Generic Host Process for Win32 Services encountered a prob..

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Hi,
any help? thanks
Giovanni

Generic Host Process for Win32 Services encountered a problem and needed to
close.

Error signature

szAppName : svchost.exe szAppVer : 0.0.0.0 szModName : unknown

szModVer : 0.0.0.0 offset : 00000000

The following files can be included

C:\DOCUME~1\Iachelli\LOCALS~1\Temp\WERbccb.dir00\svchost.exe.mdmp

C:\DOCUME~1\Iachelli\LOCALS~1\Temp\WERbccb.dir00\appcompat.txt


Burnaby, British Columbia, Canada
5 answers Last reply
More about generic host process win32 services encountered prob
  1. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Run Ad-Aware SE Personal (first) and SpyBot-Search & Destroy (second).
    http://www.majorgeeks.com/downloads31.html
    After you install each, you should click update before running. For example,
    with Ad-Aware click on the link "Check for updates now" on the first screen
    that appears after you launch the application.

    Here are some online scans
    http://us.mcafee.com/root/mfs/default.asp
    http://www.pandasoftware.com/activescan/
    http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
    http://housecall.trendmicro.com/housecall/start_corp.asp

    If all the above fails to solve your problem, then the problem could be
    something new that the spyware cleaners above don't have in their databases
    yet. In that case....HijackThis direct download:
    http://www.spywareinfo.com/~merijn/files/hijackthis.zip
    Tutorial on how to use HijackThis:
    http://www.spywareinfo.com/~merijn/htlogtutorial.html
    Then post it's output log to the forum here for analysis and feedback by the
    parasite experts:
    http://www.spywareinfo.com/forums/
    Or the other HijackThis Logs forums listed here:
    http://www.spywareinfo.com/~merijn/forums.html

    --
    Michael


    "Johnkelly" <giovanni@societa.com> wrote in message
    news:11dfhadlf1loa90@corp.supernews.com...
    >
    > Hi,
    > any help? thanks
    > Giovanni
    >
    > Generic Host Process for Win32 Services encountered a problem and needed
    > to
    > close.
    >
    > Error signature
    >
    > szAppName : svchost.exe szAppVer : 0.0.0.0 szModName : unknown
    >
    > szModVer : 0.0.0.0 offset : 00000000
    >
    > The following files can be included
    >
    > C:\DOCUME~1\Iachelli\LOCALS~1\Temp\WERbccb.dir00\svchost.exe.mdmp
    >
    > C:\DOCUME~1\Iachelli\LOCALS~1\Temp\WERbccb.dir00\appcompat.txt
    >
    >
    >
    >
    >
    > Burnaby, British Columbia, Canada
    >
  2. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Thank you very much------------>>>>>>>>>>>>>>>>>>>>>>

    WOW Mike is easier to get graduate from unuversity

    spybot find a spyware wich is related to logitec (videocam), this the reason
    why I did not delete it.

    I can see that is also on a long list of Register Keys.

    Do you suggest to delete it?? Because I think that this must be the
    problem......................

    THE REPORT:

    --- Search result list ---
    BackWeb lite: File extension (Registry key, nothing done)
    HKEY_CLASSES_ROOT\bwpfile

    BackWeb lite: File extension (Registry key, nothing done)
    HKEY_CLASSES_ROOT\.bwp

    BackWeb lite: Global settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\BackWeb

    BackWeb lite: Netscape viewer (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-329068152-1336601894-725345543-1003\Software\Netscape\Netscape
    Navigator\Viewers\application/x-bwpreview
    Company: http://www.backweb.com/
    Product: BackWeb lite
    Threat: Adware/Spyware
    Company URL:
    _http://www.backweb.com/_
    Company product URL:
    _http://www.backweb.com/products/html/backweb_eaccelerator.html_
    Company privacy URL:
    _http://www.cameocast.com/legal/privacypolicy.asp_
    Functionality
    Installs unknown items & advertisement popups on your system.
    Description
    Comes with Western Digital Data Lifeline as well as with HP & Compaq
    systems. If you intended to install the normal BackWeb, please add BackWeb
    to your exclude list. But if you know nothing about installing BackWeb,
    chances are good that it is the 'lite' version. This one connects to a
    Cameocast server (Source: http://www.cexx.org/dlgli.htm), and you can read
    Cameo's privavy statement above.
    Privacy Statement
    BackWeb: Stay in the loop With BackWeb's reporting capabilities, you'll know
    who received each delivery, when they received it, and how they interacted
    with it.
    CameoCast: CameoCAST pushes content to your hard drive while you are online.
    [...]This information such as the type of browser being used, its operating
    system, and your IP address, is gathered in order to enhance your online
    experience.
    BackWeb lite: Interface (IBackWebDisplaySettings4_2) (Registry key, nothing
    done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{001B3F20-D866-11D1-8B4C-00609761C47A}

    BackWeb lite: Interface (IBackWebChannel4_2) (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{025632A0-BCEC-11D1-8B35-00609761C47A}

    BackWeb lite: Interface (IBackWebDirectoryEntry) (Registry key, nothing
    done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{0C6E0440-0B50-11D1-9951-444553540000}

    BackWeb lite: Interface (IBackWebDownloadTimeConstraint) (Registry key,
    nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{0D1F7C83-8123-11D0-B5CA-0000B43698D6}

    BackWeb lite: Interface (IBackWebDownloadTimeConstraintCollection) (Registry
    key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{0D1F7C84-8123-11D0-B5CA-0000B43698D6}

    BackWeb lite: Interface (IBackWebExtension) (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{0F4FE440-983F-11D0-9B9C-444553540000}

    BackWeb lite: Interface (IBackWebGeneralSettings) (Registry key, nothing
    done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC3-61A7-11D0-A866-0000B43699FC}

    BackWeb lite: Interface (IBackWebDialerSettings) (Registry key, nothing
    done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC4-61A7-11D0-A866-0000B43699FC}

    BackWeb lite: Interface (IBackWebCommSettings) (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC5-61A7-11D0-A866-0000B43699FC}

    BackWeb lite: Interface (IBackWebDisplaySettings) (Registry key, nothing
    done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC6-61A7-11D0-A866-0000B43699FC}

    BackWeb lite: Interface (IBackWebSetup) (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC7-61A7-11D0-A866-0000B43699FC}

    BackWeb lite: Interface (IBackWebDirectory) (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{15030BC0-0B52-11D1-9951-444553540000}

    BackWeb lite: Interface (IBackWebStoryFieldCollection) (Registry key,
    nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{1D91D9E0-004B-11D1-9951-444553540000}

    BackWeb lite: Interface (IBackWeb2) (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{23F43240-F78D-11D0-9A50-00AA004812C2}

    BackWeb lite: Interface (IBackWebInfoPakDownloadServices) (Registry key,
    nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2DE07D90-DC04-11D0-A875-0000B43699FC}

    BackWeb lite: Interface (IBackWebSetupNotifications) (Registry key, nothing
    done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2F099AF0-6329-11D0-A866-0000B43699FC}

    BackWeb lite: Interface (IBackWebChannelTableNotifications) (Registry key,
    nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2F523082-5A0B-11D0-9B9C-444553540000}

    BackWeb lite: Interface (IBackWebSetup4) (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3667E7B0-4F28-11D1-8ADB-00609761C47A}

    BackWeb lite: Interface (IBackWebFileAccess) (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3AF78A6E-6F14-11D1-A884-0000B43699FC}

    BackWeb lite: Interface (IBackWebInfoPakFilesCollection) (Registry key,
    nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3AF78A71-6F14-11D1-A884-0000B43699FC}

    BackWeb lite: Interface (IBackWebInfoPakFile) (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3AF78A74-6F14-11D1-A884-0000B43699FC}

    BackWeb lite: Interface (IBackWebOpenInfoPakFile) (Registry key, nothing
    done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3AF78A77-6F14-11D1-A884-0000B43699FC}

    BackWeb lite: Interface (IBackWebDirectoryNotifications) (Registry key,
    nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{41CEBDC0-32C1-11D1-9951-444553540000}

    BackWeb lite: Interface (IBackWebStoryTableNotifications) (Registry key,
    nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{44230BC0-3105-11D1-9951-444553540000}

    BackWeb lite: Interface (IBackWebInfoPakNotifications) (Registry key,
    nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{4A3666F3-5F2D-11D0-A866-0000B43699FC}

    BackWeb lite: Interface (IBackWeb) (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{53FCF355-5323-11D0-A864-0000B43699FC}

    BackWeb lite: Interface (IBackWebChannelCollection) (Registry key, nothing
    done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{53FCF35A-5323-11D0-A864-0000B43699FC}

    BackWeb lite: Interface (IBackWebChannel) (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{53FCF35B-5323-11D0-A864-0000B43699FC}

    BackWeb lite: Interface (IBackWebStoryField) (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{5B1E13A0-004B-11D1-9951-444553540000}

    BackWeb lite: Interface (IBackWebDirectoryEntryCollection) (Registry key,
    nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{5DF6CE40-0B50-11D1-9951-444553540000}

    BackWeb lite: Interface (IBackWebFileAccessViaDir) (Registry key, nothing
    done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{608FE360-6FB2-11D1-A885-0000B43699FC}

    BackWeb lite: Interface (IBackWebInfoPak4_2) (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{610141C2-7701-11D1-B042-004095903824}

    BackWeb lite: Interface (IBackWebAlertSettings) (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{72B62B40-17D1-11D1-96A7-F8E906C10000}

    BackWeb lite: Interface (IBackWeb4) (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{740904E0-0BFB-11D1-9951-444553540000}

    BackWeb lite: Interface (IBackWebPlayer) (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{8028B940-4932-11D1-9951-444553540000}

    BackWeb lite: Interface (IBackWebAllInfoPakCollection) (Registry key,
    nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{8131F530-649E-11D0-A866-0000B43699FC}

    BackWeb lite: Interface (IBackWebChannelDownloadServices) (Registry key,
    nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9132E380-DC21-11D0-A875-0000B43699FC}

    BackWeb lite: Interface (IBackWebItemDownloadServices) (Registry key,
    nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{93BF8F00-DBE8-11D0-A875-0000B43699FC}

    BackWeb lite: Interface (IBackWebChannel2) (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9647FB70-DC0F-11D0-A875-0000B43699FC}

    BackWeb lite: Interface (IBackWebStoryCollection) (Registry key, nothing
    done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9DB46422-FF61-11D0-9951-444553540000}

    BackWeb lite: Interface (IBackWebAllStoryCollection) (Registry key, nothing
    done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9DB46423-FF61-11D0-9951-444553540000}

    BackWeb lite: Interface (IBackWebStory) (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9DB46424-FF61-11D0-9951-444553540000}

    BackWeb lite: Interface (IBackWebChannelVariableCollection) (Registry key,
    nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{A4BC67F0-6C90-11D0-A866-0000B43699FC}

    BackWeb lite: Interface (IBackWebChannel4) (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{AEE96320-2131-11D1-9951-444553540000}

    BackWeb lite: Interface (IBackWebCommunications) (Registry key, nothing
    done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{BAD37BC0-2231-11D1-9951-444553540000}

    BackWeb lite: Interface (IBackWebChannelCollection4) (Registry key, nothing
    done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{BCD0C200-69C1-11D1-8AF8-00609761C47A}

    BackWeb lite: Interface (IBackWebFilterSettings) (Registry key, nothing
    done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{C8CEEEE0-17D6-11D1-96A7-F8E906C10000}

    BackWeb lite: Interface (IBackWebApplicationNotifications) (Registry key,
    nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{D0894D60-6C6C-11D0-A866-0000B43699FC}

    BackWeb lite: Interface (IBackWebGeneralSettings2) (Registry key, nothing
    done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{E01AD640-F87D-11D0-9A50-00AA004812C2}

    BackWeb lite: Interface (IBackWebInfoPakCollection) (Registry key, nothing
    done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{EB1FFFC1-5688-11D0-A865-0000B43699FC}

    BackWeb lite: Interface (IBackWebInfoPak) (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{EB1FFFC2-5688-11D0-A865-0000B43699FC}

    BackWeb lite: Interface (IBackWebChannelVariable) (Registry key, nothing
    done)
    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{FEFCA7F0-6C8E-11D0-A866-0000B43699FC}


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2005-06-03 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2005-05-31 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2005-05-31 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2005-04-26 Includes\Cookies.sbi (*)
    2005-06-30 Includes\Dialer.sbi (*)
    2005-06-30 Includes\Hijackers.sbi (*)
    2005-06-23 Includes\Keyloggers.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2005-06-30 Includes\Malware.sbi (*)
    2005-06-09 Includes\PUPS.sbi (*)
    2005-04-27 Includes\Revision.sbi (*)
    2005-06-09 Includes\Security.sbi (*)
    2005-06-30 Includes\Spybots.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2005-06-30 Includes\Trojans.sbi (*)


    --- System information ---
    Windows XP (Build: 2600) Service Pack 2
    / DataAccess: Microsoft Data Access Components KB870669
    / DataAccess: Security Update for Microsoft Data Access Components
    / DirectX: DirectX Update 819696
    / DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
    / Windows Media Player: Windows Media Player Hotfix [See Q828026 for more
    information]
    / Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for
    more information]
    / Windows Media Player: Windows Media Update 817787
    / Windows XP / SP2: Windows XP Service Pack 2
    / Windows XP / SP3: Windows XP Hotfix - KB834707
    / Windows XP / SP3: Windows XP Hotfix - KB867282
    / Windows XP / SP3: Windows XP Hotfix - KB873333
    / Windows XP / SP3: Windows XP Hotfix - KB873339
    / Windows XP / SP3: Security Update for Windows XP (KB883939)
    / Windows XP / SP3: Windows XP Hotfix - KB885250
    / Windows XP / SP3: Windows XP Hotfix - KB885835
    / Windows XP / SP3: Windows XP Hotfix - KB885836
    / Windows XP / SP3: Windows XP Hotfix - KB886185
    / Windows XP / SP3: Windows XP Hotfix - KB887472
    / Windows XP / SP3: Windows XP Hotfix - KB887742
    / Windows XP / SP3: Windows XP Hotfix - KB888113
    / Windows XP / SP3: Windows XP Hotfix - KB888302
    / Windows XP / SP3: Security Update for Windows XP (KB890046)
    / Windows XP / SP3: Windows XP Hotfix - KB890047
    / Windows XP / SP3: Windows XP Hotfix - KB890175
    / Windows XP / SP3: Windows XP Hotfix - KB890859
    / Windows XP / SP3: Windows XP Hotfix - KB890923
    / Windows XP / SP3: Windows XP Hotfix - KB891781
    / Windows XP / SP3: Security Update for Windows XP (KB893066)
    / Windows XP / SP3: Windows XP Hotfix - KB893086
    / Windows XP / SP3: Windows Installer 3.1 (KB893803)
    / Windows XP / SP3: Windows Installer 3.1 (KB893803)
    / Windows XP / SP3: Security Update for Windows XP (KB896358)
    / Windows XP / SP3: Security Update for Windows XP (KB896422)
    / Windows XP / SP3: Security Update for Windows XP (KB896428)
    / Windows XP / SP3: Update for Windows XP (KB898461)
    / Windows XP / SP3: Security Update for Windows XP (KB901214)
    / Windows XP / SP3: Security Update for Windows XP (KB903235)


    --- Startup entries list ---
    Located: HK_LM:Run, ABBYY Community Agent
    command: D:\Program Files\ABBYY FineReader 5.0 Pro\CAgent.exe
    file: D:\Program Files\ABBYY FineReader 5.0 Pro\CAgent.exe
    size: 253952
    MD5: 8081d6a0b47c1fa1f5186d91c0a99c52

    Located: HK_LM:Run, ATIPTA
    command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    size: 335872
    MD5: e7d70592d84fe14e4a6c1f09d9c1bd34

    Located: HK_LM:Run, AVG7_CC
    command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    size: 352768
    MD5: 82f0d9baf07f7a63d6ca044251dd5598

    Located: HK_LM:Run, CmUsbSound
    command: RunDll32 cmcnfgu.cpl,CMICtrlWnd
    file:

    Located: HK_LM:Run, DiskeeperSystray
    command: "D:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
    file:

    Located: HK_LM:Run, gcasServ
    command: "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    file: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    size: 473928
    MD5: fc8fff9f2e3ebfb5b6ad8d91df6c0f23

    Located: HK_LM:Run, InCD
    command: C:\Program Files\Ahead\InCD\InCD.exe
    file: C:\Program Files\Ahead\InCD\InCD.exe
    size: 966706
    MD5: 170a2c4fcc2bb6198e118698c218da15

    Located: HK_LM:Run, IndexSearch
    command: C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
    file: C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
    size: 36864
    MD5: b5bc9306c84bad6200ca5699f5602dc5

    Located: HK_LM:Run, iTunesHelper
    command: D:\Program Files\iTunes\iTunesHelper.exe
    file: D:\Program Files\iTunes\iTunesHelper.exe
    size: 278528
    MD5: 2e0e2be7bd6614ea4c86b9ece793e31e

    Located: HK_LM:Run, KernelFaultCheck
    command: %systemroot%\system32\dumprep 0 -k
    file: C:\WINDOWS\system32\dumprep.exe
    size: 10752
    MD5: 13922eb54890c77005268882629a31fe

    Located: HK_LM:Run, LogitechVideoRepair
    command: D:\Program Files\Logitech\Video\ISStart.exe
    file: D:\Program Files\Logitech\Video\ISStart.exe
    size: 458752
    MD5: 3d9d5aa7b8a3d9f447274599d3efb578

    Located: HK_LM:Run, LogitechVideoTray
    command: D:\Program Files\Logitech\Video\LogiTray.exe
    file: D:\Program Files\Logitech\Video\LogiTray.exe
    size: 217088
    MD5: ee2a9192a73d51e7f4d9099fc35c32d0

    Located: HK_LM:Run, LVCOMSX
    command: C:\WINDOWS\system32\LVCOMSX.EXE
    file: C:\WINDOWS\system32\LVCOMSX.EXE
    size: 221184
    MD5: bcd419d4ea19087e91601c1c2914323a

    Located: HK_LM:Run, NeroCheck
    command: C:\WINDOWS\System32\\NeroCheck.exe
    file: C:\WINDOWS\System32\\NeroCheck.exe
    size: 155648
    MD5: 3e4c03cefad8de135263236b61a49c90

    Located: HK_LM:Run, PaperPort PTD
    command: C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    file: C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    size: 45108
    MD5: ccdc00f353963e9e7dd839817b89d593

    Located: HK_LM:Run, QuickTime Task
    command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
    file: C:\Program Files\QuickTime\qttask.exe
    size: 77824
    MD5: 5d22b4258489575412f6d18affc847a2

    Located: HK_LM:Run, SunJavaUpdateSched
    command: C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    file: C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    size: 36975
    MD5: 1f6573d67dd5dc06dd29ec7fcf81dc6f

    Located: HK_LM:Run, TkBellExe
    command: "C:\Program Files\Common
    iles\Real\Update_OB\realsched.exe" -osboot
    file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    size: 180269
    MD5: 7237366a57a26b7ed71c9b081fbdd6eb

    Located: HK_LM:Run, UserFaultCheck
    command: %systemroot%\system32\dumprep 0 -u
    file: C:\WINDOWS\system32\dumprep.exe
    size: 10752
    MD5: 13922eb54890c77005268882629a31fe

    Located: HK_LM:Run, vSkype
    command: C:\Program Files\Santa Cruz Networks\vSkype\vSkype.exe no
    file:

    Located: HK_LM:Run, ymetray
    command: "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
    file: C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
    size: 40960
    MD5: 85d3e243db49f26ab114319674e92847

    Located: HK_CU:Run, ctfmon.exe
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 24232996a38c0b0cf151c2140ae29fc8

    Located: HK_CU:Run, LDM
    command: C:\Program Files\Logitech\Desktop
    Messenger\8876480\Program\BackWeb-8876480.exe
    file:

    Located: HK_CU:Run, LogitechSoftwareUpdate
    command: "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    file: D:\Program Files\Logitech\Video\ManifestEngine.exe
    size: 196608
    MD5: c1913a21cb3a7bf314641acf0a8f81c9

    Located: HK_CU:Run, PlaxoUpdate
    command: C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe -a
    file:

    Located: HK_CU:Run, Skype
    command: "d:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    file: d:\Program Files\Skype\Phone\Skype.exe
    size: 17675304
    MD5: eed75e89529f26405e298eea66599bcb

    Located: HK_CU:Run, SpybotSD TeaTimer
    command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 1415824
    MD5: 70496eee0ddbe485f658693826f44d38

    Located: HK_CU:Run, Yahoo! Pager
    command: C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    file:

    Located: Startup (common), Adobe Reader Speed Launch.lnk
    command: D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    file: D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    size: 29696
    MD5: deb88aef013dd1eefb462d7cad642166

    Located: Startup (common), eFax Live Menu 3.3.lnk
    command: C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
    file: C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
    size: 17408
    MD5: 2c0e197b4d24984d80bf165e33d43969

    Located: Startup (common), eFax Tray Menu 3.3.lnk
    command: C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
    file: C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
    size: 40960
    MD5: 6434cce49abb8daecc5c7e88597b4de8

    Located: Startup (common), Free WebSite Tools.lnk
    command: D:\Program Files\CoffeeCup Software\CoffeeCup Free
    FTP\ThirtyDayTimer.exe
    file: D:\Program Files\CoffeeCup Software\CoffeeCup Free
    FTP\ThirtyDayTimer.exe
    size: 372224
    MD5: 34711735750dcf9cb8580793a3bd8271

    Located: Startup (common), Logitech Desktop Messenger.lnk
    command: C:\Program Files\Logitech\Desktop
    Messenger\8876480\Program\LDMConf.exe
    file: C:\Program Files\Logitech\Desktop
    Messenger\8876480\Program\LDMConf.exe
    size: 450560
    MD5: a5e4cd281c93e174181c5873fafd4f16

    Located: Startup (common), Microsoft Office.lnk
    command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
    file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
    size: 65588
    MD5: f2020569df0e5cdf0ccedb3406d15cb3

    Located: Startup (common), SmartUI.lnk
    command: C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
    file: C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
    size: 1568768
    MD5: 7893e209a13b52651560fab999614ff2

    Located: WinLogon, crypt32chain
    command: crypt32.dll
    file: crypt32.dll

    Located: WinLogon, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll

    Located: WinLogon, cscdll
    command: cscdll.dll
    file: cscdll.dll

    Located: WinLogon, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll

    Located: WinLogon, Schedule
    command: wlnotify.dll
    file: wlnotify.dll

    Located: WinLogon, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll

    Located: WinLogon, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll

    Located: WinLogon, termsrv
    command: wlnotify.dll
    file: wlnotify.dll

    Located: WinLogon, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll


    --- Browser helper object list ---
    {0751BE0D-66C7-4578-89F9-7FEDFC16531C} ()
    BHO name:
    CLSID name:


    --- ActiveX list ---
    {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
    DPF name:
    CLSID name: PCPitstop Utility
    Installer: C:\WINDOWS\Downloaded Program Files\PCPitstop.inf
    Codebase: http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    description: Gateway tools
    classification: Unknown
    known filename: PCPITSTOP.DLL
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: PCPitstop.dll
    Short name: PCPITS~1.DLL
    Date (created): 28/07/2004 13.49.00
    Date (last access): 15/07/2005 17.00.56
    Date (last write): 05/01/2005 20.02.56
    Filesize: 252416
    Attributes: archive
    MD5: 09B759CF3836A19F761BFC5033B01509
    CRC32: AE04C3FC
    Version: 1.0.0.134

    {33564D57-0000-0010-8000-00AA00389B71} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
    Codebase:
    http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

    {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class)
    DPF name:
    CLSID name: RdxIE Class
    Installer:
    Codebase:
    http://software-dl.real.com/18ad19321889bc92c715/netzip/RdxIE601.cab
    description: Netster
    classification: Confirmed as malware
    known filename:
    info link:
    info source:
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: RdxIE.dll
    Short name:
    Date (created): 28/01/2004 12.13.52
    Date (last access): 15/07/2005 17.00.56
    Date (last write): 28/01/2004 12.13.52
    Filesize: 520349
    Attributes: archive
    MD5: C350FD4B920362062BD39EA31007ACFB
    CRC32: 9B705B2D
    Version: 6.0.0.10

    {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control
    (redist))
    DPF name:
    CLSID name: Microsoft RDP Client Control (redist)
    Installer: C:\WINDOWS\Downloaded Program Files\msrdp.inf
    Codebase: http://www.cofinsim.com/antana/msrdp.cab
    Path: C:\WINDOWS\DOWNLO~1\
    Long name: msrdp.ocx
    Short name:
    Date (created): 10/08/2002 23.21.04
    Date (last access): 14/07/2005 4.12.12
    Date (last write): 10/08/2002 23.21.04
    Filesize: 600064
    Attributes: archive
    MD5: B3F7D6919FB5C1AFD39A942D2439285F
    CRC32: 0A3EEE6A
    Version: 5.1.2600.1095

    {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner)
    DPF name:
    CLSID name: Anonymizer Anti-Spyware Scanner
    Installer: C:\WINDOWS\Downloaded Program Files\WebAAS.inf
    Codebase:
    http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: WebAAS.dll
    Short name:
    Date (created): 20/01/2005 16.04.18
    Date (last access): 15/07/2005 17.00.56
    Date (last write): 20/01/2005 16.04.18
    Filesize: 151552
    Attributes: archive
    MD5: 05CE1F289570DC4337D615B6669E065D
    CRC32: F52B9D12
    Version: 1.0.0.23

    {9C134253-E8A3-4759-9F98-302B7981922E} (MaxViewer Class)
    DPF name:
    CLSID name: MaxViewer Class
    Installer: C:\WINDOWS\Downloaded Program Files\np_max.inf
    Codebase: http://support.scansoft.com/pp/files/np_max.cab
    Path: C:\WINDOWS\System32\
    Long name: MaxX.dll
    Short name:
    Date (created): 26/10/2001 13.04.30
    Date (last access): 14/07/2005 4.16.54
    Date (last write): 26/10/2001 13.04.30
    Filesize: 180224
    Attributes: archive
    MD5: 6BF9D08F657961B823BAA60E4F093098
    CRC32: E2D8A303
    Version: 1.1.1.0

    {9E472D58-F10C-11CF-B7A9-0020AFD6A362} (NeRemoteDoc Class)
    DPF name:
    CLSID name: NeRemoteDoc Class
    Installer: C:\WINDOWS\Downloaded Program Files\newebcl.inf
    Codebase: https://vault.netvoyage.com/neWeb2/neWebCl.cab
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: neWebCl.dll
    Short name:
    Date (created): 22/04/2004 8.55.52
    Date (last access): 15/07/2005 17.00.56
    Date (last write): 22/04/2004 8.55.52
    Filesize: 499712
    Attributes: archive
    MD5: A8409CA43FD9929FEE972CE24013E0E1
    CRC32: 869F42F5
    Version: 4.2.2.4

    {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update)
    DPF name:
    CLSID name: LinkSys Content Update
    Installer: C:\WINDOWS\Downloaded Program Files\gtdownls_95.inf
    Codebase:
    http://www.linksysfix.com/netcheck/24/install/gtdownls.cab
    Path: C:\WINDOWS\system32\
    Long name: gtdownls_95.ocx
    Short name: GTDOWN~1.OCX
    Date (created): 06/09/2004 14.30.28
    Date (last access): 14/07/2005 4.16.44
    Date (last write): 06/09/2004 14.30.28
    Filesize: 184320
    Attributes: archive
    MD5: 4051D9747C3FD625E4B4A39E5D6E3AE9
    CRC32: 94D55331
    Version: 1.0.0.95

    {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
    DPF name: Java Runtime Environment 1.4.2
    CLSID name: Java Plug-in 1.4.2_05
    Installer:
    Codebase:
    http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    Path: C:\Program Files\Java\j2re1.4.2_05\bin\
    Long name: NPJPI142_05.dll
    Short name: NPJPI1~1.DLL
    Date (created): 03/06/2068 22.05.12
    Date (last access): 14/07/2005 4.04.36
    Date (last write): 03/06/2004 22.05.06
    Filesize: 65650
    Attributes: archive
    MD5: 174488C8877FA852448D1937C322AABB
    CRC32: 62C2460D
    Version: 1.4.2.50

    {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
    DPF name: Java Runtime Environment 1.4.2
    CLSID name: Java Plug-in 1.4.2_06
    Installer:
    Codebase:
    http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    Path: C:\Program Files\Java\j2re1.4.2_06\bin\
    Long name: NPJPI142_06.dll
    Short name: NPJPI1~1.DLL
    Date (created): 28/09/2004 21.26.10
    Date (last access): 14/07/2005 4.04.52
    Date (last write): 28/09/2004 21.26.00
    Filesize: 65650
    Attributes: archive
    MD5: 69E5147BA901A9238C4EB08C84E1A85B
    CRC32: 6CB34BCC
    Version: 1.4.2.60

    {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_01
    Installer:
    Codebase:
    http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
    Path: C:\Program Files\Java\jre1.5.0_01\bin\
    Long name: NPJPI150_01.dll
    Short name: NPJPI1~1.DLL
    Date (created): 06/12/2068 22.31.52
    Date (last access): 14/07/2005 4.05.08
    Date (last write): 06/12/2004 22.49.16
    Filesize: 69746
    Attributes: archive
    MD5: 7B8F5AAF633987C6F1B88146357D04E5
    CRC32: AD99524A
    Version: 1.5.0.10

    {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_02
    Installer:
    Codebase:
    http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    Path: C:\Program Files\Java\jre1.5.0_02\bin\
    Long name: NPJPI150_02.dll
    Short name: NPJPI1~1.DLL
    Date (created): 04/03/2005 4.36.50
    Date (last access): 14/07/2005 4.05.28
    Date (last write): 04/03/2005 4.54.18
    Filesize: 69746
    Attributes: archive
    MD5: 6C9A4C573C0C771D99D902EE06DA3CBB
    CRC32: 55F989EE
    Version: 5.0.20.9

    {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class)
    DPF name:
    CLSID name: iTunesDetector Class
    Installer: C:\WINDOWS\Downloaded Program Files\ITDetector.inf
    Codebase:
    http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    Path: D:\Program Files\iTunes\
    Long name: ITDetector.ocx
    Short name: ITDETE~1.OCX
    Date (created): 08/03/2004 14.07.14
    Date (last access): 14/07/2005
    Date (last write): 08/03/2004 14.07.14
    Filesize: 49152
    Attributes: archive
    MD5: C45D0B763A601B1EEF0573F99F1DD732
    CRC32: 09E2233A
    Version: 2.0.0.0

    {DBA230D1-8467-4e69-987E-5FAE815A3B45} ()
    DPF name:
    CLSID name:
    Installer:
    Codebase:

    {DD1FA138-39F5-4DF5-BD04-6D814AD0C7D9} (IPhone Class)
    DPF name:
    CLSID name: IPhone Class
    Installer: C:\WINDOWS\Downloaded Program Files\PC2Phone.inf
    Codebase: http://www.ibuzz123.com:8585/WebPhone/PC2Phone.cab
    Path: C:\WINDOWS\System32\
    Long name: PC2Phone.dll
    Short name:
    Date (created): 15/01/2004 23.03.10
    Date (last access): 14/07/2005 4.17.16
    Date (last write): 15/01/2004 23.03.10
    Filesize: 208896
    Attributes: archive
    MD5: 2CB4D4755A4FCD8BD3D8C88127F712F5
    CRC32: 1093A3E2
    Version: 2.0.0.1

    {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5)
    DPF name:
    CLSID name: MSN Chat Control 4.5
    Installer: C:\WINDOWS\Downloaded Program Files\MsnChat45.inf
    Codebase: http://chat.msn.com/bin/msnchat45.cab
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: MSNChat45.ocx
    Short name: MSNCHA~1.OCX
    Date (created): 27/10/2003 11.35.44
    Date (last access): 14/07/2005 4.12.12
    Date (last write): 27/10/2003 11.35.44
    Filesize: 510552
    Attributes: archive
    MD5: 60FED272BDBAFA8214E40AD376C9987E
    CRC32: 5EE901FC
    Version: 9.2.310.2401


    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 480 ( 4) \SystemRoot\System32\smss.exe
    PID: 536 ( 480) \??\C:\WINDOWS\system32\csrss.exe
    PID: 560 ( 480) \??\C:\WINDOWS\system32\winlogon.exe
    PID: 604 ( 560) C:\WINDOWS\system32\services.exe
    size: 108032
    MD5: C6CE6EEC82F187615D1002BB3BB50ED4
    PID: 624 ( 560) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: 84885F9B82F4D55C6146EBF6065D75D2
    PID: 780 ( 604) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 836 ( 604) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 904 ( 604) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 948 ( 604) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1080 ( 604) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 1292 ( 604) C:\WINDOWS\system32\spoolsv.exe
    size: 57856
    MD5: 7435B108B935E42EA92CA94F59C8E717
    PID: 1400 (1380) C:\WINDOWS\Explorer.EXE
    size: 1032192
    MD5: A0732187050030AE399B241436565E64
    PID: 1488 ( 604) C:\WINDOWS\System32\Ati2evxx.exe
    size: 294912
    MD5: FBC566675FBFA5248EBFA4492B167240
    PID: 1516 ( 604) C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    size: 330240
    MD5: 9DBD26D7D7967D918C507B1E2A93A37E
    PID: 1568 (1400) C:\Program Files\ATI Technologies\ATI Control
    Panel\atiptaxx.exe
    size: 335872
    MD5: E7D70592D84FE14E4A6C1F09D9C1BD34
    PID: 1576 (1400) C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    size: 36975
    MD5: 1F6573D67DD5DC06DD29EC7FCF81DC6F
    PID: 1584 (1400) C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
    size: 45108
    MD5: CCDC00F353963E9E7DD839817B89D593
    PID: 1600 (1400) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    size: 180269
    MD5: 7237366A57A26B7ED71C9B081FBDD6EB
    PID: 1608 (1400) C:\WINDOWS\system32\RunDll32.exe
    size: 33280
    MD5: DA285490BBD8A1D0CE6623577D5BA1FF
    PID: 1616 (1400) C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    size: 352768
    MD5: 82F0D9BAF07F7A63D6CA044251DD5598
    PID: 1668 ( 604) C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    size: 84480
    MD5: 62E6B23B906B213836470740FE449B43
    PID: 1684 (1400) C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
    size: 40960
    MD5: 85D3E243DB49F26AB114319674E92847
    PID: 1740 (1400) C:\Program Files\Ahead\InCD\InCD.exe
    size: 966706
    MD5: 170A2C4FCC2BB6198E118698C218DA15
    PID: 1820 (1400) D:\Program Files\ABBYY FineReader 5.0 Pro\CAgent.exe
    size: 253952
    MD5: 8081D6A0B47C1FA1F5186D91C0A99C52
    PID: 1840 (1400) C:\Program Files\QuickTime\qttask.exe
    size: 77824
    MD5: 5D22B4258489575412F6D18AFFC847A2
    PID: 1852 ( 604) C:\Program Files\Ahead\InCD\InCDsrv.exe
    size: 671796
    MD5: 254A6CCA11DBAFEF78F71463633BD6FE
    PID: 1876 (1400) D:\Program Files\iTunes\iTunesHelper.exe
    size: 278528
    MD5: 2E0E2BE7BD6614EA4C86B9ECE793E31E
    PID: 1952 (1400) C:\WINDOWS\system32\LVCOMSX.EXE
    size: 221184
    MD5: BCD419D4EA19087E91601C1C2914323A
    PID: 1976 ( 604) C:\WINDOWS\System32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 200 (1400) D:\Program Files\Logitech\Video\LogiTray.exe
    size: 217088
    MD5: EE2A9192A73D51E7F4D9099FC35C32D0
    PID: 400 (1400) C:\Program Files\Santa Cruz Networks\vSkype\vSkype.exe
    size: 258048
    MD5: 849BE90B562A752F31F40D3AC97C7979
    PID: 456 ( 604) C:\WINDOWS\system32\wdfmgr.exe
    size: 38912
    MD5: AB0A7CA90D9E3D6A193905DC1715DED0
    PID: 1696 (1400) C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 24232996A38C0B0CF151C2140AE29FC8
    PID: 1728 (1400) C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe
    size: 116736
    MD5: 7ABCB53C5B6E266C512004CBCEDE899A
    PID: 1720 (1400) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 1415824
    MD5: 70496EEE0DDBE485F658693826F44D38
    PID: 1920 ( 780) C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    size: 756552
    MD5: 644F843DADF77A1A85DA19EDD5A5FC07
    PID: 2100 ( 780) D:\Program Files\Logitech\Video\FxSvr2.exe
    size: 192512
    MD5: F0D7CFBE4ED807D5801950556FD418A1
    PID: 2220 (1400) C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
    size: 17408
    MD5: 2C0E197B4D24984D80BF165E33D43969
    PID: 2292 (1976) C:\WINDOWS\system32\BRMFRSMG.EXE
    size: 32256
    MD5: EAE7A53581A0ACA26FDDAA40CAF7BD62
    PID: 2300 (1400) C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
    size: 1568768
    MD5: 7893E209A13B52651560FAB999614FF2
    PID: 2580 ( 604) C:\Program Files\iPod\bin\iPodService.exe
    size: 327680
    MD5: 3AC9F355ECCE7D6BB8FF184E9B2229A9
    PID: 2736 ( 604) C:\WINDOWS\System32\alg.exe
    size: 44544
    MD5: F1958FBF86D5C004CF19A5951A9514B7
    PID: 3536 ( 400) C:\Program Files\Santa Cruz
    Networks\vSkype\vskypebuttonclient.exe
    size: 57344
    MD5: 968E517E66B1C56C53C57A61AD310A57
    PID: 1144 (1400) C:\Program Files\Outlook Express\msimn.exe
    size: 60416
    MD5: 091C14F4C71328D4316248A2421190DE
    PID: 260 (1824) C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    size: 90112
    MD5: 3C1450374C1851762C3021AF86A5A41E
    PID: 3128 ( 780) C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
    size: 196152
    MD5: 40825ACFC23E0AD28DA1FC63F77E9825
    PID: 1128 ( 780) C:\Program Files\Skype\toolbars\Skype for
    Outlook\SkypeOBE.exe
    size: 126976
    MD5: 09DADE37BCF3E83C0777D6B6B74B0091
    PID: 3324 (1400) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    size: 7534698
    MD5: BA42C9E39C70471BE8B9DC4E20FE9EFF
    PID: 2448 (1400) C:\Program Files\Internet Explorer\iexplore.exe
    size: 93184
    MD5: E7484514C0464642BE7B4DC2689354C8
    PID: 3820 (1376) d:\Program Files\Skype\Phone\Skype.exe
    size: 17675304
    MD5: EED75E89529F26405E298EEA66599BCB
    PID: 1892 (1400) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 4393096
    MD5: 09CA174A605B480318731E691DC98539
    PID: 4 ( 0) System


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 15/07/2005 17.03.46

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
    http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://my.yahoo.com/
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
    http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
    Explorer\Main\Default_Page_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
    Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
    Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
    Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---
    Protocol 0: Google Desktop over [MSAFD Tcpip [TCP/IP]]
    GUID: {3636939A-B38D-402D-BF88-E082CE211C73}
    Filename: C:\Program Files\Google\Google Desktop
    Search\GoogleDesktopNetwork1.dll

    Protocol 1: Google Desktop over [MSAFD Tcpip [UDP/IP]]
    GUID: {3636939A-B38D-402D-BF88-E082CE211C73}
    Filename: C:\Program Files\Google\Google Desktop
    Search\GoogleDesktopNetwork1.dll

    Protocol 27: Google Desktop
    GUID: {E5A29CC9-CDB8-4771-BC4F-B09FBEFF9814}
    Filename: C:\Program Files\Google\Google Desktop
    Search\GoogleDesktopNetwork1.dll


    --- Uninstall list ---
    ABBYY FineReader 5.0 Pro 5.0 (ABBYY FineReader 5.0 Pro)
    install location: D:\Program Files\ABBYY FineReader 5.0 Pro\
    uninstall cmd: C:\WINDOWS\bitdein2.exe
    D:\PROGRA~1\ABBYYF~1.0PR\bitdeins.ini
    publisher: ABBYY Software House
    help link: www.abbyyusa.com/support/index_e.htm
    help telephone: +1 (510) 226-6069

    (AddressBook)

    Adobe Download Manager 2.0 (Remove Only) 2.0 (AdobeESD)
    uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"

    ATI Display Driver 7.91-030625a-009918C-AMI (ATI Display Driver)
    uninstall cmd: rundll32
    C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart
    -flags:0x2010001 -inf_class:DISPLAY -clean

    AVG Free Edition (AVG7Uninstall)
    uninstall cmd: C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL

    (Branding)

    HUAYE USB Audio (C-Media USB Sound)
    uninstall cmd: C:\WINDOWS\CmiUSB2Uninstall.exe C:\PROGRA~1\HUAYEU~1#HUAYE
    USB Audio

    (Connection Manager)

    (DirectAnimation)

    (DirectDrawEx)

    (DXM_Runtime)

    (Fontcore)

    Google Desktop Search - (Google Desktop)
    uninstall cmd: C:\Program Files\Google\Google Desktop
    Search\GoogleDesktopSearchSetup.exe -uninstall
    publisher: Google
    help link: http://desktop.google.com/help.html?hl=en

    HearLink (HearLink)
    uninstall cmd: C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program
    Files\HearLink\UnInst.log" "/APPNAME=HearLink"

    (ICW)

    (IE40)

    (IE4Data)

    (IE5BAKEX)

    (IEData)

    Ahead InCD (InCD!UninstallKey)
    uninstall cmd: C:\WINDOWS\NuNInst.exe /UNINSTALL

    (InstallShield Uninstall Information)

    iTunes 4.7.1.30 (InstallShield_{3CB41017-F5CA-4C56-934C-ED02156251E6})
    version: 67567617
    version (major): 4
    version (minor): 7
    estimated size: 13827
    install date: 20050506
    install location: D:\Program Files\iTunes\
    install source: C:\WINDOWS\Downloaded
    Installations\{628E8630-7947-49EA-BE90-7F8BFF77A79C}\
    uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel
    32\IDriver.exe /M{3CB41017-F5CA-4C56-934C-ED02156251E6}
    publisher: Apple Computer, Inc.
    contact: AppleCare Support
    help link: http://www.info.apple.com/
    help telephone: 1-800-275-2273

    Siemens Data Suite 1.0.0.76
    (InstallShield_{7AE38076-D8FD-4EF9-A203-98A3EF0C66C1})
    version: 16777216
    version (major): 1
    estimated size: 59737
    install date: 20040810
    install source: C:\Documents and Settings\Iachelli\Desktop\M55\
    uninstall cmd:
    C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
    /M{7AE38076-D8FD-4EF9-A203-98A3EF0C66C1} /l1033
    publisher: Siemens AG
    comments: Siemens SL55
    contact: Technical Support department
    help link: http://www.my-siemens.com
    help telephone: (044)
    readme: Readme.txt

    IrfanView (remove only) (IrfanView)
    uninstall cmd: D:\Program Files\IrfanView\iv_uninstall.exe

    Windows XP Hotfix - KB834707 20040929.110854 (KB834707)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=834707

    Windows XP Hotfix - KB867282 20050127.090417 (KB867282)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=867282

    Microsoft Data Access Components KB870669 (KB870669)
    uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=KB870669

    Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=873333

    Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=873339

    Security Update for Windows XP (KB883939) 1 (KB883939)
    install date: 20050617
    uninstall cmd: "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=883939

    (KB884016)

    Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=885250

    Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=885835

    Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=885836

    Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=886185

    Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=887472

    Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=887742

    Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=888113

    Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=888302

    Security Update for Windows XP (KB890046) 1 (KB890046)
    install date: 20050617
    uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=890046

    Windows XP Hotfix - KB890047 20041221.124506 (KB890047)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=890047

    Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=890175

    Windows XP Hotfix - KB890859 1 (KB890859)
    install date: 20050415
    uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=890859

    Windows XP Hotfix - KB890923 1 (KB890923)
    install date: 20050415
    uninstall cmd: "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=890923

    Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
    uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=891781

    Windows XP Hotfix - KB893066 1 (KB893066)
    install date: 20050415
    uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=893066

    Windows XP Hotfix - KB893086 1 (KB893086)
    install date: 20050415
    uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=893086

    Windows Installer 3.1 (KB893803) 3.1 (KB893803)
    uninstall cmd:
    "C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http://go.microsoft.com/fwlink/?LinkId=42467

    Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
    uninstall cmd:
    "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http://go.microsoft.com/fwlink/?LinkId=42467

    Security Update for Windows XP (KB896358) 1 (KB896358)
    install date: 20050617
    uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=896358

    Security Update for Windows XP (KB896422) 1 (KB896422)
    install date: 20050617
    uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=896422

    Security Update for Windows XP (KB896428) 1 (KB896428)
    install date: 20050617
    uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=896428

    Update for Windows XP (KB898461) 1 (KB898461)
    install date: 20050628
    uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=898461

    Security Update for Windows XP (KB901214) 1 (KB901214)
    uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=901214

    Security Update for Windows XP (KB903235) 1 (KB903235)
    install date: 20050713
    uninstall cmd: "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=903235

    LiveReg (Symantec Corporation) 2.2.0.1621 (LiveReg)
    install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
    uninstall cmd: C:\Program Files\Common Files\Symantec
    Shared\LiveReg\VcSetup.exe /REMOVE
    publisher: Symantec Corporation

    Logitech Print Service (Logitech Print Service)
    uninstall cmd: C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE
    C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG

    Macromedia Shockwave Player (Macromedia Shockwave Player)
    uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE
    C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

    (Microsoft NetShow Player 2.0)

    (MobileOptionPack)

    Mozilla Firefox (1.0.4) 1.0.4 (en-US) (Mozilla Firefox (1.0.4))
    install location: D:\Program Files
    uninstall cmd: C:\WINDOWS\UninstallFirefox.exe /ua "1.0.4 (en-US)"
    publisher: Mozilla

    Mozilla Thunderbird (1.0) 1.0 (en) (Mozilla Thunderbird (1.0))
    install location: C:\Program Files\Mozilla Thunderbird
    uninstall cmd: C:\WINDOWS\UninstallThunderbird.exe /ua "1.0 (en)"
    publisher: Mozilla

    (MPlayer2)

    Ahead InCD EasyWrite Reader (MRW!UninstallKey)
    uninstall cmd: C:\WINDOWS\unmrw.exe /UNINSTALL

    (MSI30-Beta1)

    (MSI30-Beta2)

    (MSI30-KB884016)

    (MSI30-RC1)

    (MSI30-RC2)

    (MSI30a-KB884016)

    (MSI31-Beta)

    (MSI31-RC1)

    (NetMeeting)

    Ahead NeroMediaPlayer (NMPUninstallKey)
    uninstall cmd: C:\WINDOWS\UNNMP.exe /UNINSTALL

    NVIDIA Drivers (NVIDIA Drivers)
    uninstall cmd: C:\WINDOWS\system32\nvuaudio.exe UninstallGUI

    NVIDIA Windows 2000/XP nForce Drivers (NVIDIAnForce)
    uninstall cmd: rundll32.exe
    C:\WINDOWS\System32\NVNFINST.DLL,NvUninstallCrush

    (OutlookExpress)

    PC Camera Capture (PC Camera Capture)
    uninstall cmd: C:\WINDOWS\pcamrm.exe

    (PCHealth)
    uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection
    DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

    Pdf995 (Pdf995)
    uninstall cmd: c:\pdf995\setup.exe uninstall

    PdfEdit995 (PdfEdit995)
    uninstall cmd: c:\pdf995\res\utilities\thinsetup.exe - uninstall

    Photoshare (Photoshare)
    uninstall cmd: c:\pdf995\res\utilities\ultrapdf\photothinsetup.exe -
    uninstall

    Plaxo (Plaxo)
    install location: C:\Program Files\Plaxo\2.1.0.80
    uninstall cmd: C:\Program Files\Plaxo\2.1.0.80\uninstall.exe
    help link: http://www.plaxo.com/support/uninstall

    Logitech® Camera Driver (QcDrv)
    install location: C:\Program Files\Common Files\Logitech\QCDRV
    install source: E:\Drivers\Bin\
    uninstall cmd: "C:\Program Files\Common
    Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT

    QuickTime (QuickTime)
    uninstall cmd: C:\WINDOWS\unvise32qt.exe
    C:\WINDOWS\system32\QuickTime\Uninstall.log

    (RealJukebox 1.0)
    uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe
    RealNetworks|RealPlayer|6.0

    RealPlayer (RealPlayer 6.0)
    uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe
    RealNetworks|RealPlayer|6.0

    (SchedulingAgent)

    SearchWithin (SearchWithin)
    uninstall cmd: c:\SearchWithin\thinsetup.exe - uninstall

    (Shockwave)

    (ShockwaveFlash)

    Skype for Outlook 1.0.407 (SkypeForOutlook_is1)
    install location: C:\Program Files\Skype\toolbars\Skype for Outlook\
    uninstall cmd: "C:\Program Files\Skype\toolbars\Skype for
    Outlook\unins000.exe"
    publisher: Skype Technologies
    comments: www.skype.com
    help link: www.skype.com

    Skype 1.3 1.3 (Skype_is1)
    install location: d:\Program Files\Skype\Phone\
    uninstall cmd: "d:\Program Files\Skype\Phone\unins000.exe"
    publisher: Skype Software S.A.
    help link: http://ui.skype.com/ui/0/1.3.0.57/en/help

    Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
    install location: C:\Program Files\Spybot - Search & Destroy\
    uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    publisher: Safer Networking Limited

    UltraPdf (UltraPdf)
    uninstall cmd: c:\pdf995\res\utilities\ultrapdf\thinsetup.exe - uninstall

    (UNZD1201USB)

    Windows Media Format Runtime (Windows Media Format Runtime)
    uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe"
    /UninstallAll

    Windows Media Player 10 (Windows Media Player)
    uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe"
    /Uninstall

    Windows XP Service Pack 2 20040803.231319 (Windows XP Service Pack)
    uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=811113

    WinZip 9.0 (6028) (WinZip)
    version (major): 9
    install location: D:\PROGRA~1\WINZIP\
    uninstall cmd: "D:\Program Files\WinZip\WINZIP32.EXE" /uninstall
    publisher: WinZip Computing, Inc.
    help link: http://www.winzip.com/xsupport.htm

    Yahoo! Anti-Spy (Yahoo! Anti-Spy)
    uninstall cmd: C:\PROGRA~1\Yahoo!\common\unypsr.exe

    Yahoo! Toolbar (Yahoo! Companion)
    uninstall cmd: rundll32.exe
    C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\yt.dll,DllCommand ui

    Yahoo! Messenger (Yahoo! Messenger)
    uninstall cmd: C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE
    C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

    Yahoo! Music Engine (Yahoo! Music Engine)
    uninstall cmd: "C:\Program Files\Yahoo!\Yahoo! Music
    Engine\Uninstall.exe"

    Yahoo! Toolbar (Yahoo! Toolbar)

    Yahoo! Install Manager (YInstHelper)
    uninstall cmd: C:\WINDOWS\system32\regsvr32 /u
    C:\WINDOWS\cache\YINSTH~1.DLL

    Microsoft Office 2000 Premium 9.00.2720
    ({00000409-78E1-11D2-B60F-006097C998E7})
    version: 150997664
    version (major): 9
    estimated size: 130271
    install date: 20040509
    install source: E:\
    uninstall cmd: MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
    publisher: Microsoft Corporation
    help link: http://www.microsoft.com/support
    readme: C:\Program Files\Microsoft Office\Office\ofread9.txt

    Microsoft Office 2000 Disc 2 9.00.2720
    ({00040409-78E1-11D2-B60F-006097C998E7})
    version: 150997664
    version (major): 9
    estimated size: 169472
    install date: 20040814
    install source: E:\
    uninstall cmd: MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
    publisher: Microsoft Corporation
    help link: http://www.microsoft.com/support

    Logitech QuickCam 8.30.0000 ({0496D9E9-224B-4AFA-8F37-23B98D52F1EB})
    version: 136183808
    version (major): 8
    version (minor): 30
    estimated size: 243326
    install date: 20050705
    install location: D:\Program Files\Logitech\Video\
    install source: E:\QuickCam\enu\
    uninstall cmd: MsiExec.exe /I{0496D9E9-224B-4AFA-8F37-23B98D52F1EB}
    publisher: Logitech, Inc.
    contact: Logitech® Customer Support
    help link: http://www.logitech.com/support
    help telephone: USA: (702) 269-3457 UK: +44 (0)
    1344-894301
    readme: D:\Program Files\Logitech\Video\Readme.txt

    ATI Control Panel ({0BEDBD4E-2D34-47B5-9973-57E62B29307C})
    uninstall cmd: RunDll32
    C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup
    "C:\Program Files\InstallShield Installation
    Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

    Brother MFL Pro Suite ({0C3FCE48-6984-11D5-90F8-00E029591716})
    uninstall cmd: RunDll32
    C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup
    "C:\Program Files\InstallShield Installation
    Information\{0C3FCE48-6984-11D5-90F8-00E029591716}\Setup.exe" bruninst.dll

    J2SE Runtime Environment 5.0 Update 1 1.5.0.10
    ({3248F0A8-6813-11D6-A77B-00B0D0150010})
    version: 17104896
    version (major): 1
    version (minor): 5
    estimated size: 120317
    install date: 20050307
    install source: C:\Documents and Settings\Iachelli\Local
    Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150010}\
    uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
    publisher: Sun Microsystems, Inc.
    contact: http://java.com
    help link: http://java.com
    readme: C:\Program Files\Java\jre1.5.0_01\README.txt

    J2SE Runtime Environment 5.0 Update 2 1.5.0.20
    ({3248F0A8-6813-11D6-A77B-00B0D0150020})
    version: 17104896
    version (major): 1
    version (minor): 5
    estimated size: 120657
    install date: 20050401
    install source:
    http://java.sun.com/webapps/download/GetFile/1.5.0_02-b09/windows-i586/
    uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
    publisher: Sun Microsystems, Inc.
    contact: http://java.com
    help link: http://java.com
    readme: C:\Program Files\Java\jre1.5.0_02\README.txt

    WebFldrs XP 9.50.6513 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
    version: 154278257
    version (major): 9
    version (minor): 50
    estimated size: 2492
    install date: 20040507
    install source: C:\WINDOWS\System32\
    publisher: Microsoft Corporation
    help link: http://www.microsoft.com/windows

    iTunes 4.7.1.30 ({3CB41017-F5CA-4C56-934C-ED02156251E6})
    version: 67567617
    version (major): 4
    version (minor): 7
    estimated size: 13827
    install date: 20050506
    install location: D:\Program Files\iTunes\
    install source: C:\WINDOWS\Downloaded
    Installations\{628E8630-7947-49EA-BE90-7F8BFF77A79C}\
    publisher: Apple Computer, Inc.
    contact: AppleCare Support
    help link: http://www.info.apple.com/
    help telephone: 1-800-275-2273

    XTNDConnect PC ({3D6ACBBB-A640-4715-BA0F-42D1EA05F23A})
    uninstall cmd: RunDll32
    C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup
    "C:\Program Files\InstallShield Installation
    Information\{3D6ACBBB-A640-4715-BA0F-42D1EA05F23A}\Setup.exe" UNINSTALL

    ATI HydraVision ({3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66})
    uninstall cmd: RunDll32
    C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup
    "C:\Program Files\InstallShield Installation
    Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"

    Microsoft AntiSpyware 1.0 ({536F7C74-844B-4683-B0C5-EA39E19A6FE3})
    version: 16777216
    version (major): 1
    estimated size: 15255
    install date: 20050629
    install source: C:\WINDOWS\Downloaded
    Installations\{DF2E8A41-7E98-427D-9582-7D2EAF44F827}\
    uninstall cmd: MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
    publisher: Microsoft Corporation
    contact: Microsoft Support
    help link: http://www.microsoft.com

    SD Viewer for DSC ({5A8D3524-79DB-11D5-99D1-00010256D40E})
    uninstall cmd: RunDll32
    C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup
    "C:\Program Files\InstallShield Installation
    Information\{5A8D3524-79DB-11D5-99D1-00010256D40E}\setup.exe"

    PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
    uninstall cmd: RunDll32
    C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup
    "C:\Program Files\InstallShield Installation
    Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

    Java 2 Runtime Environment, SE v1.4.2_04 1.4.2_04
    ({7148F0A8-6813-11D6-A77B-00B0D0142040})
    version (major): 1
    version (minor): 4
    estimated size: 110132
    install date: 20040621
    install source: C:\Documents and Settings\Iachelli\Local
    Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142040}\
    uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
    publisher: Sun Microsystems, Inc.
    comments: http://www.java.com
    contact: http://www.java.com
    help link: http://www.java.com
    help telephone: http://www.java.com
    readme: Readme.txt

    Java 2 Runtime Environment, SE v1.4.2_05 1.4.2_05
    ({7148F0A8-6813-11D6-A77B-00B0D0142050})
    version (major): 1
    version (minor): 4
    estimated size: 110772
    install date: 20041001
    install source:
    http://java.sun.com/webapps/download/GetFile/1.4.2_05-b04/windows-i586/
    uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
    publisher: Sun Microsystems, Inc.
    comments: http://www.java.com
    contact: http://www.java.com
    help link: http://www.java.com
    help telephone: http://www.java.com
    readme: Readme.txt

    Java 2 Runtime Environment, SE v1.4.2_06 1.4.2_06
    ({7148F0A8-6813-11D6-A77B-00B0D0142060})
    ...(message truncated)
  3. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    I was reading this lost and wanted seek help with my own log:
    Is everything safe to delete?

    Logfile of HijackThis v1.99.1
    Scan saved at 8:00:08 PM, on 8/9/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\mmc.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Ty\Local Settings\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://g.msn.com/0SEENUS/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://red.clientapps.yahoo.com/customize/ie/defaults/su/yie6/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://red.clientapps.yahoo.com/customize/ie/defaults/sb/yie6/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://red.clientapps.yahoo.com/customize/ie/defaults/sp/yie6/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://red.clientapps.yahoo.com/customize/ie/defaults/stp/yie6/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    c:\windows\SYSTEM\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
    Internet Explorer provided by Yahoo!
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SideStep Browser Helper - {08351226-6472-43BD-8A40-D9221FF1C4CE} -
    C:\WINDOWS\DOWNLOADED PROGRAM FILES\SbCIe026.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN
    Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} -
    C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
    C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} -
    C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
    Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [eyes] C:\WINDOWS\System32\eyes\eyes.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
    Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE
    /b
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
    Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection]
    "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common
    Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
    -atboottime
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
    Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
    Files\AOL\1102868940\EE\AOLHostManager.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [Promon.exe] Promon.exe
    O4 - HKLM\..\Run: [msci]
    C:\DOCUME~1\Ty\LOCALS~1\Temp\200587175044_mcinfo.exe /insfin
    O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI
    Multimedia\main\launchpd.exe"
    O4 - HKCU\..\Run: [PPWebCap] C:\PAPRPORT\PPWebCap.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
    ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image
    Expert\IXApplet.exe
    O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer
    OneTouch\WiseUpdt.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
    Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: SnapDetect.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program
    Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program
    Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: LimeShop Preferences - file://C:\Program
    Files\LimeShop\System\Temp\limeshop_script0.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
    Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
    Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} -
    C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login -
    {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
    Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: Create Mobile Favorite -
    {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
    ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
    C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
    {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
    ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2F099F5D-7003-4441-82C2-707C7C273FEB} -
    C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Block This Pop-up -
    {2F099F5D-7003-4441-82C2-707C7C273FEB} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
    C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
    {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
    Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
    C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
    O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
    O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} -
    http://down.plaxo.com/down/release/instub.cab
    O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} (SideStep IE Inst) -
    http://download.sidestep.com/get/k00719/sb01f.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
    Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) -
    http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) -
    http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj
    Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
    https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
    (MsnMessengerSetupDownloadControl Class) -
    http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
    http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) -
    http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
    O16 - DPF: {BB659027-D633-11D2-A6C2-525400DB7692} (BOOTSTRAP TileStyle
    Internet Engine) - http://actimage.dancik.com/ib/download/biTileStyle14.CAB
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
    https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
    O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) -
    http://a840.g.akamai.net/7/840/5805/v1503/www.contentwatch.com/audit/includes/ContentAuditControl.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
    http://f1.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -
    http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online -
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online,
    Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner -
    C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. -
    C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America
    Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation -
    C:\WINDOWS\System32\WFXSVC.EXE


    "Michael T" wrote:

    > Run Ad-Aware SE Personal (first) and SpyBot-Search & Destroy (second).
    > http://www.majorgeeks.com/downloads31.html
    > After you install each, you should click update before running. For example,
    > with Ad-Aware click on the link "Check for updates now" on the first screen
    > that appears after you launch the application.
    >
    > Here are some online scans
    > http://us.mcafee.com/root/mfs/default.asp
    > http://www.pandasoftware.com/activescan/
    > http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
    > http://housecall.trendmicro.com/housecall/start_corp.asp
    >
    > If all the above fails to solve your problem, then the problem could be
    > something new that the spyware cleaners above don't have in their databases
    > yet. In that case....HijackThis direct download:
    > http://www.spywareinfo.com/~merijn/files/hijackthis.zip
    > Tutorial on how to use HijackThis:
    > http://www.spywareinfo.com/~merijn/htlogtutorial.html
    > Then post it's output log to the forum here for analysis and feedback by the
    > parasite experts:
    > http://www.spywareinfo.com/forums/
    > Or the other HijackThis Logs forums listed here:
    > http://www.spywareinfo.com/~merijn/forums.html
    >
    > --
    > Michael
    >
    >
    >
    >
    > "Johnkelly" <giovanni@societa.com> wrote in message
    > news:11dfhadlf1loa90@corp.supernews.com...
    > >
    > > Hi,
    > > any help? thanks
    > > Giovanni
    > >
    > > Generic Host Process for Win32 Services encountered a problem and needed
    > > to
    > > close.
    > >
    > > Error signature
    > >
    > > szAppName : svchost.exe szAppVer : 0.0.0.0 szModName : unknown
    > >
    > > szModVer : 0.0.0.0 offset : 00000000
    > >
    > > The following files can be included
    > >
    > > C:\DOCUME~1\Iachelli\LOCALS~1\Temp\WERbccb.dir00\svchost.exe.mdmp
    > >
    > > C:\DOCUME~1\Iachelli\LOCALS~1\Temp\WERbccb.dir00\appcompat.txt
    > >
    > >
    > >
    > >
    > >
    > > Burnaby, British Columbia, Canada
    > >
    >
    >
    >
  4. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Ty whats going on? this is the same log you posted a few days ago. You
    should have had hijackthis fix these already, what happened?

    Have hijackthis fix the following lines.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://g.msn.com/0SEENUS/SAOS01
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    c:\windows\SYSTEM\blank.htm
    O2 - BHO: SideStep Browser Helper - {08351226-6472-43BD-8A40-D9221FF1C4CE} -
    C:\WINDOWS\DOWNLOADED PROGRAM FILES\SbCIe026.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} -
    C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} -
    C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [eyes] C:\WINDOWS\System32\eyes\eyes.exe
    O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE
    /b
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
    Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
    Files\AOL\1102868940\EE\AOLHostManager.exe
    O4 - HKLM\..\Run: [msci]
    C:\DOCUME~1\Ty\LOCALS~1\Temp\200587175044_mcinfo.exe /insfin
    O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue
    O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
    O4 - Global Startup: SnapDetect.lnk = ?
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program
    Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
    O16 - DPF: Dialpad US Java Applet -
    http://www.dialpad.com/applet/src/vscp.cab
    O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} -
    http://down.plaxo.com/down/release/instub.cab
    O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} (SideStep IE Inst) -
    http://download.sidestep.com/get/k00719/sb01f.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
    Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) -
    http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) -
    http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj
    Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
    https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
    (MsnMessengerSetupDownloadControl Class) -
    http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
    http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) -
    http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
    O16 - DPF: {BB659027-D633-11D2-A6C2-525400DB7692} (BOOTSTRAP TileStyle
    Internet Engine) - http://actimage.dancik.com/ib/download/biTileStyle14.CAB
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
    https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
    O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) -
    http://a840.g.akamai.net/7/840/5805/v1503/www.contentwatch.com/audit/includes/ContentAuditControl.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
    http://f1.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -
    http://fdl.msn.com/zone/datafiles/heartbeat.cab


    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "Ty" <Ty@discussions.microsoft.com> wrote in message
    news:B1DA8C56-131C-4DA7-A93A-D5E65B36DCBD@microsoft.com...
    >I was reading this lost and wanted seek help with my own log:
    > Is everything safe to delete?
    >
    > Logfile of HijackThis v1.99.1
    > Scan saved at 8:00:08 PM, on 8/9/2005
    > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  5. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    It's frustrating. I ran the fix for highjack but still can get the adapter
    installed. XP reinstlll will be the last resort. I am running the adware
    fixes again right now but it's possible they're missing something because
    they are not the most up-to-date versions.

    "pcbutts1" wrote:

    > Ty whats going on? this is the same log you posted a few days ago. You
    > should have had hijackthis fix these already, what happened?
    >
    > Have hijackthis fix the following lines.
    >
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    > http://g.msn.com/0SEENUS/SAOS01
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    > http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    > c:\windows\SYSTEM\blank.htm
    > O2 - BHO: SideStep Browser Helper - {08351226-6472-43BD-8A40-D9221FF1C4CE} -
    > C:\WINDOWS\DOWNLOADED PROGRAM FILES\SbCIe026.dll
    > O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    > O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} -
    > C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    > O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    > O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} -
    > C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    > O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    > O4 - HKLM\..\Run: [eyes] C:\WINDOWS\System32\eyes\eyes.exe
    > O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE
    > /b
    > O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
    > Manager\ViewMgr.exe
    > O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
    > Files\AOL\1102868940\EE\AOLHostManager.exe
    > O4 - HKLM\..\Run: [msci]
    > C:\DOCUME~1\Ty\LOCALS~1\Temp\200587175044_mcinfo.exe /insfin
    > O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue
    > O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
    > O4 - Global Startup: SnapDetect.lnk = ?
    > O8 - Extra context menu item: &Viewpoint Search - res://C:\Program
    > Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    > O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
    > O16 - DPF: Dialpad US Java Applet -
    > http://www.dialpad.com/applet/src/vscp.cab
    > O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} -
    > http://down.plaxo.com/down/release/instub.cab
    > O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} (SideStep IE Inst) -
    > http://download.sidestep.com/get/k00719/sb01f.cab
    > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
    > Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    > O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) -
    > http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
    > O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) -
    > http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
    > O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
    > http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    > O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj
    > Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    > O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
    > https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    > O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
    > http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    > O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
    > (MsnMessengerSetupDownloadControl Class) -
    > http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    > O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
    > http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    > O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) -
    > http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
    > O16 - DPF: {BB659027-D633-11D2-A6C2-525400DB7692} (BOOTSTRAP TileStyle
    > Internet Engine) - http://actimage.dancik.com/ib/download/biTileStyle14.CAB
    > O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
    > https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
    > O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) -
    > http://a840.g.akamai.net/7/840/5805/v1503/www.contentwatch.com/audit/includes/ContentAuditControl.cab
    > O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
    > http://f1.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    > O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -
    > http://fdl.msn.com/zone/datafiles/heartbeat.cab
    >
    >
    >
    > --
    >
    >
    > The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > NEW Embedded system W/Linux. We now sell DVR cards.
    > See it all at http://www.seedsv.com/products.htm
    > Sharpvision simply the best http://www.seedsv.com
    >
    >
    >
    > "Ty" <Ty@discussions.microsoft.com> wrote in message
    > news:B1DA8C56-131C-4DA7-A93A-D5E65B36DCBD@microsoft.com...
    > >I was reading this lost and wanted seek help with my own log:
    > > Is everything safe to delete?
    > >
    > > Logfile of HijackThis v1.99.1
    > > Scan saved at 8:00:08 PM, on 8/9/2005
    > > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >
    >
    >
Ask a new question

Read More

Win32 Support Svchost.Exe Microsoft Windows XP