 I think I have a virus, Homepage sends me to anti virus page |
Forum Rules
Greetings,
Before you post in this forum,please read and follow the instructions in this post: Guidelines for Posting in This Forum
Failure to follow these instructions will only result in delays of the cleaning and removal process.
If you ran other AntiVirus and/or AntiSpyware programs and have the logs available, please post them as well.
Our goal is to help you clean your PC and restore it to pre-infection condition wherever possible.
Thank You
  |
 Dec 6 2005, 10:42 PM
Post
#1
|
|
|
Active Member  Group: Active Members Posts: 36 Joined: 16-August 05 Member No.: 15957  |
Hi, my AVG caught a virus after I let in a Windows NT program (or so it said) through my firewall. My homepage is now always an anti virus page even though its not specified under options.
Attached is my hijacklog file. Many thanks if anyone can help. Logfile of HijackThis v1.99.1 Scan saved at 22:36:35, on 06/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\system32\nvctrl.exe C:\WINDOWS\system32\rundll32.exe C:\hijact\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: HomepageBHO - {724510c3-f3c8-4fb7-879a-d99f29008a2f} - C:\WINDOWS\system32\hpB5A5.tmp O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband Help\bin\matcli.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/..._1/yregucfg.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
 |
|
|
Dec 6 2005, 10:45 PM
Post
#2
|
|
|
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164 |
Hi datix101,
Copy these instructions to notepad and save them to your desktop for easy reference. You will be restarting into Safe mode later. Here's help if you need it. To use the F8 key to start Windows XP in Safe mode Restart the computer. Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening. As soon as the BIOS loads, begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again. Using the arrow keys on the keyboard, select Safe mode and then press Enter. ------ Because XP will not always show you hidden files and folders by default. Reset your search settings first. Open Folder Options>view and check your settings: Select Show hidden files and folders Display the contents of system folders Uncheck: Hide protected operating system files Next go to Search and look down to More advanced options and click onthe chevron next to it. Be sure the first three boxes are selected: Search System folders Search Hidden Files and folders Search SubFolders -------- Download smitrem.zip Save the file to your desktop. Double click on smitRem.exe to extract the files it contains. This will create a folder named smitrem on your desktop. We'll use it later. ------------ Download CCleaner. http://www.filehippo.com/download_ccleaner.html Install CCleaner Launch CCleaner and look in the upper right corner and click on the "Options" button. Click "Advanced" and remove the check by "Only delete files in Windows temp folders older than 48 hours". Click OK Do not run CCleaner yet. You will run it later in safe mode. Download the trial version of Ewido Security Suite: http://www.ewido.net/en/download/ Install ewido. During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". Launch ewido It will prompt you to update click the OK button and it will go to the main screen On the left side of the main screen click update Click on Start and let it update. DO NOT run a scan yet. You will do that later in safe mode. ------------------------ Restart your computer into safe mode. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. Run Ewido: Click on scanner Click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK When the scan is finished, look at the bottom of the screen and click the Save report button. Save the report to your desktop Start Ccleaner and click Run Cleaner Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK. Go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar.If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK. Restart back into regular windows. Go for a free online Virus scan here: http://www.pandasoftware.com/activescan/ Allow it to clean Panda will have the option to create a log afer the scan has finished. Click the See Report button. Then click the save Report button. It will be saved under the name activescan.txt Do that and post that log into your next reply here. Post a new HiJackThis log along with the results from ActiveScan and the ewido scan Open C:\smitfiles.txt and post the contents of that file too please. |
|
|
|
|
Dec 7 2005, 08:47 PM
Post
#3
|
|
|
Active Member Group: Active Members Posts: 36 Joined: 16-August 05 Member No.: 15957 |
Many thanks for your help. I've followed your instructions and the following is my log files. Note that the panda activescan did not give me the opportunity to save a file. It did say I was clear.
Logfile of HijackThis v1.99.1 Scan saved at 20:45:12, on 07/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\BT Broadband Help\bin\mpbtn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\hijact\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband Help\bin\matcli.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/..._1/yregucfg.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 19:32:03, 07/12/2005 + Report-Checksum: BFA87D9A + Scan result: HKLM\SOFTWARE\Classes\CLSID\{DF7346F5-4EB1-7F19-9320-5E86CBCBDA80} -> Spyware.CoolWebSearch : Cleaned with backup C:\Documents and Settings\Shane McCaul\Cookies\shane mccaul@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup C:\WINDOWS\ocmsn.log:ghwsz -> Downloader.Agent.td : Cleaned with backup C:\WINDOWS\winnt.bmp:gphrv -> Downloader.Agent.td : Cleaned with backup C:\WINDOWS\_default.pif:tdizj -> Downloader.Agent.td : Cleaned with backup ::Report End |
|
|
|
|
Dec 7 2005, 09:23 PM
Post
#4
|
|
|
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164 |
You're welcome. That looks good. How is the system behaving now?
May I see the contents of C:\smitfiles.txt please? |
|
|
|
|
Dec 8 2005, 04:40 PM
Post
#5
|
|
|
Active Member Group: Active Members Posts: 36 Joined: 16-August 05 Member No.: 15957 |
My system seems OK except when I boot up a window opens entitled "SPYWAREGUARD BROWSER PROTECTION ALERT" warning me that my IE search page has been changed - I have a choice to either restore old or keep new value. When I keep new value, the message just keeps appearing. Is this a virus?
Log you requested below. Thanks again! smitRem © log file version 2.8 by noahdfear Microsoft Windows XP [Version 5.1.2600] The current date is: 07/12/2005 The current time is: 19:04:31.81 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! spyaxe uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ SpyAxe ~~~ Shortcuts ~~~ Security Troubleshooting.url Online Security Center.url Security Troubleshooting.url Online Security Center.url Install.dat ~~~ Favorites ~~~ Antivirus Test Online.url ~~~ system32 folder ~~~ svchosts.dll 1024 dir msvol.tlb ld****.tmp ncompat.tlb nvctrl.exe mscornet.exe hp***.tmp ~~~ Icons in System32 ~~~ ts.ico ot.ico ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peaco*k@beyondlogic.org Killing PID 760 'explorer.exe' Killing PID 760 'explorer.exe' Starting registry repairs Deleting files Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! :) |
|
|
|
|
Dec 8 2005, 04:49 PM
Post
#6
|
|
|
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164 |
May I see a new Hijackthis log please? One you take after allowing the new Search Page. Unless we know what the change is, it's hard to tell what's going on.
|
|
|
|
|
Dec 9 2005, 06:54 PM
Post
#7
|
|
|
Active Member Group: Active Members Posts: 36 Joined: 16-August 05 Member No.: 15957 |
Sorry, no problem.
Logfile of HijackThis v1.99.1 Scan saved at 18:53:02, on 09/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\VERITAS Software\Update Manager\sgtray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program Files\SpywareGuard\sgmain.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\BT Broadband Help\bin\mpbtn.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\hijact\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband Help\bin\matcli.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/..._1/yregucfg.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
Dec 9 2005, 07:02 PM
Post
#8
|
|
|
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164 |
That isn't showing any search page set.
Let's try this: On the IE toolbar, click the Search Icon. When the search pane on the left opens, Click Customize at the top. A new Page will appear. Select the search engine you prefer. See if that helps. Let me know how you do. |
|
|
|
|
Dec 11 2005, 10:35 PM
Post
#9
|
|
|
Active Member Group: Active Members Posts: 36 Joined: 16-August 05 Member No.: 15957 |
Doesnt have'customize' on left pane after cluicking search. A screen came up while I was on net which said it had found a virus,. It said it was AVG program but didn't look like it. I ran all your steps again. Her are my files.
--------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 08:48:21, 11/12/2005 + Report-Checksum: C4392650 + Scan result: C:\Documents and Settings\SMcC\Cookies\smc@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\SMcC\Cookies\shane mccaul@cs.-- The nicest hobby on Earth ;) --counter[2].txt -> Spyware.Cookie.-- The nicest hobby on Earth ;) --counter : Cleaned with backup C:\Documents and Settings\SMcC\Cookies\smc@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup ::Report End smitRem © log file version 2.8 by noahdfear Microsoft Windows XP [Version 5.1.2600] The current date is: 11/12/2005 The current time is: 8:20:45.62 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! spyaxe uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Starting registry repairs Deleting files Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! :) Logfile of HijackThis v1.99.1 Scan saved at 22:34:48, on 11/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\VERITAS Software\Update Manager\sgtray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\BT Broadband Help\bin\mpbtn.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\hijact\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband Help\bin\matcli.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/..._1/yregucfg.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe many thanks for your patience |
|
|
|
|
Dec 11 2005, 10:43 PM
Post
#10
|
|
|
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164 |
You look clean. There should be a customize therer inthe search pane.
At the Top. It is in the second row at the right. Maybe your Pane is not wide enough for you to see it. Have another look. |
|
|
|
|
Dec 15 2005, 12:37 PM
Post
#11
|
|
|
Active Member Group: Active Members Posts: 36 Joined: 16-August 05 Member No.: 15957 |
Everything seems OK now. Many thanks for your help.
|
|
|
|
|
Dec 15 2005, 03:12 PM
Post
#12
|
|
|
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164 |
You're welcome.
Once you have rebooted a time or two, be sure everything is in working order. It is time to flush your system restore points. Once you do that you will not be able to correct any problems you may have now by going back to a point before today. After something like this it is a good idea to Flush the Restore Points and start fresh. To flush the XP system Restore Points. Go to Start>Run and type msconfig Press enter. When msconfig opens, click the Launch System Restore Button. On the next page, click the System Restore Settings Link on the left. Check the box labeled Turn off System restore. Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created. ---------------------------- Also here is an excellent source for tips to tighten security. Follow the advice and get the free downloads to help avoid some of these problems in the future. http://www.computercops.biz/postt7736.html |
|
|
|
|
Dec 16 2005, 02:51 PM
Post
#13
|
|
|
Active Member Group: Active Members Posts: 36 Joined: 16-August 05 Member No.: 15957 |
Hi
Following a Spybot run and adaware also, spybot found Smitfraud-c, but cannot remove as it is currently in use(or is this part of smitREM that you asked me to download for previous virus?). Can someone please help. My hijack log is:- Logfile of HijackThis v1.99.1 Scan saved at 14:50:40, on 16/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\BT Broadband Help\bin\mpbtn.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\hijact\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband Help\bin\matcli.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) - http://us.dl1.yimg.com/download.yahoo.com/..._1/yregucfg.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
Dec 16 2005, 08:45 PM
Post
#14
|
|
|
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164 |
I can't say unless you tell me what Spybot found. Please post the details and we'll have another look.
|
|
|
|
|
Dec 19 2005, 03:17 PM
Post
#15
|
|
|
Active Member Group: Active Members Posts: 36 Joined: 16-August 05 Member No.: 15957 |
hope this clarifies:-
--- Search result list --- Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-1614895754-1450960922-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\*!=W=4 --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2005-09-02 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2005-05-31 advcheck.dll (1.0.2.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 Tools.dll (2.0.0.2) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2005-12-02 Includes\Cookies.sbi (*) 2005-12-02 Includes\Dialer.sbi (*) 2005-12-02 Includes\Hijackers.sbi (*) 2005-12-02 Includes\Keyloggers.sbi (*) 2005-12-02 Includes\Malware.sbi (*) 2005-12-02 Includes\PUPS.sbi (*) 2005-12-02 Includes\Revision.sbi (*) 2005-12-02 Includes\Security.sbi (*) 2005-12-02 Includes\Spybots.sbi (*) 2005-02-17 Includes\Tracks.uti 2005-12-02 Includes\Trojans.sbi (*) --- System information --- Windows XP (Build: 2600) Service Pack 2 / Windows XP / SP1: Windows XP Hotfix - KB826939 / Windows XP / SP2: Windows XP Service Pack 2 --- Startup entries list --- Located: HK_LM:Run, AVG7_CC command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe size: 356352 MD5: 6492815fc67068a11420740637946b0e Located: HK_LM:Run, AVG7_EMC command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe size: 280576 MD5: e431814c506fd4fd1df82d56f178b4a5 Located: HK_LM:Run, dla command: C:\WINDOWS\system32\dla\tfswctrl.exe file: C:\WINDOWS\system32\dla\tfswctrl.exe size: 106551 MD5: 5b02a13ef8283375980c426552a9731e Located: HK_LM:Run, DSLAGENTEXE command: C:\Program Files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe file: Located: HK_LM:Run, Easy-PrintToolBox command: C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon file: Located: HK_LM:Run, iTunesHelper command: "C:\Program Files\iTunes\iTunesHelper.exe" file: C:\Program Files\iTunes\iTunesHelper.exe size: 278528 MD5: ff95f200b0cb3810382b355cf9f0bed9 Located: HK_LM:Run, Motive SmartBridge command: C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe file: C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe size: 421888 MD5: e202390a5fcd51a68ce2cb109ec4f473 Located: HK_LM:Run, QuickTime Task command: "C:\Program Files\QuickTime\qttask.exe" -atboottime file: C:\Program Files\QuickTime\qttask.exe size: 155648 MD5: 216b3acc656cda8a5a0c3071ec0a408b Located: HK_LM:Run, SoundMan command: SOUNDMAN.EXE file: C:\WINDOWS\SOUNDMAN.EXE size: 53248 MD5: 7f3fe65039f44789982c092e6679b2c0 Located: HK_LM:Run, StorageGuard command: "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r file: C:\Program Files\VERITAS Software\Update Manager\sgtray.exe size: 155648 MD5: 68c91658a3cb6773ec79c90cc0ee6bc1 Located: HK_LM:Run, TkBellExe command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe size: 180269 MD5: 3cf6bff887af6f733473d81a8921a5c5 Located: HK_LM:Run, Zone Labs Client command: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe size: 755472 MD5: e85c5dc2659f562c496e839649aa7200 Located: HK_CU:Run, CTFMON.EXE command: C:\WINDOWS\system32\ctfmon.exe file: C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 24232996a38c0b0cf151c2140ae29fc8 Located: HK_CU:Run, Window Washer command: C:\Program Files\Webroot\Washer\wwDisp.exe file: C:\Program Files\Webroot\Washer\wwDisp.exe size: 196096 MD5: c2e79a5420d0ab8f5d66979d3228a2a5 Located: Startup (common), BT Broadband Help.lnk command: C:\Program Files\BT Broadband Help\bin\matcli.exe file: C:\Program Files\BT Broadband Help\bin\matcli.exe size: 217088 MD5: 9f603bb59ae0d9f60d0aea44367e6806 Located: Startup (user), SpywareGuard.lnk command: C:\Program Files\SpywareGuard\sgmain.exe file: C:\Program Files\SpywareGuard\sgmain.exe size: 360448 MD5: 61c028aba5e49573a6332f4a7c744e87 Located: System.ini, crypt32chain command: crypt32.dll file: crypt32.dll Located: System.ini, cryptnet command: cryptnet.dll file: cryptnet.dll Located: System.ini, cscdll command: cscdll.dll file: cscdll.dll Located: System.ini, ScCertProp command: wlnotify.dll file: wlnotify.dll Located: System.ini, Schedule command: wlnotify.dll file: wlnotify.dll Located: System.ini, sclgntfy command: sclgntfy.dll file: sclgntfy.dll Located: System.ini, SensLogn command: WlNotify.dll file: WlNotify.dll Located: System.ini, termsrv command: wlnotify.dll file: wlnotify.dll Located: System.ini, wlballoon command: wlnotify.dll file: wlnotify.dll --- Browser helper object list --- --- ActiveX list --- {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) DPF name: CLSID name: RegUserCfgUI Class Installer: Codebase: http://us.dl1.yimg.com/download.yahoo.com/..._1/yregucfg.cab Path: C:\WINDOWS\Downloaded Program Files\ Long name: yregucfg.dll Short name: Date (created): 10/06/2005 13:47:10 Date (last access): 19/12/2005 14:55:52 Date (last write): 10/06/2005 13:47:10 Filesize: 144448 Attributes: archive MD5: C19E9EF8204C3F063A3B48353A69A1C7 CRC32: CAE02071 Version: 2005.6.10.1 {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) DPF name: CLSID name: ActiveScan Installer Class Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab description: classification: Open for discussion known filename: ASINST.DLL info link: info source: Safer Networking Ltd. Path: C:\WINDOWS\Downloaded Program Files\ Long name: asinst.dll Short name: Date (created): 11/11/2005 08:28:22 Date (last access): 19/12/2005 14:53:52 Date (last write): 11/11/2005 08:28:22 Filesize: 135168 Attributes: archive MD5: 5793AB11CE5B5029ED2B9EB4CF67641C CRC32: 1E2240F6 Version: 58.3.0.0 --- Process list --- PID: 0 ( 0) [System] PID: 600 ( 4) \SystemRoot\System32\smss.exe PID: 648 ( 600) \??\C:\WINDOWS\system32\csrss.exe PID: 672 ( 600) \??\C:\WINDOWS\system32\winlogon.exe PID: 716 ( 672) C:\WINDOWS\system32\services.exe size: 108032 MD5: C6CE6EEC82F187615D1002BB3BB50ED4 PID: 728 ( 672) C:\WINDOWS\system32\lsass.exe size: 13312 MD5: 84885F9B82F4D55C6146EBF6065D75D2 PID: 912 ( 716) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 968 ( 716) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1060 ( 716) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1120 ( 716) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1284 ( 716) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1500 (1456) C:\WINDOWS\Explorer.EXE size: 1032192 MD5: A0732187050030AE399B241436565E64 PID: 1580 ( 716) C:\WINDOWS\system32\spoolsv.exe size: 57856 MD5: 7435B108B935E42EA92CA94F59C8E717 PID: 1700 ( 716) C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe size: 336896 MD5: 9BF46D959F713D64C8FF3DE2B2437863 PID: 1716 ( 716) C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe size: 84480 MD5: 66093610FA61142F6BCFD83AFB7E8A29 PID: 1784 ( 716) C:\Program Files\ewido\security suite\ewidoctrl.exe size: 13888 MD5: 26830B750372AB1BF29C95DEEBEB802F PID: 1928 ( 716) C:\WINDOWS\system32\ZoneLabs\vsmon.exe size: 1693448 MD5: 7E9C8F0BF97910E04A078799837BB6F2 PID: 372 (1500) C:\WINDOWS\SOUNDMAN.EXE size: 53248 MD5: 7F3FE65039F44789982C092E6679B2C0 PID: 440 (1500) C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe size: 356352 MD5: 6492815FC67068A11420740637946B0E PID: 464 (1500) C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe size: 280576 MD5: E431814C506FD4FD1DF82D56F178B4A5 PID: 484 (1500) C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe size: 421888 MD5: E202390A5FCD51A68CE2CB109EC4F473 PID: 548 (1500) C:\Program Files\Common Files\Real\Update_OB\realsched.exe size: 180269 MD5: 3CF6BFF887AF6F733473D81A8921A5C5 PID: 576 (1500) C:\WINDOWS\system32\dla\tfswctrl.exe size: 106551 MD5: 5B02A13EF8283375980C426552A9731E PID: 1032 (1500) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe size: 755472 MD5: E85C5DC2659F562C496E839649AA7200 PID: 1044 (1500) C:\Program Files\iTunes\iTunesHelper.exe size: 278528 MD5: FF95F200B0CB3810382B355CF9F0BED9 PID: 1172 (1500) C:\Program Files\QuickTime\qttask.exe size: 155648 MD5: 216B3ACC656CDA8A5A0C3071EC0A408B PID: 1208 (1500) C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 24232996A38C0B0CF151C2140AE29FC8 PID: 1360 (1500) C:\Program Files\SpywareGuard\sgmain.exe size: 360448 MD5: 61C028ABA5E49573A6332F4A7C744E87 PID: 1408 ( 764) C:\Program Files\BT Broadband Help\bin\mpbtn.exe size: 192512 MD5: 19BCF153F57B4A48572C97F0BE3E94B5 PID: 1488 (1360) C:\Program Files\SpywareGuard\sgbhp.exe size: 233472 MD5: A80D0704537C0EF97DB2BEF24B99AF1A PID: 488 ( 716) C:\Program Files\iPod\bin\iPodService.exe size: 323584 MD5: 20AF3FDD673B9B4AE6FAE2C52598CC68 PID: 1844 (1060) C:\WINDOWS\system32\wscntfy.exe size: 13824 MD5: 49911DD39E023BB6C45E4E436CFBD297 PID: 2084 ( 716) C:\WINDOWS\System32\alg.exe size: 44544 MD5: F1958FBF86D5C004CF19A5951A9514B7 PID: 3692 (1900) C:\Program Files\Internet Explorer\iexplore.exe size: 93184 MD5: E7484514C0464642BE7B4DC2689354C8 PID: 1432 (1500) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe size: 4393096 MD5: 09CA174A605B480318731E691DC98539 PID: 4 ( 0) System --- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 19/12/2005 15:16:54 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\system32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar http://search.msn.com/spbasic.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page http://www.bbc.co.uk/ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page %SystemRoot%\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm --- Winsock Layered Service Provider list --- --- Uninstall list --- Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal) uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG publisher: Lavasoft help link: http://www.lavasoft.com (AddressBook) Adobe Acrobat 5.0 5.0 (Adobe Acrobat 5.0) version (major): 5 install location: C:\Program Files\Adobe\Acrobat 5.0 install source: C:\Documents and Settings\Shane McCaul\Local Settings\Temp\pft1~tmp\ uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" publisher: Adobe Systems, Inc. help link: http://www.adobe.com/prodindex/acrobat/main.html AVG Free Edition (AVG7Uninstall) uninstall cmd: C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL (Branding) 5.8.0.asst_classic.asst_install (BT Broadband Help) uninstall cmd: C:\PROGRA~1\BTBROA~2\Uninstall.exe btbb publisher: Motive Communications, Inc. BT Voyager 205 ADSL Router (BT Voyager 205 ADSL Router) uninstall cmd: C:\Program Files\BT Voyager 205 ADSL Router\Adsl\uninstall.exe BT Broadband Help (btbb.MCCInstall) uninstall cmd: C:\WINDOWS\Motive\btbb\MCCUninst.exe Canon Setup Utility 2.0 (Canon Setup Utility 2.0) install location: C:\Program Files\Canon\Canon Setup Utility 2.0 uninstall cmd: "C:\Program Files\Canon\Canon Setup Utility 2.0\Maint.exe" /Uninstall C:\Program Files\Canon\Canon Setup Utility 2.0\uninst.ini Canon iP5200 (CANONBJ_Deinstall_CNMCP79.DLL) uninstall cmd: C:\WINDOWS\system32\CNMCP79.exe "-PRINTERNAMECanon iP5200" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP5200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll" CCleaner (remove only) (CCleaner) uninstall cmd: "C:\Program Files\CCleaner\uninst.exe" (Connection Manager) (DirectAnimation) (DirectDrawEx) (dlatray.exe) uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} (DXM_Runtime) Canon Utilities Easy-PhotoPrint (Easy-PhotoPrint) uninstall cmd: C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini Canon Utilities Easy-PrintToolBox (Easy-PrintToolBox) uninstall cmd: C:\WINDOWS\BJPSUNST.EXE Easy-WebPrint (Easy-WebPrint) uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" Enable S3 for USB Device (Enable S3 for USB Device) uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu" ewido security suite (ewidosecuritysuite) install location: C:\Program Files\ewido\security suite uninstall cmd: C:\Program Files\ewido\security suite\Uninstall.exe publisher: ewido networks help link: http://www.ewido.net (Fontcore) HijackThis 1.99.1 1.99.1 (HijackThis) uninstall cmd: C:\HijackThis.exe /uninstall publisher: Soeperman Enterprises Ltd. (ICW) (IE40) (IE4Data) (IE5BAKEX) (IEData) (InstallShield Uninstall Information) QuickTime 7.0.3 (InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}) version: 117440515 version (major): 7 estimated size: 62923 install date: 20051128 install location: C:\Program Files\QuickTime\ install source: C:\DOCUME~1\SHANEM~1\LOCALS~1\Temp\_is45\ uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033 publisher: Apple Computer, Inc. contact: AppleCare Support help link: http://www.info.apple.com/ help telephone: 1-800-275-2273 iPod for Windows 2005-06-26 3.8.0 (InstallShield_{654F0312-CB3D-4FE2-962C-6BB9752E9146}) version: 50855936 version (major): 3 version (minor): 8 estimated size: 47355 install date: 20051102 install location: C:\Program Files\iPod\ install source: C:\WINDOWS\Downloaded Installations\{29F66148-21CF-4C51-8B05-739D40B210A8}\ uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{654F0312-CB3D-4FE2-962C-6BB9752E9146} /l1033 publisher: Apple Computer, Inc. contact: AppleCare help link: http://www.info.apple.com readme: http://www.info.apple.com/support/downloads.html iTunes 6.0.1.3 (InstallShield_{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}) version: 100663297 version (major): 6 estimated size: 115862 install date: 20051128 install location: C:\Program Files\iTunes\ install source: C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\ uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{872653C6-5DDC-488B-B7C2-CF9E4D9335E5} /l1033 publisher: Apple Computer, Inc. contact: AppleCare Support help link: http://www.info.apple.com/ help telephone: 1-800-275-2273 iPod for Windows 2005-10-12 4.3.0 (InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}) version: 67305472 version (major): 4 version (minor): 3 estimated size: 66860 install date: 20051106 install location: C:\Program Files\iPod\ install source: C:\WINDOWS\Downloaded Installations\{C32B8844-F60D-430F-8B25-FDE3F90944C5}\ uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033 publisher: Apple Computer, Inc. contact: AppleCare help link: http://www.info.apple.com readme: http://www.info.apple.com/support/downloads.html Windows XP Hotfix - KB826939 20030902.222339 (KB826939) uninstall cmd: C:\WINDOWS\$NtUninstallKB826939$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=826939 CD-LabelPrint (MediaNavigation.CDLabelPrint) install location: C:\Program Files\Canon\CD-LabelPrint\ uninstall cmd: "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application (MobileOptionPack) (MPlayer2) (MsJavaVM) (MyCDPro.exe) uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {8855FF30-19CE-4CB1-A654-87B38369CCE1} (NetMeeting) (OutlookExpress) Panda ActiveScan (Panda ActiveScan) uninstall cmd: C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan publisher: Panda Software S.L. (PCHealth) uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf (RealJukebox 1.0) uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 RealPlayer (RealPlayer 6.0) uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 (SchedulingAgent) (SGTRAY.EXE) uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3} Macromedia Flash Player 8 8 (ShockwaveFlash) uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5 publisher: Macromedia help link: http://www.macromedia.com/go/flashplayer_support/ Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1) install location: C:\Program Files\Spybot - Search & Destroy\ uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe" publisher: Safer Networking Limited SpywareBlaster v3.4 3.4.0 (SpywareBlaster_is1) install location: C:\Program Files\SpywareBlaster\ uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe" publisher: Javacool Software LLC SpywareGuard v2.2 2.2 (SpywareGuard_is1) uninstall cmd: "C:\Program Files\SpywareGuard\unins000.exe" publisher: Javacool Software LLC Window Washer 5 (Window Washer 5) uninstall cmd: C:\WINDOWS\Unwash5.exe (Windows XP Service Pack) WinZip (WinZip) uninstall cmd: "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall ZoneAlarm 6.1.737.000 (ZoneAlarm) uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe publisher: Zone Labs, Inc help link: C:\Program Files\Zone Labs\ZoneAlarm\Help\zaclients.chm Stomp DLA Update Manager 2.71 ({09DA4F91-2A09-4232-AB8C-6BC740096DE3}) version: 38207488 version (major): 2 version (minor): 71 estimated size: 2030 install date: 20051106 install source: C:\DOCUME~1\SHANEM~1\LOCALS~1\Temp\VIES17A4\DLA\UM\ uninstall cmd: MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3} publisher: VERITAS Software Stomp DLA 3.57 ({1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) version: 54067200 version (major): 3 version (minor): 57 estimated size: 2955 install date: 20051106 install source: C:\DOCUME~1\SHANEM~1\LOCALS~1\Temp\VIES17A4\DLA\ uninstall cmd: MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} publisher: Stomp OLYMPUS CAMEDIA Master 4.1 ({30BB4D60-81DB-11D5-BB77-00400536ABAC}) uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.1 WebFldrs XP 9.50.7523 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) version: 154279267 version (major): 9 version (minor): 50 estimated size: 2472 install date: 20050831 install source: C:\WINDOWS\system32\ publisher: Microsoft Corporation help link: http://www.microsoft.com/windows QuickTime 7.0.3 ({3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}) version: 117440515 version (major): 7 estimated size: 62923 install date: 20051128 install location: C:\Program Files\QuickTime\ install source: C:\DOCUME~1\SHANEM~1\LOCALS~1\Temp\_is45\ publisher: Apple Computer, Inc. contact: AppleCare Support help link: http://www.info.apple.com/ help telephone: 1-800-275-2273 iPod for Windows 2005-06-26 3.8.0 ({654F0312-CB3D-4FE2-962C-6BB9752E9146}) version: 50855936 version (major): 3 version (minor): 8 estimated size: 47355 install date: 20051102 install location: C:\Program Files\iPod\ install source: C:\WINDOWS\Downloaded Installations\{29F66148-21CF-4C51-8B05-739D40B210A8}\ publisher: Apple Computer, Inc. contact: AppleCare help link: http://www.info.apple.com readme: http://www.info.apple.com/support/downloads.html iTunes 6.0.1.3 ({872653C6-5DDC-488B-B7C2-CF9E4D9335E5}) version: 100663297 version (major): 6 estimated size: 115862 install date: 20051128 install location: C:\Program Files\iTunes\ install source: C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\ publisher: Apple Computer, Inc. contact: AppleCare Support help link: http://www.info.apple.com/ help telephone: 1-800-275-2273 Stomp RecordNow MAX 4.50 ({8855FF30-19CE-4CB1-A654-87B38369CCE1}) version: 70385664 version (major): 4 version (minor): 50 estimated size: 11931 install date: 20051106 install source: C:\DOCUME~1\SHANEM~1\LOCALS~1\Temp\pft3.tmp\ uninstall cmd: MsiExec.exe /I{8855FF30-19CE-4CB1-A654-87B38369CCE1} publisher: Stomp help link: http://store.stompinc.com/support/rnmax.htm Microsoft Office Professional Edition 2003 11.0.5614.0 ({90110409-6000-11D3-8CFE-0150048383C9}) version: 184554990 version (major): 11 estimated size: 386017 install date: 20050902 install location: C:\Program Files\Microsoft Office\ install source: C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\ uninstall cmd: MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} publisher: Microsoft Corporation help link: http://www.microsoft.com/support readme: C:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM Microsoft Office FrontPage 2003 11.0.5614.0 ({90170409-6000-11D3-8CFE-0150048383C9}) version: 184554990 version (major): 11 estimated size: 174829 install date: 20050902 install location: C:\Program Files\Microsoft Office\ install source: C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\ uninstall cmd: MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9} publisher: Microsoft Corporation help link: http://www.microsoft.com/support readme: C:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM iPod for Windows 2005-10-12 4.3.0 ({D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}) version: 67305472 version (major): 4 version (minor): 3 estimated size: 66860 install date: 20051106 install location: C:\Program Files\iPod\ install source: C:\WINDOWS\Downloaded Installations\{C32B8844-F60D-430F-8B25-FDE3F90944C5}\ publisher: Apple Computer, Inc. contact: AppleCare help link: http://www.info.apple.com readme: http://www.info.apple.com/support/downloads.html Realtek AC'97 Audio ({FB08F381-6533-4108-B7DD-039E11FBC27E}) uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE --- System Services --- Service (registry key): Abiosdsk Start: 4 Type: 1 Error Control: 0 Service (registry key): abp480n5 Start: 4 Type: 1 Error Control: 1 Service (registry key): ACPI Display name: Microsoft ACPI Driver Image path: system32\DRIVERS\ACPI.sys Image size: 187776 Image MD5: A10C7534F7223F4A73A948967D00E69B Start: 0 Type: 1 Error Control: 1 Service (registry key): ACPIEC Start: 4 Type: 1 Error Control: 1 Service (registry key): adpu160m Start: 4 Type: 1 Error Control: 1 Service (registry key): aec Display name: Microsoft Kernel Acoustic Echo Canceller Image path: system32\drivers\aec.sys Image size: 142464 Image MD5: 841F385C6CFAF66B58FBD898722BB4F0 Start: 3 Type: 1 Error Control: 1 Service (registry key): AFD Display name: AFD Description: AFD Networking Support Environment Image path: \SystemRoot\System32\drivers\afd.sys Start: 1 Type: 1 Error Control: 1 Service (registry key): Aha154x Start: 4 Type: 1 Error Control: 1 Service (registry key): aic78u2 Start: 4 Type: 1 Error Control: 1 Service (registry key): aic78xx Start: 4 Type: 1 Error Control: 1 Service (registry key): ALCXWDM Display name: Service for Realtek AC97 Audio (WDM) Image path: system32\drivers\ALCXWDM.SYS Image size: 719052 Image MD5: 49899BB0CCC162FE6E2368EE93992950 Start: 3 Type: 1 Error Control: 1 Service (registry key): Alerter Display name: Alerter Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalService Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 4 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation Service (registry key): ALG Display name: Application Layer Gateway Service Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall. Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\alg.exe Image size: 44544 Image MD5: F1958FBF86D5C004CF19A5951A9514B7 Start: 3 Type: 16 Error Control: 1 Service (registry key): AliIde Start: 4 Type: 1 Error Control: 1 Service (registry key): AmdK7 Display name: AMD K7 Processor Driver Image path: system32\DRIVERS\amdk7.sys Image size: 37376 Image MD5: 680AD1C1BB16239E28D8F33A54A7A3C7 Start: 1 Type: 1 Error Control: 1 Service (registry key): amsint Start: 4 Type: 1 Error Control: 1 Service (registry key): AppMgmt Display name: Application Management Description: Provides software installation services such as Assign, Publish, and Remove. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 3 Type: 32 Error Control: 1 Service (registry key): asc Start: 4 Type: 1 Error Control: 1 Service (registry key): asc3350p Start: 4 Type: 1 Error Control: 1 Service (registry key): asc3550 Start: 4 Type: 1 Error Control: 1 Service (registry key): AsyncMac Display name: RAS Asynchronous Media Driver Description: RAS Asynchronous Media Driver Image path: system32\DRIVERS\asyncmac.sys Image size: 14336 Image MD5: 02000ABF34AF4C218C35D257024807D6 Start: 3 Type: 1 Error Control: 1 Service (registry key): atapi Display name: Standard IDE/ESDI Hard Disk Controller Image path: system32\DRIVERS\atapi.sys Image size: 95360 Image MD5: CDFE4411A69C224BD1D11B2DA92DAC51 Start: 0 Type: 1 Error Control: 1 Service (registry key): Atdisk Start: 4 Type: 1 Error Control: 0 Service (registry key): Atmarpc Display name: ATM ARP Client Protocol Description: ATM ARP Client Protocol Image path: system32\DRIVERS\atmarpc.sys Image size: 59904 Image MD5: EC88DA854AB7D7752EC8BE11A741BB7F Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): AudioSrv Display name: Windows Audio Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 2 Type: 32 Error Control: 1 Depends On services: PlugPlay,RpcSs Service (registry key): audstub Display name: Audio Stub Driver Image path: system32\DRIVERS\audstub.sys Image size: 3072 Image MD5: D9F724AA26C010A217C97606B160ED68 Start: 3 Type: 1 Error Control: 1 Service (registry key): Avg7Alrt Display name: AVG7 Alert Manager Server Object name: LocalSystem Image path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe Image size: 336896 Image MD5: 9BF46D959F713D64C8FF3DE2B2437863 Start: 2 Type: 272 Error Control: 1 Depends On services: RPCSS Service (registry key): Avg7Core Display name: AVG7 Kernel Image path: \SystemRoot\System32\Drivers\avg7core.sys Start: 1 Type: 1 Error Control: 1 Service (registry key): Avg7RsW Display name: AVG7 Wrap Driver Image path: \SystemRoot\System32\Drivers\avg7rsw.sys Start: 1 Type: 1 Error Control: 1 Service (registry key): Avg7RsXP Display name: AVG7 Rezident Driver Image path: \SystemRoot\System32\Drivers\avg7rsxp.sys Start: 1 Type: 1 Error Control: 1 Service (registry key): Avg7UpdSvc Display name: AVG7 Update Service Object name: LocalSystem Image path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe Image size: 84480 Image MD5: 66093610FA61142F6BCFD83AFB7E8A29 Start: 2 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): AvgTdi Display name: AVG Network Redirector Image path: \??\C:\WINDOWS\System32\Drivers\avgtdi.sys Image size: 4992 Image MD5: 413FA0EFB905402CAB4AC12A929BDCD5 Start: 2 Type: 1 Error Control: 1 Service (registry key): BattC Start: 0 Type: 0 Error Control: 0 Service (registry key): Beep Start: 1 Type: 1 Error Control: 1 Service (registry key): BITS Display name: Background Intelligent Transfer Service Description: Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 3 Type: 32 Error Control: 1 Depends On services: Rpcss Service (registry key): Browser Display name: Computer Browser Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 2 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation,LanmanServer Service (registry key): cbidf2k Start: 4 Type: 1 Error Control: 1 Service (registry key): cd20xrnt Start: 4 Type: 1 Error Control: 1 Service (registry key): Cdaudio Start: 1 Type: 1 Error Control: 0 Service (registry key): Cdfs Start: 4 Type: 2 Error Control: 1 Depends On group: "SCSI CDROM Class" Service (registry key): Cdrom Display name: CD-ROM Driver Image path: system32\DRIVERS\cdrom.sys Image size: 49536 Image MD5: AF9C19B3100FE010496B1A27181FBF72 Start: 1 Type: 1 Error Control: 1 Depends On group: "SCSI miniport" Service (registry key): Changer Start: 1 Type: 1 Error Control: 0 Service (registry key): CiSvc Display name: Indexing Service Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. Object name: LocalSystem Image path: %SystemRoot%\system32\cisvc.exe Image size: 5632 Image MD5: 3192BD04D032A9C4A85A3278C268A13A Start: 3 Type: 288 Error Control: 1 Depends On services: RPCSS Service (registry key): ClipSrv Display name: ClipBook Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\system32\clipsrv.exe Image size: 33280 Image MD5: C8DEC22C4137D7A90F8BDF41CA4B82AE Start: 4 Type: 16 Error Control: 1 Depends On services: NetDDE Service (registry key): CmdIde Start: 4 Type: 1 Error Control: 1 Service (registry key): COMSysApp Display name: COM+ System Application Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Image size: 5120 Image MD5: DD87DB7387B9EB441C5674888A0D840C Start: 3 Type: 16 Error Control: 1 Depends On services: rpcss Service (registry key): ContentFilter Start: 0 Type: 0 Error Control: 0 Service (registry key): ContentIndex Start: 0 Type: 0 Error Control: 0 Service (registry key): Cpqarray Start: 4 Type: 1 Error Control: 1 Service (registry key): CryptSvc Display name: Cryptographic Services Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): dac2w2k Start: 4 Type: 1 Error Control: 0 Service (registry key): dac960nt Start: 4 Type: 1 Error Control: 1 Service (registry key): DcomLaunch Display name: DCOM Server Process Launcher Description: Provides launch functionality for DCOM services. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost -k DcomLaunch Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 2 Type: 32 Error Control: 1 Service (registry key): Dhcp Display name: DHCP Client Description: Manages network configuration by registering and updating IP addresses and DNS names. Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 2 Type: 32 Error Control: 1 Depends On services: Tcpip,Afd,NetBT Service (registry key): Disk Display name: Disk Driver Image path: system32\DRIVERS\disk.sys Image size: 36352 Image MD5: 00CA44E4534865F8A3B64F7C0984BFF0 Start: 0 Type: 1 Error Control: 1 Depends On group: "SCSI miniport" Service (registry key): dmadmin Display name: Logical Disk Manager Administrative Service Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops. Object name: LocalSystem Image path: %SystemRoot%\System32\dmadmin.exe /com Image size: 224768 Image MD5: 554C7CB178FE3BD12450B81AD63ADBC3 Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,PlugPlay,DmServer Service (registry key): dmboot Image path: System32\drivers\dmboot.sys Image size: 799744 Image MD5: C0FBB516E06E243F0CF31F597E7EBF7D Start: 4 Type: 1 Error Control: 1 Service (registry key): dmio Display name: Logical Disk Manager Driver Image path: System32\drivers\dmio.sys Image size: 153344 Image MD5: F5E7B358A732D09F4BCF2824B88B9E28 Start: 0 Type: 1 Error Control: 1 Service (registry key): dmload Image path: System32\drivers\dmload.sys Image size: 5888 Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F Start: 0 Type: 1 Error Control: 1 Service (registry key): dmserver Display name: Logical Disk Manager Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs,PlugPlay Service (registry key): DMusic Display name: Microsoft Kernel DLS Syntheiszer Image path: system32\drivers\DMusic.sys Image size: 52864 Image MD5: A6F881284AC1150E37D9AE47FF601267 Start: 3 Type: 1 Error Control: 1 Service (registry key): Dnscache Display name: DNS Client Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\system32\svchost.exe -k NetworkService Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 2 Type: 32 Error Control: 1 Depends On services: Tcpip Service (registry key): dpti2o Start: 4 Type: 1 Error Control: 1 Service (registry key): drmkaud Display name: Microsoft Kernel DRM Audio Descrambler Image path: system32\drivers\drmkaud.sys Image size: 2944 Image MD5: 1ED4DBBAE9F5D558DBBA4CC450E3EB2E Start: 3 Type: 1 Error Control: 1 Service (registry key): drvmcdb Image path: system32\drivers\drvmcdb.sys Image size: 82512 Image MD5: 5DED5B8579A6EDD003CE8A846B13574D Start: 0 Type: 1 Error Control: 0 Service (registry key): drvncdb Start: 0 Type: 0 Error Control: 0 Service (registry key): drvnddm Image path: system32\drivers\drvnddm.sys Image size: 40368 Image MD5: 5ADC10796036DB00F89349C445F28B69 Start: 2 Type: 2 Error Control: 0 Service (registry key): ERSvc Display name: Error Reporting Service Description: Allows error reporting for services and applictions running in non-standard environments. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 2 Type: 32 Error Control: 0 Depends On services: RpcSs Service (registry key): Eventlog Display name: Event Log Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Object name: LocalSystem Image path: %SystemRoot%\system32\services.exe Image size: 108032 Image MD5: C6CE6EEC82F187615D1002BB3BB50ED4 Start: 2 Type: 32 Error Control: 1 Service (registry key): EventSystem Display name: COM+ Event System Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: C:\WINDOWS\system32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 3 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): ewido security suite control Display name: ewido security suite control Object name: LocalSystem Image path: C:\Program Files\ewido\security suite\ewidoctrl.exe Image size: 13888 Image MD5: 26830B750372AB1BF29C95DEEBEB802F Start: 2 Type: 272 Error Control: 0 Service (registry key): Fastfat Start: 4 Type: 2 Error Control: 1 Service (registry key): FastUserSwitchingCompatibility Display name: Fast User Switching Compatibility Description: Provides management for applications that require assistance in a multiple user environment. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 3 Type: 32 Error Control: 1 Depends On services: TermService Service (registry key): Fdc Display name: Floppy Disk Controller Driver Image path: system32\DRIVERS\fdc.sys Image size: 27392 Image MD5: CED2E8396A8838E59D8FD529C680E02C Start: 3 Type: 1 Error Control: 1 Service (registry key): Fips Start: 1 Type: 1 Error Control: 1 Service (registry key): Flpydisk Display name: Floppy Disk Driver Image path: system32\DRIVERS\flpydisk.sys Image size: 20480 Image MD5: 0DD1DE43115B93F4D85E889D7A86F548 Start: 3 Type: 1 Error Control: 1 Service (registry key): FltMgr Display name: FltMgr Description: File System Filter Manager Driver Image path: system32\drivers\fltmgr.sys Image size: 124800 Image MD5: 157754F0DF355A9E0A6F54721914F9C6 Start: 0 Type: 2 Error Control: 1 Service (registry key): Fs_Rec Start: 1 Type: 8 Error Control: 0 Service (registry key): Ftdisk Display name: Volume Manager Driver Image path: system32\DRIVERS\ftdisk.sys Image size: 125056 Image MD5: 6AC26732762483366C3969C9E4D2259D Start: 0 Type: 1 Error Control: 1 Service (registry key): gameenum Display name: Game Port Enumerator Image path: system32\DRIVERS\gameenum.sys Image size: 10624 Image MD5: 5F92FD09E5610A5995DA7D775EADCD12 Start: 3 Type: 1 Error Control: 0 Service (registry key): GEARAspiWDM Display name: GEARAspiWDM Image path: System32\Drivers\GEARAspiWDM.sys Image size: 14408 Image MD5: 32A73A8952580B284A47290ADB62032A Start: 3 Type: 1 Error Control: 1 Service (registry key): Gpc Display name: Generic Packet Classifier Description: Generic Packet Classifier Image path: system32\DRIVERS\msgpc.sys Image size: 35072 Image MD5: C0F1D4A21DE5A415DF8170616703DEBF Start: 3 Type: 1 Error Control: 1 Service (registry key): helpsvc Display name: Help and Support Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 2 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): HidServ Display name: Human Interface Device Access Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 4 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): hpn Start: 4 Type: 1 Error Control: 1 Service (registry key): HTTP Display name: HTTP Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start. Image path: System32\Drivers\HTTP.sys Image size: 263040 Image MD5: C19B522A9AE0BBC3293397F3055E80A1 Start: 3 Type: 1 Error Control: 1 Service (registry key): HTTPFilter Display name: HTTP SSL Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k HTTPFilter Image size: 14336 Image MD5: 8F078AE4ED187AAABC0A305146DE6716 Start: 3 Type: 32 Error Control: 1 Depends On services: HTTP Service (registry key): i2omgmt Start: 1 Type: 1 Error Control: 1 Service (registry key): i2omp Start: 4 Type: 1 Error Control: 1 Service (registry key): i8042prt Display name: i8042 Keyboard and PS/2 Mouse Port Driver Image path: system32\DRIVERS\i8042prt.sys Image size: 52736 Image MD5: 5502B58EEF7486EE6F93F3F164DCB808 Start: 1 Type: 1 Error Control: 1 Service (registry key): iadusb Display name: BT Voyager 205 ADSL Router Image path: system32\DRIVERS\glauiad.sys Image size: 30371 Image MD5: CE60E98FA7EA783C904773C0CD93B7C2 Start: 3 Type: 1 Error Control: 1 Service (registry key): IDriverT Display name: InstallDriver Table Manager Description: Provides support for the Running Object Table for InstallShield Drivers Object name: LocalSystem Image path: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" Image size: 69632 Image MD5: 1CF03C69B49ACB70C722DF92755C0C8C Start: 3 Type: 16 Error Control: 0 Service (registry key): Imapi Display name: CD-Burning Filter Driver Image path: system32\DRIVERS\imapi.sys Image size: 41856 Image MD5: F8AA320C6A0409C0380E5D8A99D76EC6 Start: 1 Type: 1 Error Control: 1 Service (registry key): ImapiService Display name: IMAPI CD-Burning COM Service Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start. Object name: LocalSystem Image path: C:\WINDOWS\system32\imapi.exe Image size: 150016 Image MD5: FA788520BCAC0F5D9D5CDE5615C0D931 Start: 3 Type: 16 Error Control: 1 Service (registry key): inetaccs Start: 0 Type: 0 Error Control: 0 Service (registry key): ini910u Start: 4 Type: 1 Error Control: 1 Service (registry key): Inport Start: 0 Type: 0 Error Control: 0 Service (registry key): IntelIde Start: 4 Type: 1 Error Control: 1 Service (registry key): Ip6Fw Display name: IPv6 Windows Firewall Driver Description: Provides intrusion prevention service for a home or small office network. Image path: system32\drivers\ip6fw.sys Image size: 29056 Image MD5: 4448006B6BC60E6C027932CFC38D6855 Start: 3 Type: 1 Error Control: 1 Service (registry key): IpFilterDriver Display name: IP Traffic Filter Driver Description: IP Traffic Filter Driver Image path: system32\DRIVERS\ipfltdrv.sys Image size: 32896 Image MD5: 731F22BA402EE4B62748ADAF6363C182 Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): IpInIp Display name: IP in IP Tunnel Driver Description: IP in IP Tunnel Driver Image path: system32\DRIVERS\ipinip.sys Image size: 20992 Image MD5: E1EC7F5DA720B640CD8FB8424F1B14BB Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): IpNat Display name: IP Network Address Translator Description: IP Network Address Translator Image path: system32\DRIVERS\ipnat.sys Image size: 134912 Image MD5: B5A8E215AC29D24D60B4D1250EF05ACE Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): iPodService Display name: iPodService Description: iPod hardware management services Object name: LocalSystem Image path: C:\Program Files\iPod\bin\iPodService.exe Image size: 323584 Image MD5: 20AF3FDD673B9B4AE6FAE2C52598CC68 Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): IPSec Display name: IPSEC driver Description: IPSEC driver Image path: system32\DRIVERS\ipsec.sys Image size: 74752 Image MD5: 64537AA5C003A6AFEEE1DF819062D0D1 |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 09:35 PM |
