TheTechGuide Forum
General Category => Tech Clinic => Topic started by: Edward on June 12, 2005, 12:41:42 PM
-
Ok when i run spybot it always has wildtangent and gain.gator com e up... for some reason i check wildtangent ..it deletes it.. then when i try to delete gain,gaotr it won't delete.. it just freezes spybot.
heres a highjackthis log... i think i may have coolweb infection.
Logfile of HijackThis v1.99.1
Scan saved at 1:41:07 PM, on 6/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\EJ Haha\My Documents\HJT\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldelphia.net/ (http://\"http://www.aldelphia.net/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com\")
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab (http://\"http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab\")
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://sympatico.zone.msn.com/binFrameWork...UI.cab34120.cab (http://\"http://sympatico.zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab\")
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp.cab (http://\"http://ak.imgag.com/imgag/cp/install/AxCtp.cab\")
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://sympatico.zone.msn.com/BinFrameWork...dy.cab32846.cab (http://\"http://sympatico.zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.Email (http://\"http://by101fd.bay101.Email\") Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/218215b8750d7c...ip/RdxIE601.cab (http://\"http://software-dl.real.com/218215b8750d7c6e9700/netzip/RdxIE601.cab\")
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://sympatico.zone.msn.com/binframework...at.cab32846.cab (http://\"http://sympatico.zone.msn.com/binframework/v10/ZPAChat.cab32846.cab\")
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe (http://\"http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe\")
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://sympatico.zone.msn.com/bingame/zpag...of.cab34501.cab (http://\"http://sympatico.zone.msn.com/bingame/zpagames/zpa_wof.cab34501.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (http://\"http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab\")
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab\")
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://di.imgag.com/imgag/cp/install/Crusher.cab (http://\"http://di.imgag.com/imgag/cp/install/Crusher.cab\")
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab (http://\"http://ccon.futuremark.com/global/msc34.cab\")
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab (http://\"http://zone.msn.com/bingame/shpo/default/shapo.cab\")
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://sympatico.zone.msn.com/binframework...xy.cab34035.cab (http://\"http://sympatico.zone.msn.com/binframework/v10/StProxy.cab34035.cab\")
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (http://\"http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab\")
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab (http://\"http://chat.msn.com/bin/msnchat45.cab\")
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab (http://\"http://cdn.digitalcity.com/_media/dalaillama/ampx.cab\")
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
-
Hi again Edward
From what I remember you have Ad-Aware and Spybot both installed
Can you do the following for me please
Open Ad-Aware and click on DETAILS
under the Initialization status windows, let me know Reference number and Internal build
Could you open Spybot and click on HELP>>About
Let me know Latest detection date and Spybot version
-
the reference number for adware is SE1R49 31.05.2005
the internal build is 57
spybot latest detection date is 2005-06-02
And it's spybot version 1.4
-
Let's try the following please
Spybot just had a recent update, but you may have trouble accessing the site
I just tried and couldn't get through
Do another scan with Hijackthis and put a check next to these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html (http://\"http://red.clientapps.yahoo.com/customize/.../search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html (http://\"http://red.clientapps.yahoo.com/customize/...rch/search.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <-this one is optional, but not needed on startup
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/218215b8750d7c...ip/RdxIE601.cab (http://\"http://software-dl.real.com/218215b8750d7c...ip/RdxIE601.cab\")
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe (http://\"http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe\")
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
At this time, can you
RESTART your Computer in SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=4#_Section4\")
You can do this by tapping the F8 key as the system is restarting, right before Windows loads, or use the link
I supplied for a more detailed explanation
Run another scan with Spybot in safe mode
Fix selected problems in RED
NOTE: If you are able to download the latest updates and an entry for MediaMotor
is selected
Can you NOT fix that entry for now, it may be a false positive which will be fixed in future updates
Restart back to Normal mode
Run another scan with Spybot
If you still find the same entry for Gator
Don't fix it yet, instead
Right click the Results pane and select Save full report
Save the report too desktop and then copy and paste it back here
Also post a fresh hijackthis log
-
good news and bad news...
good news is wildtangets gone.. bAd new gator is still there..
Here is the report from gator :
--- Search result list ---
GAIN.Gator: Global settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Gator.com
GAIN.Gator: Program directory (Directory, nothing done)
C:\Program Files\Common Files\GMT\
GAIN.Gator: Common files folder (Directory, nothing done)
C:\Program Files\Common Files\GMT
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-06-05 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2005-05-31 Includes\Dialer.sbi (*)
2005-05-31 Includes\Hijackers.sbi (*)
2005-05-30 Includes\Keyloggers.sbi (*)
2005-05-31 Includes\Malware.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-02-09 Includes\Security.sbi (*)
2005-05-31 Includes\Spybots.sbi (*)
2005-05-31 Includes\Trojans.sbi (*)
2005-02-17 Includes\Tracks.uti
2004-11-29 Includes\LSP.sbi (*)
2005-05-11 Includes\PUPS.sbi (*)
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB834707
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Windows XP Hotfix - KB893066
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
--- Startup entries list ---
Located: HK_LM:Run, AVG7_EMC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 272896
MD5: f4c4aabcca4ea3a675e5bbc3e821e7e1
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
BHO name:
CLSID name: ST
Path: C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\
Long name: stmain.dll
Short name:
Date (created): 5/26/2005 10:32:38 PM
Date (last access): 6/12/2005
Date (last write): 8/13/2004 5:42:00 PM
Filesize: 155648
Attributes: archive
MD5: 0DA1349495955CB41A5899047C5A1267
CRC32: C050EECD
Version: 1.2.3000.1001
--- ActiveX list ---
{01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer)
DPF name:
CLSID name: Support.com Installer
Installer: C:\WINDOWS\Downloaded Program Files\tgctlins.inf
Codebase: http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab (http://\"http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab\")
Path: C:\WINDOWS\Downloaded Program Files\
Long name: tgctlins.dll
Short name:
Date (created): 9/22/2003 3:14:48 PM
Date (last access): 6/12/2005
Date (last write): 9/22/2003 3:14:48 PM
Filesize: 1724416
Attributes: archive
MD5: 4E57AB12F586B4B02074F6C93172967C
CRC32: 0865C9B9
Version: 5.5.731.0
{05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object)
DPF name:
CLSID name: StagingUI Object
Installer:
Codebase: http://sympatico.zone.msn.com/binFrameWork...UI.cab34120.cab (http://\"http://sympatico.zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab\")
Path: C:\WINDOWS\Downloaded Program Files\
Long name: StagingUI.ocx
Short name: STAGIN~1.OCX
Date (created): 1/24/2005 6:10:22 PM
Date (last access): 6/11/2005
Date (last write): 1/24/2005 6:10:22 PM
Filesize: 336936
Attributes: archive
MD5: 70690ACBD0A114B2CA350657B53CFCE0
CRC32: 443227DB
Version: 9.3.4120.1
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://download.macromedia.com/pub/shockwa...director/sw.cab (http://\"http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab\")
description: Macromedia ShockWave Flash Player 7
classification: Unknown
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Director\
Long name: SwDir.dll
Short name: SWDIR.DLL
Date (created): 9/25/2004 2:04:04 PM
Date (last access): 6/11/2005
Date (last write): 9/9/2004 2:45:18 PM
Filesize: 54488
Attributes:
MD5: 12EF836DCCCDD0211F3E09D72812B9C6
CRC32: 8038F1E1
Version: 10.1.0.11
{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
Codebase: http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (http://\"http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB\")
{38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in)
DPF name:
CLSID name: Create & Print ActiveX Plug-in
Installer: C:\WINDOWS\Downloaded Program Files\AxCtp.inf
Codebase: http://ak.imgag.com/imgag/cp/install/AxCtp.cab (http://\"http://ak.imgag.com/imgag/cp/install/AxCtp.cab\")
Path: C:\WINDOWS\System32\
Long name: AxCtp.dll
Short name: AXCTP.DLL
Date (created): 8/3/2004 6:34:38 PM
Date (last access): 6/11/2005
Date (last write): 12/6/2004 11:49:48 AM
Filesize: 1619064
Attributes: archive
MD5: 9D7A18C707FDA771E4927AA27AB03FA7
CRC32: D1D7E737
Version: 3.4.4122.0
{3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class)
DPF name:
CLSID name: ZoneBuddy Class
Installer:
Codebase: http://sympatico.zone.msn.com/BinFrameWork...dy.cab32846.cab (http://\"http://sympatico.zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab\")
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZBuddy.ocx
Short name: ZBUDDY.OCX
Date (created): 11/17/2004 10:46:28 PM
Date (last access): 6/11/2005
Date (last write): 11/17/2004 10:46:28 PM
Filesize: 194600
Attributes: archive
MD5: EB58AA7BB0CD28E129380C4C29A17BB2
CRC32: 4F7494D7
Version: 9.3.2846.1
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\WINDOWS\Downloaded Program Files\MSNPupld.inf
Codebase: http://by101fd.bay101.Email (http://\"http://by101fd.bay101.Email\") Removed.msn.com/resources/MsnPUpld.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name: MSNPUPLD.DLL
Date (created): 10/8/2004 4:01:22 PM
Date (last access): 6/12/2005
Date (last write): 10/8/2004 4:01:22 PM
Filesize: 372736
Attributes: archive
MD5: D2ED523BB0FE94F8F492BEFE1C336040
CRC32: C4677625
Version: 10.0.910.0
{5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object)
DPF name:
CLSID name: ZonePAChat Object
Installer:
Codebase: http://sympatico.zone.msn.com/binframework...at.cab32846.cab (http://\"http://sympatico.zone.msn.com/binframework/v10/ZPAChat.cab32846.cab\")
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZPAChat.ocx
Short name: ZPACHAT.OCX
Date (created): 11/17/2004 10:47:08 PM
Date (last access): 6/11/2005
Date (last write): 11/17/2004 10:47:08 PM
Filesize: 456744
Attributes: archive
MD5: 948E7F8C31AEAD9EA7F196833F91E8C5
CRC32: F3A349C2
Version: 9.3.2846.1
{8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object)
DPF name:
CLSID name: ZPA_WheelOfFortune Object
Installer:
Codebase: http://sympatico.zone.msn.com/bingame/zpag...of.cab34501.cab (http://\"http://sympatico.zone.msn.com/bingame/zpagames/zpa_wof.cab34501.cab\")
Path: C:\WINDOWS\Downloaded Program Files\
Long name: zpa_wof.ocx
Short name:
Date (created): 2/15/2005 11:29:24 AM
Date (last access): 6/11/2005
Date (last write): 2/15/2005 11:29:24 AM
Filesize: 2479656
Attributes: archive
MD5: AF757C7650F24B4D7B586368B87A97C3
CRC32: 9E161CE8
Version: 9.3.4501.1
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)
DPF name:
CLSID name: MsnMessengerSetupDownloadControl Class
Installer: C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.inf
Codebase: http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnMessengerSetupDownloader.ocx
Short name: MSNMES~1.OCX
Date (created): 8/10/2004 4:47:44 PM
Date (last access): 6/11/2005
Date (last write): 8/10/2004 4:47:44 PM
Filesize: 118472
Attributes: archive
MD5: E2C85C717559A5BDCC1FB3F81F0E4805
CRC32: 6C3A6CD6
Version: 1.0.0.1
{B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class)
DPF name:
CLSID name: ZoneIntro Class
Installer:
Codebase: http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (http://\"http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab\")
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZIntro.ocx
Short name: ZINTRO.OCX
Date (created): 1/31/2005 11:26:46 PM
Date (last access): 6/11/2005
Date (last write): 1/31/2005 11:26:46 PM
Filesize: 117800
Attributes: archive
MD5: 9EA94132E01979F0867243DE7D151A26
CRC32: 7670E697
Version: 9.3.4246.1
{BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in)
DPF name:
CLSID name: Creative Toolbox Plug-in
Installer: C:\WINDOWS\Downloaded Program Files\Crusher.inf
Codebase: http://di.imgag.com/imgag/cp/install/Crusher.cab (http://\"http://di.imgag.com/imgag/cp/install/Crusher.cab\")
Path: C:\WINDOWS\System32\
Long name: Crusher.dll
Short name: CRUSHER.DLL
Date (created): 2/26/2004 10:24:06 AM
Date (last access): 6/11/2005
Date (last write): 2/26/2004 10:24:06 AM
Filesize: 778240
Attributes: archive
MD5: 3F48820D5B345781A5E30B9349048FBC
CRC32: 6CD60328
Version: 1.1.7.0
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2
Installer: C:\WINDOWS\Downloaded Program Files\jinstall-1_4_2.inf
Codebase: http://java.sun.com/products/plugin/autodl...indows-i586.cab (http://\"http://java.sun.com/products/plugin/autodl/jinstall-1_4_2-windows-i586.cab\")
Path: C:\Program Files\Java\j2re1.4.2\bin\
Long name: NPJPI142.dll
Short name:
Date (created): 9/6/2004 8:13:08 PM
Date (last access): 6/11/2005
Date (last write): 9/6/2004 8:13:08 PM
Filesize: 65636
Attributes: archive
MD5: 4ACFBF6AB1BBE79DBD665C186B3B5AFD
CRC32: BE89D675
Version: 1.4.2.0
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_05
Installer:
Codebase: http://java.sun.com/products/plugin/autodl...indows-i586.cab (http://\"http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab\")
Path: C:\Program Files\Java\j2re1.4.2_05\bin\
Long name: NPJPI142_05.dll
Short name: NPJPI1~1.DLL
Date (created): 6/3/2068 10:05:12 PM
Date (last access): 6/11/2005
Date (last write): 6/3/2004 10:05:06 PM
Filesize: 65650
Attributes: archive
MD5: 174488C8877FA852448D1937C322AABB
CRC32: 62C2460D
Version: 1.4.2.50
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4)
DPF name:
CLSID name: Measurement Service Client v.3.4
Installer: C:\WINDOWS\Downloaded Program Files\MSC3.inf
Codebase: http://ccon.futuremark.com/global/msc34.cab (http://\"http://ccon.futuremark.com/global/msc34.cab\")
Path: C:\WINDOWS\system32\FUTURE~1\MSC\
Long name: MSC3.ocx
Short name:
Date (created): 9/2/2003 11:37:16 AM
Date (last access): 6/12/2005
Date (last write): 9/2/2003 11:37:16 AM
Filesize: 528384
Attributes: archive
MD5: 9A5C467FF00E5763AB05116096C7E61D
CRC32: 8FBEB21F
Version: 3.4.0.0
{D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control)
DPF name:
CLSID name: TikGames Online Control
Installer: C:\WINDOWS\Downloaded Program Files\gpcontrol.inf
Codebase: http://zone.msn.com/bingame/shpo/default/shapo.cab (http://\"http://zone.msn.com/bingame/shpo/default/shapo.cab\")
Path: C:\WINDOWS\Downloaded Program Files\
Long name: gpcontrol.dll
Short name: GPCONT~1.DLL
Date (created): 1/20/2005 7:05:50 PM
Date (last access): 6/12/2005
Date (last write): 1/20/2005 7:05:50 PM
Filesize: 278528
Attributes: archive
MD5: 352BB419272AF2B4A3BD90BCFA7839B3
CRC32: AB37B0D5
Version: 1.0.1.3
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class)
DPF name:
CLSID name: StadiumProxy Class
Installer:
Codebase: http://sympatico.zone.msn.com/binframework...xy.cab34035.cab (http://\"http://sympatico.zone.msn.com/binframework/v10/StProxy.cab34035.cab\")
Path: C:\WINDOWS\Downloaded Program Files\
Long name: StProxy.dll
Short name: STPROXY.DLL
Date (created): 1/20/2005 3:14:06 PM
Date (last access): 6/12/2005
Date (last write): 1/20/2005 3:14:06 PM
Filesize: 237096
Attributes: archive
MD5: B6B97804EDFCF1FD1ECD9C0D273850B1
CRC32: 6C2471FE
Version: 9.3.4035.1
{DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object)
DPF name:
CLSID name: SCEWebLauncherCtl Object
Installer: C:\WINDOWS\Downloaded Program Files\SCEWebLauncher.inf
Codebase: http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (http://\"http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab\")
Path: C:\WINDOWS\Downloaded Program Files\
Long name: SCEWebLauncher.Ocx
Short name: SCEWEB~1.OCX
Date (created): 12/2/2004 4:54:06 PM
Date (last access): 6/12/2005
Date (last write): 12/2/2004 4:54:06 PM
Filesize: 81920
Attributes: archive
MD5: F986D02318C234B13293C586EA69D8BA
CRC32: 2AF02170
Version: 1.0.0.3
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5)
DPF name:
CLSID name: MSN Chat Control 4.5
Installer: C:\WINDOWS\Downloaded Program Files\MsnChat45.inf
Codebase: http://chat.msn.com/bin/msnchat45.cab (http://\"http://chat.msn.com/bin/msnchat45.cab\")
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MSNChat45.ocx
Short name: MSNCHA~1.OCX
Date (created): 10/27/2003 11:35:44 AM
Date (last access): 6/11/2005
Date (last write): 10/27/2003 11:35:44 AM
Filesize: 510552
Attributes: archive
MD5: 60FED272BDBAFA8214E40AD376C9987E
CRC32: 5EE901FC
Version: 9.2.310.2401
{FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class)
DPF name:
CLSID name: IWinAmpActiveX Class
Installer: C:\WINDOWS\Downloaded Program Files\ampx.inf
Codebase: http://cdn.digitalcity.com/_media/dalaillama/ampx.cab (http://\"http://cdn.digitalcity.com/_media/dalaillama/ampx.cab\")
Path: C:\Program Files\Common Files\Nullsoft\ActiveX\2.0\
Long name: AmpX.dll
Short name: AMPX.DLL
Date (created): 8/4/2003 5:19:58 PM
Date (last access): 6/11/2005
Date (last write): 8/4/2003 5:19:58 PM
Filesize: 126977
Attributes: archive
MD5: 4F1733DC81678E921A3B39F7D50C1B79
CRC32: E221CAC8
Version: 2.0.0.36
--- Process list ---
PID: 0 ( 0) [System]
PID: 512 ( 4) \SystemRoot\System32\smss.exe
PID: 568 ( 512) \??\C:\WINDOWS\system32\csrss.exe
PID: 592 ( 512) \??\C:\WINDOWS\system32\winlogon.exe
PID: 636 ( 592) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 648 ( 592) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 796 ( 636) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 844 ( 636) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 908 ( 636) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 976 ( 636) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1140 ( 636) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1352 ( 636) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 7435B108B935E42EA92CA94F59C8E717
PID: 1592 ( 636) C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
size: 330240
MD5: 9DBD26D7D7967D918C507B1E2A93A37E
PID: 1608 ( 636) C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
size: 84480
MD5: 62E6B23B906B213836470740FE449B43
PID: 1648 ( 636) C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
size: 114688
MD5: 8AB495F0D82F81458BC9AC85E018FBBF
PID: 1808 ( 636) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 940 ( 884) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1188 ( 940) C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
size: 272896
MD5: F4C4AABCCA4EA3A675E5BBC3E821E7E1
PID: 520 ( 636) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 1800 ( 940) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 1208 ( 940) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 6/12/2005 3:32:15 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch (http://\"http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch\")
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.aldelphia.net/ (http://\"http://www.aldelphia.net/\")
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch (http://\"http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch\")
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home (http://\"http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home\")
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome (http://\"http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome\")
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch (http://\"http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch\")
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchAssistant
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch (http://\"http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch\")
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm (http://\"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm\")
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm (http://\"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm\")
--- Winsock Layered Service Provider list ---
--- Uninstall list ---
USB MassStorage CardReader (040a_5005)
uninstall cmd: C:\Program Files\Kodak\040a_5005\Remove.exe
20,000 Recipes (20,000 Recipes)
uninstall cmd: C:\WINDOWS\uninst.exe -f"C:\Program Files\Cosmi\20KRecipes\DeIsL1.isu" -c"C:\Program Files\Cosmi\20KRecipes\_ISREG32.DLL"
Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com (http://\"http://www.lavasoft.com\")
(AddressBook)
Adobe Download Manager 2.0 (Remove Only) 2.0 (AdobeESD)
uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
(AIMToolbar)
AOL Instant Messenger (AOL Instant Messenger)
uninstall cmd: C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
(Automap 9.0)
AVG Free Edition (AVG7Uninstall)
uninstall cmd: C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
(BackWeb-8876480 Uninstaller)
(Branding)
C-Media 3D Audio (C-Media Audio)
uninstall cmd: C:\WINDOWS\CMIUnInstall.exe
CleanUp! (CleanUp!)
uninstall cmd: C:\Program Files\CleanUp!\uninstall.exe
(Connection Manager)
(DirectAnimation)
(DirectDrawEx)
(DXM_Runtime)
EPSON Printer Software (EPSON Printer and Utilities)
uninstall cmd: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
(Fontcore)
HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\EJ Haha\Desktop\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.
Ink Monitor (Ink Monitor)
uninstall cmd: C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe -U
(InstallShield Uninstall Information)
Co-Pilot - iWon (iWonCoPilot)
uninstall cmd: rundll32 C:\PROGRA~1\iWon\iWonBar\2.bin\iwonbar.dll,O
publisher: iWon.com
help link: http://help.iwon.com/ (http://\"http://help.iwon.com/\")
Windows XP Hotfix - KB834707 20040929.110854 (KB834707)
uninstall cmd: C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=834707 (http://\"http://support.microsoft.com?kbid=834707\")
Windows XP Hotfix - KB867282 20050127.090417 (KB867282)
uninstall cmd: C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=867282 (http://\"http://support.microsoft.com?kbid=867282\")
Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333 (http://\"http://support.microsoft.com?kbid=873333\")
Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339 (http://\"http://support.microsoft.com?kbid=873339\")
(KB884016)
Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250 (http://\"http://support.microsoft.com?kbid=885250\")
Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835 (http://\"http://support.microsoft.com?kbid=885835\")
Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836 (http://\"http://support.microsoft.com?kbid=885836\")
Windows XP Hotfix - KB885884 20040924.025457 (KB885884)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885884 (http://\"http://support.microsoft.com?kbid=885884\")
Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185 (http://\"http://support.microsoft.com?kbid=886185\")
Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472 (http://\"http://support.microsoft.com?kbid=887472\")
Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742 (http://\"http://support.microsoft.com?kbid=887742\")
Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113 (http://\"http://support.microsoft.com?kbid=888113\")
Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302 (http://\"http://support.microsoft.com?kbid=888302\")
Windows XP Hotfix - KB890047 20041221.124506 (KB890047)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890047 (http://\"http://support.microsoft.com?kbid=890047\")
Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175 (http://\"http://support.microsoft.com?kbid=890175\")
Windows XP Hotfix - KB890859 1 (KB890859)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859 (http://\"http://support.microsoft.com?kbid=890859\")
Windows XP Hotfix - KB890923 1 (KB890923)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890923 (http://\"http://support.microsoft.com?kbid=890923\")
Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781 (http://\"http://support.microsoft.com?kbid=891781\")
Windows XP Hotfix - KB893066 1 (KB893066)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066 (http://\"http://support.microsoft.com?kbid=893066\")
Windows XP Hotfix - KB893086 1 (KB893086)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086 (http://\"http://support.microsoft.com?kbid=893086\")
Windows Installer 3.1 (KB893803) 3.1 (KB893803)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467 (http://\"http://go.microsoft.com/fwlink/?LinkId=42467\")
Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467 (http://\"http://go.microsoft.com/fwlink/?LinkId=42467\")
LiveReg (Symantec Corporation) 2.2.0.1621 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
publisher: Symantec Corporation
LiveUpdate 2.5 (Symantec Corporation) 2.5.55.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation
Logitech Resource Center (Logitech Resource Center)
uninstall cmd: C:\PROGRA~1\LOGITECH\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\LOGITECH\RESOUR~1\rem\INSTALL.LOG
Macromedia Shockwave Player (Macromedia Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Futuremark Measurement Services Client (Measurement Services Client)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msc3.inf,DefaultUninstall,5
(MPlayer2)
(MSI30-Beta1)
(MSI30-Beta2)
(MSI30-KB884016)
(MSI30-RC1)
(MSI30-RC2)
(MSI30a-KB884016)
(MSI31-Beta)
(MSI31-RC1)
MSN Music Assistant (MSN Music Assistant)
uninstall cmd: rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
(OutlookExpress)
(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Shockwave (Shockwave)
uninstall cmd: C:\WINDOWS\system32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~2\Install.log
(ShockwaveFlash)
SiS 661FX_760_741_M661FX_M760_M741 (SiS 661FX_760_741_M661FX_M760_M741)
uninstall cmd: Rundll32 SiSInst.dll,Uninstall VGA,r,0
Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
SpywareBlaster v3.4 3.4.0 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC
Viewpoint Media Player (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
(webconsole.exe)
Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 2 20040803.231319 (Windows XP Service Pack)
uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811113 (http://\"http://support.microsoft.com?kbid=811113\")
Microsoft Works 2002 Setup Launcher (Works2002Setup)
uninstall cmd: C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\
help link: http://support.microsoft.com/support/works (http://\"http://support.microsoft.com/support/works\")
Yahoo! Messenger (Yahoo! Messenger)
uninstall cmd: C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
Microsoft Encarta Encyclopedia Standard 2002 2002 ({01001202-823E-46CD-A70E-BEE818F97169})
version (major): 2002
estimated size: 135819
install date: 20050207
install source: D:\
uninstall cmd: MsiExec.exe /I{01001202-823E-46CD-A70E-BEE818F97169}
publisher: Microsoft Corporation
help link: http://support.microsoft.com (http://\"http://support.microsoft.com\")
Microsoft Streets and Trips 2002 9.00.17.0200 ({12BDDF23-B1DB-49C8-92D3-3E6841CCED61})
version: 150994961
version (major): 9
estimated size: 250552
install date: 20050207
install location: C:\Program Files\Microsoft Streets & Trips\
install source: D:\MSMap\
uninstall cmd: MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
publisher: Microsoft
help link: http://www.Microsoft.com/support (http://\"http://www.Microsoft.com/support\")
My DSC ({225AF9A1-B556-88D5-94AA-0010B5426419})
uninstall cmd: C:\Program Files\InstallShield Installation Information\{225af9a1-b556-88d5-94aa-0010b5426419}\setup.exe
WebFldrs XP 9.50.5318 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154277062
version (major): 9
version (minor): 50
estimated size: 1940
install date: 20040906
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows (http://\"http://www.microsoft.com/windows\")
Logitech MouseWare 9.79 ({5809E7CF-4DCF-11D4-9875-00105ACE7734})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Java 2 Runtime Environment, SE v1.4.2 1.4.2 ({7148F0A8-6813-11D6-A77B-00B0D0142000})
version: 17039362
version (major): 1
version (minor): 4
estimated size: 63200
install date: 20040906
install source: http://java.sun.com/webapps/download/GetFi...8/windows-i586/ (http://\"http://java.sun.com/webapps/download/GetFile/1.4.2-b28/windows-i586/\")
uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
publisher: Sun Microsystems, Inc.
comments: http://www.java.com (http://\"http://www.java.com\")
contact: http://www.java.com (http://\"http://www.java.com\")
help link: http://www.java.com (http://\"http://www.java.com\")
help telephone: http://www.java.com (http://\"http://www.java.com\")
readme: Readme.txt
Java 2 Runtime Environment, SE v1.4.2_05 1.4.2_05 ({7148F0A8-6813-11D6-A77B-00B0D0142050})
version (major): 1
version (minor): 4
estimated size: 110816
install date: 20041004
install source: http://java.sun.com/webapps/download/GetFi...4/windows-i586/ (http://\"http://java.sun.com/webapps/download/GetFile/1.4.2_05-b04/windows-i586/\")
uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
publisher: Sun Microsystems, Inc.
comments: http://www.java.com (http://\"http://www.java.com\")
contact: http://www.java.com (http://\"http://www.java.com\")
help link: http://www.java.com (http://\"http://www.java.com\")
help telephone: http://www.java.com (http://\"http://www.java.com\")
readme: Readme.txt
Microsoft Word 2002 10.0.2627.01 ({911B0409-6000-11D3-8CFE-0050048383C9})
version: 167774787
version (major): 10
estimated size: 120726
install date: 20050207
install location: INSTALLLOCATION
install source: D:\MSWord\
uninstall cmd: MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support (http://\"http://www.microsoft.com/support\")
readme: C:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM
Microsoft Works 6.0 06.00.0000 ({A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704})
version: 100663296
version (major): 6
estimated size: 93598
install date: 20050207
install source: D:\msworks\
uninstall cmd: MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
publisher: Microsoft Corporation
comments: Microsoft Works 6.0 installation.
help link: http://support.microsoft.com/support/works (http://\"http://support.microsoft.com/support/works\")
MSN Messenger 6.2 6.2.0205 ({ABEB838C-A1A7-4C5D-B7E1-8B4314600205})
version: 100794573
version (major): 6
version (minor): 2
estimated size: 6026
install date: 20050212
install source: C:\DOCUME~1\tina\LOCALS~1\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600205}
publisher: Microsoft Corporation
({B3EF1460-CCF9-11D4-B231-0050DACD394D})
Works Synchronization 1.0.0.0000 ({BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387})
version: 16777216
version (major): 1
estimated size: 2375
install date: 20050207
install source: D:\WksSync\
publisher: Your Company Name
help link: http://www.microsoft.com (http://\"http://www.microsoft.com\")
help telephone: 555-555-1234
IBM ViaVoice TTS Runtime v6.404 - US English ({C1A6B23C-438E-4D08-B508-4E830CA8F335})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1A6B23C-438E-4D08-B508-4E830CA8F335}\Setup.exe" xxxanything
Microsoft Works Suite Add-in for Microsoft Word 2.0.0.0000 ({C3A439E4-7303-491F-A678-CEA36A87D517})
version: 33554432
version (major): 2
estimated size: 17973
install date: 20050207
install source: D:\WordAdd\
uninstall cmd: MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/support/works (http://\"http://support.microsoft.com/support/works\")
help telephone:
Microsoft Picture It! Photo 2002 6.0.0.0000 ({C769A271-7E1C-48F9-B331-474600DD4C06})
version: 100663296
version (major): 6
estimated size: 232850
install date: 20050207
install source: D:\pip\
uninstall cmd: MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
publisher: Microsoft
comments: Microsoft Picture It! Photo 2002
help link: http://go.microsoft.com/fwlink/pi6/default...TUP&sba=SUPPORT (http://\"http://go.microsoft.com/fwlink/pi6/default.asp?prd=10964&pver=6.0&plcid=0x409&ar=SETUP&sba=SUPPORT\")
help telephone:
Works Suite OS Pack 1.0.0.0000 ({DC19E750-988B-4005-A355-85EF66055EFE})
version: 16777216
version (major): 1
install date: 20050207
install source: D:\ospack\
publisher: Microsoft Corporation
help link: http://www.microsoft.com (http://\"http://www.microsoft.com\")
help telephone:
3.54 ({E06E4F4E-72D6-4497-BFFD-BCB43077C2F4})
version: 53870592
install location: C:\Program Files\Multimedia V3.54
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\Setup.exe" -l0x9 -uninst
Microsoft Money 2002 10.0.50 ({E7298FD5-1386-11D5-8D6C-0050DAD32D95})
version: 167772210
version (major): 10
estimated size: 157649
install date: 20050207
install source: D:\Money\
uninstall cmd: MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
publisher: Microsoft
comments: The Installation database contains the logic and data required to install Money 2002
help link: http://support.microsoft.com (http://\"http://support.microsoft.com\")
help telephone: (800) 936-5700
({F90DA605-4E92-11D4-A319-00104BCAB4AB})
--- System Services ---
Service (registry key): 6to4
Display name: IPv6 Helper Service
Description: Provides DDNS name registration and automatic IPv6 connectivity over an IPv4 network. If this service is stopped, other computers may not be able to reach it by name and the machine will only have IPv6 connectivity if it is connected to a native IPv6 network. If this service is disabled, any other services that explicitly depend on this service will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSS,tcpip6,winmgmt
Service (registry key): Abiosdsk
Start: 4
Type: 1
Error Control: 0
Service (registry key): abp480n5
Start: 4
Type: 1
Error Control: 1
Service (registry key): ac97intc
Display name: IntelĀ® 82801 Audio Driver Install Service (WDM)
Image path: system32\drivers\ac97intc.sys
Image size: 96256
Image MD5: 0F2D66D5F08EBE2F77BB904288DCF6F0
Start: 3
Type: 1
Error Control: 1
Service (registry key): ACPI
Display name: Microsoft ACPI Driver
Image path: System32\DRIVERS\ACPI.sys
Image size: 187776
Image MD5: A10C7534F7223F4A73A948967D00E69B
Start: 0
Type: 1
Error Control: 1
Service (registry key): ACPIEC
Start: 4
Type: 1
Error Control: 1
Service (registry key): Adobe LM Service
Display name: Adobe LM Service
Description: AdobeLM Service
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
Image size: 69632
Image MD5: A4FFC35A661D42DD424F22905C333979
Start: 3
Type: 16
Error Control: 1
Service (registry key): adpu160m
Start: 4
Type: 1
Error Control: 1
Service (registry key): aec
Display name: Microsoft Kernel Acoustic Echo Canceller
Image path: system32\drivers\aec.sys
Image size: 142464
Image MD5: 841F385C6CFAF66B58FBD898722BB4F0
Start: 3
Type: 1
Error Control: 1
Service (registry key): AFD
Display name: AFD Networking Support Environment
Description: AFD Networking Support Environment
Image path: \SystemRoot\System32\drivers\afd.sys
Start: 1
Type: 1
Error Control: 1
Service (registry key): Aha154x
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78u2
Start: 4
Type: 1
Error Control: 1
Service (registry key): aic78xx
Start: 4
Type: 1
Error Control: 1
Service (registry key): Alerter
Display name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 4
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): ALG
Display name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 44544
Image MD5: F1958FBF86D5C004CF19A5951A9514B7
Start: 3
Type: 16
Error Control: 1
Service (registry key): AliIde
Start: 4
Type: 1
Error Control: 1
Service (registry key): AmdK7
Display name: AMD K7 Processor Driver
Image path: System32\DRIVERS\amdk7.sys
Image size: 37376
Image MD5: 680AD1C1BB16239E28D8F33A54A7A3C7
Start: 1
Type: 1
Error Control: 1
Service (registry key): amsint
Start: 4
Type: 1
Error Control: 1
Service (registry key): AN983
Display name: ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter
Image path: System32\DRIVERS\AN983.sys
Image size: 36224
Image MD5: 116BFF96077A4A724E0AAB800525CEB5
Start: 3
Type: 1
Error Control: 1
Service (registry key): AppMgmt
Display name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Service (registry key): asc
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3350p
Start: 4
Type: 1
Error Control: 1
Service (registry key): asc3550
Start: 4
Type: 1
Error Control: 1
Service (registry key): AsyncMac
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: System32\DRIVERS\asyncmac.sys
Image size: 14336
Image MD5: 02000ABF34AF4C218C35D257024807D6
Start: 3
Type: 1
Error Control: 1
Service (registry key): atapi
Display name: Standard IDE/ESDI Hard Disk Controller
Image path: System32\DRIVERS\atapi.sys
Image size: 95360
Image MD5: CDFE4411A69C224BD1D11B2DA92DAC51
Start: 0
Type: 1
Error Control: 1
Service (registry key): Atdisk
Start: 4
Type: 1
Error Control: 0
Service (registry key): Atmarpc
Display name: ATM ARP Client Protocol
Description: ATM ARP Client Protocol
Image path: System32\DRIVERS\atmarpc.sys
Image size: 59904
Image MD5: EC88DA854AB7D7752EC8BE11A741BB7F
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): AudioSrv
Display name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): audstub
Display name: Audio Stub Driver
Image path: System32\DRIVERS\audstub.sys
Image size: 3072
Image MD5: D9F724AA26C010A217C97606B160ED68
Start: 3
Type: 1
Error Control: 1
Service (registry key): Avg7Alrt
Display name: AVG7 Alert Manager Server
Object name: LocalSystem
Image path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Image size: 330240
Image MD5: 9DBD26D7D7967D918C507B1E2A93A37E
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS
Service (registry key): Avg7Core
Display name: AVG7 Kernel
Image path: \SystemRoot\System32\Drivers\avg7core.sys
Start: 1
Type: 1
Error Control: 1
Service (registry key): Avg7RsW
Display name: AVG7 Wrap Driver
Image path: \SystemRoot\System32\Drivers\avg7rsw.sys
Start: 1
Type: 1
Error Control: 1
Service (registry key): Avg7RsXP
Display name: AVG7 Resident Driver XP
Image path: \SystemRoot\System32\Drivers\avg7rsxp.sys
Start: 1
Type: 1
Error Control: 1
Service (registry key): Avg7UpdSvc
Display name: AVG7 Update Service
Object name: LocalSystem
Image path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Image size: 84480
Image MD5: 62E6B23B906B213836470740FE449B43
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): AvgTdi
Display name: AVG Network Redirector
Image path: \??\C:\WINDOWS\System32\Drivers\avgtdi.sys
Image size: 4704
Image MD5: 065684F105712B71F8FA7A1FD5133252
Start: 2
Type: 1
Error Control: 1
Service (registry key): BattC
Start: 0
Type: 0
Error Control: 0
Service (registry key): Beep
Start: 1
Type: 1
Error Control: 1
Service (registry key): BITS
Display name: Background Intelligent Transfer Service
Description: Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: Rpcss
Service (registry key): Browser
Display name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer
Service (registry key): cbidf2k
Start: 4
Type: 1
Error Control: 1
Service (registry key): CCDECODE
Display name: Closed Caption Decoder
Image path: System32\DRIVERS\CCDECODE.sys
Image size: 17024
Image MD5: 6163ED60B684BAB19D3352AB22FC48B2
Start: 3
Type: 1
Error Control: 1
Service (registry key): cd20xrnt
Start: 4
Type: 1
Error Control: 1
Service (registry key): Cdaudio
Start: 1
Type: 1
Error Control: 0
Service (registry key): Cdfs
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"
Service (registry key): Cdrom
Display name: CD-ROM Driver
Image p
-
here isa fresh HJT log
Logfile of HijackThis v1.99.1
Scan saved at 3:34:32 PM, on 6/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\EJ Haha\My Documents\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldelphia.net/ (http://\"http://www.aldelphia.net/\")
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab (http://\"http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab\")
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://sympatico.zone.msn.com/binFrameWork...UI.cab34120.cab (http://\"http://sympatico.zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab\")
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp.cab (http://\"http://ak.imgag.com/imgag/cp/install/AxCtp.cab\")
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://sympatico.zone.msn.com/BinFrameWork...dy.cab32846.cab (http://\"http://sympatico.zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.Email (http://\"http://by101fd.bay101.Email\") Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://sympatico.zone.msn.com/binframework...at.cab32846.cab (http://\"http://sympatico.zone.msn.com/binframework/v10/ZPAChat.cab32846.cab\")
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://sympatico.zone.msn.com/bingame/zpag...of.cab34501.cab (http://\"http://sympatico.zone.msn.com/bingame/zpagames/zpa_wof.cab34501.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (http://\"http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab\")
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab\")
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://di.imgag.com/imgag/cp/install/Crusher.cab (http://\"http://di.imgag.com/imgag/cp/install/Crusher.cab\")
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab (http://\"http://ccon.futuremark.com/global/msc34.cab\")
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab (http://\"http://zone.msn.com/bingame/shpo/default/shapo.cab\")
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://sympatico.zone.msn.com/binframework...xy.cab34035.cab (http://\"http://sympatico.zone.msn.com/binframework/v10/StProxy.cab34035.cab\")
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (http://\"http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab\")
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab (http://\"http://chat.msn.com/bin/msnchat45.cab\")
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab (http://\"http://cdn.digitalcity.com/_media/dalaillama/ampx.cab\")
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
-
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg
Save this file on the desktop, well need this later, don't run it yet
REGEDIT4
[-HKEY_LOCAL_MACHINE\Software\Gator.com]
I would access your Add/Remove programs and remove
iWon Co-pilot if found
Afterwards
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Reboot back to Safe mode
Find and delete this folder
C:\Program Files\Common Files\GMT <-folder
Double click on fix.reg and allow to add or Merge to the registry
Restart back to Normal mode
Run another scan with Spybot
Let me know if that entry is now gone
-
i can't delete that GMT folder.. it just freezez. And i still can't remove Gain.Gator.. that also just freezez..however i have merged the fix.reg file to thr registry..
-
are you trying to delete the GMT folder in safe mode?
Do me a favor
Download this removal tool from Symantec's
FixGator.exe (http://\"http://securityresponse.symantec.com/avcenter/FixGator.exe\")
and save it too desktop
Restart into safe mode
Run the tool and let it scan your drive and fix what it finds
You should be able to save a log after it is done
When it's done restart back to Normal mode
Post the log from the removal tool