lavasoft
07/24/2005 11:46 PM <DIR> Messenger
08/05/2003 01:19 PM <DIR> Microsoft ActiveSync
08/05/2005 07:53 PM <DIR> Microsoft AntiSpyware
05/13/2003 12:35 PM <DIR> microsoft frontpage
08/05/2003 01:17 PM <DIR> Microsoft Office
07/10/2003 07:53 AM <DIR> Microsoft Picture It! 7
07/10/2003 07:51 AM <DIR> Microsoft Works
07/21/2005 11:15 PM <DIR> Movie Maker
05/13/2003 12:28 PM <DIR> MSN
05/14/2005 02:38 PM <DIR> MSN Games
05/13/2003 12:28 PM <DIR> MSN Gaming Zone
07/10/2003 07:53 AM <DIR> MSN Messenger
08/05/2003 01:28 PM <DIR> MSPress
07/10/2003 07:53 AM <DIR> MUSICMATCH
07/21/2005 11:07 PM <DIR> NetMeeting
05/13/2003 12:29 PM <DIR> Online Services
07/25/2005 12:32 AM <DIR> Outlook Express
07/22/2003 11:22 AM <DIR> Program Shortcuts
07/10/2003 07:52 AM <DIR> Quicken
10/01/2003 08:20 PM <DIR> QuickTime
07/10/2003 07:50 AM <DIR> Real
07/10/2003 07:53 AM <DIR> Roxio
07/21/2005 01:45 AM <DIR> Spybot - Search & Destroy
07/28/2005 07:51 PM <DIR> Spyware Doctor
07/26/2005 07:52 PM <DIR> Symantec
07/10/2003 07:45 AM <DIR> Synaptics
07/23/2005 01:43 AM <DIR> Trend Micro
07/31/2005 02:08 PM <DIR> TrojanHunter 4.2
07/25/2005 09:57 PM <DIR> Windows Media Connect
07/28/2005 07:50 PM <DIR> Windows Media Player
07/21/2005 11:07 PM <DIR> Windows NT
05/13/2003 12:35 PM <DIR> xerox
0 File(s) 0 bytes
56 Dir(s) 20,783,874,048 bytes free

Ad-Aware SE Personal
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Reader 7.0
AIM Toolbar
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20020929.1)
AOL Instant Messenger
Apple QuickTime Installer
ATI Control Panel
ATI Display Driver
AVG Free Edition
Bejeweled 2 Deluxe
CCleaner (remove only)
CleanUp!
DVD
Easy CD Creator 5 Basic
ewido security suite
Gateway Rhapsody
GTW Modem
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
Intel® PRO Network Connections Drivers
Intel® PROSet
KODAK Picture CD
LiveUpdate 1.80 (Symantec Corporation)
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft AntiSpyware
Microsoft Interactive Training
Microsoft Learning and Research Plus Support Files
Microsoft Office XP Media Content
Microsoft Office XP Standard for Students and Teachers
Microsoft Picture It! Express 7.0
Microsoft Works 7.0
MSN Internet Software
MSN Messenger 5.0
MUSICMATCH® Jukebox
Norton WMI Update
OIN
Panda ActiveScan
Quicken 2003 New User Edition
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Shockwave
Spybot - Search & Destroy 1.4
Spyware Doctor 3.2
Synaptics Pointing Device Driver
Trend Micro Anti-Spyware
Update for Windows XP (KB898461)
VX2 Cleaner plug-in for Ad-Aware SE
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
  • 0

#21
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Looking good, nice work.

Have one last scan with Panda scan then post the results.

To make sure it is perfectly clean let us have the final check.
  • Close all windows, open HijackThis then SCAN.
  • Post a NEW HijackThis Log.
  • Please tell me how your system is working now.

  • 0

#22
marcel

marcel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Well, it looks like we're not done yet.

Incident Status Location

Adware:adware/wintools No disinfected Windows Registry
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\Administrator\Desktop\l2mfix\Process.exe
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\Administrator\Desktop\l2mfix.exe[Process.exe]
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\All Users\Desktop\nailfix\Process.exe
Adware:Adware/Apropos No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\423155A4-053D-4EA0-9C21-1D3D49\6230685C-D118-4CAA-9D01-4D8320
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\81E6F29A-A367-4810-A4E6-7261A9\91F3AEEA-5ED7-468B-9F77-7C899A
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\81E6F29A-A367-4810-A4E6-7261A9\C533D257-C838-48EC-A098-09AF83
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\81E6F29A-A367-4810-A4E6-7261A9\D02BB97B-8F8C-48AC-AA26-A12AE3
Adware:Adware/AdDestroyer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\AC26DF84-352A-4AA2-9291-719668\ED1065D9-0BF1-459C-821D-1473F0
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\FD031C88-D8B5-4805-B8C3-5B2B90\2D97E884-80D0-4810-AD15-333A61
Spyware:Spyware/BargainBuddy No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\FD031C88-D8B5-4805-B8C3-5B2B90\DEEA90D9-C589-42B7-9A17-91FD61
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP180\A0056786.dll
Adware:Adware/WinTools No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP180\A0057641.dll
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP180\A0058757.exe
Adware:Adware/HuntBar No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP180\A0058879.dll
Adware:Adware/Abox No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP180\A0058893.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP180\A0061850.exe
Adware:Adware/MyWebSearch No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP180\A0061881.dll
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP198\A0067914.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP204\A0071498.exe
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP204\A0071541.exe
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP204\A0071542.exe
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP206\A0073029.exe
Adware:Adware/Mirar No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP207\A0073256.dll
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP209\A0075628.dll
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP209\A0075629.exe
Hacktool:Hacktool/Processor No disinfected C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP209\A0075690.exe
Adware:Adware/PurityScan No disinfected C:\WINNT\system32\?hkdsk.exe


Logfile of HijackThis v1.99.1
Scan saved at 12:09:10 AM, on 8/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\S24EvMon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\System32\RegSrvc.exe
C:\WINNT\System32\RoamMgr.exe
C:\WINNT\system32\wdfmgr.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Intel\Switching\User\RoamSvc.exe
C:\WINNT\System32\alg.exe
C:\WINNT\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail-lc-2.for...edu/iNotes6.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\System32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - C:\WINNT\System32\RoamMgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\System32\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

#23
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
The results are just from the quarantine of MS Antispyware, after 2 weeks if no disturbing effects then you can delete/clear your quarantined files. The others are from the tools we used the l2mfix as well as nailfix, they are good files. We need to create a new restore point.

Reboot in SAFE MODE. (How to boot in Safe Mode...)

Be sure to View Hidden and System Files.

Through Windows Explorer, delete the following folder(s) or files(s) if they exist (in bold):
  • C:\WINNT\system32\?hkdsk.exe <-- be careful with the ? file
Finally, Empty Recycle Bin

reboot in NORMAL MODE.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP, HERE

Reboot PC then have a Panda Scan again.
  • 0

#24
marcel

marcel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Kool,

Thanks for your help and patience.

Well, everthing seems to be OK. This is my secretary's computer, and I'm giving it back to her. However, before I do, one more thing......

Right now, this computer is loaded with antispyware, cleaners, etc. What should I keep, what should be actively running, etc. On my other machines, I been able to keep pretty clean (I think!!) running my antivirus, spybot and adaware on a continuous basis. What is really needed?

For example, the following items are all active right now: Ewido Security Suite - Guard, Microsoft Anti-spyware, Microsoft Anti-spyware's Venus Fly Trap and Spyware Doctor. Are they duplicative, and just waisting resources, or should I keep them all running.

Then there are the cleaners I downloaded - Ccleaner and Clean Up. Should I be running either or both of these regularly?

And is there any reason to keep nailfix.exe, DllCompare, l2mfix, smitRem, TrojanHunter, cwshredder, findpf.bat and/or killbox?

Again, thanks for all your help.
  • 0

#25
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Great work! Nice to meet you, hope we could me again some time. :rockon:

You can now unistall or remove these tools:

ewido (trial)
nailfix
trojan hunter (trial)
smitrem
killbox
fixme.reg
l2mfix
dll compare
findpf.bat

:yes: :) :tazz: :( :woot: :tazz: :huh: :( :wub: :hug: :woot:


Congratulations! ;) your system is CLEAN!

WinXP Reset & All-Clean1

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 3 free ones available for personal use:and a good antivirus (these are also free for personal use):It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visitmonthly. And to keep your system clean run these free malware scannersweekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?
  • 0

Advertisements


#26
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP