Results 1 to 7 of 7
  1. #1
    Member
    Join Date
    Aug 2006
    Posts
    5
    Points
    0

    Default Unstoppable Pop-ups hinder performance

    My computer was recently infected with a plethora of spyware. It was brought to my attention when the Mirar toolbar downloaded itself. I went through the steps in your Spyware tutorial and have posted HijackThis logs in the Help2Go Detective multiple times. There still remain a few infected files I can't get off the computer. If your experts could help me out I would greatly appreciate it. **Normally I would just run Ad-Aware to get rid of spyware but whatever Spyware/Viruses were installed this time would shut down my computer every time I tried to run Ad-Aware

    OS: Windows XP Home Edition (It's a dell)
    Processor: 2.2 Ghz Pentium 4
    Harddrive: 80gb
    Anti-virus: AVG Anti-virus, ZoneAlarm Personal Firewall (previously Norton but subscription ran out on that so I installed AVG then uninstalled Norton)
    Anti-Spyware: Ewido Anti-spyware, Spybot Search & Destroy, Ad-Aware, Windows Defender, BHODemon

    I have two HijackThis logs. One from before I got rid of a lot of stuff and one from after. I will post the one from after and attach both to this post. Thanks for your help.

    Logfile of HijackThis v1.99.1
    Scan saved at 7:46:25 PM, on 7/31/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\wfxqhv.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\BHODemon 2\BHODemon.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,bxbdvel.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINDOWS\system32\xeymi.dll
    O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\DELROY\Local Settings\Temporary Internet Files\Content.IE5\VCMXW0XH\WinFixer2005ScannerInstall[1].exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
    O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
    O4 - HKLM\..\Run: [wjdrgtmA] C:\WINDOWS\wjdrgtmA.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ykhmkv] C:\WINDOWS\system32\asdvkx.exe reg_run
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [vhoom] C:\WINDOWS\system32\asdvkx.exe reg_run
    O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/995...TunesSetup.exe
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1135960878671
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1135960842468
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/def...ploader_v5.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup156.cab
    O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
    O20 - AppInit_DLLs: C:\WINDOWS\System32\userinit.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

  2. #2
    Member
    Join Date
    Aug 2006
    Posts
    5
    Points
    0

    Default Warning

    Also I am currently getting a warning message from Ewido about
    C:\WINDOWS\system32\xeymi.dll which shows up on the HijackThis log as:

    O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
    I have tried deleting and renaming this file it is Immediately replaced by a duplicate xeymi.dll

    Another note my computer is currently disconnected from the internet so I have no idea what .exe's are waiting for an internet connect to go and restore what the spyware programs deleted already. Thanks again

  3. #3
    Member
    Join Date
    Aug 2006
    Posts
    5
    Points
    0

    Default

    Also all critical updates and SP2 for Xp have been installed, the spyware came through IE but in the future I will use firefox or another alternative browser.

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    1.Would you please post the ewido log (run from safemode)

    The following is for information only - do not fix with hijackthis yet !

    2. "I installed AVG then uninstalled Norton ....

    you still have Norton/Symantec running :-

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

    3.

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,bxbdvel.exe

    O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINDOWS\system32\xeymi.dll
    O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)

    O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\DELROY\Local Settings\Temporary Internet Files\Content.IE5\VCMXW0XH\WinFixer2005ScannerInstall[1 ].exe"

    O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
    O4 - HKLM\..\Run: [wjdrgtmA] C:\WINDOWS\wjdrgtmA.exe

    O4 - HKLM\..\Run: [ykhmkv] C:\WINDOWS\system32\asdvkx.exe reg_run

    O4 - HKCU\..\Run: [vhoom] C:\WINDOWS\system32\asdvkx.exe reg_run

    O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll

    ====

    First run this

    1. Download Qoofix.zip from :- http://www.malwarebytes.org/Qoofix.zip
    2. Unzip to C:\Qoofix
    3. Open the C:\Qoofix folder & double click on the file named Qoofix.exe
    4. select Begin Removal and the removal process will commence
    5. A reboot may be necessary if an infection is found
    6. Post the Qoofix results log located in the same folder as the Qoofix.

    second run this

    Please download VundoFix.exe to your desktop.
    1. Double-click VundoFix.exe to run it.
    2. Put a check next to Run VundoFix as a task.
    3. You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
    4. When VundoFix re-opens - Click the "Scan for Vundo" button.
    5. Once it's done scanning, click the "Remove Vundo" button.
    6. You will receive a prompt asking if you want to remove the files, click "YES".
    7. Once you click yes, your desktop will go blank as it starts removing Vundo.
    8. When completed, VundoFix will prompt that it will shutdown your computer; click "OK".
    9. Turn your computer back on.
    10. Please post the contents of C:\vundofix.txt and a new HiJackThis log.

    Third run ewido again from SAFEMODE
    Save & post the log.

    4th run hijackthis & post a new hijackthis log

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Member
    Join Date
    Aug 2006
    Posts
    5
    Points
    0

    Default

    Qoofix and Vundofix found nothing and no vundofix.txt was made.

    Then I ran E-wido..

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 9:35:05 PM 8/2/2006

    + Scan result:



    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP988\A0201919.dll -> Adware.EZula : No action taken.
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP988\A0201916.exe -> Adware.MediaMotor : No action taken.
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP988\A0201917.dll -> Adware.Suggestor : No action taken.
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP988\A0201918.exe -> Adware.Suggestor : No action taken.
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP990\A0202018.exe -> Adware.Suggestor : No action taken.
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP990\A0202019.dll -> Adware.Suggestor : No action taken.
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP991\A0202484.dll -> Adware.Suggestor : No action taken.
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP991\A0202517.dll -> Adware.Suggestor : No action taken.
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP992\A0202521.dll -> Adware.Suggestor : No action taken.
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP993\A0202525.dll -> Adware.Suggestor : No action taken.
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP993\A0202528.dll -> Adware.Suggestor : No action taken.
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP994\A0202545.dll -> Adware.Suggestor : No action taken.
    C:\WINDOWS\SYSTEM32\iqqr.exe -> Adware.Suggestor : No action taken.
    C:\WINDOWS\SYSTEM32\xeym24154678i.dll -> Adware.Suggestor : No action taken.
    C:\Documents and Settings\SARA-LYNN\Local Settings\Temporary Internet Files\Content.IE5\3OQU5PQB\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
    C:\Documents and Settings\SARA-LYNN\Local Settings\Temporary Internet Files\Content.IE5\G9ERS56B\WinAntiVirusPro2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
    C:\Documents and Settings\SARA-LYNN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-380aa089-4300db5c.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : No action taken.
    C:\Documents and Settings\SARA-LYNN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv101.jar-77bf84d4-186ee6ff.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : No action taken.
    C:\Documents and Settings\SARA-LYNN\Local Settings\Temporary Internet Files\Content.IE5\3OQU5PQB\xp-cydoor-728[1].swf -> Not-A-Virus.Hoax.SWF.Alerter.a : No action taken.
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP988\A0201915.exe -> Trojan.Starter.65 : No action taken.


    ::Report end

    I also ran Spybot S&D and here is the log


    --- Search result list ---
    SurfSideKick: Browser helper object (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5E2A3E7-00FE-4D31-A030-A10799DDCA66}

    SurfSideKick: Data (File, nothing done)
    C:\WINDOWS\SYSTEM32\pixk5gp2.phy


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2006-07-29 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2006-02-06 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2006-02-20 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2006-07-28 Includes\Cookies.sbi (*)
    2006-07-28 Includes\Dialer.sbi (*)
    2006-07-28 Includes\Hijackers.sbi (*)
    2006-07-28 Includes\Keyloggers.sbi (*)
    2006-07-28 Includes\Malware.sbi (*)
    2006-07-28 Includes\PUPS.sbi (*)
    2006-07-28 Includes\Revision.sbi (*)
    2006-07-28 Includes\Security.sbi (*)
    2006-07-28 Includes\Spybots.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2006-07-28 Includes\Trojans.sbi (*)



    --- System information ---
    Windows XP (Build: 2600) Service Pack 2
    / DataAccess: Patch Available For XMLHTTP Vulnerability
    / DataAccess: Patch Available For XMLHTTP Vulnerability
    / DataAccess: Security update for Microsoft Data Access Components
    / Internet Explorer 6 / SP0: Windows XP Hotfix - KB834707
    / MSXML4: Patch Available For XMLHTTP Vulnerability
    / Windows Media Player: Windows Media Update 320920
    / Windows Media Player: Windows Media Update 817787
    / Windows XP / SP2: Windows XP Service Pack 2
    / Windows XP / SP3: Windows Installer 3.1 (KB893803)
    / Windows XP / SP3: Windows Installer 3.1 (KB893803)
    / Windows XP / SP3: Update for Windows XP (KB898461)


    --- Startup entries list ---
    Located: HK_LM:Run, !ewido
    command: "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    file: C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    size: 6283264
    MD5: 10c40f37ac87a18f624143d4fe6e8dec

    Located: HK_LM:Run, ACTX1
    command: C:\WINDOWS\v1201.exe
    file:

    Located: HK_LM:Run, AdaptecDirectCD
    command: "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    file: C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    size: 679936
    MD5: bc21ed6454fb9c7f1adf0a663ac96392

    Located: HK_LM:Run, AVG7_CC
    command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    size: 357888
    MD5: 679093afd939b3c1b88110ebf859984d

    Located: HK_LM:Run, Corel Photo Downloader
    command: C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    file: C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    size: 106496
    MD5: 3cd5fbd8b1ea8f5b51de894a881c0092

    Located: HK_LM:Run, EPSON Stylus Photo R300 Series
    command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
    size: 99840
    MD5: 3e39a7afae74914282169b93beb0e0c3

    Located: HK_LM:Run, ISUSPM Startup
    command: "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    file: C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    size: 249856
    MD5: 1c46fc1ab600766b8554580204806e84

    Located: HK_LM:Run, ISUSScheduler
    command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    size: 81920
    MD5: 7d58c9bdf9c0a3955bdcde7387ad12ac

    Located: HK_LM:Run, k6mmN5IOU
    command: "C:\WINDOWS\system32\wfxqhv.exe"
    file: C:\WINDOWS\system32\wfxqhv.exe
    size: 1163264
    MD5: 4a1a26330e7f7f6bd937ffce3e0df452

    Located: HK_LM:Run, NI.UWFX5
    command: "C:\Documents and Settings\DELROY\Local Settings\Temporary Internet Files\Content.IE5\VCMXW0XH\WinFixer2005ScannerInstall[1].exe"
    file:

    Located: HK_LM:Run, Picasa Media Detector
    command: C:\Program Files\Picasa2\PicasaMediaDetector.exe
    file: C:\Program Files\Picasa2\PicasaMediaDetector.exe
    size: 421888
    MD5: 1e3759b33e6ef85406e626f6c1a95643

    Located: HK_LM:Run, QuickTime Task
    command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
    file: C:\Program Files\QuickTime\qttask.exe
    size: 98304
    MD5: 9b4c1812595c389ab9ccf1ff3b315248

    Located: HK_LM:Run, Symantec NetDriver Monitor
    command: C:\PROGRA~1\SYMNET~1\SNDMon.exe
    file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
    size: 111840
    MD5: d5dfb6148f111d13d94806144223871e

    Located: HK_LM:Run, Windows Defender
    command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    file: C:\Program Files\Windows Defender\MSASCui.exe
    size: 777424
    MD5: 3207bba7a51043ff2c5d64df4c3b6310

    Located: HK_LM:Run, Zone Labs Client
    command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    size: 968696
    MD5: d1d3726a8508b6183c620b4f6ce82f70

    Located: HK_CU:Run, AVG7_Run
    command: C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
    file: C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
    size: 155136
    MD5: a3c3d3630315e29f6158e62617c20284

    Located: HK_CU:Run, MSMSGS
    command: "C:\Program Files\Messenger\msmsgs.exe" /background
    file: C:\Program Files\Messenger\msmsgs.exe
    size: 1667584
    MD5: b53343fe60a33ee765c2476d50d27b26

    Located: HK_CU:Run, SpybotSD TeaTimer
    command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 1415824
    MD5: 70496eee0ddbe485f658693826f44d38

    Located: Startup (common), Adobe Reader Speed Launch.lnk
    command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    size: 29696
    MD5: 43362b96870ce8649f4f2ec893da93f0

    Located: Startup (user), SpywareGuard.lnk
    command: C:\Program Files\SpywareGuard\sgmain.exe
    file: C:\Program Files\SpywareGuard\sgmain.exe
    size: 360448
    MD5: 61c028aba5e49573a6332f4a7c744e87

    Located: System.ini, WgaLogon
    command: WgaLogon.dll
    file: WgaLogon.dll



    --- Browser helper object list ---
    {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    BHO name:
    CLSID name: Google Toolbar Helper
    description: Google toolbar
    classification: Open for discussion
    known filename: googletoolbar.dllgoogletoolbar*.dll(* = number)googletoolbar_en_*.**-big.dllGoogletoolbar_en_*.*.**-deleon.dll
    info link: http://toolbar.google.com/
    info source: TonyKlein
    Path: c:\program files\google\
    Long name: GoogleToolbar1.dll
    Short name: GOOGLE~1.DLL
    Date (created): 2/22/2006 11:10:52 PM
    Date (last access): 8/2/2006 10:04:50 PM
    Date (last write): 2/14/2006 9:05:30 PM
    Filesize: 1191424
    Attributes: readonly archive
    MD5: 677C42CD9FE9C13B4B7B601A2E4065B0
    CRC32: 58231F90
    Version: 3.0.131.0

    {D623BC2F-A58D-4A75-A10D-CC244A702A35} (Ozbyq Class)
    BHO name:
    CLSID name: Ozbyq Class
    Path: C:\WINDOWS\system32\
    Long name: xeymi.dll

    {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} ()
    BHO name:
    CLSID name:



    --- ActiveX list ---
    {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control)
    DPF name:
    CLSID name: Microsoft Office Template and Media Control
    Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ieawsdc.inf
    Codebase: http://office.microsoft.com/templates/ieawsdc.cab
    description:
    classification: Open for discussion
    known filename: IEAWSDC.DLL
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
    Long name: IEAWSDC.DLL

    {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer)
    DPF name:
    CLSID name: Musicnotes Viewer
    Installer: C:\WINDOWS\Downloaded Program Files\Mnviewer.inf
    Codebase: http://www.musicnotes.com/download/mnviewer.cab
    description:
    classification: Open for discussion
    known filename: mnviewer.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: mnviewer.dll
    Short name:
    Date (created): 11/18/2003 1:21:52 PM
    Date (last access): 8/2/2006 10:03:14 PM
    Date (last write): 11/18/2003 1:21:52 PM
    Filesize: 241664
    Attributes: archive
    MD5: 69FA61162945F71848D26B1C9AE1379A
    CRC32: 38455488
    Version: 1.15.4.0

    {62475759-9E84-458E-A1AB-5D2C442ADFDE} ()
    DPF name:
    CLSID name:
    Installer:
    Codebase: http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    description:
    classification: Open for discussion
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\activate.inf
    Codebase: http://toolbar.google.com/data/GoogleActivate.cab
    description:
    classification: Open for discussion
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class)
    DPF name:
    CLSID name: ScorchPlugin Class
    Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
    Codebase: http://www.sibelius.com/download/sof...iveXPlugin.cab
    description:
    classification: Open for discussion
    known filename: NPSibelius.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: NPSibelius.dll

    {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\popcaploader.inf
    Codebase: http://zone.msn.com/bingame/zuma/def...ploader_v5.cab
    description:
    classification: Open for discussion
    known filename: POPCAPLOADER.DLL
    info link:
    info source: Safer Networking Ltd.

    {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
    Codebase: http://download.abacast.com/download...basetup156.cab
    description:
    classification: Open for discussion
    known filename:
    info link:
    info source: Safer Networking Ltd.



    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 160 ( 4) \SystemRoot\System32\smss.exe
    PID: 208 ( 160) \??\C:\WINDOWS\system32\csrss.exe
    PID: 232 ( 160) \??\C:\WINDOWS\system32\winlogon.exe
    PID: 276 ( 232) C:\WINDOWS\system32\services.exe
    size: 108032
    MD5: C6CE6EEC82F187615D1002BB3BB50ED4
    PID: 288 ( 232) C:\WINDOWS\system32\lsass.exe
    size: 13312
    MD5: 84885F9B82F4D55C6146EBF6065D75D2
    PID: 436 ( 276) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 504 ( 276) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 552 ( 276) C:\Program Files\Windows Defender\MsMpEng.exe
    size: 14032
    MD5: E7E81C6BCD697F5921DF6D6781D2673D
    PID: 600 ( 276) C:\WINDOWS\system32\svchost.exe
    size: 14336
    MD5: 8F078AE4ED187AAABC0A305146DE6716
    PID: 792 ( 776) C:\WINDOWS\Explorer.EXE
    size: 1032192
    MD5: A0732187050030AE399B241436565E64
    PID: 924 ( 792) C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    size: 6283264
    MD5: 10C40F37AC87A18F624143D4FE6E8DEC
    PID: 904 ( 792) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 4393096
    MD5: 09CA174A605B480318731E691DC98539
    PID: 1348 ( 904) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 1415824
    MD5: 70496EEE0DDBE485F658693826F44D38
    PID: 4 ( 0) System


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 8/2/2006 10:10:53 PM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\System32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://google.com/
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.dellnet.com/
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.msn.com/
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---


    --- Uninstall list ---
    Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
    uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
    publisher: Lavasoft
    help link: http://www.lavasoft.com

    (AddressBook)

    Adobe Acrobat 4.0, 5.0 5.0 (Adobe Acrobat 5.0)
    version (major): 5
    install location: C:\Program Files\Adobe\Acrobat 5.0
    install source: C:\Documents and Settings\DELROY\Local Settings\Temp\pft3~tmp\
    uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
    publisher: Adobe Systems, Inc.
    help link: http://www.adobe.com/prodindex/acrobat/main.html

    Adobe Illustrator 9.0.1 9.0.1 (Adobe Illustrator 9.0.1)
    version (major): 9
    version (minor): 1
    install location: C:\Program Files\Adobe\Illustrator 9.0.1
    install source: F:\Adobe Illustrator 9.0.1\
    uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Illustrator 9.0.1\Uninst.isu" -c"C:\Program Files\Adobe\Illustrator 9.0.1\Uninst.dll"
    publisher: Adobe Systems, Inc.

    Adobe Photoshop 6.0 6.0 (Adobe Photoshop 6.0)
    version (major): 6
    install location: C:\Program Files\Adobe\Photoshop 6.0
    install source: E:\
    uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
    publisher: Adobe Systems, Inc.

    Adobe Download Manager 2.0 (Remove Only) 2.0 (AdobeESD)
    uninstall cmd: "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"

    Applet_App (Applet_App)

    Applet_Copy (Applet_Copy)

    Applet_Creativity (Applet_Creativity)

    Applet_Email (Applet_Email)

    Applet_Epp (Applet_Epp)

    Applet_File (Applet_File)

    Applet_OCR (Applet_OCR)

    Applet_Web (Applet_Web)

    ArcSoft Camera Suite (ArcSoft Camera Suite)
    uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Camera Suite\Uninst.isu"

    ArcSoft PhotoImpression 3.0 (ArcSoft PhotoImpression 3.0)
    uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoImpression\Uninst.isu"

    ArcSoft PhotoStudio 2000 (ArcSoft PhotoStudio 2000)
    uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\ArcSoft PhotoStudio 2000\Uninst.isu"

    Autodesk Express Viewer 3.1 (Autodesk Express Viewer)
    install date: 2004-03-22 22:06:32
    install location: C:\Program Files\Autodesk\Autodesk Express Viewer
    install source: E:\Bin\AcadFEUI\support\aev
    uninstall cmd: C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
    publisher: Autodesk, Inc.
    help link: http://www.autodesk.com/viewers

    AVG Free Edition (AVG7Uninstall)
    uninstall cmd: C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL

    BHODemon 2.0.0.23 (BHODemon_is1)
    uninstall cmd: "C:\Program Files\BHODemon 2\unins000.exe"
    publisher: Definitive Solutions, Inc.
    help link: http://www.definitivesolutions.com

    (Branding)

    Conexant HSF V92 56K RTAD Speakerphone PCI Modem (CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0)
    uninstall cmd: C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0\HxFSETUP.EXE -U -IVEN_14F1&DEV_2016&SUBSYS_021913E0

    (Connection Manager)

    Copy Utility (Copy Utility)
    uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Copy Utility\Uninst.isu"

    (DirectAnimation)

    (DirectDrawEx)

    DivX Codec 5.1.1 (DivX Codec)
    install location: C:\Program Files\DivX\DivX Codec
    uninstall cmd: C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    publisher: DivXNetworks, Inc.

    DivX Player 2.5.3 (DivX Player)
    install location: C:\Program Files\DivX\DivX Player
    uninstall cmd: C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    publisher: DivXNetworks, Inc.

    (DXM_Runtime)

    ImageStation Easy Upload Tools (Easy Upload Tools)
    uninstall cmd: C:\Program Files\Easy Upload Tools\UninstallHelper\UninstallHelper.exe

    EPSON Photo Print (EPSON Photo Print)
    uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Photo Print\Uninst.isu"

    EPSON Printer Software (EPSON Printer and Utilities)
    uninstall cmd: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

    EPSON Smart Panel (EPSON Smart Panel)
    uninstall cmd: C:\Program Files\EPSON\Smart Panel\SPUninst.exe

    ewido anti-spyware 4.0 (ewidoantispyware4)
    install location: C:\Program Files\ewido anti-spyware 4.0
    uninstall cmd: C:\Program Files\ewido anti-spyware 4.0\Uninstall.exe
    publisher: ewido networks
    help link: http://www.ewido.net

    AutoCAD Express Tools - AutoCAD 2002 (ExpressTools - AutoCAD 2002)
    uninstall cmd: "C:\WINDOWS\etUnInst.exe" "-fC:\Program Files\AutoCAD 2002\DeIsL1.isu" "C:\Program Files\AutoCAD 2002\Express\acetmain.ini"

    (Fontcore)

    Quicklinks (g5a2)
    uninstall cmd: "C:\WINDOWS\System32\iqqr.exe" -gDGy

    Genuine Fractals 2.0 LE (Genuine Fractals 2.0 LE)
    uninstall cmd: C:\WINDOWS\IsUninst.exe -f".\Altamira Group\Uninst.isu"

    HijackThis 1.99.1 1.99.1 (HijackThis)
    uninstall cmd: C:\Program Files\HijackThis\HijackThis.exe /uninstall
    publisher: Soeperman Enterprises Ltd.

    HijackThis / CWShredder Installer 1.0 (HijackThis / CWShredder Installer_is1)
    install location: C:\Program Files\HijackThis\
    uninstall cmd: "C:\Program Files\HijackThis\unins000.exe"

    (ICW)

    (IE40)

    (IE4Data)

    (IE5BAKEX)

    (IEData)

    (InstallShield Uninstall Information)

    InterActual Player (InterActual Player)
    uninstall cmd: C:\Program Files\InterActual\InterActual Player\inuninst.exe

    Java Web Start (Java Web Start)
    uninstall cmd: "C:\Program Files\Java Web Start\uninst-javaws.exe"

    (KB884016)

    Windows Installer 3.1 (KB893803) 3.1 (KB893803)
    uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http://go.microsoft.com/fwlink/?LinkId=42467

    Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
    uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http://go.microsoft.com/fwlink/?LinkId=42467

    Update for Windows XP (KB898461) 1 (KB898461)
    uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=898461

    Forethought (kZNBNdryG)
    uninstall cmd: C:\WINDOWS\System32\bez6n4r21.exe -iISTsDgvL

    Macromedia Shockwave Player 10.1.0.11 (Macromedia Shockwave Player)
    uninstall cmd: C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
    publisher: Macromedia, Inc.
    help link: http://www.macromedia.com/support/shockwave

    (Microsoft Interactive Training)
    uninstall cmd: C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

    (Microsoft NetShow Player 2.0)

    (MobileOptionPack)

    Mozilla Firefox (1.5) 1.5 (en-US) (Mozilla Firefox (1.5))
    install location: C:\Program Files\Mozilla Firefox
    uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5 (en-US)"
    publisher: Mozilla

    (MPlayer2)

    (MSI30-Beta1)

    (MSI30-Beta2)

    (MSI30-KB884016)

    (MSI30-RC1)

    (MSI30-RC2)

    (MSI30a-KB884016)

    (MSI31-Beta)

    (MSI31-RC1)

    (MsJavaVM)

    MUSICMATCH Jukebox (MUSICMATCH Jukebox)
    uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll

    MyPublisher BookMaker (MyPublisher BookMaker)
    uninstall cmd: C:\WINDOWS\System32\MypubUninstaller.exe
    publisher: MyPublisher, Inc.

    NETGEAR Print Server Software (NETGEAR Print Server Software)
    uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NETGEAR Print Server\Uninst.isu"

    (NetMeeting)

    NVIDIA Windows 2000/XP Display Drivers (NVIDIA)
    uninstall cmd: rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf

    (OutlookExpress)

    (PCHealth)
    uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

    (Picasa)

    Picasa 2 2.0 (Picasa2)
    uninstall cmd: "C:\Program Files\Picasa2\Uninstall.exe"
    publisher: Google, Inc.
    help link: http://www.picasa.com/

    QuickTime (QuickTime)
    uninstall cmd: C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log

    RawShooter essentials 2005 1.1.3 (RawShooter essentials 2005)
    uninstall cmd: C:\PROGRA~1\PIXMAN~1\RAWSHO~1.0\UNWISE.EXE C:\PROGRA~1\PIXMAN~1\RAWSHO~1.0\INSTALL.LOG
    publisher: Pixmantec

    (RealJukebox 1.0)
    uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

    RealOne Player (RealPlayer 6.0)
    uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

    (SchedulingAgent)

    (Sevinst)

    Shockwave (Shockwave)
    uninstall cmd: C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log

    Macromedia Flash Player 8 8 (ShockwaveFlash)
    uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
    publisher: Macromedia
    help link: http://www.macromedia.com/go/flashplayer_support/

    EPSON SPR300 Reference Guide (Silent Package Run-Time Sample)
    uninstall cmd: C:\Program Files\epson\guide\spr300_e\uninstall.exe

    Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
    install location: C:\Program Files\Spybot - Search & Destroy\
    uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    publisher: Safer Networking Limited

    SpywareGuard v2.2 2.2 (SpywareGuard_is1)
    uninstall cmd: "C:\Program Files\SpywareGuard\unins000.exe"
    publisher: Javacool Software LLC

    Squid (Squid)
    uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Nvidia Corporation\Nvidia Demos\Squid\Uninst.isu"

    Tidepool (Tidepool)
    uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Nvidia Corporation\Nvidia Demos\Tidepool\Uninst.isu"

    USB Storage Adapter V2 (TPP) (TPP200)
    uninstall cmd: tppun.exe TPP200

    (TSAUNINST)

    Werewolf (Werewolf)
    uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Nvidia Corporation\Nvidia Demos\Werewolf\Uninst.isu"

    Windows Genuine Advantage Validation Tool (KB892130) 1.5.0530.0 (WGA)
    install date: 20060730
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=892130

    Windows Genuine Advantage Notifications (KB905474) 1.5.0540.0 (WgaNotify)
    install date: 20060730
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=905474

    Windows Media Format Runtime (Windows Media Format Runtime)
    uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

    Windows Media Player 10 (Windows Media Player)
    uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

    Windows XP Service Pack 2 20040803.231319 (Windows XP Service Pack)
    uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com?kbid=811113

    WinMX (WinMX)
    uninstall cmd: C:\Program Files\WinMX\uninstall.exe

    WinRAR archiver (WinRAR archiver)
    uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

    WinZip 9.0 SR-1 (6224) (WinZip)
    version (major): 9
    install location: C:\PROGRA~1\WINZIP\
    uninstall cmd: "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
    publisher: WinZip Computing, Inc.
    help link: http://www.winzip.com/xsupport.htm

    Microsoft Works 2002 Setup Launcher (Works2002Setup)
    uninstall cmd: C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe E:\
    help link: http://support.microsoft.com/support/works

    Microsoft Excel Viewer 97 (XLViewer97)
    uninstall cmd: C:\Program Files\XLView\setup\setup.exe

    ZoneAlarm 6.5.731.000 (ZoneAlarm)
    uninstall cmd: C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
    publisher: Zone Labs, Inc
    help link: C:\Program Files\Zone Labs\ZoneAlarm\Help\zaclients.chm

    Microsoft Encarta Encyclopedia Standard 2002 2002 ({01001202-823E-46CD-A70E-BEE818F97169})
    version (major): 2002
    version (minor): 2002
    install date: 20011115
    uninstall cmd: MsiExec.exe /I{01001202-823E-46CD-A70E-BEE818F97169}
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com

    Adobe Premiere Pro Tryout 7.0 ({084709F7-38C5-4609-B55F-2417939315EB})
    version: 117440512
    version (major): 7
    install location: C:\Program Files\Adobe\Premiere Pro Tryout
    install source: C:\Documents and Settings\ANDREW\Desktop\Export\
    uninstall cmd: RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe"
    publisher: Adobe Systems, Inc.

    EPSON CardMonitor ({109D28C7-FB38-483A-9C91-001CB59E2699})
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst

    Dell Solution Center 1.00.0000 ({11F1920A-56A2-4642-B6E0-3B31A12C9288})
    version: 16777216
    version (major): 1
    install date: 20020802
    uninstall cmd: MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
    publisher: Dell
    help link: http://www.support.dell.com
    help telephone: http://www.support.dell.com

    Dell Picture Studio - Dell Image Expert 3.4.1 ({151C555A-A9E7-4A2E-B6D7-165D04A3C956})
    version: 50593793
    version (major): 3
    version (minor): 4
    install date: 20020802
    uninstall cmd: MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
    publisher: Jasc Software Inc
    comments:
    contact: Customer Support Department
    help link: http://dell.shutterfly.com/help
    help telephone: 1-952-294-2692
    readme: -

    Corel Paint Shop Pro X 10.01 ({1A15507A-8551-4626-915D-3D5FA095CC1B})
    version: 167837696
    version (major): 10
    version (minor): 1
    estimated size: 176954
    install date: 20060723
    install location: C:\Program Files\Corel\Corel Paint Shop Pro X\
    install source: E:\Paint Shop Pro X\
    uninstall cmd: MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
    publisher: Corel Inc
    comments: Installs Paint Shop Pro X
    contact: Corel Customer Service
    help link: http://www.corel.com/support
    help telephone: U.S. 1-800-772-6735 Outside U.S. +441628 581601, UK: 0870 774 0202
    readme: C:\Program Files\Corel\Corel Paint Shop Pro X\readme.html

    Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
    uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

    PRO200WL ({280C7673-2DF8-4E74-B031-D8F108BE2A6D})
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{280C7673-2DF8-4E74-B031-D8F108BE2A6D}\SETUP.EXE" -uninst

    WebFldrs XP 9.50.5318 ({350C97B0-3D7C-4EE8-BAA9-00BCB3D54227})
    version: 154277062
    version (major): 9
    version (minor): 50
    estimated size: 2524
    install date: 20011115
    install source: C:\WINDOWS\System32\
    publisher: Microsoft Corporation
    help link: http://www.microsoft.com/windows

    Microsoft XML Parser and SDK 4.10.9406.0 ({3E908702-AF35-4611-9518-955DA24B7E07})
    version: 67773630
    version (major): 4
    version (minor): 10
    estimated size: 4407
    install date: 20060730
    install source: C:\DOCUME~1\ANDREW\LOCALS~1\Temp\IXP000.TMP\
    uninstall cmd: MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
    publisher: Microsoft Corporation
    help link: http://www.msdn.microsoft.com/xml

    ACDSee 4.0.1 Standard 4.00.0001 ({4CCAE0E7-757D-4095-9A30-F6B9584459B2})
    version: 67108865
    version (major): 4
    estimated size: 24905
    install date: 20020914
    install source: E:\
    uninstall cmd: MsiExec.exe /I{4CCAE0E7-757D-4095-9A30-F6B9584459B2}
    publisher: ACD Systems Ltd
    comments: ACDSee 4.0 and other image management software
    contact: Technical Support
    help link: http://www.acdsystems.com
    help telephone: 250-544-6700
    readme: 0

    AutoCAD 2002 15.0.6.030 ({5783F2D7-0101-0409-0000-0060B0CE6BBA})
    version: 251658246
    version (major): 15
    estimated size: 209810
    install date: 20040201
    install source: E:\
    uninstall cmd: MsiExec.exe /I{5783F2D7-0101-0409-0000-0060B0CE6BBA}
    publisher: Autodesk

    AutoCAD 2004 16.0.0.086 ({5783F2D7-0201-0409-0000-0060B0CE6BBA})
    version: 268435456
    version (major): 16
    estimated size: 254063
    install date: 20040322
    install source: E:\Bin\AcadFEUI\
    uninstall cmd: MsiExec.exe /I{5783F2D7-0201-0409-0000-0060B0CE6BBA}
    publisher: Autodesk

    AutoCAD Express Tools Volumes 1-9 1.0.0.0 ({5783F2D7-0211-0409-0000-0060B0CE6BBA})
    version: 16777216
    version (major): 1
    estimated size: 4767
    install date: 20040522
    install source: E:\Bin\AcadFEUI\Support\Express\
    uninstall cmd: MsiExec.exe /X{5783F2D7-0211-0409-0000-0060B0CE6BBA}
    publisher: Autodesk

    EPSON PhotoStarter3.0 ({5983C895-DDA4-45D9-A8D1-877D5DE7693E})
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5983C895-DDA4-45D9-A8D1-877D5DE7693E}\Setup.exe" uninst

    Easy CD Creator 5 Basic 5.2.0.56 ({609F7AC8-C510-11D4-A788-009027ABA5D0})
    version: 83951616
    version (major): 5
    version (minor): 1
    install date: 20020802
    uninstall cmd: MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
    publisher: Roxio Inc
    help link: http://www.roxio.com/en/support
    help telephone:

    PowerDVD ({6811CAA0-BF12-11D4-9EA1-0050BAE317E1})
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

    Java 2 Runtime Environment, SE v1.4.2 1.4.2 ({7148F0A8-6813-11D6-A77B-00B0D0142000})
    version: 17039362
    version (major): 1
    version (minor): 4
    estimated size: 63140
    install date: 20031207
    install source: http://java.sun.com/webapps/download.../windows-i586/
    uninstall cmd: MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
    publisher: Sun Microsystems, Inc.
    comments: http://www.java.com
    contact: http://www.java.com
    help link: http://www.java.com
    help telephone: http://www.java.com
    readme: Readme.txt

    1 ({870AA7AE-79EF-C7C1-259F-7C7EFC1D60F3})
    install date: 20060727

    ({8851E12C-0EF9-11D4-A788-009027ABA5D0})

    Corel Photo Album 6 6.00 ({8A9B8148-DDD7-448F-BD6C-358386D32354})
    version: 100663296
    version (major): 6
    estimated size: 89867
    install date: 20060723
    install location: C:\Program Files\Corel\Corel Photo Album 6\
    install source: E:\Photo Album 6 SE\
    uninstall cmd: MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
    publisher: Corel, Inc.
    comments: Installs Corel Photo Album 6
    contact: Corel Customer Service
    help link: http://www.corel.com/support
    help telephone: U.S. 1-800-772-6735 Outside U.S. +441628 581601, UK: 0870 774 0202

    The Print Shop CD Label Creator ({8AF872EF-E6C5-41C8-BCA2-1990396D21DE})
    version (major): 1
    install location: C:\Program Files\Broderbund\CD Label Creator
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF872EF-E6C5-41C8-BCA2-1990396D21DE}\setup.exe" -l0x9 anything
    publisher: Broderbund LLC

    Microsoft Office Professional Edition 2003 11.0.7969.0 ({90110409-6000-11D3-8CFE-0150048383C9})
    version: 184557345
    version (major): 11
    estimated size: 297666
    install date: 20060730
    install source: C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\
    uninstall cmd: MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    publisher: Microsoft Corporation
    help link: http://www.microsoft.com/support
    readme: C:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM

    Help and Support Customization 1.00.0000 ({90D55A3F-1D99-4C94-A77E-46DC14F0BF08})
    version: 16777216
    version (major): 1
    install date: 20020802
    publisher: Dell
    contact: http://www.support.dell.com
    help link: http://www.support.dell.com
    help telephone: http://www.support.dell.com

    Dell | Support 1.00.0000 ({91E8A85F-2960-40ED-BA84-7F4567BB00C0})
    version: 16777216
    version (major): 1
    install date: 20020802
    uninstall cmd: MsiExec.exe /X{91E8A85F-2960-40ED-BA84-7F4567BB00C0}
    publisher: Dell
    comments: Go to http://support.dell.com
    contact: http://support.dell.com
    help link: http://support.dell.com
    help telephone: 1-800-BUY-DELL
    readme: 0

    EPSON TWAIN 5 ({9A3EABC0-CA06-11D4-BF77-00104B130C19})
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\setup.exe" UNINSTALL

    Microsoft Works 6.0 06.00.0000 ({A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704})
    version: 100663296
    version (major): 6
    install date: 20011115
    uninstall cmd: MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
    publisher: Microsoft Corporation
    comments: Microsoft Works 6.0 installation.
    help link: http://support.microsoft.com/support/works

    Santa Cruz ({A4D58580-EA01-11D3-9318-008048B86EFE})
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A4D58580-EA01-11D3-9318-008048B86EFE}\setup.exe"

    Windows Defender Signatures 1.20.0.0 ({A5CC2A09-E9D3-49EC-923D-03874BBD4C2C})
    version: 18087936
    version (major): 1
    version (minor): 20
    estimated size: 2892
    install date: 20060730
    install source: C:\Program Files\Windows Defender\
    uninstall cmd: MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
    publisher: Microsoft Corporation

    Adobe Reader 7.0.5 7.0.5 ({AC76BA86-7AD7-1033-7B44-A70500000002})
    version: 117440517
    version (major): 7
    estimated size: 65860
    install date: 20051023
    install location: C:\Program Files\Adobe\Acrobat 7.0\Reader\
    install source: C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig705\ENU\
    uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
    publisher: Adobe Systems Incorporated
    comments:
    contact:
    help link: http://www.adobe.com/support/main.html
    help telephone:
    readme: C:\Program Files\Adobe\Acrobat 7.0\Reader\Readme.htm

    Windows Defender 1.1.1347.6 ({B2D7CE29-614A-4ACC-8BFE-009EB3A244C9})
    version: 16844099
    version (major): 1
    version (minor): 1
    estimated size: 9956
    install date: 20060730
    install source: C:\Documents and Settings\ANDREW\Desktop\
    uninstall cmd: MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}
    publisher: Microsoft Corporation
    help link: http://go.microsoft.com/fwlink/?LinkId=55273

    Works Synchronization 1.0.0.0000 ({BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387})
    version: 16777216
    version (major): 1
    install date: 20011115
    publisher: Your Company Name
    help link: http://www.microsoft.com
    help telephone: 555-555-1234

    Microsoft Works Suite Add-in for Microsoft Word 2.0.0.0000 ({C3A439E4-7303-491F-A678-CEA36A87D517})
    version: 33554432
    version (major): 2
    install date: 20011115
    uninstall cmd: MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
    publisher: Microsoft Corporation
    help link: http://support.microsoft.com/support/works
    help telephone:

    Microsoft Picture It! Photo 2002 6.0.0.0000 ({C769A271-7E1C-48F9-B331-474600DD4C06})
    version: 100663296
    version (major): 6
    install date: 20011115
    uninstall cmd: MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
    publisher: Microsoft
    comments: Microsoft Picture It! Photo 2002
    help link: http://go.microsoft.com/fwlink/pi6/d...UP&sba=SUPPORT
    help telephone:

    Symantec Network Drivers Update 5.5.1.6 ({CA0A1E54-CE0F-4366-B09C-A87B61DC5633})
    version: 84213761
    version (major): 5
    version (minor): 5
    estimated size: 2806
    install date: 20051224
    install source: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\EXITEM~2.2_E\
    publisher: Symantec Corporation

    Java 2 Runtime Environment, SE v1.4.1 ({CD0159C9-17FB-11D6-A76A-00B0D079AF64})
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD0159C9-17FB-11D6-A76A-00B0D079AF64}\setup.exe" Anytext

    Microsoft Money 2002 System Pack 10.0.80 ({CF5193F7-6B37-11D5-B7D2-00AA00A204F1})
    version: 167772240
    version (major): 10
    install date: 20011115
    uninstall cmd: MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
    publisher: Microsoft
    comments: Installs system components used by Microsoft Money 2002.
    help link: http://support.microsoft.com
    help telephone: (800) 936-5700

    Paint Shop Pro 7 7.05.0000 ({D6DE02C7-1F47-11D4-9515-00105AE4B89A})
    version: 117768192
    version (major): 7
    version (minor): 5
    install date: 20020802
    uninstall cmd: MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
    publisher: Jasc Software Inc
    comments: Jasc Software Inc
    contact: Customer Support Department
    help link: http://www.jasc.com/support2.asp
    help telephone: 1-952-930-9171
    readme: Readme.doc

    Works Suite OS Pack 1.0.0.0000 ({DC19E750-988B-4005-A355-85EF66055EFE})
    version: 16777216
    version (major): 1
    install date: 20011115
    install source: E:\ospack\
    publisher: Microsoft Corporation
    help link: http://www.microsoft.com
    help telephone:

    PhoneTools ({E3436EE2-D5CB-4249-840B-3A0140CC34C1})
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C1}\setup.exe" ControlPanel

    Microsoft Money 2002 10.0.50 ({E7298FD5-1386-11D5-8D6C-0050DAD32D95})
    version: 167772210
    version (major): 10
    install date: 20011115
    uninstall cmd: MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
    publisher: Microsoft
    comments: The Installation database contains the logic and data required to install Money 2002
    help link: http://support.microsoft.com
    help telephone: (800) 936-5700

    ScanToWeb ({EBAE381B-60A6-4863-AA9F-FCAB755BC9E5})
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\Setup.exe" ADDREMOVEDLG

    Update Manager 4.60 ({F428D0FB-765D-40EB-BDD8-A1E7F5C597FA})
    version: 71041024
    version (major): 4
    version (minor): 60
    estimated size: 2652
    install date: 20060601
    install location: C:\Program Files\My Company Name\My Product Name\
    install source: C:\DOCUME~1\SARA-L~1\LOCALS~1\Temp\pft2F.tmp\
    uninstall cmd: MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
    publisher: Corel Corporation

    ({F64306A5-4C32-41bb-B153-53986527FAB4})

    Interactive Calculus 3.0 ({FC257F6E-721E-41DE-ABE0-13B1E2BE7A5A})
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC257F6E-721E-41DE-ABE0-13B1E2BE7A5A}\Setup.exe" -l0x9

    EPSON Print CD ({FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4})
    uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.exe" -l0x9 -SYSTEM



    --- System Services ---
    Service (registry key): Abiosdsk
    Start: 4
    Type: 1
    Error Control: 0

    Service (registry key): abp480n5
    Display name: abp480n5
    Image path: \SystemRoot\System32\DRIVERS\ABP480N5.SYS
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ACPI
    Display name: Microsoft ACPI Driver
    Image path: System32\DRIVERS\ACPI.sys
    Image size: 187776
    Image MD5: A10C7534F7223F4A73A948967D00E69B
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): ACPIEC
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): adpu160m
    Display name: adpu160m
    Image path: \SystemRoot\System32\DRIVERS\adpu160m.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): aec
    Display name: Microsoft Kernel Acoustic Echo Canceller
    Image path: system32\drivers\aec.sys
    Image size: 142464
    Image MD5: 841F385C6CFAF66B58FBD898722BB4F0
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): AFD
    Display name: AFD Networking Support Environment
    Description: AFD Networking Support Environment
    Image path: \SystemRoot\System32\drivers\afd.sys
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): agp440
    Display name: Intel AGP Bus Filter
    Image path: System32\DRIVERS\agp440.sys
    Image size: 42368
    Image MD5: 2C428FA0C3E3A01ED93C9B2A27D8D4BB
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): agpCPQ
    Display name: Compaq AGP Bus Filter
    Image path: \SystemRoot\System32\DRIVERS\agpCPQ.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Aha154x
    Display name: Aha154x
    Image path: \SystemRoot\System32\DRIVERS\aha154x.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): aic78u2
    Display name: aic78u2
    Image path: \SystemRoot\System32\DRIVERS\aic78u2.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): aic78xx
    Display name: aic78xx
    Image path: \SystemRoot\System32\DRIVERS\aic78xx.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Alerter
    Display name: Alerter
    Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalService
    Image size: 14336
    Image MD5: 8F078AE4ED187AAABC0A305146DE6716
    Start: 4
    Type: 32
    Error Control: 1
    Depends On services: LanmanWorkstation

    Service (registry key): ALG
    Display name: Application Layer Gateway Service
    Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\alg.exe
    Image size: 44544
    Image MD5: F1958FBF86D5C004CF19A5951A9514B7
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): AliIde
    Display name: AliIde
    Image path: \SystemRoot\System32\DRIVERS\aliide.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): alim1541
    Display name: ALI AGP Bus Filter
    Image path: \SystemRoot\System32\DRIVERS\alim1541.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): amdagp
    Display name: AMD AGP Bus Filter Driver
    Image path: \SystemRoot\System32\DRIVERS\amdagp.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): amsint
    Display name: amsint
    Image path: \SystemRoot\System32\DRIVERS\amsint.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): AppMgmt
    Display name: Application Management
    Description: Provides software installation services such as Assign, Publish, and Remove.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 8F078AE4ED187AAABC0A305146DE6716
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): asc
    Display name: asc
    Image path: \SystemRoot\System32\DRIVERS\asc.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): asc3350p
    Display name: asc3350p
    Image path: \SystemRoot\System32\DRIVERS\asc3350p.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): asc3550
    Display name: asc3550
    Image path: \SystemRoot\System32\DRIVERS\asc3550.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ASPI32
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): AsyncMac
    Display name: RAS Asynchronous Media Driver
    Description: RAS Asynchronous Media Driver
    Image path: System32\DRIVERS\asyncmac.sys
    Image size: 14336
    Image MD5: 02000ABF34AF4C218C35D257024807D6
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): atapi
    Display name: Standard IDE/ESDI Hard Disk Controller
    Image path: System32\DRIVERS\atapi.sys
    Image size: 95360
    Image MD5: CDFE4411A69C224BD1D11B2DA92DAC51
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): Atdisk
    Start: 4
    Type: 1
    Error Control: 0

    Service (registry key): Atmarpc
    Display name: ATM ARP Client Protocol
    Description: ATM ARP Client Protocol
    Image path: System32\DRIVERS\atmarpc.sys
    Image size: 59904
    Image MD5: EC88DA854AB7D7752EC8BE11A741BB7F
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): AudioSrv
    Display name: Windows Audio
    Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 8F078AE4ED187AAABC0A305146DE6716
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: PlugPlay,RpcSs

    Service (registry key): audstub
    Display name: Audio Stub Driver
    Image path: System32\DRIVERS\audstub.sys
    Image size: 3072
    Image MD5: D9F724AA26C010A217C97606B160ED68
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Avg7Alrt
    Display name: AVG7 Alert Manager Server
    Object name: LocalSystem
    Image path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    Image size: 336896
    Image MD5: 9BF46D959F713D64C8FF3DE2B2437863
    Start: 2
    Type: 272
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): Avg7Core
    Display name: AVG7 Kernel
    Image path: \SystemRoot\System32\Drivers\avg7core.sys
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): Avg7RsW
    Display name: AVG7 Wrap Driver
    Image path: \SystemRoot\System32\Drivers\avg7rsw.sys
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): Avg7RsXP
    Display name: AVG7 Resident Driver XP
    Image path: \SystemRoot\System32\Drivers\avg7rsxp.sys
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): Avg7UpdSvc
    Display name: AVG7 Update Service
    Object name: LocalSystem
    Image path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    Image size: 84480
    Image MD5: 66093610FA61142F6BCFD83AFB7E8A29
    Start: 2
    Type: 16
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): AVGEMS
    Display name: AVG E-mail Scanner
    Object name: LocalSystem
    Image path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    Image size: 280576
    Image MD5: E431814C506FD4FD1DF82D56F178B4A5
    Start: 2
    Type: 272
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): AvgTdi
    Display name: AVG Network Redirector
    Image path: \SystemRoot\System32\Drivers\avgtdi.sys
    Start: 2
    Type: 1
    Error Control: 1

    Service (registry key): basic2
    Image path: System32\DRIVERS\basic2.sys
    Image size: 77426
    Image MD5: 9372CC48814A17E67C28945EB4ACC189
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): BattC
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): Beep
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): BITS
    Display name: Background Intelligent Transfer Service
    Description: Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 8F078AE4ED187AAABC0A305146DE6716
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: Rpcss

    Service (registry key): Browser
    Display name: Computer Browser
    Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 8F078AE4ED187AAABC0A305146DE6716
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: LanmanWorkstation,LanmanServer

    Service (registry key): cbidf
    Display name: cbidf
    Image path: \SystemRoot\System32\DRIVERS\cbidf2k.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): cbidf2k
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): cd20xrnt
    Display name: cd20xrnt
    Image path: \SystemRoot\System32\DRIVERS\cd20xrnt.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Cdaudio
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): Cdfs
    Start: 4
    Type: 2
    Error Control: 1
    Depends On group: "SCSI CDROM Class"

    Service (registry key): Cdr4_xp
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): Cdralw2k
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): Cdrom
    Display name: CD-ROM Driver
    Image path: System32\DRIVERS\cdrom.sys
    Image size: 49536
    Image MD5: AF9C19B3100FE010496B1A27181FBF72
    Start: 1
    Type: 1
    Error Control: 1
    Depends On group: "SCSI miniport"

    Service (registry key): cdudf_xp
    Start: 1
    Type: 2
    Error Control: 1

    Service (registry key): Changer
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): cisvc
    Display name: Indexing Service
    Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
    Object name: LocalSystem
    Image path: C:\WINDOWS\System32\cisvc.exe
    Image size: 5632
    Image MD5: 3192BD04D032A9C4A85A3278C268A13A
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RPCSS

    Service (registry key): ClipSrv
    Display name: ClipBook
    Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\clipsrv.exe
    Image size: 33280
    Image MD5: C8DEC22C4137D7A90F8BDF41CA4B82AE
    Start: 4
    Type: 16
    Error Control: 1
    Depends On services: NetDDE

    Service (registry key): CmdIde
    Display name: CmdIde
    Image path: \SystemRoot\System32\DRIVERS\cmdide.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): COMSysApp
    Display name: COM+ System Application
    Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    Image size: 5120
    Image MD5: DD87DB7387B9EB441C5674888A0D840C
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: rpcss

    Service (registry key): ContentFilter
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): ContentIndex
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): Cpqarray
    Display name: Cpqarray
    Image path: \SystemRoot\System32\DRIVERS\cpqarray.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): CryptSvc
    Display name: Cryptographic Services
    Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 8F078AE4ED187AAABC0A305146DE6716
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): dac2w2k
    Display name: dac2w2k
    Image path: \SystemRoot\System32\DRIVERS\dac2w2k.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): dac960nt
    Display name: dac960nt
    Image path: \SystemRoot\System32\DRIVERS\dac960nt.sys
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): DcomLaunch
    Display name: DCOM Server Process Launcher
    Description: Provides launch functionality for DCOM services.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost -k DcomLaunch
    Image size: 14336
    Image MD5: 8F078AE4ED187AAABC0A305146DE6716
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): Dhcp
    Display name: DHCP Client
    Description: Manages network configuration by registering and updating IP addresses and DNS names.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 8F078AE4ED187AAABC0A305146DE6716
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: Tcpip,Afd,NetBT

    Service (registry key): Disk
    Display name: Disk Driver
    Image path: System32\DRIVERS\disk.sys
    Image size: 36352
    Image MD5: 00CA44E4534865F8A3B64F7C0984BFF0
    Start: 0
    Type: 1
    Error Control: 1
    Depends On group: "SCSI miniport"

    Service (registry key): DM9102
    Display name: DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver
    Image path: System32\DRIVERS\DM9PCI5.SYS
    Image size: 29696
    Image MD5: 51EF6CA3D57055FED6AB99021D562443
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): dmadmin
    Display name: Logical Disk Manager Administrative Service
    Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\dmadmin.exe /com
    Image size: 224768
    Image MD5: 554C7CB178FE3BD12450B81AD63ADBC3
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,PlugPlay,DmServer

    Service (registry key): dmboot
    Image path: System32\drivers\dmboot.sys
    Image size: 799744
    Image MD5: C0FBB516E06E243F0CF31F597E7EBF7D
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): dmio
    Image path: System32\drivers\dmio.sys
    Image size: 153344
    Image MD5: F5E7B358A732D09F4BCF2824B88B9E28
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): dmload
    Image path: System32\drivers\dmload.sys
    Image size: 5888
    Image MD5: E9317282A63CA4D188C0DF5E09C6AC5F
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): dmserver
    Display name: Logical Disk Manager
    Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 14336
    Image MD5: 8F078AE4ED187AAABC0A305146DE6716
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,PlugPlay

    Service (registry key): DMusic
    Display name: Microsoft Kernel DLS Syntheiszer
    Image path: system32\drivers\DMusic.sys
    Image size: 52864
    Image MD5: A6F881284AC1150E37D9AE47FF601267
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Dnscache
    Display name: DNS Client
    Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
    Image size: 14336
    Image MD5: 8F078AE4ED187AAABC0A305146DE6716
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): dpti2o
    Display name: dpti2o
    Image path: \SystemRoot\System32\DRIVERS\d

  6. #6
    Member
    Join Date
    Aug 2006
    Posts
    5
    Points
    0

    Default

    Here is some more info from Spybot

    StartupList report, 8/2/2006, 7:00:13 PM
    StartupList version: 1.52.2
    Started from : C:\Program Files\HijackThis\HijackThis.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\wfxqhv.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Microsoft Works\MSWorks.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\HijackThis\HijackThis.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\Userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    EPSON Stylus Photo R300 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    NI.UWFX5 = "C:\Documents and Settings\DELROY\Local Settings\Temporary Internet Files\Content.IE5\VCMXW0XH\WinFixer2005ScannerInstall[1].exe"
    Picasa Media Detector = C:\Program Files\Picasa2\PicasaMediaDetector.exe
    Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe
    ISUSPM Startup = "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    k6mmN5IOU = "C:\WINDOWS\system32\wfxqhv.exe"
    ACTX1 = C:\WINDOWS\v1201.exe
    wjdrgtmA = C:\WINDOWS\wjdrgtmA.exe
    Corel Photo Downloader = C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    !ewido = "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
    Yahoo! Pager = "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

    --------------------------------------------------

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\AutoCADScriptFile\shell\open\command

    (Default) = C:\WINDOWS\NOTEPAD.EXE "%1"

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= C:\WINDOWS\System32\userinit.dll

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    SpywareGuard Download Protection - C:\Program Files\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2}
    (no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - C:\WINDOWS\system32\xeymi.dll - {D623BC2F-A58D-4A75-A10D-CC244A702A35}
    (no name) - (no file) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    MP Scheduled Scan.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Microsoft Office Template and Media Control]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\IEAWSDC.DLL
    CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

    [Musicnotes Viewer]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\mnviewer.dll
    CODEBASE = http://www.musicnotes.com/download/mnviewer.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
    CODEBASE = http://download.macromedia.com/pub/s...irector/sw.cab

    [YInstStarter Class]
    InProcServer32 = C:\Program Files\Yahoo!\Common\yinsthelper.dll
    CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll

    [{41F17733-B041-4099-A042-B518BB6A408C}]
    CODEBASE = http://a1408.g.akamai.net/7/1408/995...TunesSetup.exe

    [{62475759-9E84-458E-A1AB-5D2C442ADFDE}]
    CODEBASE = http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe

    [WUWebControl Class]
    InProcServer32 = C:\WINDOWS\System32\wuweb.dll
    CODEBASE = http://update.microsoft.com/microsof...?1135960878671

    [MUWebControl Class]
    InProcServer32 = C:\WINDOWS\System32\muweb.dll
    CODEBASE = http://update.microsoft.com/microsof...?1135960842468

    [{8EDAD21C-3584-4E66-A8AB-EB0E5584767D}]
    CODEBASE = http://toolbar.google.com/data/GoogleActivate.cab

    [{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
    CODEBASE = http://v4.windowsupdate.microsoft.co...837.5294907407

    [ScorchPlugin Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\NPSibelius.dll
    CODEBASE = http://www.sibelius.com/download/sof...iveXPlugin.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx
    CODEBASE = http://fpdownload.macromedia.com/pub...sh/swflash.cab

    [{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}]
    CODEBASE = http://zone.msn.com/bingame/zuma/def...ploader_v5.cab

    [{E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD}]
    CODEBASE = http://download.abacast.com/download...basetup156.cab

    --------------------------------------------------

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: c:\windows\system32\__delete_on_reboot__x_e_y_m_i_._d_l_l_||C:\WINDOWS\system32\xeymi.dll||C:\WINDOWS\system32\VundoFix.exe||C:\WINDOWS\system32\VundoFix.exe|||x

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll

    --------------------------------------------------
    End of report, 10,134 bytes
    Report generated in 0.047 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only

  7. #7
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    You've certainly posted a lot of information there, and the same malware shows up as being found by different programs...

    1. First please run spybot and let it delete all it finds... I don't need to see a spybot log

    2. boot to safemode and run ewido ... let it clean/delete all it finds ... save and post the ewido log

    3. boot back to normal mode, run hijackthis and post a new hijackthis log ...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -