Sign in with
Sign up | Sign in
Your question

Generic Host Process for Win32 Services encountered a prob..

Last response: in Windows XP
Share
Anonymous
July 15, 2005 11:17:17 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Hi,
any help? thanks
Giovanni

Generic Host Process for Win32 Services encountered a problem and needed to
close.

Error signature

szAppName : svchost.exe szAppVer : 0.0.0.0 szModName : unknown

szModVer : 0.0.0.0 offset : 00000000

The following files can be included

C:\DOCUME~1\Iachelli\LOCALS~1\Temp\WERbccb.dir00\svchost.exe.mdmp

C:\DOCUME~1\Iachelli\LOCALS~1\Temp\WERbccb.dir00\appcompat.txt





Burnaby, British Columbia, Canada
Anonymous
July 15, 2005 1:54:48 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Run Ad-Aware SE Personal (first) and SpyBot-Search & Destroy (second).
http://www.majorgeeks.com/downloads31.html
After you install each, you should click update before running. For example,
with Ad-Aware click on the link "Check for updates now" on the first screen
that appears after you launch the application.

Here are some online scans
http://us.mcafee.com/root/mfs/default.asp
http://www.pandasoftware.com/activescan/
http://security.symantec.com/sscv6/default.asp?langid=i...
http://housecall.trendmicro.com/housecall/start_corp.as...

If all the above fails to solve your problem, then the problem could be
something new that the spyware cleaners above don't have in their databases
yet. In that case....HijackThis direct download:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Tutorial on how to use HijackThis:
http://www.spywareinfo.com/~merijn/htlogtutorial.html
Then post it's output log to the forum here for analysis and feedback by the
parasite experts:
http://www.spywareinfo.com/forums/
Or the other HijackThis Logs forums listed here:
http://www.spywareinfo.com/~merijn/forums.html

--
Michael




"Johnkelly" <giovanni@societa.com> wrote in message
news:11dfhadlf1loa90@corp.supernews.com...
>
> Hi,
> any help? thanks
> Giovanni
>
> Generic Host Process for Win32 Services encountered a problem and needed
> to
> close.
>
> Error signature
>
> szAppName : svchost.exe szAppVer : 0.0.0.0 szModName : unknown
>
> szModVer : 0.0.0.0 offset : 00000000
>
> The following files can be included
>
> C:\DOCUME~1\Iachelli\LOCALS~1\Temp\WERbccb.dir00\svchost.exe.mdmp
>
> C:\DOCUME~1\Iachelli\LOCALS~1\Temp\WERbccb.dir00\appcompat.txt
>
>
>
>
>
> Burnaby, British Columbia, Canada
>
Anonymous
July 15, 2005 9:07:56 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Thank you very much------------>>>>>>>>>>>>>>>>>>>>>>

WOW Mike is easier to get graduate from unuversity

spybot find a spyware wich is related to logitec (videocam), this the reason
why I did not delete it.

I can see that is also on a long list of Register Keys.

Do you suggest to delete it?? Because I think that this must be the
problem......................

THE REPORT:

--- Search result list ---
BackWeb lite: File extension (Registry key, nothing done)
HKEY_CLASSES_ROOT\bwpfile

BackWeb lite: File extension (Registry key, nothing done)
HKEY_CLASSES_ROOT\.bwp

BackWeb lite: Global settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\BackWeb

BackWeb lite: Netscape viewer (Registry value, nothing done)
HKEY_USERS\S-1-5-21-329068152-1336601894-725345543-1003\Software\Netscape\Netscape
Navigator\Viewers\application/x-bwpreview
Company: http://www.backweb.com/
Product: BackWeb lite
Threat: Adware/Spyware
Company URL:
_http://www.backweb.com/_
Company product URL:
_http://www.backweb.com/products/html/backweb_eaccelerat...
Company privacy URL:
_http://www.cameocast.com/legal/privacypolicy.asp_
Functionality
Installs unknown items & advertisement popups on your system.
Description
Comes with Western Digital Data Lifeline as well as with HP & Compaq
systems. If you intended to install the normal BackWeb, please add BackWeb
to your exclude list. But if you know nothing about installing BackWeb,
chances are good that it is the 'lite' version. This one connects to a
Cameocast server (Source: http://www.cexx.org/dlgli.htm), and you can read
Cameo's privavy statement above.
Privacy Statement
BackWeb: Stay in the loop With BackWeb's reporting capabilities, you'll know
who received each delivery, when they received it, and how they interacted
with it.
CameoCast: CameoCAST pushes content to your hard drive while you are online.
[...]This information such as the type of browser being used, its operating
system, and your IP address, is gathered in order to enhance your online
experience.
BackWeb lite: Interface (IBackWebDisplaySettings4_2) (Registry key, nothing
done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{001B3F20-D866-11D1-8B4C-00609761C47A}

BackWeb lite: Interface (IBackWebChannel4_2) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{025632A0-BCEC-11D1-8B35-00609761C47A}

BackWeb lite: Interface (IBackWebDirectoryEntry) (Registry key, nothing
done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{0C6E0440-0B50-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWebDownloadTimeConstraint) (Registry key,
nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{0D1F7C83-8123-11D0-B5CA-0000B43698D6}

BackWeb lite: Interface (IBackWebDownloadTimeConstraintCollection) (Registry
key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{0D1F7C84-8123-11D0-B5CA-0000B43698D6}

BackWeb lite: Interface (IBackWebExtension) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{0F4FE440-983F-11D0-9B9C-444553540000}

BackWeb lite: Interface (IBackWebGeneralSettings) (Registry key, nothing
done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC3-61A7-11D0-A866-0000B43699FC}

BackWeb lite: Interface (IBackWebDialerSettings) (Registry key, nothing
done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC4-61A7-11D0-A866-0000B43699FC}

BackWeb lite: Interface (IBackWebCommSettings) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC5-61A7-11D0-A866-0000B43699FC}

BackWeb lite: Interface (IBackWebDisplaySettings) (Registry key, nothing
done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC6-61A7-11D0-A866-0000B43699FC}

BackWeb lite: Interface (IBackWebSetup) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC7-61A7-11D0-A866-0000B43699FC}

BackWeb lite: Interface (IBackWebDirectory) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{15030BC0-0B52-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWebStoryFieldCollection) (Registry key,
nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{1D91D9E0-004B-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWeb2) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{23F43240-F78D-11D0-9A50-00AA004812C2}

BackWeb lite: Interface (IBackWebInfoPakDownloadServices) (Registry key,
nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2DE07D90-DC04-11D0-A875-0000B43699FC}

BackWeb lite: Interface (IBackWebSetupNotifications) (Registry key, nothing
done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2F099AF0-6329-11D0-A866-0000B43699FC}

BackWeb lite: Interface (IBackWebChannelTableNotifications) (Registry key,
nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2F523082-5A0B-11D0-9B9C-444553540000}

BackWeb lite: Interface (IBackWebSetup4) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3667E7B0-4F28-11D1-8ADB-00609761C47A}

BackWeb lite: Interface (IBackWebFileAccess) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3AF78A6E-6F14-11D1-A884-0000B43699FC}

BackWeb lite: Interface (IBackWebInfoPakFilesCollection) (Registry key,
nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3AF78A71-6F14-11D1-A884-0000B43699FC}

BackWeb lite: Interface (IBackWebInfoPakFile) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3AF78A74-6F14-11D1-A884-0000B43699FC}

BackWeb lite: Interface (IBackWebOpenInfoPakFile) (Registry key, nothing
done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3AF78A77-6F14-11D1-A884-0000B43699FC}

BackWeb lite: Interface (IBackWebDirectoryNotifications) (Registry key,
nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{41CEBDC0-32C1-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWebStoryTableNotifications) (Registry key,
nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{44230BC0-3105-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWebInfoPakNotifications) (Registry key,
nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{4A3666F3-5F2D-11D0-A866-0000B43699FC}

BackWeb lite: Interface (IBackWeb) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{53FCF355-5323-11D0-A864-0000B43699FC}

BackWeb lite: Interface (IBackWebChannelCollection) (Registry key, nothing
done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{53FCF35A-5323-11D0-A864-0000B43699FC}

BackWeb lite: Interface (IBackWebChannel) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{53FCF35B-5323-11D0-A864-0000B43699FC}

BackWeb lite: Interface (IBackWebStoryField) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{5B1E13A0-004B-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWebDirectoryEntryCollection) (Registry key,
nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{5DF6CE40-0B50-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWebFileAccessViaDir) (Registry key, nothing
done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{608FE360-6FB2-11D1-A885-0000B43699FC}

BackWeb lite: Interface (IBackWebInfoPak4_2) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{610141C2-7701-11D1-B042-004095903824}

BackWeb lite: Interface (IBackWebAlertSettings) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{72B62B40-17D1-11D1-96A7-F8E906C10000}

BackWeb lite: Interface (IBackWeb4) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{740904E0-0BFB-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWebPlayer) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{8028B940-4932-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWebAllInfoPakCollection) (Registry key,
nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{8131F530-649E-11D0-A866-0000B43699FC}

BackWeb lite: Interface (IBackWebChannelDownloadServices) (Registry key,
nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9132E380-DC21-11D0-A875-0000B43699FC}

BackWeb lite: Interface (IBackWebItemDownloadServices) (Registry key,
nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{93BF8F00-DBE8-11D0-A875-0000B43699FC}

BackWeb lite: Interface (IBackWebChannel2) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9647FB70-DC0F-11D0-A875-0000B43699FC}

BackWeb lite: Interface (IBackWebStoryCollection) (Registry key, nothing
done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9DB46422-FF61-11D0-9951-444553540000}

BackWeb lite: Interface (IBackWebAllStoryCollection) (Registry key, nothing
done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9DB46423-FF61-11D0-9951-444553540000}

BackWeb lite: Interface (IBackWebStory) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9DB46424-FF61-11D0-9951-444553540000}

BackWeb lite: Interface (IBackWebChannelVariableCollection) (Registry key,
nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{A4BC67F0-6C90-11D0-A866-0000B43699FC}

BackWeb lite: Interface (IBackWebChannel4) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{AEE96320-2131-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWebCommunications) (Registry key, nothing
done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{BAD37BC0-2231-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWebChannelCollection4) (Registry key, nothing
done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{BCD0C200-69C1-11D1-8AF8-00609761C47A}

BackWeb lite: Interface (IBackWebFilterSettings) (Registry key, nothing
done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{C8CEEEE0-17D6-11D1-96A7-F8E906C10000}

BackWeb lite: Interface (IBackWebApplicationNotifications) (Registry key,
nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{D0894D60-6C6C-11D0-A866-0000B43699FC}

BackWeb lite: Interface (IBackWebGeneralSettings2) (Registry key, nothing
done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{E01AD640-F87D-11D0-9A50-00AA004812C2}

BackWeb lite: Interface (IBackWebInfoPakCollection) (Registry key, nothing
done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{EB1FFFC1-5688-11D0-A865-0000B43699FC}

BackWeb lite: Interface (IBackWebInfoPak) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{EB1FFFC2-5688-11D0-A865-0000B43699FC}

BackWeb lite: Interface (IBackWebChannelVariable) (Registry key, nothing
done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{FEFCA7F0-6C8E-11D0-A866-0000B43699FC}


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-03 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2005-06-30 Includes\Dialer.sbi (*)
2005-06-30 Includes\Hijackers.sbi (*)
2005-06-23 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-06-30 Includes\Malware.sbi (*)
2005-06-09 Includes\PUPS.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-06-09 Includes\Security.sbi (*)
2005-06-30 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-06-30 Includes\Trojans.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ DirectX: DirectX Update 819696
/ DirectX / DX9 / SP1: DirectX 9 Hotfix - KB839643
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more
information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for
more information]
/ Windows Media Player: Windows Media Update 817787
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB867282
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)


--- Startup entries list ---
Located: HK_LM:Run, ABBYY Community Agent
command: D:\Program Files\ABBYY FineReader 5.0 Pro\CAgent.exe
file: D:\Program Files\ABBYY FineReader 5.0 Pro\CAgent.exe
size: 253952
MD5: 8081d6a0b47c1fa1f5186d91c0a99c52

Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 335872
MD5: e7d70592d84fe14e4a6c1f09d9c1bd34

Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 352768
MD5: 82f0d9baf07f7a63d6ca044251dd5598

Located: HK_LM:Run, CmUsbSound
command: RunDll32 cmcnfgu.cpl,CMICtrlWnd
file:

Located: HK_LM:Run, DiskeeperSystray
command: "D:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
file:

Located: HK_LM:Run, gcasServ
command: "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
file: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 473928
MD5: fc8fff9f2e3ebfb5b6ad8d91df6c0f23

Located: HK_LM:Run, InCD
command: C:\Program Files\Ahead\InCD\InCD.exe
file: C:\Program Files\Ahead\InCD\InCD.exe
size: 966706
MD5: 170a2c4fcc2bb6198e118698c218da15

Located: HK_LM:Run, IndexSearch
command: C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
file: C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
size: 36864
MD5: b5bc9306c84bad6200ca5699f5602dc5

Located: HK_LM:Run, iTunesHelper
command: D:\Program Files\iTunes\iTunesHelper.exe
file: D:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: 2e0e2be7bd6614ea4c86b9ece793e31e

Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 13922eb54890c77005268882629a31fe

Located: HK_LM:Run, LogitechVideoRepair
command: D:\Program Files\Logitech\Video\ISStart.exe
file: D:\Program Files\Logitech\Video\ISStart.exe
size: 458752
MD5: 3d9d5aa7b8a3d9f447274599d3efb578

Located: HK_LM:Run, LogitechVideoTray
command: D:\Program Files\Logitech\Video\LogiTray.exe
file: D:\Program Files\Logitech\Video\LogiTray.exe
size: 217088
MD5: ee2a9192a73d51e7f4d9099fc35c32d0

Located: HK_LM:Run, LVCOMSX
command: C:\WINDOWS\system32\LVCOMSX.EXE
file: C:\WINDOWS\system32\LVCOMSX.EXE
size: 221184
MD5: bcd419d4ea19087e91601c1c2914323a

Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\System32\\NeroCheck.exe
file: C:\WINDOWS\System32\\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, PaperPort PTD
command: C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
file: C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
size: 45108
MD5: ccdc00f353963e9e7dd839817b89d593

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: 5d22b4258489575412f6d18affc847a2

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
size: 36975
MD5: 1f6573d67dd5dc06dd29ec7fcf81dc6f

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common
iles\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 7237366a57a26b7ed71c9b081fbdd6eb

Located: HK_LM:Run, UserFaultCheck
command: %systemroot%\system32\dumprep 0 -u
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 13922eb54890c77005268882629a31fe

Located: HK_LM:Run, vSkype
command: C:\Program Files\Santa Cruz Networks\vSkype\vSkype.exe no
file:

Located: HK_LM:Run, ymetray
command: "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
file: C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
size: 40960
MD5: 85d3e243db49f26ab114319674e92847

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: HK_CU:Run, LDM
command: C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BackWeb-8876480.exe
file:

Located: HK_CU:Run, LogitechSoftwareUpdate
command: "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
file: D:\Program Files\Logitech\Video\ManifestEngine.exe
size: 196608
MD5: c1913a21cb3a7bf314641acf0a8f81c9

Located: HK_CU:Run, PlaxoUpdate
command: C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe -a
file:

Located: HK_CU:Run, Skype
command: "d:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
file: d:\Program Files\Skype\Phone\Skype.exe
size: 17675304
MD5: eed75e89529f26405e298eea66599bcb

Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496eee0ddbe485f658693826f44d38

Located: HK_CU:Run, Yahoo! Pager
command: C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
file:

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Startup (common), eFax Live Menu 3.3.lnk
command: C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
file: C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
size: 17408
MD5: 2c0e197b4d24984d80bf165e33d43969

Located: Startup (common), eFax Tray Menu 3.3.lnk
command: C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
file: C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
size: 40960
MD5: 6434cce49abb8daecc5c7e88597b4de8

Located: Startup (common), Free WebSite Tools.lnk
command: D:\Program Files\CoffeeCup Software\CoffeeCup Free
FTP\ThirtyDayTimer.exe
file: D:\Program Files\CoffeeCup Software\CoffeeCup Free
FTP\ThirtyDayTimer.exe
size: 372224
MD5: 34711735750dcf9cb8580793a3bd8271

Located: Startup (common), Logitech Desktop Messenger.lnk
command: C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LDMConf.exe
file: C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\LDMConf.exe
size: 450560
MD5: a5e4cd281c93e174181c5873fafd4f16

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: f2020569df0e5cdf0ccedb3406d15cb3

Located: Startup (common), SmartUI.lnk
command: C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
file: C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
size: 1568768
MD5: 7893e209a13b52651560fab999614ff2

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{0751BE0D-66C7-4578-89F9-7FEDFC16531C} ()
BHO name:
CLSID name:



--- ActiveX list ---
{0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
DPF name:
CLSID name: PCPitstop Utility
Installer: C:\WINDOWS\Downloaded Program Files\PCPitstop.inf
Codebase: http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
description: Gateway tools
classification: Unknown
known filename: PCPITSTOP.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\Downloaded Program Files\
Long name: PCPitstop.dll
Short name: PCPITS~1.DLL
Date (created): 28/07/2004 13.49.00
Date (last access): 15/07/2005 17.00.56
Date (last write): 05/01/2005 20.02.56
Filesize: 252416
Attributes: archive
MD5: 09B759CF3836A19F761BFC5033B01509
CRC32: AE04C3FC
Version: 1.0.0.134

{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
Codebase:
http://download.microsoft.com/download/F/6/E/F6E491A6-7...

{56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class)
DPF name:
CLSID name: RdxIE Class
Installer:
Codebase:
http://software-dl.real.com/18ad19321889bc92c715/netzip...
description: Netster
classification: Confirmed as malware
known filename:
info link:
info source:
Path: C:\WINDOWS\Downloaded Program Files\
Long name: RdxIE.dll
Short name:
Date (created): 28/01/2004 12.13.52
Date (last access): 15/07/2005 17.00.56
Date (last write): 28/01/2004 12.13.52
Filesize: 520349
Attributes: archive
MD5: C350FD4B920362062BD39EA31007ACFB
CRC32: 9B705B2D
Version: 6.0.0.10

{9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control
(redist))
DPF name:
CLSID name: Microsoft RDP Client Control (redist)
Installer: C:\WINDOWS\Downloaded Program Files\msrdp.inf
Codebase: http://www.cofinsim.com/antana/msrdp.cab
Path: C:\WINDOWS\DOWNLO~1\
Long name: msrdp.ocx
Short name:
Date (created): 10/08/2002 23.21.04
Date (last access): 14/07/2005 4.12.12
Date (last write): 10/08/2002 23.21.04
Filesize: 600064
Attributes: archive
MD5: B3F7D6919FB5C1AFD39A942D2439285F
CRC32: 0A3EEE6A
Version: 5.1.2600.1095

{9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner)
DPF name:
CLSID name: Anonymizer Anti-Spyware Scanner
Installer: C:\WINDOWS\Downloaded Program Files\WebAAS.inf
Codebase:
http://download.zonelabs.com/bin/promotions/spywaredete...
Path: C:\WINDOWS\Downloaded Program Files\
Long name: WebAAS.dll
Short name:
Date (created): 20/01/2005 16.04.18
Date (last access): 15/07/2005 17.00.56
Date (last write): 20/01/2005 16.04.18
Filesize: 151552
Attributes: archive
MD5: 05CE1F289570DC4337D615B6669E065D
CRC32: F52B9D12
Version: 1.0.0.23

{9C134253-E8A3-4759-9F98-302B7981922E} (MaxViewer Class)
DPF name:
CLSID name: MaxViewer Class
Installer: C:\WINDOWS\Downloaded Program Files\np_max.inf
Codebase: http://support.scansoft.com/pp/files/np_max.cab
Path: C:\WINDOWS\System32\
Long name: MaxX.dll
Short name:
Date (created): 26/10/2001 13.04.30
Date (last access): 14/07/2005 4.16.54
Date (last write): 26/10/2001 13.04.30
Filesize: 180224
Attributes: archive
MD5: 6BF9D08F657961B823BAA60E4F093098
CRC32: E2D8A303
Version: 1.1.1.0

{9E472D58-F10C-11CF-B7A9-0020AFD6A362} (NeRemoteDoc Class)
DPF name:
CLSID name: NeRemoteDoc Class
Installer: C:\WINDOWS\Downloaded Program Files\newebcl.inf
Codebase: https://vault.netvoyage.com/neWeb2/neWebCl.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: neWebCl.dll
Short name:
Date (created): 22/04/2004 8.55.52
Date (last access): 15/07/2005 17.00.56
Date (last write): 22/04/2004 8.55.52
Filesize: 499712
Attributes: archive
MD5: A8409CA43FD9929FEE972CE24013E0E1
CRC32: 869F42F5
Version: 4.2.2.4

{A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update)
DPF name:
CLSID name: LinkSys Content Update
Installer: C:\WINDOWS\Downloaded Program Files\gtdownls_95.inf
Codebase:
http://www.linksysfix.com/netcheck/24/install/gtdownls....
Path: C:\WINDOWS\system32\
Long name: gtdownls_95.ocx
Short name: GTDOWN~1.OCX
Date (created): 06/09/2004 14.30.28
Date (last access): 14/07/2005 4.16.44
Date (last write): 06/09/2004 14.30.28
Filesize: 184320
Attributes: archive
MD5: 4051D9747C3FD625E4B4A39E5D6E3AE9
CRC32: 94D55331
Version: 1.0.0.95

{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_05
Installer:
Codebase:
http://java.sun.com/products/plugin/autodl/jinstall-142...
Path: C:\Program Files\Java\j2re1.4.2_05\bin\
Long name: NPJPI142_05.dll
Short name: NPJPI1~1.DLL
Date (created): 03/06/2068 22.05.12
Date (last access): 14/07/2005 4.04.36
Date (last write): 03/06/2004 22.05.06
Filesize: 65650
Attributes: archive
MD5: 174488C8877FA852448D1937C322AABB
CRC32: 62C2460D
Version: 1.4.2.50

{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_06
Installer:
Codebase:
http://java.sun.com/products/plugin/autodl/jinstall-142...
Path: C:\Program Files\Java\j2re1.4.2_06\bin\
Long name: NPJPI142_06.dll
Short name: NPJPI1~1.DLL
Date (created): 28/09/2004 21.26.10
Date (last access): 14/07/2005 4.04.52
Date (last write): 28/09/2004 21.26.00
Filesize: 65650
Attributes: archive
MD5: 69E5147BA901A9238C4EB08C84E1A85B
CRC32: 6CB34BCC
Version: 1.4.2.60

{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_01
Installer:
Codebase:
http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-wind...
Path: C:\Program Files\Java\jre1.5.0_01\bin\
Long name: NPJPI150_01.dll
Short name: NPJPI1~1.DLL
Date (created): 06/12/2068 22.31.52
Date (last access): 14/07/2005 4.05.08
Date (last write): 06/12/2004 22.49.16
Filesize: 69746
Attributes: archive
MD5: 7B8F5AAF633987C6F1B88146357D04E5
CRC32: AD99524A
Version: 1.5.0.10

{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_02
Installer:
Codebase:
http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-wind...
Path: C:\Program Files\Java\jre1.5.0_02\bin\
Long name: NPJPI150_02.dll
Short name: NPJPI1~1.DLL
Date (created): 04/03/2005 4.36.50
Date (last access): 14/07/2005 4.05.28
Date (last write): 04/03/2005 4.54.18
Filesize: 69746
Attributes: archive
MD5: 6C9A4C573C0C771D99D902EE06DA3CBB
CRC32: 55F989EE
Version: 5.0.20.9

{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class)
DPF name:
CLSID name: iTunesDetector Class
Installer: C:\WINDOWS\Downloaded Program Files\ITDetector.inf
Codebase:
http://ax.phobos.apple.com.edgesuite.net/detection/ITDe...
Path: D:\Program Files\iTunes\
Long name: ITDetector.ocx
Short name: ITDETE~1.OCX
Date (created): 08/03/2004 14.07.14
Date (last access): 14/07/2005
Date (last write): 08/03/2004 14.07.14
Filesize: 49152
Attributes: archive
MD5: C45D0B763A601B1EEF0573F99F1DD732
CRC32: 09E2233A
Version: 2.0.0.0

{DBA230D1-8467-4e69-987E-5FAE815A3B45} ()
DPF name:
CLSID name:
Installer:
Codebase:

{DD1FA138-39F5-4DF5-BD04-6D814AD0C7D9} (IPhone Class)
DPF name:
CLSID name: IPhone Class
Installer: C:\WINDOWS\Downloaded Program Files\PC2Phone.inf
Codebase: http://www.ibuzz123.com:8585/WebPhone/PC2Phone.cab
Path: C:\WINDOWS\System32\
Long name: PC2Phone.dll
Short name:
Date (created): 15/01/2004 23.03.10
Date (last access): 14/07/2005 4.17.16
Date (last write): 15/01/2004 23.03.10
Filesize: 208896
Attributes: archive
MD5: 2CB4D4755A4FCD8BD3D8C88127F712F5
CRC32: 1093A3E2
Version: 2.0.0.1

{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5)
DPF name:
CLSID name: MSN Chat Control 4.5
Installer: C:\WINDOWS\Downloaded Program Files\MsnChat45.inf
Codebase: http://chat.msn.com/bin/msnchat45.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MSNChat45.ocx
Short name: MSNCHA~1.OCX
Date (created): 27/10/2003 11.35.44
Date (last access): 14/07/2005 4.12.12
Date (last write): 27/10/2003 11.35.44
Filesize: 510552
Attributes: archive
MD5: 60FED272BDBAFA8214E40AD376C9987E
CRC32: 5EE901FC
Version: 9.2.310.2401



--- Process list ---
PID: 0 ( 0) [System]
PID: 480 ( 4) \SystemRoot\System32\smss.exe
PID: 536 ( 480) \??\C:\WINDOWS\system32\csrss.exe
PID: 560 ( 480) \??\C:\WINDOWS\system32\winlogon.exe
PID: 604 ( 560) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 624 ( 560) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 780 ( 604) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 836 ( 604) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 904 ( 604) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 948 ( 604) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1080 ( 604) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1292 ( 604) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 7435B108B935E42EA92CA94F59C8E717
PID: 1400 (1380) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1488 ( 604) C:\WINDOWS\System32\Ati2evxx.exe
size: 294912
MD5: FBC566675FBFA5248EBFA4492B167240
PID: 1516 ( 604) C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
size: 330240
MD5: 9DBD26D7D7967D918C507B1E2A93A37E
PID: 1568 (1400) C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
size: 335872
MD5: E7D70592D84FE14E4A6C1F09D9C1BD34
PID: 1576 (1400) C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
size: 36975
MD5: 1F6573D67DD5DC06DD29EC7FCF81DC6F
PID: 1584 (1400) C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
size: 45108
MD5: CCDC00F353963E9E7DD839817B89D593
PID: 1600 (1400) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 7237366A57A26B7ED71C9B081FBDD6EB
PID: 1608 (1400) C:\WINDOWS\system32\RunDll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 1616 (1400) C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
size: 352768
MD5: 82F0D9BAF07F7A63D6CA044251DD5598
PID: 1668 ( 604) C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
size: 84480
MD5: 62E6B23B906B213836470740FE449B43
PID: 1684 (1400) C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
size: 40960
MD5: 85D3E243DB49F26AB114319674E92847
PID: 1740 (1400) C:\Program Files\Ahead\InCD\InCD.exe
size: 966706
MD5: 170A2C4FCC2BB6198E118698C218DA15
PID: 1820 (1400) D:\Program Files\ABBYY FineReader 5.0 Pro\CAgent.exe
size: 253952
MD5: 8081D6A0B47C1FA1F5186D91C0A99C52
PID: 1840 (1400) C:\Program Files\QuickTime\qttask.exe
size: 77824
MD5: 5D22B4258489575412F6D18AFFC847A2
PID: 1852 ( 604) C:\Program Files\Ahead\InCD\InCDsrv.exe
size: 671796
MD5: 254A6CCA11DBAFEF78F71463633BD6FE
PID: 1876 (1400) D:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: 2E0E2BE7BD6614EA4C86B9ECE793E31E
PID: 1952 (1400) C:\WINDOWS\system32\LVCOMSX.EXE
size: 221184
MD5: BCD419D4EA19087E91601C1C2914323A
PID: 1976 ( 604) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 200 (1400) D:\Program Files\Logitech\Video\LogiTray.exe
size: 217088
MD5: EE2A9192A73D51E7F4D9099FC35C32D0
PID: 400 (1400) C:\Program Files\Santa Cruz Networks\vSkype\vSkype.exe
size: 258048
MD5: 849BE90B562A752F31F40D3AC97C7979
PID: 456 ( 604) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 1696 (1400) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 1728 (1400) C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe
size: 116736
MD5: 7ABCB53C5B6E266C512004CBCEDE899A
PID: 1720 (1400) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496EEE0DDBE485F658693826F44D38
PID: 1920 ( 780) C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
size: 756552
MD5: 644F843DADF77A1A85DA19EDD5A5FC07
PID: 2100 ( 780) D:\Program Files\Logitech\Video\FxSvr2.exe
size: 192512
MD5: F0D7CFBE4ED807D5801950556FD418A1
PID: 2220 (1400) C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
size: 17408
MD5: 2C0E197B4D24984D80BF165E33D43969
PID: 2292 (1976) C:\WINDOWS\system32\BRMFRSMG.EXE
size: 32256
MD5: EAE7A53581A0ACA26FDDAA40CAF7BD62
PID: 2300 (1400) C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
size: 1568768
MD5: 7893E209A13B52651560FAB999614FF2
PID: 2580 ( 604) C:\Program Files\iPod\bin\iPodService.exe
size: 327680
MD5: 3AC9F355ECCE7D6BB8FF184E9B2229A9
PID: 2736 ( 604) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 3536 ( 400) C:\Program Files\Santa Cruz
Networks\vSkype\vskypebuttonclient.exe
size: 57344
MD5: 968E517E66B1C56C53C57A61AD310A57
PID: 1144 (1400) C:\Program Files\Outlook Express\msimn.exe
size: 60416
MD5: 091C14F4C71328D4316248A2421190DE
PID: 260 (1824) C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
size: 90112
MD5: 3C1450374C1851762C3021AF86A5A41E
PID: 3128 ( 780) C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
size: 196152
MD5: 40825ACFC23E0AD28DA1FC63F77E9825
PID: 1128 ( 780) C:\Program Files\Skype\toolbars\Skype for
Outlook\SkypeOBE.exe
size: 126976
MD5: 09DADE37BCF3E83C0777D6B6B74B0091
PID: 3324 (1400) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
size: 7534698
MD5: BA42C9E39C70471BE8B9DC4E20FE9EFF
PID: 2448 (1400) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: E7484514C0464642BE7B4DC2689354C8
PID: 3820 (1376) d:\Program Files\Skype\Phone\Skype.exe
size: 17675304
MD5: EED75E89529F26405E298EEA66599BCB
PID: 1892 (1400) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 15/07/2005 17.03.46

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://red.clientapps.yahoo.com/customize/ycomp/default...*http://www.yahoo.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://red.clientapps.yahoo.com/customize/ycomp/default...*http://www.yahoo.com/search/ie.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://my.yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://red.clientapps.yahoo.com/customize/ycomp/default...*http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&...
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: Google Desktop over [MSAFD Tcpip [TCP/IP]]
GUID: {3636939A-B38D-402D-BF88-E082CE211C73}
Filename: C:\Program Files\Google\Google Desktop
Search\GoogleDesktopNetwork1.dll

Protocol 1: Google Desktop over [MSAFD Tcpip [UDP/IP]]
GUID: {3636939A-B38D-402D-BF88-E082CE211C73}
Filename: C:\Program Files\Google\Google Desktop
Search\GoogleDesktopNetwork1.dll

Protocol 27: Google Desktop
GUID: {E5A29CC9-CDB8-4771-BC4F-B09FBEFF9814}
Filename: C:\Program Files\Google\Google Desktop
Search\GoogleDesktopNetwork1.dll



--- Uninstall list ---
ABBYY FineReader 5.0 Pro 5.0 (ABBYY FineReader 5.0 Pro)
install location: D:\Program Files\ABBYY FineReader 5.0 Pro\
uninstall cmd: C:\WINDOWS\bitdein2.exe
D:\PROGRA~1\ABBYYF~1.0PR\bitdeins.ini
publisher: ABBYY Software House
help link: www.abbyyusa.com/support/index_e.htm
help telephone: +1 (510) 226-6069

(AddressBook)

Adobe Download Manager 2.0 (Remove Only) 2.0 (AdobeESD)
uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"

ATI Display Driver 7.91-030625a-009918C-AMI (ATI Display Driver)
uninstall cmd: rundll32
C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart
-flags:0x2010001 -inf_class:D ISPLAY -clean

AVG Free Edition (AVG7Uninstall)
uninstall cmd: C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL

(Branding)

HUAYE USB Audio (C-Media USB Sound)
uninstall cmd: C:\WINDOWS\CmiUSB2Uninstall.exe C:\PROGRA~1\HUAYEU~1#HUAYE
USB Audio

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

(Fontcore)

Google Desktop Search - (Google Desktop)
uninstall cmd: C:\Program Files\Google\Google Desktop
Search\GoogleDesktopSearchSetup.exe -uninstall
publisher: Google
help link: http://desktop.google.com/help.html?hl=en

HearLink (HearLink)
uninstall cmd: C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program
Files\HearLink\UnInst.log" "/APPNAME=HearLink"

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

Ahead InCD (InCD!UninstallKey)
uninstall cmd: C:\WINDOWS\NuNInst.exe /UNINSTALL

(InstallShield Uninstall Information)

iTunes 4.7.1.30 (InstallShield_{3CB41017-F5CA-4C56-934C-ED02156251E6})
version: 67567617
version (major): 4
version (minor): 7
estimated size: 13827
install date: 20050506
install location: D:\Program Files\iTunes\
install source: C:\WINDOWS\Downloaded
Installations\{628E8630-7947-49EA-BE90-7F8BFF77A79C}\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel
32\IDriver.exe /M{3CB41017-F5CA-4C56-934C-ED02156251E6}
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

Siemens Data Suite 1.0.0.76
(InstallShield_{7AE38076-D8FD-4EF9-A203-98A3EF0C66C1})
version: 16777216
version (major): 1
estimated size: 59737
install date: 20040810
install source: C:\Documents and Settings\Iachelli\Desktop\M55\
uninstall cmd:
C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
/M{7AE38076-D8FD-4EF9-A203-98A3EF0C66C1} /l1033
publisher: Siemens AG
comments: Siemens SL55
contact: Technical Support department
help link: http://www.my-siemens.com
help telephone: (044)
readme: Readme.txt

IrfanView (remove only) (IrfanView)
uninstall cmd: D:\Program Files\IrfanView\iv_uninstall.exe

Windows XP Hotfix - KB834707 20040929.110854 (KB834707)
uninstall cmd: C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=834707

Windows XP Hotfix - KB867282 20050127.090417 (KB867282)
uninstall cmd: C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=867282

Microsoft Data Access Components KB870669 (KB870669)
uninstall cmd: C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=KB870669

Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

Security Update for Windows XP (KB883939) 1 (KB883939)
install date: 20050617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883939

(KB884016)

Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20050617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890047 20041221.124506 (KB890047)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890047

Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20050415
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Windows XP Hotfix - KB890923 1 (KB890923)
install date: 20050415
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890923

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Windows XP Hotfix - KB893066 1 (KB893066)
install date: 20050415
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066

Windows XP Hotfix - KB893086 1 (KB893086)
install date: 20050415
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086

Windows Installer 3.1 (KB893803) 3.1 (KB893803)
uninstall cmd:
"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd:
"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20050617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20050617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20050617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Update for Windows XP (KB898461) 1 (KB898461)
install date: 20050628
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

Security Update for Windows XP (KB901214) 1 (KB901214)
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Security Update for Windows XP (KB903235) 1 (KB903235)
install date: 20050713
uninstall cmd: "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903235

LiveReg (Symantec Corporation) 2.2.0.1621 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec
Shared\LiveReg\VcSetup.exe /REMOVE
publisher: Symantec Corporation

Logitech Print Service (Logitech Print Service)
uninstall cmd: C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE
C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG

Macromedia Shockwave Player (Macromedia Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE
C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

(Microsoft NetShow Player 2.0)

(MobileOptionPack)

Mozilla Firefox (1.0.4) 1.0.4 (en-US) (Mozilla Firefox (1.0.4))
install location: D:\Program Files
uninstall cmd: C:\WINDOWS\UninstallFirefox.exe /ua "1.0.4 (en-US)"
publisher: Mozilla

Mozilla Thunderbird (1.0) 1.0 (en) (Mozilla Thunderbird (1.0))
install location: C:\Program Files\Mozilla Thunderbird
uninstall cmd: C:\WINDOWS\UninstallThunderbird.exe /ua "1.0 (en)"
publisher: Mozilla

(MPlayer2)

Ahead InCD EasyWrite Reader (MRW!UninstallKey)
uninstall cmd: C:\WINDOWS\unmrw.exe /UNINSTALL

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(NetMeeting)

Ahead NeroMediaPlayer (NMPUninstallKey)
uninstall cmd: C:\WINDOWS\UNNMP.exe /UNINSTALL

NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\WINDOWS\system32\nvuaudio.exe UninstallGUI

NVIDIA Windows 2000/XP nForce Drivers (NVIDIAnForce)
uninstall cmd: rundll32.exe
C:\WINDOWS\System32\NVNFINST.DLL,NvUninstallCrush

(OutlookExpress)

PC Camera Capture (PC Camera Capture)
uninstall cmd: C:\WINDOWS\pcamrm.exe

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection
DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Pdf995 (Pdf995)
uninstall cmd: c:\pdf995\setup.exe uninstall

PdfEdit995 (PdfEdit995)
uninstall cmd: c:\pdf995\res\utilities\thinsetup.exe - uninstall

Photoshare (Photoshare)
uninstall cmd: c:\pdf995\res\utilities\ultrapdf\photothinsetup.exe -
uninstall

Plaxo (Plaxo)
install location: C:\Program Files\Plaxo\2.1.0.80
uninstall cmd: C:\Program Files\Plaxo\2.1.0.80\uninstall.exe
help link: http://www.plaxo.com/support/uninstall

Logitech® Camera Driver (QcDrv)
install location: C:\Program Files\Common Files\Logitech\QCDRV
install source: E:\Drivers\Bin\
uninstall cmd: "C:\Program Files\Common
Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT

QuickTime (QuickTime)
uninstall cmd: C:\WINDOWS\unvise32qt.exe
C:\WINDOWS\system32\QuickTime\Uninstall.log

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe
RealNetworks|RealPlayer|6.0

RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe
RealNetworks|RealPlayer|6.0

(SchedulingAgent)

SearchWithin (SearchWithin)
uninstall cmd: c:\SearchWithin\thinsetup.exe - uninstall

(Shockwave)

(ShockwaveFlash)

Skype for Outlook 1.0.407 (SkypeForOutlook_is1)
install location: C:\Program Files\Skype\toolbars\Skype for Outlook\
uninstall cmd: "C:\Program Files\Skype\toolbars\Skype for
Outlook\unins000.exe"
publisher: Skype Technologies
comments: www.skype.com
help link: www.skype.com

Skype 1.3 1.3 (Skype_is1)
install location: d:\Program Files\Skype\Phone\
uninstall cmd: "d:\Program Files\Skype\Phone\unins000.exe"
publisher: Skype Software S.A.
help link: http://ui.skype.com/ui/0/1.3.0.57/en/help

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

UltraPdf (UltraPdf)
uninstall cmd: c:\pdf995\res\utilities\ultrapdf\thinsetup.exe - uninstall

(UNZD1201USB)

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe"
/UninstallAll

Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe"
/Uninstall

Windows XP Service Pack 2 20040803.231319 (Windows XP Service Pack)
uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=811113

WinZip 9.0 (6028) (WinZip)
version (major): 9
install location: D:\PROGRA~1\WINZIP\
uninstall cmd: "D:\Program Files\WinZip\WINZIP32.EXE" /uninstall
publisher: WinZip Computing, Inc.
help link: http://www.winzip.com/xsupport.htm

Yahoo! Anti-Spy (Yahoo! Anti-Spy)
uninstall cmd: C:\PROGRA~1\Yahoo!\common\unypsr.exe

Yahoo! Toolbar (Yahoo! Companion)
uninstall cmd: rundll32.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\yt.dll,DllCommand ui

Yahoo! Messenger (Yahoo! Messenger)
uninstall cmd: C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

Yahoo! Music Engine (Yahoo! Music Engine)
uninstall cmd: "C:\Program Files\Yahoo!\Yahoo! Music
Engine\Uninstall.exe"

Yahoo! Toolbar (Yahoo! Toolbar)

Yahoo! Install Manager (YInstHelper)
uninstall cmd: C:\WINDOWS\system32\regsvr32 /u
C:\WINDOWS\cache\YINSTH~1.DLL

Microsoft Office 2000 Premium 9.00.2720
({00000409-78E1-11D2-B60F-006097C998E7})
version: 150997664
version (major): 9
estimated size: 130271
install date: 20040509
install source: E:\
uninstall cmd: MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support
readme: C:\Program Files\Microsoft Office\Office\ofread9.txt

Microsoft Office 2000 Disc 2 9.00.2720
({00040409-78E1-11D2-B60F-006097C998E7})
version: 150997664
version (major): 9
estimated size: 169472
install date: 20040814
install source: E:\
uninstall cmd: MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
publisher: Microsoft Corporation
help link: http://www.microsoft.com/support

Logitech QuickCam 8.30.0000 ({0496D9E9-224B-4AFA-8F37-23B98D52F1EB})
version: 136183808
version (major): 8
version (minor): 30
estimated size: 243326
install date: 20050705
install location: D:\Program Files\Logitech\Video\
install source: E:\QuickCam\enu\
uninstall cmd: MsiExec.exe /I{0496D9E9-224B-4AFA-8F37-23B98D52F1EB}
publisher: Logitech, Inc.
contact: Logitech® Customer Support
help link: http://www.logitech.com/support
help telephone: USA: (702) 269-3457 UK: +44 (0)
1344-894301
readme: D:\Program Files\Logitech\Video\Readme.txt

ATI Control Panel ({0BEDBD4E-2D34-47B5-9973-57E62B29307C})
uninstall cmd: RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup
"C:\Program Files\InstallShield Installation
Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

Brother MFL Pro Suite ({0C3FCE48-6984-11D5-90F8-00E029591716})
uninstall cmd: RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup
"C:\Program Files\InstallShield Installation
Information\{0C3FCE48-6984-11D5-90F8-00E029591716}\Setup.exe" bruninst.dll

J2SE Runtime Environment 5.0 Update 1 1.5.0.10
({3248F0A8-6813-11D6-A77B-00B0D0150010})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 120317
install date: 20050307
install source: C:\Documents and Settings\Iachelli\Local
Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150010}\
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_01\README.txt

J2SE Runtime Environment 5.0 Update 2 1.5.0.20
({3248F0A8-6813-11D6-A77B-00B0D0150020})
version: 17104896
version (major): 1
version (minor): 5
estimated size: 120657
install date: 20050401
install source:
http://java.sun.com/webapps/download/GetFile/1.5.0_02-b...
uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
publisher: Sun Microsystems, Inc.
contact: http://java.com
help link: http://java.com
readme: C:\Program Files\Java\jre1.5.0_02\README.txt

WebFldrs XP 9.50.6513 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
version: 154278257
version (major): 9
version (minor): 50
estimated size: 2492
install date: 20040507
install source: C:\WINDOWS\System32\
publisher: Microsoft Corporation
help link: http://www.microsoft.com/windows

iTunes 4.7.1.30 ({3CB41017-F5CA-4C56-934C-ED02156251E6})
version: 67567617
version (major): 4
version (minor): 7
estimated size: 13827
install date: 20050506
install location: D:\Program Files\iTunes\
install source: C:\WINDOWS\Downloaded
Installations\{628E8630-7947-49EA-BE90-7F8BFF77A79C}\
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

XTNDConnect PC ({3D6ACBBB-A640-4715-BA0F-42D1EA05F23A})
uninstall cmd: RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup
"C:\Program Files\InstallShield Installation
Information\{3D6ACBBB-A640-4715-BA0F-42D1EA05F23A}\Setup.exe" UNINSTALL

ATI HydraVision ({3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66})
uninstall cmd: RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup
"C:\Program Files\InstallShield Installation
Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"

Microsoft AntiSpyware 1.0 ({536F7C74-844B-4683-B0C5-EA39E19A6FE3})
version: 16777216
version (major): 1
estimated size: 15255
install date: 20050629
install source: C:\WINDOWS\Downloaded
Installations\{DF2E8A41-7E98-427D-9582-7D2EAF44F827}\
uninstall cmd: MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
publisher: Microsoft Corporation
contact: Microsoft Support
help link: http://www.microsoft.com

SD Viewer for DSC ({5A8D3524-79DB-11D5-99D1-00010256D40E})
uninstall cmd: RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup
"C:\Program Files\InstallShield Installation
Information\{5A8D3524-79DB-11D5-99D1-00010256D40E}\setup.exe"

PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
uninstall cmd: RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup
"C:\Program Files\InstallShield Installation
Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

Java 2 Runtime Environment, SE v1.4.2_04 1.4.2_04
({7148F0A8-6813-11D6-A77B-00B0D0142040})
version (major): 1
version (minor): 4
estimated size: 110132
install date: 20040621
install source: C:\Documents and Settings\Iachelli\Local
Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142040}\
uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
publisher: Sun Microsystems, Inc.
comments: http://www.java.com
contact: http://www.java.com
help link: http://www.java.com
help telephone: http://www.java.com
readme: Readme.txt

Java 2 Runtime Environment, SE v1.4.2_05 1.4.2_05
({7148F0A8-6813-11D6-A77B-00B0D0142050})
version (major): 1
version (minor): 4
estimated size: 110772
install date: 20041001
install source:
http://java.sun.com/webapps/download/GetFile/1.4.2_05-b...
uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
publisher: Sun Microsystems, Inc.
comments: http://www.java.com
contact: http://www.java.com
help link: http://www.java.com
help telephone: http://www.java.com
readme: Readme.txt

Java 2 Runtime Environment, SE v1.4.2_06 1.4.2_06
({7148F0A8-6813-11D6-A77B-00B0D0142060})
...(message truncated)
Related resources
August 11, 2005 2:51:10 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

I was reading this lost and wanted seek help with my own log:
Is everything safe to delete?

Logfile of HijackThis v1.99.1
Scan saved at 8:00:08 PM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Ty\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://red.clientapps.yahoo.com/customize/ie/defaults/s...*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/s...*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/s...*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/s...*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome....
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer provided by Yahoo!
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SideStep Browser Helper - {08351226-6472-43BD-8A40-D9221FF1C4CE} -
C:\WINDOWS\DOWNLOADED PROGRAM FILES\SbCIe026.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN
Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} -
C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} -
C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [eyes] C:\WINDOWS\System32\eyes\eyes.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE
/b
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common
Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
Files\AOL\1102868940\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [msci]
C:\DOCUME~1\Ty\LOCALS~1\Temp\200587175044_mcinfo.exe /insfin
O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI
Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [PPWebCap] C:\PAPRPORT\PPWebCap.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Camio Viewer.lnk = C:\Program Files\Sierra Imaging\Image
Expert\IXApplet.exe
O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer
OneTouch\WiseUpdt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnapDetect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program
Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program
Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program
Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} -
C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login -
{2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft
ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2F099F5D-7003-4441-82C2-707C7C273FEB} -
C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Block This Pop-up -
{2F099F5D-7003-4441-82C2-707C7C273FEB} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} -
http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} (SideStep IE Inst) -
http://download.sidestep.com/get/k00719/sb01f.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) -
http://activex.microsoft.com/activex/controls/mplayer/e...
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) -
http://gamingzone.ubisoft.com/dev/packages/GSManager.ca...
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj
Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
https://objects.aol.com/mcafee/molbin/shared/mcinsctl/e...
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.ca...
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) -
http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O16 - DPF: {BB659027-D633-11D2-A6C2-525400DB7692} (BOOTSTRAP TileStyle
Internet Engine) - http://actimage.dancik.com/ib/download/biTileStyle14.CA...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en...
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) -
http://a840.g.akamai.net/7/840/5805/v1503/www.contentwa...
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
http://f1.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -
http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online -
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online,
Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner -
C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. -
C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America
Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation -
C:\WINDOWS\System32\WFXSVC.EXE



"Michael T" wrote:

> Run Ad-Aware SE Personal (first) and SpyBot-Search & Destroy (second).
> http://www.majorgeeks.com/downloads31.html
> After you install each, you should click update before running. For example,
> with Ad-Aware click on the link "Check for updates now" on the first screen
> that appears after you launch the application.
>
> Here are some online scans
> http://us.mcafee.com/root/mfs/default.asp
> http://www.pandasoftware.com/activescan/
> http://security.symantec.com/sscv6/default.asp?langid=i...
> http://housecall.trendmicro.com/housecall/start_corp.as...
>
> If all the above fails to solve your problem, then the problem could be
> something new that the spyware cleaners above don't have in their databases
> yet. In that case....HijackThis direct download:
> http://www.spywareinfo.com/~merijn/files/hijackthis.zip
> Tutorial on how to use HijackThis:
> http://www.spywareinfo.com/~merijn/htlogtutorial.html
> Then post it's output log to the forum here for analysis and feedback by the
> parasite experts:
> http://www.spywareinfo.com/forums/
> Or the other HijackThis Logs forums listed here:
> http://www.spywareinfo.com/~merijn/forums.html
>
> --
> Michael
>
>
>
>
> "Johnkelly" <giovanni@societa.com> wrote in message
> news:11dfhadlf1loa90@corp.supernews.com...
> >
> > Hi,
> > any help? thanks
> > Giovanni
> >
> > Generic Host Process for Win32 Services encountered a problem and needed
> > to
> > close.
> >
> > Error signature
> >
> > szAppName : svchost.exe szAppVer : 0.0.0.0 szModName : unknown
> >
> > szModVer : 0.0.0.0 offset : 00000000
> >
> > The following files can be included
> >
> > C:\DOCUME~1\Iachelli\LOCALS~1\Temp\WERbccb.dir00\svchost.exe.mdmp
> >
> > C:\DOCUME~1\Iachelli\LOCALS~1\Temp\WERbccb.dir00\appcompat.txt
> >
> >
> >
> >
> >
> > Burnaby, British Columbia, Canada
> >
>
>
>
Anonymous
August 11, 2005 10:34:04 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Ty whats going on? this is the same log you posted a few days ago. You
should have had hijackthis fix these already, what happened?

Have hijackthis fix the following lines.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.com/0SEENUS/SAOS01
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome....
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\windows\SYSTEM\blank.htm
O2 - BHO: SideStep Browser Helper - {08351226-6472-43BD-8A40-D9221FF1C4CE} -
C:\WINDOWS\DOWNLOADED PROGRAM FILES\SbCIe026.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} -
C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} -
C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [eyes] C:\WINDOWS\System32\eyes\eyes.exe
O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE
/b
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
Files\AOL\1102868940\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [msci]
C:\DOCUME~1\Ty\LOCALS~1\Temp\200587175044_mcinfo.exe /insfin
O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: SnapDetect.lnk = ?
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program
Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: Dialpad US Java Applet -
http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} -
http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} (SideStep IE Inst) -
http://download.sidestep.com/get/k00719/sb01f.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) -
http://activex.microsoft.com/activex/controls/mplayer/e...
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) -
http://gamingzone.ubisoft.com/dev/packages/GSManager.ca...
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj
Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
https://objects.aol.com/mcafee/molbin/shared/mcinsctl/e...
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.ca...
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) -
http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O16 - DPF: {BB659027-D633-11D2-A6C2-525400DB7692} (BOOTSTRAP TileStyle
Internet Engine) - http://actimage.dancik.com/ib/download/biTileStyle14.CA...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en...
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) -
http://a840.g.akamai.net/7/840/5805/v1503/www.contentwa...
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
http://f1.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -
http://fdl.msn.com/zone/datafiles/heartbeat.cab



--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Ty" <Ty@discussions.microsoft.com> wrote in message
news:B1DA8C56-131C-4DA7-A93A-D5E65B36DCBD@microsoft.com...
>I was reading this lost and wanted seek help with my own log:
> Is everything safe to delete?
>
> Logfile of HijackThis v1.99.1
> Scan saved at 8:00:08 PM, on 8/9/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
August 11, 2005 10:34:05 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

It's frustrating. I ran the fix for highjack but still can get the adapter
installed. XP reinstlll will be the last resort. I am running the adware
fixes again right now but it's possible they're missing something because
they are not the most up-to-date versions.

"pcbutts1" wrote:

> Ty whats going on? this is the same log you posted a few days ago. You
> should have had hijackthis fix these already, what happened?
>
> Have hijackthis fix the following lines.
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> http://g.msn.com/0SEENUS/SAOS01
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome....
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
> c:\windows\SYSTEM\blank.htm
> O2 - BHO: SideStep Browser Helper - {08351226-6472-43BD-8A40-D9221FF1C4CE} -
> C:\WINDOWS\DOWNLOADED PROGRAM FILES\SbCIe026.dll
> O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
> O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} -
> C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
> O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
> O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} -
> C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
> O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
> O4 - HKLM\..\Run: [eyes] C:\WINDOWS\System32\eyes\eyes.exe
> O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE
> /b
> O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
> Manager\ViewMgr.exe
> O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common
> Files\AOL\1102868940\EE\AOLHostManager.exe
> O4 - HKLM\..\Run: [msci]
> C:\DOCUME~1\Ty\LOCALS~1\Temp\200587175044_mcinfo.exe /insfin
> O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue
> O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
> O4 - Global Startup: SnapDetect.lnk = ?
> O8 - Extra context menu item: &Viewpoint Search - res://C:\Program
> Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
> O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
> O16 - DPF: Dialpad US Java Applet -
> http://www.dialpad.com/applet/src/vscp.cab
> O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} -
> http://down.plaxo.com/down/release/instub.cab
> O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} (SideStep IE Inst) -
> http://download.sidestep.com/get/k00719/sb01f.cab
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
> Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
> O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) -
> http://activex.microsoft.com/activex/controls/mplayer/e...
> O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) -
> http://gamingzone.ubisoft.com/dev/packages/GSManager.ca...
> O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
> http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
> O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj
> Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
> O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
> https://objects.aol.com/mcafee/molbin/shared/mcinsctl/e...
> O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
> http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
> O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
> (MsnMessengerSetupDownloadControl Class) -
> http://messenger.msn.com/download/MsnMessengerSetupDown...
> O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
> http://zone.msn.com/binFramework/v10/ZIntro.cab34246.ca...
> O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) -
> http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
> O16 - DPF: {BB659027-D633-11D2-A6C2-525400DB7692} (BOOTSTRAP TileStyle
> Internet Engine) - http://actimage.dancik.com/ib/download/biTileStyle14.CA...
> O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
> https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en...
> O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) -
> http://a840.g.akamai.net/7/840/5805/v1503/www.contentwa...
> O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
> http://f1.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cab
> O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -
> http://fdl.msn.com/zone/datafiles/heartbeat.cab
>
>
>
> --
>
>
> The best live web video on the internet http://www.seedsv.com/webdemo.htm
> NEW Embedded system W/Linux. We now sell DVR cards.
> See it all at http://www.seedsv.com/products.htm
> Sharpvision simply the best http://www.seedsv.com
>
>
>
> "Ty" <Ty@discussions.microsoft.com> wrote in message
> news:B1DA8C56-131C-4DA7-A93A-D5E65B36DCBD@microsoft.com...
> >I was reading this lost and wanted seek help with my own log:
> > Is everything safe to delete?
> >
> > Logfile of HijackThis v1.99.1
> > Scan saved at 8:00:08 PM, on 8/9/2005
> > Platform: Windows XP SP2 (WinNT 5.01.2600)
> > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
>
>
!