Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Comp!


  • This topic is locked This topic is locked
19 replies to this topic

#1 vikram_Soccer

vikram_Soccer

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 14 December 2007 - 08:01 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:56 PM, on 12/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ffinder.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.ca/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DADDEC6C-4087-4F33-88E3-69F0CF1CD74F} - C:\WINDOWS\system32\ciod.dll
O2 - BHO: dcads - {F173E53F-E042-49b6-BD46-983E93DA1B17} - C:\WINDOWS\system32\nsa10.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Unknown owner - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 10776 bytes

Please help asap!! my computer is getting messed!

BC AdBot (Login to Remove)

 


#2 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:04:52 AM

Posted 26 December 2007 - 10:47 PM

Welcome to BC :thumbsup:

Sorry for the delay, the forum has been extremely busy lately.

Since its been a few days, please post a fresh HIjackthis log. Thanks.
Microsoft MVP Consumer Security--2007-2010

#3 vikram_Soccer

vikram_Soccer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 07 January 2008 - 08:08 PM

Here is the new log. Sorry i didn't check this for a while. I have not been getting redirected anymore and no more pop-ups. Please check this to see if i have any problems left on my computer.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07, on 2008-01-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.ca/myway
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nsl2938.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DADDEC6C-4087-4F33-88E3-69F0CF1CD74F} - C:\WINDOWS\system32\ciod.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3001108618-4065122551-2596972511-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Dilpreet Bhattal')
O4 - HKUS\S-1-5-21-3001108618-4065122551-2596972511-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Dilpreet Bhattal')
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Unknown owner - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 12022 bytes

#4 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:04:52 AM

Posted 14 January 2008 - 10:45 PM

Sorry for the delay

Some how are paths haven't crossed, i must of missed the email.


You do have some adware installed on your computer.


Open Hijackthis, Click Open the Misc tools section Then click the Open Uninstall Manager... button.
The Add/Remove Programs Manager panel should appear.
In this panel click the Save list button.
Save the uninstall_list.txt file to your desktop and copy and paste the contents back in your next reply.

========================================

Please perform a scan with Kaspersky Webscan Online Virus Scanner

1. Read the Requirements and Privacy statement, then select "Accept". 2. A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?". 3. Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run. 4. When the download is complete it will say ready, click "Next". 5. Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard). 6. Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases". 7. Click "OK". 8. Under "Select a target to scan", click on "My Computer". 9. When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
Microsoft MVP Consumer Security--2007-2010

#5 vikram_Soccer

vikram_Soccer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 16 January 2008 - 08:46 PM

Uninstall list from HijackThis

Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.1
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
AOL (Choose which version to remove)
Apple Software Update
Browser Optimizer Superiorads
CD Postcard Screen Saver
Conexant D850 56K V.9x DFVc Modem
Dell Driver Reset Tool
Dell Media Experience
Dell Photo Printer 720
Dell Picture Studio v3.0
Dell Resource CD
DellSupport
Digital Line Detect
Disc2Phone
DivX Codec
DivX Converter
getPlus®_ocx
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iLike
IncrediMail Xe
Information Center
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
iPod for Windows 2006-06-28
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8 Dell Edition
Java™ 6 Update 3
Learn2 Player (Uninstall Only)
LimeWire 4.14.10
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Modem Helper
Mozilla (1.7.13)
Mozilla Firefox (3.0b2)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Multimedia Keyboard Driver
Musicmatch® Jukebox
NetWaiting
Opera 9.24
Photo Click
PowerDVD 5.5
QuickTime
RealPlayer
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Sonic Audio module
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sony Ericsson PC Suite
Spybot - Search & Destroy
Spyware Doctor 5.1
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WordPerfect Office 12

#6 vikram_Soccer

vikram_Soccer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 16 January 2008 - 08:56 PM

The Kaspersky report is way to long to fit. It will take a lot of replies. Is there anyway to shorten it or something. It is 7.75 MB large. Please help.

#7 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:04:52 AM

Posted 16 January 2008 - 09:43 PM

Please go to Add/Remove Programs located in your Control Panel, remove the following (if present):
Browser Optimizer Superiorads
Internet Explorer Default Page
LimeWire 4.14.10


I will pm you away to get me the kaspersky log.
Microsoft MVP Consumer Security--2007-2010

#8 vikram_Soccer

vikram_Soccer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 19 January 2008 - 03:03 PM

Hello, I sent the email. Please tell what to do next.

#9 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:04:52 AM

Posted 19 January 2008 - 03:31 PM

It turned out clean. How is everything running?
Microsoft MVP Consumer Security--2007-2010

#10 vikram_Soccer

vikram_Soccer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 20 January 2008 - 01:03 PM

My computer is running fine but sometimes when I open internet explorer or go to control panel something pops up on Mcafee saying it has blocked something and when i press remove the program it still comes back. It is called winfixer and i think the path is this C:\WINDOWS\system32\ciod.dll. I tried removing it with Hijackthis but it keeps on coming back. What is this?

#11 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:04:52 AM

Posted 20 January 2008 - 09:18 PM

Okay

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Microsoft MVP Consumer Security--2007-2010

#12 vikram_Soccer

vikram_Soccer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 21 January 2008 - 08:28 PM

Combo Fix log

ComboFix 08-01-21.3 - Vikramjit Bhattal 2008-01-21 19:12:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.142 [GMT -6:00]
Running from: C:\Documents and Settings\Vikramjit Bhattal.BHATTAL.000\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Vikramjit Bhattal\Application Data\install.dat
C:\WINDOWS\system32\bsnzafqa.bin
C:\WINDOWS\system32\cfg.dat
C:\WINDOWS\system32\ciod.dll
C:\WINDOWS\system32\drivers\fdyqzedu.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_JMWGYYTT
-------\jmwgyytt


((((((((((((((((((((((((( Files Created from 2007-12-22 to 2008-01-22 )))))))))))))))))))))))))))))))
.

2008-01-21 19:10 . 2001-08-17 13:49 237,728 --a------ C:\cmldr
2008-01-21 19:10 . 2005-10-19 19:25 211 --a------ C:\Boot.bak
2008-01-21 19:05 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-21 19:01 . 2008-01-21 19:01 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-19 12:04 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-01-19 12:04 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-01-16 16:00 . 2008-01-16 16:00 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-14 19:21 . 2008-01-14 19:21 <DIR> d-------- C:\Program Files\Opera
2008-01-12 17:34 . 2008-01-21 18:57 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-01-12 14:02 . 2008-01-12 14:02 <DIR> d-------- C:\VundoFix Backups
2008-01-07 17:52 . 2008-01-07 17:52 <DIR> d-------- C:\Program Files\Common Files\mozilla.org
2008-01-07 17:52 . 2008-01-07 17:52 99,024 --a------ C:\WINDOWS\MozillaUninstall.exe
2008-01-07 17:52 . 2008-01-07 17:52 98,512 --a------ C:\WINDOWS\GREUninstall.exe
2008-01-07 17:52 . 2008-01-07 17:52 8,138 --a------ C:\WINDOWS\mozver.dat
2008-01-07 17:51 . 2008-01-07 17:51 <DIR> d-------- C:\Program Files\mozilla.org
2008-01-02 18:30 . 2008-01-02 18:30 <DIR> d-------- C:\Program Files\Disc2Phone
2008-01-02 18:26 . 2006-09-05 20:06 18,704 -ra------ C:\WINDOWS\system32\drivers\se59nd5.sys
2008-01-02 18:25 . 2006-09-05 20:07 97,088 -ra------ C:\WINDOWS\system32\drivers\se59mdm.sys
2008-01-02 18:25 . 2006-09-05 20:06 90,800 -ra------ C:\WINDOWS\system32\drivers\se59unic.sys
2008-01-02 18:25 . 2006-09-05 20:08 88,624 -ra------ C:\WINDOWS\system32\drivers\se59mgmt.sys
2008-01-02 18:25 . 2006-09-05 20:09 86,432 -ra------ C:\WINDOWS\system32\drivers\se59obex.sys
2008-01-02 18:25 . 2006-09-05 20:07 9,360 -ra------ C:\WINDOWS\system32\drivers\se59mdfl.sys
2008-01-02 18:25 . 2006-09-05 20:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cmnt.sys
2008-01-02 18:25 . 2006-09-05 20:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cm.sys
2008-01-02 18:25 . 2006-09-05 20:06 5,872 -ra------ C:\WINDOWS\system32\drivers\se59wh.sys
2008-01-02 18:25 . 2006-09-05 20:06 4,128 -ra------ C:\WINDOWS\system32\drivers\se59cr.sys
2008-01-02 18:05 . 2008-01-02 18:06 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-01-02 18:04 . 2008-01-02 18:04 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-01-02 18:04 . 2008-01-02 18:06 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 22:21 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-20 18:32 --------- d-----w C:\Program Files\DivX
2008-01-18 14:05 --------- d-----w C:\Program Files\McAfee
2007-12-20 14:10 --------- d-----w C:\Program Files\Google
2007-12-20 01:48 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-16 00:34 916,072 ----a-w C:\fsbl.exe
2007-12-15 00:33 --------- d-----w C:\Program Files\Trend Micro
2007-07-05 16:56 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 18:42 1404928]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 15:19 53248]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 07:50 53248]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50 81920]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 00:02 86016]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2006-08-10 13:38 35416]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-03 08:58 185632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 21:33 582992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 01:07 593920]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-10-06 23:24:37 24576]

R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 19:15]
S2 0013531200641770mcinstcleanup;McAfee Application Installer Cleanup (0013531200641770);C:\WINDOWS\TEMP\001353~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-15 13:37:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-19 00:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (1) (BHATTAL-Dilpreet Bhattal).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-01-19 00:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (BHATTAL-Dilpreet Bhattal).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-01-15 07:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2008-01-01 07:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 19:21:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-21 19:25:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-22 01:25:18
.
2008-01-09 21:55:08 --- E O F ---

#13 vikram_Soccer

vikram_Soccer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 21 January 2008 - 08:30 PM

Hijackthis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:02 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.ca/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O23 - Service: McAfee Application Installer Cleanup (0013531200641770) (0013531200641770mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\001353~1.EXE (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Unknown owner - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 10532 bytes

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:52 AM

Posted 21 January 2008 - 09:32 PM

Hi vikram_Soccer. HijackThis won't show this infection so we need to run a new WinPFind35u scan.

First I need you to delete your current version (the file you downloaded and the folder it created) and get an update to run the scan as shown below.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 vikram_Soccer

vikram_Soccer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 23 January 2008 - 07:03 PM

WinPFind35 logfile created on: 1/23/2008 6:01:23 PM
WinPFind35U Version Beta34 Folder = C:\Documents and Settings\Vikramjit Bhattal.BHATTAL.000\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

509.98 Mb Total Physical Memory | 171.95 Mb Available Physical Memory | 33.72% Memory free
1.22 Gb Paging File | 0.62 Gb Available in Paging File | 50.70% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 43.68 Gb Free Space | 61.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 896.29 Mb Total Space | 332.13 Mb Free Space | 37.06% Space Free | Partition Type: FAT32

Computer Name: BHATTAL
Current User Name: Vikramjit Bhattal
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
brsvc01a.exe -> %System32%\brsvc01a.exe -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 4/11/2002 10:00:00 PM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.45 | Size = 311296 bytes | Modified Date = 3/4/2004 10:30:48 AM | Attr = ]
brss01a.exe -> %System32%\brss01a.exe -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Modified Date = 12/12/2001 10:01:00 PM | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.45 | Size = 174592 bytes | Modified Date = 3/4/2004 10:26:20 AM | Attr = ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 8/4/2007 3:08:06 AM | Attr = ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 7/22/2007 8:15:18 PM | Attr = ]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 12:02:14 PM | Attr = ]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr = ]
svcntaux.exe -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.2 | Size = 742216 bytes | Modified Date = 10/2/2007 4:27:06 PM | Attr = ]
swdsvc.exe -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.23 | Size = 1415496 bytes | Modified Date = 10/2/2007 4:27:12 PM | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 8/3/2007 10:33:14 PM | Attr = ]
smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1404928 bytes | Modified Date = 10/14/2004 6:42:54 PM | Attr = ]
dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 2/23/2005 3:19:56 PM | Attr = ]
mmtask.exe -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mmtask.exe -> Musicmatch Inc. [Ver = 9.0.0.1 | Size = 53248 bytes | Modified Date = 9/14/2004 7:50:48 AM | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 3:50:18 PM | Attr = ]
dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [Ver = | Size = 86016 bytes | Modified Date = 1/27/2005 12:02:00 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 9/20/2005 9:32:24 AM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 9/20/2005 9:36:20 AM | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122941 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:35 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/2/2007 6:36:42 PM | Attr = ]
siteadv.exe -> %ProgramFiles%\SiteAdvisor\6172\SiteAdv.exe -> [Ver = | Size = 36640 bytes | Modified Date = 8/24/2007 3:57:48 PM | Attr = ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 1:06:00 AM | Attr = R ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/2/2007 6:36:32 PM | Attr = ]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 7/25/2007 1:41:52 AM | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 8/3/2007 10:33:14 PM | Attr = ]
smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1404928 bytes | Modified Date = 10/14/2004 6:42:54 PM | Attr = ]
dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 2/23/2005 3:19:56 PM | Attr = ]
mmtask.exe -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mmtask.exe -> Musicmatch Inc. [Ver = 9.0.0.1 | Size = 53248 bytes | Modified Date = 9/14/2004 7:50:48 AM | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 3:50:18 PM | Attr = ]
dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [Ver = | Size = 86016 bytes | Modified Date = 1/27/2005 12:02:00 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 9/20/2005 9:32:24 AM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 9/20/2005 9:36:20 AM | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122941 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 10/3/2007 8:58:36 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:35 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/2/2007 6:36:42 PM | Attr = ]
siteadv.exe -> %ProgramFiles%\SiteAdvisor\6172\SiteAdv.exe -> [Ver = | Size = 36640 bytes | Modified Date = 8/24/2007 3:57:48 PM | Attr = ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 1:06:00 AM | Attr = R ]
igfxsrvc.exe -> %System32%\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 159744 bytes | Modified Date = 9/20/2005 9:32:16 AM | Attr = ]
igfxsrvc.exe -> %System32%\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 159744 bytes | Modified Date = 9/20/2005 9:32:16 AM | Attr = ]
sdtrayapp.exe -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.5.31 | Size = 1065288 bytes | Modified Date = 10/2/2007 4:27:04 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307200 bytes | Modified Date = 1/23/2008 12:59:16 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %System32%\brsvc01a.exe -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 4/11/2002 10:00:00 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 11/14/2005 1:06:04 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/2/2007 6:36:32 PM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.45 | Size = 311296 bytes | Modified Date = 3/4/2004 10:30:48 AM | Attr = ]
(MBackMonitor) MBackMonitor [Win32_Own | Auto | Stopped] -> %ProgramFiles%\McAfee\MBK\MBackMonitor.exe -> File not found
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 8/4/2007 3:08:06 AM | Attr = ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 7/22/2007 8:15:18 PM | Attr = ]
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 7/25/2007 2:16:16 AM | Attr = ]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr = ]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> -> File not found
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 7/25/2007 1:41:52 AM | Attr = ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> File not found
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.2 | Size = 742216 bytes | Modified Date = 10/2/2007 4:27:06 PM | Attr = ]
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.23 | Size = 1415496 bytes | Modified Date = 10/2/2007 4:27:12 PM | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 12:51:56 PM | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 10:07:44 PM | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> %System32%\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 12:52:00 PM | Attr = ]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 12:51:58 PM | Attr = ]
(Aspi32) Aspi32 [Kernel | Auto | Stopped] -> %System32%\drivers\aspi32.BAK -> Adaptec [Ver = 4.60 (1021) | Size = 25244 bytes | Modified Date = 9/10/1999 7:06:00 PM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(BrScnUsb) Brother USB Still Image driver [Kernel | On_Demand | Running] -> %System32%\drivers\BrScnUsb.sys -> Brother Industries Ltd. [Ver = 1,0,1,1 | Size = 15263 bytes | Modified Date = 12/19/2003 7:15:50 PM | Attr = ]
(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] -> -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\VIKRAM~1.000\LOCALS~1\Temp\catchme.sys -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %System32%\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 12:51:54 PM | Attr = ]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 12:52:16 PM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.22.13a | Size = 88352 bytes | Modified Date = 4/22/2005 2:22:00 AM | Attr = ]
(drvnddm) drvnddm [File_System | Auto | Running] -> %System32%\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.53a | Size = 40544 bytes | Modified Date = 4/21/2005 1:56:00 AM | Attr = ]
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> Gteko Ltd. [Ver = 2, 0, 0, 30 | Size = 4736 bytes | Modified Date = 10/5/2006 3:07:28 PM | Attr = ]
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %System32%\drivers\dsunidrv.sys -> Gteko Ltd. [Ver = 1, 0, 0, 12 | Size = 5376 bytes | Modified Date = 2/25/2007 11:10:48 AM | Attr = S]
(E100B) Intel® PRO Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 7.1.12.0 built by: WinDDK | Size = 154112 bytes | Modified Date = 2/10/2004 8:49:14 PM | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 1:44:04 PM | Attr = ]
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.06.00 | Size = 212224 bytes | Modified Date = 11/17/2003 8:59:20 PM | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.06.00 | Size = 1042432 bytes | Modified Date = 11/17/2003 8:56:26 PM | Attr = ]
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4396 | Size = 1302332 bytes | Modified Date = 9/20/2005 10:00:54 AM | Attr = ]
(IKFileSec) File Security Driver [File_System | Boot | Running] -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1036 built by: WinDDK | Size = 41288 bytes | Modified Date = 10/4/2007 5:10:52 PM | Attr = ]
(IKSysFlt) System Filter Driver [Kernel | System | Running] -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1024 | Size = 62280 bytes | Modified Date = 10/4/2007 5:10:54 PM | Attr = ]
(IKSysSec) System Security Driver [Kernel | System | Running] -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1024 | Size = 79688 bytes | Modified Date = 10/4/2007 5:10:58 PM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(MCSTRM) MCSTRM [Kernel | Auto | Running] -> %System32%\drivers\mcstrm.sys -> RealNetworks, Inc. [Ver = 5.0.2195.8 | Size = 8413 bytes | Modified Date = 8/10/2007 2:37:05 PM | Attr = ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 4/9/2003 5:48:08 PM | Attr = ]
(mfeavfk) McAfee Inc. [Kernel | On_Demand | Running] -> %System32%\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 79304 bytes | Modified Date = 7/24/2007 7:40:36 AM | Attr = ]
(mfebopk) McAfee Inc. [Kernel | On_Demand | Running] -> %System32%\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 35240 bytes | Modified Date = 7/21/2007 9:08:24 AM | Attr = ]
(mfehidk) McAfee Inc. [Kernel | System | Running] -> %System32%\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 201288 bytes | Modified Date = 7/21/2007 9:08:24 AM | Attr = ]
(mferkdk) McAfee Inc. [Kernel | On_Demand | Stopped] -> %System32%\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 33800 bytes | Modified Date = 7/24/2007 12:02:36 PM | Attr = ]
(mfesmfk) McAfee Inc. [Kernel | On_Demand | Running] -> %System32%\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 40488 bytes | Modified Date = 7/21/2007 9:08:24 AM | Attr = ]
(MPFP) MPFP [Kernel | System | Running] -> %System32%\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 9.0.114.0 | Size = 113952 bytes | Modified Date = 7/13/2007 9:20:24 AM | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 12:52:12 PM | Attr = ]
(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 9:29:56 PM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 7/25/2007 8:53:30 PM | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 12:52:20 PM | Attr = ]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 12:52:20 PM | Attr = ]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 12:52:18 PM | Attr = ]
(s616bus) Sony Ericsson Device 616 driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\s616bus.sys -> MCCI Corporation [Ver = V4.40 | Size = 83208 bytes | Modified Date = 4/3/2007 1:59:30 PM | Attr = ]
(se59mdfl) Sony Ericsson Device 089 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %System32%\drivers\se59mdfl.sys -> MCCI [Ver = V4.34 | Size = 9360 bytes | Modified Date = 9/5/2006 8:07:48 PM | Attr = R ]
(se59mdm) Sony Ericsson Device 089 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\se59mdm.sys -> MCCI [Ver = V4.34 | Size = 97088 bytes | Modified Date = 9/5/2006 8:07:52 PM | Attr = R ]
(se59mgmt) Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\se59mgmt.sys -> MCCI [Ver = V4.34 | Size = 88624 bytes | Modified Date = 9/5/2006 8:08:40 PM | Attr = R ]
(se59nd5) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS) [Kernel | On_Demand | Stopped] -> %System32%\drivers\se59nd5.sys -> MCCI [Ver = V4.34 | Size = 18704 bytes | Modified Date = 9/5/2006 8:06:28 PM | Attr = R ]
(se59obex) Sony Ericsson Device 089 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> %System32%\drivers\se59obex.sys -> MCCI [Ver = V4.34 | Size = 86432 bytes | Modified Date = 9/5/2006 8:09:26 PM | Attr = R ]
(se59unic) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\se59unic.sys -> MCCI [Ver = V4.34 | Size = 90800 bytes | Modified Date = 9/5/2006 8:06:22 PM | Attr = R ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 4:25:53 AM | Attr = ]
(senfilt) senfilt [Kernel | On_Demand | Running] -> %System32%\drivers\senfilt.sys -> Creative Technology Ltd. [Ver = 5.10.00.3614 | Size = 732928 bytes | Modified Date = 9/17/2004 1:02:54 PM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 10:07:44 PM | Attr = ]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.5246 | Size = 260352 bytes | Modified Date = 1/27/2005 8:31:06 PM | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 1:07:44 PM | Attr = ]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %System32%\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.90a | Size = 5627 bytes | Modified Date = 5/13/2005 9:37:28 AM | Attr = ]
(ssrtln) ssrtln [File_System | System | Running] -> %System32%\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.90a | Size = 23545 bytes | Modified Date = 5/13/2005 9:37:20 AM | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 1:07:34 PM | Attr = ]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 1:07:36 PM | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 1:07:40 PM | Attr = ]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 1:07:42 PM | Attr = ]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %System32%\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25725 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr = ]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %System32%\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34845 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr = ]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %System32%\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4125 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr = ]
(tfsndres) tfsndres [File_System | Auto | Running] -> %System32%\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2241 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr = ]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %System32%\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86876 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr = ]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %System32%\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 15069 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr = ]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %System32%\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6365 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr = ]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %System32%\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98716 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr = ]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %System32%\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100605 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr = ]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 5/20/2007 7:51:41 PM | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 12:52:22 PM | Attr = ]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> system32\DRIVERS\wanatw4.sys -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.06.00 built by: WinDDK | Size = 680704 bytes | Modified Date = 11/17/2003 8:58:02 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 10:46:24 PM | Attr = ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_SL.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:55 PM | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122941 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr = ]
DMXLauncher -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [Ver = | Size = 86016 bytes | Modified Date = 1/27/2005 12:02:00 AM | Attr = ]
DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 2/23/2005 3:19:56 PM | Attr = ]
igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 9/20/2005 9:32:24 AM | Attr = ]
igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 9/20/2005 9:36:20 AM | Attr = ]
igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 94208 bytes | Modified Date = 9/20/2005 9:35:40 AM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 7/27/2004 3:50:42 PM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 3:50:18 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/2/2007 6:36:42 PM | Attr = ]
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 8/3/2007 10:33:14 PM | Attr = ]
mmtask -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mmtask.exe -> Musicmatch Inc. [Ver = 9.0.0.1 | Size = 53248 bytes | Modified Date = 9/14/2004 7:50:48 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 10/19/2007 8:16:26 PM | Attr = ]
SDTray -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.5.31 | Size = 1065288 bytes | Modified Date = 10/2/2007 4:27:04 PM | Attr = ]
SiteAdvisor -> %ProgramFiles%\SiteAdvisor\6172\SiteAdv.exe -> [Ver = | Size = 36640 bytes | Modified Date = 8/24/2007 3:57:48 PM | Attr = ]
Sony Ericsson PC Suite -> %ProgramFiles%\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -> [Ver = 2.0.10.129 | Size = 593920 bytes | Modified Date = 3/28/2007 1:07:42 AM | Attr = R ]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1404928 bytes | Modified Date = 10/14/2004 6:42:54 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:35 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 10/3/2007 8:58:36 AM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 10:09:36 AM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 1:06:00 AM | Attr = R ]
< Vikramjit Bhattal.BHATTAL.000 Startup Folder > -> C:\Documents and Settings\Vikramjit Bhattal.BHATTAL.000\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4396 | Size = 135168 bytes | Modified Date = 9/20/2005 9:31:28 AM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.hotmail.com/ ->
HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 17 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr = ]
{089FD14D-132B-48FC-8861-0048AE113215} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6172\SiteAdv.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 910624 bytes | Modified Date = 8/24/2007 3:57:10 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118844 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 12:11:33 AM | Attr = ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.14.0.0.366.x86 | Size = 58688 bytes | Modified Date = 10/24/2007 5:51:28 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6172\SiteAdv.dll [McAfee SiteAdvisor] -> [Ver = | Size = 910624 bytes | Modified Date = 8/24/2007 3:57:10 PM | Attr = ]
{BA52B914-B692-46c4-B683-905236F6F655} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 12:11:33 AM | Attr = ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:34 AM | Attr = ]
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{014C0973-DD10-4B71-A71D-76EF091C0952} -> (Intel® PRO/100 VE Network Connection) ->
{DBCFC73B-427C-4D81-8BD6-8D338BB4924F} -> (Sony Ericsson Device 089 USB Ethernet Emulation (NDIS 5)) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6172\SiteAdv.dll[Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 910624 bytes | Modified Date = 8/24/2007 3:57:10 PM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{14B87622-7E19-4EA8-93B3-97215F77A6BC}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab[MessengerStatsClient Class] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] ->
{20A60F0D-9AFA-4515-A0FD-83BD84642501}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[Checkers Class] ->
{233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwa...director/sw.cab[Shockwave ActiveX Control] ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab[MSN Photo Upload Tool] ->
{5C051655-FCD5-4969-9182-770EA5AA5565}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab[Solitaire Showdown Class] ->
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/Facebo...toUploader3.cab[Facebook Photo Uploader 4 Control] ->
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/Facebo...otoUploader.cab[Facebook Photo Uploader Control] ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[MSN Games - Installer] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab[MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{E856B973-45FD-4559-8F82-EAB539144667}[HKEY_LOCAL_MACHINE] -> http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab[Dell PC Checkup Installer Control] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 11:49:30 AM | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 8:21:15 AM | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 10:37:50 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 684 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 21466 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.5.0.20 | Size = 17152808 bytes | Modified Date = 11/2/2007 6:36:34 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1288.0816 | Size = 5728112 bytes | Modified Date = 12/11/2007 4:06:21 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->


[Files/Folders - Created Within 30 days]
Boot.bak -> %SystemDrive%\Boot.bak -> [Ver = | Size = 211 bytes | Created Date = 1/21/2008 7:10:06 PM | Attr = ]
cmdcons -> %SystemDrive%\cmdcons -> [Folder | Created Date = 1/21/2008 7:09:57 PM | Attr = ]
cmldr -> %SystemDrive%\cmldr -> [Ver = | Size = 237728 bytes | Created Date = 1/21/2008 7:10:01 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 1/12/2008 2:02:06 PM | Attr = ]
mfeavfk.sys -> %System32%\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 79304 bytes | Created Date = 1/21/2008 8:15:27 PM | Attr = ]
mfebopk.sys -> %System32%\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 35240 bytes | Created Date = 1/21/2008 8:15:27 PM | Attr = ]
mfehidk.sys -> %System32%\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 201288 bytes | Created Date = 1/21/2008 8:15:26 PM | Attr = ]
mferkdk.sys -> %System32%\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 33800 bytes | Created Date = 1/21/2008 8:15:30 PM | Attr = ]
mfesmfk.sys -> %System32%\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 40488 bytes | Created Date = 1/21/2008 8:15:27 PM | Attr = ]
Mpfp.sys -> %System32%\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 9.0.114.0 | Size = 113952 bytes | Created Date = 1/21/2008 8:15:21 PM | Attr = ]
se59cm.sys -> %System32%\drivers\se59cm.sys -> MCCI [Ver = V4.34 | Size = 6240 bytes | Created Date = 1/2/2008 6:25:19 PM | Attr = R ]
se59cmnt.sys -> %System32%\drivers\se59cmnt.sys -> MCCI [Ver = V4.34 | Size = 6240 bytes | Created Date = 1/2/2008 6:25:19 PM | Attr = R ]
se59cr.sys -> %System32%\drivers\se59cr.sys -> MCCI [Ver = V4.34 | Size = 4128 bytes | Created Date = 1/2/2008 6:25:38 PM | Attr = R ]
se59mdfl.sys -> %System32%\drivers\se59mdfl.sys -> MCCI [Ver = V4.34 | Size = 9360 bytes | Created Date = 1/2/2008 6:25:19 PM | Attr = R ]
se59mdm.sys -> %System32%\drivers\se59mdm.sys -> MCCI [Ver = V4.34 | Size = 97088 bytes | Created Date = 1/2/2008 6:25:19 PM | Attr = R ]
se59mgmt.sys -> %System32%\drivers\se59mgmt.sys -> MCCI [Ver = V4.34 | Size = 88624 bytes | Created Date = 1/2/2008 6:25:36 PM | Attr = R ]
se59nd5.sys -> %System32%\drivers\se59nd5.sys -> MCCI [Ver = V4.34 | Size = 18704 bytes | Created Date = 1/2/2008 6:26:52 PM | Attr = R ]
se59obex.sys -> %System32%\drivers\se59obex.sys -> MCCI [Ver = V4.34 | Size = 86432 bytes | Created Date = 1/2/2008 6:25:32 PM | Attr = R ]
se59unic.sys -> %System32%\drivers\se59unic.sys -> MCCI [Ver = V4.34 | Size = 90800 bytes | Created Date = 1/2/2008 6:25:37 PM | Attr = R ]
se59wh.sys -> %System32%\drivers\se59wh.sys -> MCCI [Ver = V4.34 | Size = 5872 bytes | Created Date = 1/2/2008 6:25:38 PM | Attr = R ]
Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 8957 bytes | Created Date = 1/21/2008 8:18:03 PM | Attr = ]
PowerToysLicense.rtf -> %System32%\PowerToysLicense.rtf -> [Ver = | Size = 160217 bytes | Created Date = 1/19/2008 12:04:20 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 1/21/2008 7:07:43 PM | Attr = ]
GREUninstall.exe -> %SystemRoot%\GREUninstall.exe -> [Ver = | Size = 98512 bytes | Created Date = 1/7/2008 5:52:19 PM | Attr = ]
MozillaUninstall.exe -> %SystemRoot%\MozillaUninstall.exe -> [Ver = | Size = 99024 bytes | Created Date = 1/7/2008 5:52:43 PM | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 8138 bytes | Created Date = 1/7/2008 5:52:15 PM | Attr = ]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 1/21/2008 7:05:15 PM | Attr = ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 364 bytes | Created Date = 1/21/2008 8:15:04 PM | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 356 bytes | Created Date = 1/21/2008 8:15:02 PM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Sony Ericsson -> %AllUsersAppData%\Sony Ericsson -> [Folder | Created Date = 1/2/2008 6:06:18 PM | Attr = ]
Teleca -> %AllUsersAppData%\Teleca -> [Folder | Created Date = 1/2/2008 6:04:37 PM | Attr = ]
CyberLink -> %UserAppData%\CyberLink -> [Folder | Created Date = 1/20/2008 3:41:14 PM | Attr = ]
Mozilla -> %UserAppData%\Mozilla -> [Folder | Created Date = 1/7/2008 5:48:22 PM | Attr = ]
Opera -> %UserAppData%\Opera -> [Folder | Created Date = 1/14/2008 7:23:08 PM | Attr = ]
SiteAdvisor -> %UserAppData%\SiteAdvisor -> [Folder | Created Date = 1/21/2008 8:16:50 PM | Attr = ]
Sony Ericsson -> %UserAppData%\Sony Ericsson -> [Folder | Created Date = 1/7/2008 5:11:15 PM | Attr = ]
Talkback -> %UserAppData%\Talkback -> [Folder | Created Date = 1/7/2008 5:53:10 PM | Attr = ]
Teleca -> %UserAppData%\Teleca -> [Folder | Created Date = 1/7/2008 5:13:11 PM | Attr = ]
PowerDVD -> %LocalAppData%\PowerDVD -> [Folder | Created Date = 1/20/2008 3:40:51 PM | Attr = ]
3D_Pocket_Pool_(E)_(M6)_[C][!].zip -> %UserDocuments%\3D_Pocket_Pool_(E)_(M6)_[C][!].zip -> [Ver = | Size = 754499 bytes | Created Date = 1/1/2008 2:16:24 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\3D_Pocket_Pool_(E)_(M6)_[C][!].zip:Zone.Identifier
aswclnr.exe -> %UserDocuments%\aswclnr.exe -> ALWIL Software [Ver = 1, 0, 211, 0 | Size = 407680 bytes | Created Date = 1/7/2008 3:58:13 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\aswclnr.exe:Zone.Identifier
bhanur library -> %UserDocuments%\bhanur library -> [Folder | Created Date = 12/31/2007 3:47:28 PM | Attr = ]
Cyberlink -> %UserDocuments%\Cyberlink -> [Folder | Created Date = 1/20/2008 3:41:14 PM | Attr = ]
Final_Fantasy_4_(Unl).zip -> %UserDocuments%\Final_Fantasy_4_(Unl).zip -> [Ver = | Size = 328070 bytes | Created Date = 1/1/2008 2:12:56 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Final_Fantasy_4_(Unl).zip:Zone.Identifier
Firefox Setup 2.0.0.11.exe -> %UserDocuments%\Firefox Setup 2.0.0.11.exe -> Mozilla [Ver = 4.42 | Size = 6026816 bytes | Created Date = 1/7/2008 5:20:06 PM | Attr = ]
Mario's_Picross_(UE)_[S][!].zip -> %UserDocuments%\Mario's_Picross_(UE)_[S][!].zip -> [Ver = | Size = 76058 bytes | Created Date = 1/1/2008 2:15:37 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Mario's_Picross_(UE)_[S][!].zip:Zone.Identifier
Metal_Gear_Solid_(E)_(M5)_[C][b3].zip -> %UserDocuments%\Metal_Gear_Solid_(E)_(M5)_[C][b3].zip -> [Ver = | Size = 1473630 bytes | Created Date = 1/1/2008 2:13:23 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Metal_Gear_Solid_(E)_(M5)_[C][b3].zip:Zone.Identifier
mozilla-win32-1.7.13-installer.exe -> %UserDocuments%\mozilla-win32-1.7.13-installer.exe -> [Ver = | Size = 12038352 bytes | Created Date = 1/7/2008 5:51:35 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\mozilla-win32-1.7.13-installer.exe:Zone.Identifier
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 610 bytes | Created Date = 12/29/2007 1:35:41 PM | Attr = ]
Pics -> %UserDocuments%\Pics -> [Folder | Created Date = 12/31/2007 3:51:07 PM | Attr = ]
Removal Steps.wpd -> %UserDocuments%\Removal Steps.wpd -> [Ver = | Size = 4980 bytes | Created Date = 1/12/2008 2:01:12 PM | Attr = ]
SHOPPING IN INDIADILPREET.wpd -> %UserDocuments%\SHOPPING IN INDIADILPREET.wpd -> [Ver = | Size = 9588 bytes | Created Date = 12/28/2007 6:29:04 PM | Attr = ]
Simpsons,_The_-_Escape_from_Camp_Deadly_(U)_[!].zip -> %UserDocuments%\Simpsons,_The_-_Escape_from_Camp_Deadly_(U)_[!].zip -> [Ver = | Size = 76070 bytes | Created Date = 1/1/2008 2:29:07 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Simpsons,_The_-_Escape_from_Camp_Deadly_(U)_[!].zip:Zone.Identifier
Simpsons,_The_-_Night_of_the_Living_Treehouse_of_Horror_(U)_[C][!].zip -> %UserDocuments%\Simpsons,_The_-_Night_of_the_Living_Treehouse_of_Horror_(U)_[C][!].zip -> [Ver = | Size = 474314 bytes | Created Date = 1/1/2008 2:27:51 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Simpsons,_The_-_Night_of_the_Living_Treehouse_of_Horror_(U)_[C][!].zip:Zone.Identifier
SOLUTIONS Child labor is a huge problem in the world today.wpd -> %UserDocuments%\SOLUTIONS Child labor is a huge problem in the world today.wpd -> [Ver = | Size = 3896 bytes | Created Date = 1/17/2008 7:44:52 PM | Attr = ]
Super_Mario_Land_(W)_(V1.0)_[!].zip -> %UserDocuments%\Super_Mario_Land_(W)_(V1.0)_[!].zip -> [Ver = | Size = 37585 bytes | Created Date = 1/1/2008 2:13:58 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Super_Mario_Land_(W)_(V1.0)_[!].zip:Zone.Identifier
Wario_Land_-_Super_Mario_Land_3_(W)_[!].zip -> %UserDocuments%\Wario_Land_-_Super_Mario_Land_3_(W)_[!].zip -> [Ver = | Size = 285421 bytes | Created Date = 1/1/2008 2:14:25 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Wario_Land_-_Super_Mario_Land_3_(W)_[!].zip:Zone.Identifier
Wario_Land_3_(JU)_(M2)_[C][!].zip -> %UserDocuments%\Wario_Land_3_(JU)_(M2)_[C][!].zip -> [Ver = | Size = 639603 bytes | Created Date = 1/1/2008 2:18:35 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Wario_Land_3_(JU)_(M2)_[C][!].zip:Zone.Identifier
Why Does Child Labor Occur.wpd -> %UserDocuments%\Why Does Child Labor Occur.wpd -> [Ver = | Size = 86993 bytes | Created Date = 1/17/2008 8:04:00 PM | Attr = ]
Woody_Woodpecker_Racing_(E)_[C][!].zip -> %UserDocuments%\Woody_Woodpecker_Racing_(E)_[C][!].zip -> [Ver = | Size = 343706 bytes | Created Date = 1/1/2008 2:20:15 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Woody_Woodpecker_Racing_(E)_[C][!].zip:Zone.Identifier
Disc2Phone.lnk -> %AllUsersDesktop%\Disc2Phone.lnk -> [Ver = | Size = 1675 bytes | Created Date = 1/2/2008 6:30:04 PM | Attr = ]
McAfee Security Center.lnk -> %AllUsersDesktop%\McAfee Security Center.lnk -> [Ver = | Size = 671 bytes | Created Date = 1/21/2008 8:17:43 PM | Attr = ]
Mozilla Firefox 3 Beta 2.lnk -> %AllUsersDesktop%\Mozilla Firefox 3 Beta 2.lnk -> [Ver = | Size = 1683 bytes | Created Date = 1/12/2008 5:34:08 PM | Attr = ]
Mozilla.lnk -> %AllUsersDesktop%\Mozilla.lnk -> [Ver = | Size = 1684 bytes | Created Date = 1/7/2008 5:52:33 PM | Attr = ]
Sony Ericsson PC Suite.lnk -> %AllUsersDesktop%\Sony Ericsson PC Suite.lnk -> [Ver = | Size = 2046 bytes | Created Date = 1/2/2008 6:06:52 PM | Attr = ]
Internet Explorer.lnk -> %UserDesktop%\Internet Explorer.lnk -> [Ver = | Size = 803 bytes | Created Date = 1/22/2008 6:46:56 PM | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 1/23/2008 6:00:05 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 478232 bytes | Created Date = 1/23/2008 5:57:59 PM | Attr = ]
mozilla.org -> %CommonProgramFiles%\mozilla.org -> [Folder | Created Date = 1/7/2008 5:52:12 PM | Attr = ]
Sony Ericsson Shared -> %CommonProgramFiles%\Sony Ericsson Shared -> [Folder | Created Date = 1/2/2008 6:05:07 PM | Attr = ]
Teleca Shared -> %CommonProgramFiles%\Teleca Shared -> [Folder | Created Date = 1/2/2008 6:04:45 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 281 bytes | Modified Date = 1/21/2008 7:10:06 PM | Attr = RHS]
cmdcons -> %SystemDrive%\cmdcons -> [Folder | Modified Date = 1/21/2008 7:10:06 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/21/2008 7:58:10 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/21/2008 8:16:51 PM | Attr = R ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 1/21/2008 7:25:24 PM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 1/6/2008 5:19:13 PM | Attr = HS]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/6/2008 5:21:20 PM | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/9/2008 5:13:50 PM | Attr = H ]
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/6/2008 5:01:03 PM | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/6/2008 5:21:20 PM | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/9/2008 5:13:50 PM | Attr = H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/6/2008 5:01:03 PM | Attr = H ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 1/12/2008 2:02:06 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/22/2008 4:04:31 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/21/2008 7:20:12 PM | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 1/21/2008 7:20:12 PM | Attr = ]
B0DA7E20F8.sys -> %System32%\B0DA7E20F8.sys -> [Ver = | Size = 56 bytes | Modified Date = 1/23/2008 5:58:42 PM | Attr = RHS]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/22/2008 4:50:28 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 1/21/2008 7:18:08 PM | Attr = ]
Config.MPF -> %System32%\Config.MPF -> [Ver = | Size = 8957 bytes | Modified Date = 1/22/2008 8:10:06 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/9/2008 3:52:58 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/22/2008 4:32:56 PM | Attr = ]
DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 1/2/2008 6:18:36 PM | Attr = ]
KGyGaAvL.sys -> %System32%\KGyGaAvL.sys -> [Ver = | Size = 2516 bytes | Modified Date = 1/23/2008 5:58:42 PM | Attr = HS]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 63016 bytes | Modified Date = 1/2/2008 3:08:39 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 402406 bytes | Modified Date = 1/2/2008 3:08:39 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 473410 bytes | Modified Date = 1/2/2008 3:08:39 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/22/2008 9:00:10 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/9/2008 7:47:31 AM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/22/2008 4:32:25 PM | Attr = S]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 1/2/2008 6:02:47 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/21/2008 7:58:34 PM | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 1/21/2008 7:17:36 PM | Attr = ]
GREUninstall.exe -> %SystemRoot%\GREUninstall.exe -> [Ver = | Size = 98512 bytes | Modified Date = 1/7/2008 5:52:19 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 1/9/2008 3:52:41 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/22/2008 4:50:29 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/21/2008 7:58:10 PM | Attr = HS]
MozillaUninstall.exe -> %SystemRoot%\MozillaUninstall.exe -> [Ver = | Size = 99024 bytes | Modified Date = 1/7/2008 5:52:43 PM | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 8138 bytes | Modified Date = 1/7/2008 5:52:43 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 1/22/2008 4:57:33 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/23/2008 6:00:32 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/22/2008 9:00:51 PM | Attr = H ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 1/21/2008 7:20:33 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/23/2008 5:58:44 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/21/2008 8:15:04 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/23/2008 5:58:31 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 609 bytes | Modified Date = 1/7/2008 5:52:38 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 1/2/2008 6:23:42 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 1/22/2008 7:37:00 AM | Attr = ]
McAfee.com Scan for Viruses - My Computer (1) (BHATTAL-Dilpreet Bhattal).job -> %SystemRoot%\tasks\McAfee.com Scan for Viruses - My Computer (1) (BHATTAL-Dilpreet Bhattal).job -> [Ver = | Size = 372 bytes | Modified Date = 1/18/2008 6:30:00 PM | Attr = ]
McAfee.com Scan for Viruses - My Computer (BHATTAL-Dilpreet Bhattal).job -> %SystemRoot%\tasks\McAfee.com Scan for Viruses - My Computer (BHATTAL-Dilpreet Bhattal).job -> [Ver = | Size = 372 bytes | Modified Date = 1/18/2008 6:30:00 PM | Attr = ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 364 bytes | Modified Date = 1/21/2008 8:15:04 PM | Attr = ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 356 bytes | Modified Date = 1/21/2008 8:15:03 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/22/2008 4:32:29 PM | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
McAfee -> %AllUsersAppData%\McAfee -> [Folder | Modified Date = 1/21/2008 8:34:28 PM | Attr = ]
SiteAdvisor -> %AllUsersAppData%\SiteAdvisor -> [Folder | Modified Date = 1/21/2008 8:01:39 PM | Attr = ]
Sony Ericsson -> %AllUsersAppData%\Sony Ericsson -> [Folder | Modified Date = 1/2/2008 6:06:38 PM | Attr = ]
Teleca -> %AllUsersAppData%\Teleca -> [Folder | Modified Date = 1/2/2008 6:06:51 PM | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 1/23/2008 5:34:41 PM | Attr = ]
@Alternate Data Stream - 128 bytes -> %AllUsersAppData%\TEMP:27AAAD97
@Alternate Data Stream - 110 bytes -> %AllUsersAppData%\TEMP:42294FD9
@Alternate Data Stream - 122 bytes -> %AllUsersAppData%\TEMP:7FB468B7
@Alternate Data Stream - 129 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2
Adobe -> %UserAppData%\Adobe -> [Folder | Modified Date = 1/12/2008 5:06:11 PM | Attr = ]
Corel -> %UserAppData%\Corel -> [Folder | Modified Date = 1/21/2008 6:56:10 PM | Attr = ]
CyberLink -> %UserAppData%\CyberLink -> [Folder | Modified Date = 1/20/2008 3:41:14 PM | Attr = ]
LimeWire -> %UserAppData%\LimeWire -> [Folder | Modified Date = 1/20/2008 12:42:35 PM | Attr = ]
McAfee -> %UserAppData%\McAfee -> [Folder | Modified Date = 1/21/2008 8:02:19 PM | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 1/21/2008 7:57:41 PM | Attr = S]
Mozilla -> %UserAppData%\Mozilla -> [Folder | Modified Date = 1/7/2008 5:53:17 PM | Attr = ]
Opera -> %UserAppData%\Opera -> [Folder | Modified Date = 1/14/2008 7:23:08 PM | Attr = ]
Real -> %UserAppData%\Real -> [Folder | Modified Date = 1/20/2008 3:40:49 PM | Attr = ]
SiteAdvisor -> %UserAppData%\SiteAdvisor -> [Folder | Modified Date = 1/21/2008 8:37:13 PM | Attr = ]
Sony Ericsson -> %UserAppData%\Sony Ericsson -> [Folder | Modified Date = 1/7/2008 5:11:15 PM | Attr = ]
Talkback -> %UserAppData%\Talkback -> [Folder | Modified Date = 1/7/2008 5:53:10 PM | Attr = ]
Teleca -> %UserAppData%\Teleca -> [Folder | Modified Date = 1/7/2008 5:13:11 PM | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 1/21/2008 7:53:40 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 18432 bytes | Modified Date = 1/3/2008 5:27:09 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 4312234 bytes | Modified Date = 1/22/2008 8:01:21 AM | Attr = H ]
PowerDVD -> %LocalAppData%\PowerDVD -> [Folder | Modified Date = 1/20/2008 3:42:51 PM | Attr = ]
My Pictures -> %AllUsersDocuments%\My Pictures -> [Folder | Modified Date = 12/27/2007 12:22:42 PM | Attr = R ]
3D_Pocket_Pool_(E)_(M6)_[C][!].zip -> %UserDocuments%\3D_Pocket_Pool_(E)_(M6)_[C][!].zip -> [Ver = | Size = 754499 bytes | Modified Date = 1/1/2008 2:16:39 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\3D_Pocket_Pool_(E)_(M6)_[C][!].zip:Zone.Identifier
aswclnr.exe -> %UserDocuments%\aswclnr.exe -> ALWIL Software [Ver = 1, 0, 211, 0 | Size = 407680 bytes | Modified Date = 1/7/2008 3:58:18 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\aswclnr.exe:Zone.Identifier
bhanur library -> %UserDocuments%\bhanur library -> [Folder | Modified Date = 12/31/2007 4:00:40 PM | Attr = ]
Cyberlink -> %UserDocuments%\Cyberlink -> [Folder | Modified Date = 1/20/2008 3:41:14 PM | Attr = ]
Final_Fantasy_4_(Unl).zip -> %UserDocuments%\Final_Fantasy_4_(Unl).zip -> [Ver = | Size = 328070 bytes | Modified Date = 1/1/2008 2:12:58 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Final_Fantasy_4_(Unl).zip:Zone.Identifier
Firefox Setup 2.0.0.11.exe -> %UserDocuments%\Firefox Setup 2.0.0.11.exe -> Mozilla [Ver = 4.42 | Size = 6026816 bytes | Modified Date = 1/8/2008 5:50:19 PM | Attr = ]
Mario's_Picross_(UE)_[S][!].zip -> %UserDocuments%\Mario's_Picross_(UE)_[S][!].zip -> [Ver = | Size = 76058 bytes | Modified Date = 1/1/2008 2:15:38 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Mario's_Picross_(UE)_[S][!].zip:Zone.Identifier
Metal_Gear_Solid_(E)_(M5)_[C][b3].zip -> %UserDocuments%\Metal_Gear_Solid_(E)_(M5)_[C][b3].zip -> [Ver = | Size = 1473630 bytes | Modified Date = 1/1/2008 2:13:30 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Metal_Gear_Solid_(E)_(M5)_[C][b3].zip:Zone.Identifier
mozilla-win32-1.7.13-installer.exe -> %UserDocuments%\mozilla-win32-1.7.13-installer.exe -> [Ver = | Size = 12038352 bytes | Modified Date = 1/7/2008 5:51:38 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\mozilla-win32-1.7.13-installer.exe:Zone.Identifier
My DVDs -> %UserDocuments%\My DVDs -> [Folder | Modified Date = 1/20/2008 3:58:23 PM | Attr = S]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 1/8/2008 6:13:44 PM | Attr = R ]
My Received Files -> %UserDocuments%\My Received Files -> [Folder | Modified Date = 12/27/2007 12:20:50 PM | Attr = ]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 610 bytes | Modified Date = 1/22/2008 8:13:39 PM | Attr = ]
Pics -> %UserDocuments%\Pics -> [Folder | Modified Date = 12/31/2007 4:00:40 PM | Attr = ]
Removal Steps.wpd -> %UserDocuments%\Removal Steps.wpd -> [Ver = | Size = 4980 bytes | Modified Date = 1/12/2008 2:01:12 PM | Attr = ]
SHOPPING IN INDIADILPREET.wpd -> %UserDocuments%\SHOPPING IN INDIADILPREET.wpd -> [Ver = | Size = 9588 bytes | Modified Date = 12/28/2007 6:33:24 PM | Attr = ]
Simpsons,_The_-_Escape_from_Camp_Deadly_(U)_[!].zip -> %UserDocuments%\Simpsons,_The_-_Escape_from_Camp_Deadly_(U)_[!].zip -> [Ver = | Size = 76070 bytes | Modified Date = 1/1/2008 2:29:08 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Simpsons,_The_-_Escape_from_Camp_Deadly_(U)_[!].zip:Zone.Identifier
Simpsons,_The_-_Night_of_the_Living_Treehouse_of_Horror_(U)_[C][!].zip -> %UserDocuments%\Simpsons,_The_-_Night_of_the_Living_Treehouse_of_Horror_(U)_[C][!].zip -> [Ver = | Size = 474314 bytes | Modified Date = 1/1/2008 2:28:21 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Simpsons,_The_-_Night_of_the_Living_Treehouse_of_Horror_(U)_[C][!].zip:Zone.Identifier
SOLUTIONS Child labor is a huge problem in the world today.wpd -> %UserDocuments%\SOLUTIONS Child labor is a huge problem in the world today.wpd -> [Ver = | Size = 3896 bytes | Modified Date = 1/17/2008 7:49:50 PM | Attr = ]
Super_Mario_Land_(W)_(V1.0)_[!].zip -> %UserDocuments%\Super_Mario_Land_(W)_(V1.0)_[!].zip -> [Ver = | Size = 37585 bytes | Modified Date = 1/1/2008 2:13:59 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Super_Mario_Land_(W)_(V1.0)_[!].zip:Zone.Identifier
Wario_Land_-_Super_Mario_Land_3_(W)_[!].zip -> %UserDocuments%\Wario_Land_-_Super_Mario_Land_3_(W)_[!].zip -> [Ver = | Size = 285421 bytes | Modified Date = 1/1/2008 2:14:28 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Wario_Land_-_Super_Mario_Land_3_(W)_[!].zip:Zone.Identifier
Wario_Land_3_(JU)_(M2)_[C][!].zip -> %UserDocuments%\Wario_Land_3_(JU)_(M2)_[C][!].zip -> [Ver = | Size = 639603 bytes | Modified Date = 1/1/2008 2:18:49 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Wario_Land_3_(JU)_(M2)_[C][!].zip:Zone.Identifier
Why Does Child Labor Occur.wpd -> %UserDocuments%\Why Does Child Labor Occur.wpd -> [Ver = | Size = 86993 bytes | Modified Date = 1/17/2008 8:04:00 PM | Attr = ]
Woody_Woodpecker_Racing_(E)_[C][!].zip -> %UserDocuments%\Woody_Woodpecker_Racing_(E)_[C][!].zip -> [Ver = | Size = 343706 bytes | Modified Date = 1/1/2008 2:20:20 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Woody_Woodpecker_Racing_(E)_[C][!].zip:Zone.Identifier
Disc2Phone.lnk -> %AllUsersDesktop%\Disc2Phone.lnk -> [Ver = | Size = 1675 bytes | Modified Date = 1/2/2008 6:30:04 PM | Attr = ]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 1/21/2008 6:19:19 PM | Attr = ]
McAfee Security Center.lnk -> %AllUsersDesktop%\McAfee Security Center.lnk -> [Ver = | Size = 671 bytes | Modified Date = 1/21/2008 8:17:43 PM | Attr = ]
Mozilla Firefox 3 Beta 2.lnk -> %AllUsersDesktop%\Mozilla Firefox 3 Beta 2.lnk -> [Ver = | Size = 1683 bytes | Modified Date = 1/12/2008 5:34:08 PM | Attr = ]
Mozilla.lnk -> %AllUsersDesktop%\Mozilla.lnk -> [Ver = | Size = 1684 bytes | Modified Date = 1/7/2008 5:52:33 PM | Attr = ]
Sony Ericsson PC Suite.lnk -> %AllUsersDesktop%\Sony Ericsson PC Suite.lnk -> [Ver = | Size = 2046 bytes | Modified Date = 1/2/2008 6:06:52 PM | Attr = ]
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 1/23/2008 6:00:06 PM | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 478232 bytes | Modified Date = 1/23/2008 5:57:58 PM | Attr = ]
McAfee -> %CommonProgramFiles%\McAfee -> [Folder | Modified Date = 1/21/2008 8:15:24 PM | Attr = ]
mozilla.org -> %CommonProgramFiles%\mozilla.org -> [Folder | Modified Date = 1/7/2008 5:52:12 PM | Attr = ]
Sony Ericsson Shared -> %CommonProgramFiles%\Sony Ericsson Shared -> [Folder | Modified Date = 1/2/2008 6:06:31 PM | Attr = ]
Teleca Shared -> %CommonProgramFiles%\Teleca Shared -> [Folder | Modified Date = 1/2/2008 6:06:37 PM | Attr = ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 1307 bytes | Modified Date = 5/20/2007 5:57:30 PM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4617 bytes | Modified Date = 1/9/2008 7:47:38 AM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 1/9/2008 7:47:38 AM | Attr = ]

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users