Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Uncontrollable Pop Ups


  • This topic is locked This topic is locked
36 replies to this topic

#1 C5Drvr

C5Drvr

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 01 December 2006 - 09:12 AM

I have tried running AdAware, Spybot, and AVG anti spyware programs as well as McAfee Virus Scan and nothing has helped. I think i may also have an extra iexplore.exe in my taskmanager even when none are running. I ran both a HijackThis and a AVG Scan, the AVG scan and the scan after it cleaned are posted. I still have the pop ups after the scan.

Logfile of HijackThis v1.99.1
Scan saved at 7:24:22 PM, on 11/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\4608\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson multimedia\Lyra Wireless Remote\Lyraw.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\AOL\1145991105\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Trace Eraser\trayicon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\HJT\HijackThis.exe
C:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O3 - Toolbar: (no name) - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LyraWirelessRemote] "C:\Program Files\Thomson multimedia\Lyra Wireless Remote\Lyraw.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145991105\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC_CLEAN] C:\Program Files\Trace Eraser\trayicon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [creative mode] C:\DOCUME~1\ANDREW~1\APPLIC~1\INTERP~1\Readme dog.exe
O4 - HKCU\..\RunOnce: [Q3E Minimizer v1.45] C:\Downloads\Q3E Minimizer_v1.45.EXE
O4 - Global Startup: Exif Launcher 2.lnk = ?
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...meDir=ridgeline
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {BF5E26B7-7087-4C2D-B0BA-0098F7CBED6B} - http://dogsonthefarm.serveftp.com/cab/Live.cab
O18 - Protocol: bw+0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw+0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw-0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw-0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw00 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw00s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw10 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw10s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw20 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw20s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw30 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw30s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw40 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw40s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw50 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw50s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw60 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw60s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw70 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw70s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw80 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw80s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw90 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw90s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwa0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwa0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwb0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwb0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwc0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwc0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwd0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwd0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwe0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwe0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwf0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwf0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwg0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwh0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwh0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwi0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwi0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwj0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwj0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwk0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwk0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwl0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwl0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwm0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwm0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwn0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwn0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwo0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwo0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwp0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwp0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwq0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwq0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwr0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwr0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bws0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bws0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwt0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwt0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwu0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwu0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwv0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwv0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bww0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bww0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwx0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwx0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwy0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwy0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwz0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwz0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: Capalcan - {163FB204-D999-4F64-B2D2-6991902D49DA} - C:\WINDOWS\system32\logicreg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe




---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:50:50 PM 11/28/2006

+ Scan result:



C:\Program Files\Download Plugin\DlPlugin-MSIE_1.5.0.0\axdlplug.dll -> Adware.PluginDL : No action taken.
C:\Program Files\Download Plugin\DlPlugin-MSIE_1.5.0.0\setup2.exe -> Adware.PluginDL : No action taken.
C:\Documents and Settings\Andrew Snedeker\Cookies\andrew_snedeker@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Andrew Snedeker\Cookies\andrew_snedeker@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Lindsey\Cookies\lindsey@njmvc.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Lisa Snedeker\Cookies\lisa_snedeker@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Lisa Snedeker\Cookies\lisa_snedeker@adrevolver[2].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Lisa Snedeker\Cookies\lisa_snedeker@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Lisa Snedeker\Cookies\lisa_snedeker@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Lindsey\Cookies\lindsey@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Lisa Snedeker\Cookies\lisa_snedeker@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
C:\Documents and Settings\Andrew Snedeker\Cookies\andrew_snedeker@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Lindsey\Cookies\lindsey@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Lindsey\Cookies\lindsey@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Andrew Snedeker\Cookies\andrew_snedeker@fhm.valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
C:\Documents and Settings\Andrew Snedeker\Cookies\andrew_snedeker@valueclick[2].txt -> TrackingCookie.Valueclick : No action taken.
C:\Documents and Settings\Andrew Snedeker\Cookies\andrew_snedeker@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\Lisa Snedeker\Cookies\lisa_snedeker@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\Andrew Snedeker\Cookies\andrew_snedeker@zedo[1].txt -> TrackingCookie.Zedo : No action taken.


::Report end



I cleaned all the questionable cookies with AVG and it generated this report. Pop ups still exits.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:53:18 PM 11/28/2006

+ Scan result:



C:\Program Files\Download Plugin\DlPlugin-MSIE_1.5.0.0\axdlplug.dll -> Adware.PluginDL : Ignored.
C:\Program Files\Download Plugin\DlPlugin-MSIE_1.5.0.0\setup2.exe -> Adware.PluginDL : Ignored.
C:\Documents and Settings\Andrew Snedeker\Cookies\andrew_snedeker@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Andrew Snedeker\Cookies\andrew_snedeker@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Lindsey\Cookies\lindsey@njmvc.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Lisa Snedeker\Cookies\lisa_snedeker@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Lisa Snedeker\Cookies\lisa_snedeker@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Lisa Snedeker\Cookies\lisa_snedeker@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Lisa Snedeker\Cookies\lisa_snedeker@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Lindsey\Cookies\lindsey@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Lisa Snedeker\Cookies\lisa_snedeker@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Andrew Snedeker\Cookies\andrew_snedeker@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Lindsey\Cookies\lindsey@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Lindsey\Cookies\lindsey@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Andrew Snedeker\Cookies\andrew_snedeker@fhm.valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Andrew Snedeker\Cookies\andrew_snedeker@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Andrew Snedeker\Cookies\andrew_snedeker@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Lisa Snedeker\Cookies\lisa_snedeker@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Andrew Snedeker\Cookies\andrew_snedeker@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:54 AM

Posted 02 December 2006 - 08:34 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 C5Drvr

C5Drvr
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 02 December 2006 - 11:14 AM

Andrew Snedeker - 06-12-02 11:08:43.29 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Andrew Snedeker\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bszip.dll


((((((((((((((((((((((((((((((( Files Created from 2006-11-02 to 2006-12-02 ))))))))))))))))))))))))))))))))))


2006-12-01 23:27 <DIR> dr-h----- C:\Documents and Settings\Andrew Snedeker\Recent
2006-12-01 10:23 82,944 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2006-12-01 10:23 108,032 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2006-12-01 10:19 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2006-12-01 10:13 <DIR> d-------- C:\WINDOWS\LastGood
2006-12-01 10:13 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2006-11-28 20:20 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-28 20:20 <DIR> d-------- C:\Program Files\Grisoft
2006-11-28 19:21 <DIR> d-------- C:\HJT
2006-11-20 16:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rule Iso Safe Bolt
2006-11-16 08:24 <DIR> d-------- C:\Program Files\Common Files\Viewpoint
2006-11-15 03:02 <DIR> d-------- C:\396a2fd671a7ab140e60
2006-11-10 09:23 <DIR> d-------- C:\Program Files\Hewlett-Packard
2006-11-07 10:39 <DIR> d-------- C:\Program Files\Picasa2
2006-11-06 10:04 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2006-11-06 10:03 <DIR> d-------- C:\WINDOWS\AiOTemp
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-02 11:08 -------- d-------- C:\Program Files\GetRight
2006-12-01 18:55 -------- d-------- C:\Program Files\Call of Duty Game of the Year Edition
2006-12-01 13:49 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-01 10:07 -------- d-------- C:\Documents and Settings\Andrew Snedeker\Application Data\SiteAdvisor
2006-12-01 09:52 -------- d-------- C:\Program Files\Windows Media Player
2006-12-01 09:51 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-11-30 13:15 -------- d-------- C:\Documents and Settings\Andrew Snedeker\Application Data\MSN6
2006-11-28 17:14 -------- d-------- C:\Program Files\SiteAdvisor
2006-11-22 20:32 -------- d---s---- C:\Documents and Settings\Andrew Snedeker\Application Data\Microsoft
2006-11-22 17:06 -------- d-------- C:\Program Files\FinePixViewer
2006-11-21 13:02 -------- d-------- C:\Program Files\Java
2006-11-20 23:09 -------- d-------- C:\Program Files\MSN
2006-11-20 23:09 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-20 17:24 -------- d-------- C:\Program Files\PartyGaming.net
2006-11-16 08:24 -------- d-------- C:\Program Files\Viewpoint
2006-11-16 08:24 -------- d-------- C:\Program Files\Common Files
2006-11-01 21:14 -------- d-------- C:\Program Files\BitComet
2006-10-31 06:03 -------- d-------- C:\Program Files\Internet Explorer
2006-10-30 12:04 100952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2006-10-29 09:58 -------- d-------- C:\Program Files\AOD
2006-10-26 09:56 71496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2006-10-26 09:56 35048 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2006-10-26 09:56 34120 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2006-10-26 09:56 31944 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2006-10-26 09:56 168392 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2006-10-24 05:05 -------- d-------- C:\Documents and Settings\Andrew Snedeker\Application Data\McAfee
2006-10-21 09:08 -------- d-------- C:\Program Files\Yahoo!
2006-10-20 20:14 -------- d-------- C:\Program Files\Enigma Software Group
2006-10-20 18:21 -------- d-------- C:\Program Files\Lavasoft
2006-10-20 18:21 -------- d-------- C:\Documents and Settings\Andrew Snedeker\Application Data\Lavasoft
2006-10-20 16:50 -------- d-------- C:\Program Files\TexasCalculatem
2006-10-20 16:33 -------- d-------- C:\Program Files\InterPopFind
2006-10-20 16:33 -------- d-------- C:\Program Files\Download Plugin
2006-10-20 16:33 -------- d-------- C:\Documents and Settings\Andrew Snedeker\Application Data\InterPopFind
2006-10-20 14:23 619352 --a------ C:\WINDOWS\system32\WINSSWEBAGENT.DLL
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --a------ C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --a------ C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --a------ C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --a------ C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --a------ C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --a------ C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --a------ C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --a------ C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --a------ C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --a------ C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --a------ C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --a------ C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --a------ C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --a------ C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --a------ C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --a------ C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --a------ C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --a------ C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --a------ C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --a------ C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 38528 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2006-10-18 20:00 249856 --a------ C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --a------ C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 19:55 -------- d-------- C:\Program Files\WinRAR
2006-10-17 13:33 6049280 --a------ C:\WINDOWS\system32\ieframe.dll
2006-10-17 13:33 50688 --a------ C:\WINDOWS\system32\msfeedsbs.dll
2006-10-17 13:33 458752 --a------ C:\WINDOWS\system32\msfeeds.dll
2006-10-17 13:33 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-17 13:33 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-17 13:33 180736 --a------ C:\WINDOWS\system32\ieui.dll
2006-10-17 13:33 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --a------ C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 13:01 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-17 13:01 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-17 13:01 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-17 13:01 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-17 13:01 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-17 13:01 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-17 13:00 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-17 13:00 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-17 13:00 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-17 12:58 61952 --a------ C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --a------ C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --a------ C:\WINDOWS\system32\ieapfltr.dll
2006-10-17 12:23 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-14 09:08 -------- d-------- C:\Program Files\Quicken
2006-10-14 08:53 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-02 15:28 312128 --a------ C:\WINDOWS\system32\msdelta.dll
2006-09-28 20:13 95344 --a------ C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 18:56 55808 --a------ C:\WINDOWS\system32\WudfSvc.dll
2006-09-28 18:56 316416 --a------ C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56 165376 --a------ C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56 146432 --a------ C:\WINDOWS\system32\WudfHost.exe
2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ccleaner"="\"C:\\Program Files\\CCleaner\\ccleaner.exe\" /AUTO"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"PC_CLEAN"="C:\\Program Files\\Trace Eraser\\trayicon.exe"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"creative mode"="C:\\DOCUME~1\\ANDREW~1\\APPLIC~1\\INTERP~1\\Readme dog.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"Q3E Minimizer v1.45"="C:\\Downloads\\Q3E Minimizer_v1.45.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"hpWirelessAssistant"=hex(2):22,25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,\
48,50,51,5c,48,50,20,57,69,72,65,6c,65,73,73,20,41,73,73,69,73,74,61,6e,74,\
5c,48,50,20,57,69,72,65,6c,65,73,73,20,41,73,73,69,73,74,61,6e,74,2e,65,78,\
65,22,00
"D-Link AirPlus G"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"Logitech Hardware Abstraction Layer"="\"C:\\Program Files\\Common Files\\Logitech\\KhalShared\\KHALMNPR.EXE\""
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"DiskeeperSystray"="\"C:\\Program Files\\Executive Software\\Diskeeper\\DkIcon.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"LyraWirelessRemote"="\"C:\\Program Files\\Thomson multimedia\\Lyra Wireless Remote\\Lyraw.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Nero\\Nero 7\\InCD\\InCD.exe"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1145991105\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\4608\\SiteAdv.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"ContinueOneCareInstall"="rundll32 C:\\WINDOWS\\system32\\winsswebagent.dll,LaunchIEAfterReboot"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:0000009d
"RegWinBackUp"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"Capalcan"="{163FB204-D999-4F64-B2D2-6991902D49DA}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-12-02 11:10:31.82
C:\ComboFix.txt ... 06-12-02 11:10

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:54 AM

Posted 02 December 2006 - 01:55 PM

I need to see a different type of log from Hijackthis
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your in your next reply.
What can you tell about the popups?
When do they happen? What are they for?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 C5Drvr

C5Drvr
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 02 December 2006 - 08:52 PM

The pop up are advertisements that anything from meeting singles in the area to auto loans. They only happen when i have internet explorer open and about every 5th to tenth click.


Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe MPEG Encoder
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.8
Adobe Shockwave Player
Advanced RealMedia Export Plug-in for Premiere 6.0
Advanced System Optimizer 2.10
AirPlus G
AltoMP3 Gold 5.06
ANIO Service
ANIWZCS2 Service
AOL Uninstaller (Choose which Products to Remove)
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Avanquest update
AVG Anti-Spyware 7.5
BitComet 0.70
Broadcom 802.11 Control Panel
Broadcom 802.11 Driver
Call of Duty - United Offensive
Call of Duty Game of the Year Edition
Call of Duty® 2
CCleaner (remove only)
CDMaster32
Comcast Rhapsody
Conexant AC-97 Audio
Conexant Data Fax Modem with SmartCP
Creative WMA Service Provider
DCC Manager
Diskeeper Professional Edition
DivX
DivX Converter
DivX Converter
DivX Player
Download Plugin for Internet Explorer
Dr Watson for Microsoft Windows OneCare Live v1.1.1067.14
DVD Decrypter (Remove Only)
Educated Investor Guide to Investing
Encyclopaedia Britannica CD Installer
FinePixViewer Resource
FinePixViewer Ver.5.2
FUJIFILM USB Driver
GetRight
Google Earth
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Help and Support
hp officejet 7100 series
HP Wireless Assistant
IKEA Home Planner Kitchen
ImageRecall 3
InterVideo DiscLabel
InterVideo WinDVD
InterVideo WinDVD Creator
iTunes
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
KhalSetup
Macromedia Flash Player 8
MathPlayer
McAfee SecurityCenter
Media Library Management Wizard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Network Guide
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIRC
Motorola Phone Tools
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (1.5.0.8)
MSN
MSN Encarta Plus Support Files
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Musicmatch® Jukebox
muvee autoProducer 3.5 - SE
muvee autoProducer 4.1
Nero 7 Demo
PartyPokerNet
Personal License Update Wizard for Windows Media Player
Picasa 2
Plus! MP3 Audio Converter LE
Quick Launch Buttons 5.10 B5
QuickBooks Pro 2006
Quicken 2007
Quicken WillMaker Plus 2006
Quicken WillMaker Plus 2007
QuickTime
RAW FILE CONVERTER LE
RCA Lyra Wireless Remote
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
Rhapsody Player Engine
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Sonic RecordNow!
Sonic Update Manager
SonicAC3Encoder
SonicMPEGEncoder
Synaptics Pointing Device Driver
TeamSpeak 2 RC2
Texas Calculatem 4 with "AutoRead"
Texas Instruments PCIxx21/x515 drivers.
Texas Instruments PCIxx21/x515 drivers.
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
URGE for Windows Media Player
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
WinAVIVideoConverter
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Bonus Pack for Windows XP
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:54 AM

Posted 03 December 2006 - 11:10 AM

Click Start -> Control Panel -> Add Remove Programs and uninstall these programs:

Download Plugin for Internet Explorer
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar



=============


We need to update your version of Java.
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 10 from HERE
    • Scroll down to where it says Java Runtime Environment (JRE) 5.0 Update 10
    • Click the "Download" button to the right.
    • Accept the license agreement.
    • Click Windows Offline Installation, Multi-language to download the file.
  • Once the program has finished downloading:
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
      • It should have next icon next to it: Posted Image
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-1_5_0_10-windowsi586-p.exe to install the newest version.
  • Go back into the Control Panel and double-click the Java Icon.
    • Under Temporary Internet Files, click the Delete Files button.
    • There are three options in the window to clear the cache - Leave ALL 3 Checked
      • Downloaded Applets
      • Downloaded Applications
      • Other Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Java Control Panel.
=============


Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Also post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 C5Drvr

C5Drvr
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 03 December 2006 - 09:09 PM

Scanning Report
Sunday, December 03, 2006 19:51:52 - 21:04:54
Computer name: LAPTOP
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 4 malware found
Tracking Cookie (spyware)
System (Disinfected)
System
System
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 31545
System: 7342
Not scanned: 12
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 3
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\SQLITE_2CS5XJZQHD5G0CA
C:\WINDOWS\TEMP\SQLITE_B0LEERTAY5HJJNQ
C:\WINDOWS\TEMP\SQLITE_ORU2ELIOFNJ3TYL
C:\WINDOWS\TEMP\SQLITE_XC8SZN6E5WZ1Q2N
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MUVEE TECHNOLOGIES\030625\0102\0106\VALUES
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1EE9EDBF8FA51C9A363E7045E32A37FE_2AD8B24F-FF9C-4138-9BDD-76F88E86A641
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\69013A01DF9D22CF2773D78E7575FFB4_2AD8B24F-FF9C-4138-9BDD-76F88E86A641
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9521202662BE39589ED7AAE9D5AB6022_2AD8B24F-FF9C-4138-9BDD-76F88E86A641
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A165A2AF958CA2EFF52028BF13F0E1F9_2AD8B24F-FF9C-4138-9BDD-76F88E86A641

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2006-12-01
F-Secure AVP: 7.0.171, 2006-12-03
F-Secure Orion: 1.2.37, 2006-12-02
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Draco: 1.0.35, 2006-11-14
F-Secure Pegasus: 1.19.0, 2006-08-29
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#8 C5Drvr

C5Drvr
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 03 December 2006 - 09:15 PM

The 4 items removed by this scan did not fix the problem. I still got a pop up after. By the way, I do have the internet explorer pop up blocker turned on, I am guessing it is not all that great anyway.

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:54 AM

Posted 04 December 2006 - 07:16 PM

I still need to see a new hijackthis log.

And let's use another tool that will give some more useful info.

Download WinPFind2.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind2 on your desktop.
  • Open the folder and double-click on winpfind2.exe to start the program.
  • Click on the Services tab.
  • From the two drop down boxes next to Filter list:, on the left one choose List all type of services and on the right one choose List all services.
  • Click on the Configuration tab.
  • Keep the standard settings and then in the AddOn-Options box click the checkboxes for
    • HKCU_IEDesktop.def
    • Policies.def
    • SID_Run_Policies.def
    to select them.
  • Under File Options click Select All
  • Under Other Options put a check to both Show All boxes
  • Please maximize the window in order to be able to view the Status Bar where you can see the progress of the scan.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is, click on it to uncheck it and then please post that report into this topic. After posting please check if the whole report fit into the post. If it did fit, it should say <End of Report> at the end. If not, please post the section that was cut off in a second post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 C5Drvr

C5Drvr
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 04 December 2006 - 08:56 PM

Logfile of HijackThis v1.99.1
Scan saved at 8:51:28 PM, on 12/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\4608\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Thomson multimedia\Lyra Wireless Remote\Lyraw.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\AOL\1145991105\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Trace Eraser\trayicon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Downloads\Q3E Minimizer_v1.45.EXE
C:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\GetRight\GETRIGHT.EXE
C:\Program Files\GetRight\GETRIGHT.EXE
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O3 - Toolbar: (no name) - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - (no file)
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [LyraWirelessRemote] "C:\Program Files\Thomson multimedia\Lyra Wireless Remote\Lyraw.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145991105\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC_CLEAN] C:\Program Files\Trace Eraser\trayicon.exe
O4 - HKCU\..\Run: [creative mode] C:\DOCUME~1\ANDREW~1\APPLIC~1\INTERP~1\Readme dog.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Q3E Minimizer v1.45] C:\Downloads\Q3E Minimizer_v1.45.EXE
O4 - Global Startup: Exif Launcher 2.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...meDir=ridgeline
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {BF5E26B7-7087-4C2D-B0BA-0098F7CBED6B} - http://dogsonthefarm.serveftp.com/cab/Live.cab
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30299.www3.hp.com/ediags/hpna/web/...hp.cab?1,0,0,94
O18 - Protocol: bw+0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw+0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw-0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw-0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw00 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw00s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw10 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw10s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw20 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw20s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw30 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw30s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw40 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw40s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw50 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw50s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw60 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw60s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw70 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw70s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw80 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw80s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw90 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bw90s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwa0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwa0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwb0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwb0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwc0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwc0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwd0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwd0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwe0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwe0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwf0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwf0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwg0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwh0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwh0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwi0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwi0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwj0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwj0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwk0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwk0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwl0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwl0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwm0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwm0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwn0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwn0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwo0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwo0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwp0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwp0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwq0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwq0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwr0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwr0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bws0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bws0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwt0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwt0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwu0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwu0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwv0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwv0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bww0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bww0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwx0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwx0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwy0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwy0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwz0 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: bwz0s - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {774565D8-74B6-4518-97D2-74FCEF1C7599} - (no file)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: Capalcan - {163FB204-D999-4F64-B2D2-6991902D49DA} - C:\WINDOWS\system32\logicreg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

#11 C5Drvr

C5Drvr
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 04 December 2006 - 09:13 PM

Posted Image

Wheni try to run winpfind2, i get error msg above. I am the admin on the computer and there are no other windows or programs open aside from McAfee open.

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:54 AM

Posted 05 December 2006 - 09:17 PM

Can you try it in Safe mode?
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
  • If you have trouble getting into Safe mode go here for more info.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 C5Drvr

C5Drvr
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 07 December 2006 - 01:51 PM

Tried it in safe mode under both my log in (which is an admin) and the admin log in. Still got this msg.

Posted Image

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:54 AM

Posted 07 December 2006 - 09:41 PM

Let's try an earlier version of this same program.
Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* if you have trouble getting into Safe mode go here for more info.


Then open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 C5Drvr

C5Drvr
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 10 December 2006 - 11:54 AM

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 12/10/2006 11:43:49 AM
WinPFind v1.5.0 Folder = C:\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
UPX! 6/7/1999 5:50:32 AM 139264 C:\WINDOWS\SYSTEM32\ACD.ocx (Dialog Medien GmbH)
UPX! 12/31/2002 1:31:32 AM 218624 C:\WINDOWS\SYSTEM32\ACDWRITE.ocx ()
UPX! 2/10/2002 12:25:06 AM 31232 C:\WINDOWS\SYSTEM32\akrip32.dll (AKSoft)
PEC2 8/4/2004 3:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PEC2 6/9/2005 3:32:28 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll (DivXNetworks)
PECompact2 6/9/2005 3:32:28 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll (DivXNetworks)
UPX! 1/27/2002 4:46:12 PM 22016 C:\WINDOWS\SYSTEM32\FreeDBid.dll (Zittware.com)
UPX! 1/9/2004 10:17:00 PM 144384 C:\WINDOWS\SYSTEM32\lame_enc.dll ()
PTech 6/19/2006 3:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
UPX! 12/29/2002 5:15:10 PM 109056 C:\WINDOWS\SYSTEM32\mikmod.dll (Zittware)
PECompact2 11/7/2006 8:38:14 PM 10342824 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 11/7/2006 8:38:14 PM 10342824 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 8/4/2004 3:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
UPX! 9/4/1997 6:17:08 PM 111104 C:\WINDOWS\SYSTEM32\Nviewlib.dll ()
UPX! 7/19/2002 6:34:40 AM 20992 C:\WINDOWS\SYSTEM32\ogg.dll ()
Umonitor 8/4/2004 3:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
aspack 12/17/2001 9:56:02 AM 188928 C:\WINDOWS\SYSTEM32\Selfupdate.exe (Alexis Ríos Negrón)
PEC2 10/18/2006 9:47:20 PM 8231936 C:\WINDOWS\SYSTEM32\SET125.tmp (Microsoft Corporation)
WSUD 10/18/2006 9:47:20 PM 8231936 C:\WINDOWS\SYSTEM32\SET125.tmp (Microsoft Corporation)
UPX! 8/13/2003 11:30:02 PM 135179 C:\WINDOWS\SYSTEM32\SoXWin32.dll (Zittware)
UPX! 11/8/2001 5:20:24 PM 18944 C:\WINDOWS\SYSTEM32\vcedit.dll ()
UPX! 7/19/2002 6:34:56 AM 107008 C:\WINDOWS\SYSTEM32\vorbis.dll ()
UPX! 7/19/2002 6:35:12 AM 61440 C:\WINDOWS\SYSTEM32\vorbisenc.dll ()
UPX! 7/19/2002 6:35:18 AM 9728 C:\WINDOWS\SYSTEM32\vorbisfile.dll ()
winsync 8/4/2004 3:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
aspack 1/2/2002 10:42:28 AM 215552 C:\WINDOWS\SYSTEM32\Webupdate2.dll ()
aspack 1/3/2002 2:09:02 PM 316928 C:\WINDOWS\SYSTEM32\WebUpdate2.exe (Alexis Ríos Negrón)
PTech 6/19/2006 3:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)
PEC2 10/18/2006 9:47:20 PM 8231936 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)
WSUD 10/18/2006 9:47:20 PM 8231936 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/7/2006 1:28:38 PM S 2048 C:\WINDOWS\bootstat.dat ()
11/27/2006 2:44:56 PM H 54156 C:\WINDOWS\QTFont.qfn ()
11/6/2006 2:42:04 PM HS 8192 C:\WINDOWS\Thumbs.db ()
10/11/2006 2:30:26 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index22.dat ()
10/11/2006 2:30:32 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index23.dat ()
10/17/2006 1:34:28 PM S 42344 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ie7.cat ()
10/16/2006 10:35:46 AM S 10965 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920213.cat ()
10/13/2006 7:55:52 AM S 10965 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923980.cat ()
10/13/2006 8:33:10 AM S 10259 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924270.cat ()
10/12/2006 12:40:36 PM S 8006 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem84.CAT ()
11/2/2006 11:54:58 AM S 34696 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMFDist11.cat ()
11/2/2006 12:13:58 PM S 27554 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\wmp11.cat ()
12/10/2006 11:48:32 AM H 8192 C:\WINDOWS\system32\config\default.LOG ()
12/10/2006 11:31:42 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
12/10/2006 11:43:36 AM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
12/10/2006 11:46:32 AM H 1024 C:\WINDOWS\system32\config\software.LOG ()
12/10/2006 11:32:26 AM H 1024 C:\WINDOWS\system32\config\system.LOG ()
11/15/2006 3:03:08 AM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
12/1/2006 10:23:38 AM S 341 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 ()
12/1/2006 10:23:38 AM S 413 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 ()
11/29/2006 10:17:12 PM S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 ()
12/1/2006 10:23:38 AM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 ()
12/1/2006 10:23:38 AM S 98 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 ()
11/29/2006 10:17:12 PM S 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 ()
12/3/2006 5:46:56 PM H 1024 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG ()
11/13/2006 8:52:32 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\aff57a1a-2af4-40be-9d82-3e8e6263bf58 ()
11/13/2006 8:52:32 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
11/24/2006 3:45:46 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\37cd032e-b321-4506-856f-9621e6cf0b40 ()
11/24/2006 3:45:46 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
12/7/2006 1:28:54 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/4/2004 3:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
8/4/2004 3:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
10/27/2004 5:16:14 PM 1237095 C:\WINDOWS\SYSTEM32\BCMWLCPL.CPL (Broadcom Corporation)
8/4/2004 3:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 3:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 3:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 3:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
10/17/2006 1:05:48 PM 1817088 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 3:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 3:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
8/4/2004 3:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
11/9/2006 3:07:28 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/4/2004 3:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 3:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/4/2004 3:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/4/2004 3:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 3:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/4/2004 3:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 3:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
8/4/2004 3:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/4/2004 3:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 3:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
12/8/2004 8:25:26 PM 86016 C:\WINDOWS\SYSTEM32\WACntlPnl.cpl (Hewlett-Packard Company)
8/4/2004 3:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
10/17/2006 1:05:48 PM 1817088 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{03F998B2-0E00-11D3-A498-00104B6EB52E} - - CodeBase = https://components.viewpoint.com/MTSInstall...meDir=ridgeline
{13EC55CF-D993-475B-9ACA-F4A384957956} - Controller Class - CodeBase = https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
{193C772A-87BE-4B19-A7BB-445B226FE9A1} - ewidoOnlineScan Control - CodeBase = http://download.ewido.net/ewidoOnlineScan.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - - CodeBase = http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{9D190AE6-C81E-4039-8061-978EBAD10073} - F-Secure Online Scanner 3.0 - CodeBase = http://support.f-secure.com/ols3/fscax.cab
{B8BE5E93-A60C-4D26-A2DC-220313175592} - ZoneIntro Class - CodeBase = http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - - CodeBase = http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
{BF5E26B7-7087-4C2D-B0BA-0098F7CBED6B} - - CodeBase = http://dogsonthefarm.serveftp.com/cab/Live.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} - HP Content Update - CodeBase = http://h30299.www3.hp.com/ediags/hpna/web/...hp.cab?1,0,0,94

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
8/7/2004 7:58:34 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
9/8/2006 8:21:14 PM 555 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher 2.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/7/2004 12:46:50 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
11/4/2006 8:27:48 PM 1405 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
8/7/2004 7:58:34 AM HS 84 C:\Documents and Settings\Andrew Snedeker\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
10/7/2005 10:59:18 AM 1422 C:\Documents and Settings\Andrew Snedeker\Application Data\AdobeDLM.log ()
8/7/2004 12:46:48 AM HS 62 C:\Documents and Settings\Andrew Snedeker\Application Data\desktop.ini ()
10/7/2005 10:59:18 AM 0 C:\Documents and Settings\Andrew Snedeker\Application Data\dm.ini ()
6/5/2005 12:04:28 PM 0 C:\Documents and Settings\Andrew Snedeker\Application Data\wklnhst.dat ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://go.microsoft.com/fwlink/?LinkId=69157
\\Search Page - http://go.microsoft.com/fwlink/?LinkId=54896
\\Default_Page_URL - http://go.microsoft.com/fwlink/?LinkId=69157
\\Default_Search_URL - http://go.microsoft.com/fwlink/?LinkId=54896
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.msn.com/
\\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{089FD14D-132B-48FC-8861-0048AE113215} - = C:\Program Files\SiteAdvisor\4608\SiteAdv.dll (McAfee, Inc.)
\{31FF080D-12A3-439A-A2EF-4BA95A3148E8} - bho2gr Class = C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - = ()
\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - scriptproxy = c:\program files\mcafee\virusscan\scriptcl.dll (McAfee, Inc.)
\{9030D464-4C02-4ABF-8ECC-5164760863C6} - Windows Live Sign-in Helper = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor = C:\Program Files\SiteAdvisor\4608\SiteAdv.dll (McAfee, Inc.)
\\{8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - = ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = ()
\WebBrowser\\{8AED5DF3-6E0B-4930-B1A5-F8AA8D757497} - = ()
\WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} - &Links = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = Sun Java Console
\\NEXTID - 8196
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8193 =
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8194 = Windows Messenger
\\{F4430FE8-2638-42e5-B849-800749B94EED} - 8195 = PartyPoker.net

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
\{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = ()
\{F4430FE8-2638-42e5-B849-800749B94EED} - ButtonText: PartyPoker.net = C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{DEE12703-6333-4D4E-8F34-738C4DCC2E04} - RecordNow! SendToExt = C:\Program Files\Sonic\RecordNow!\shlext.dll ()
\\{2F603045-309F-11CF-9774-0020AFD0CFF6} - Synaptics Control Panel = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics, Inc.)
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = ()
\\{B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\\{7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\\InCDShellExt extension - {CAE3251E-9B15-4810-B268-852AD9792A59} = ()
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\FileEncrypt - {90A07ACC-0331-4aee-9AAD-A854A9C37667} = C:\Program Files\Advanced System Optimizer\ShellExt.dll (Systweak Inc)
\MCVSRIGHTCLICKSCANNER - {162EFDC5-2957-465D-887B-590AF4A7E84D} = c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll (McAfee, Inc.)
\ViewpointPhotosExt - {28710882-150A-48A6-A858-2FC774BA822E} = ()
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\FileEncrypt - {90A07ACC-0331-4aee-9AAD-A854A9C37667} = C:\Program Files\Advanced System Optimizer\ShellExt.dll (Systweak Inc)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\MCVSRIGHTCLICKSCANNER - {162EFDC5-2957-465D-887B-590AF4A7E84D} = c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll (McAfee, Inc.)
\ViewpointPhotosExt - {28710882-150A-48A6-A858-2FC774BA822E} = ()
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalExt.NeroDigitalColumnHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
UpdateManager - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
SynTPLpr - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
SynTPEnh - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
Cpqset - C:\Program Files\HPQ\Default Settings\cpqset.exe ()
eabconfg.cpl - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
hpWirelessAssistant - %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe ()
D-Link AirPlus G - C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
ANIWZCS2Service - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
Logitech Hardware Abstraction Layer - C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE (Logitech Inc.)
Microsoft Works Update Detection - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
DiskeeperSystray - C:\Program Files\Executive Software\Diskeeper\DkIcon.exe (Executive Software International, Inc.)
LyraWirelessRemote - C:\Program Files\Thomson multimedia\Lyra Wireless Remote\Lyraw.exe (Thomson Inc.)
NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
InCD - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
MimBoot - C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe (Musicmatch, Inc.)
HostManager - C:\Program Files\Common Files\AOL\1145991105\ee\AOLSoftware.exe (America Online, Inc.)
IPHSend - C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
REGSHAVE - C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
SiteAdvisor - C:\Program Files\SiteAdvisor\4608\SiteAdv.exe (McAfee, Inc.)
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
ccleaner - C:\Program Files\CCleaner\ccleaner.exe (Piriform Ltd)
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
PC_CLEAN - C:\Program Files\Trace Eraser\trayicon.exe ( Optimize Your PC )
creative mode - C:\DOCUME~1\ANDREW~1\APPLIC~1\INTERP~1\Readme dog.exe ()
WMPNSCFG - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
Q3E Minimizer v1.45 - C:\Downloads\Q3E Minimizer_v1.45.EXE (By UberGames)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJI PHOTO FILM CO., LTD.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Andrew Snedeker\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
\\UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
\\WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
\\Capalcan - {163FB204-D999-4F64-B2D2-6991902D49DA} = C:\WINDOWS\system32\logicreg.dll ()

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\AtiExtEvent - Ati2evxx.dll = (ATI Technologies Inc.)
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{0C24F026-364A-4708-A130-F8D809334FF7} - (D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.A2))
{3D3574E4-07C7-4F40-B210-3E37C017926C} - (Realtek RTL8139/810x Family Fast Ethernet NIC)
{81B931A9-5CC2-4EF0-9ED6-3BAF9612EC53} - (D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.A2))
{8BE65BE5-1012-46CF-971B-0A6748842CF0} - (1394 Net Adapter)
{B7795901-102C-4344-981C-2889B38EF455} - (Broadcom 802.11b/g WLAN)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000022\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000023\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\bw+0 - ()
\bw+0s - ()
\bw-0 - ()
\bw-0s - ()
\bw00 - ()
\bw00s - ()
\bw10 - ()
\bw10s - ()
\bw20 - ()
\bw20s - ()
\bw30 - ()
\bw30s - ()
\bw40 - ()
\bw40s - ()
\bw50 - ()
\bw50s - ()
\bw60 - ()
\bw60s - ()
\bw70 - ()
\bw70s - ()
\bw80 - ()
\bw80s - ()
\bw90 - ()
\bw90s - ()
\bwa0 - ()
\bwa0s - ()
\bwb0 - ()
\bwb0s - ()
\bwc0 - ()
\bwc0s - ()
\bwd0 - ()
\bwd0s - ()
\bwe0 - ()
\bwe0s - ()
\bwf0 - ()
\bwf0s - ()
\bwfile-8876480 - ()
\bwg0 - ()
\bwg0s - ()
\bwh0 - ()
\bwh0s - ()
\bwi0 - ()
\bwi0s - ()
\bwj0 - ()
\bwj0s - ()
\bwk0 - ()
\bwk0s - ()
\bwl0 - ()
\bwl0s - ()
\bwm0 - ()
\bwm0s - ()
\bwn0 - ()
\bwn0s - ()
\bwo0 - ()
\bwo0s - ()
\bwp0 - ()
\bwp0s - ()
\bwq0 - ()
\bwq0s - ()
\bwr0 - ()
\bwr0s - ()
\bws0 - ()
\bws0s - ()
\bwt0 - ()
\bwt0s - ()
\bwu0 - ()
\bwu0s - ()
\bwv0 - ()
\bwv0s - ()
\bww0 - ()
\bww0s - ()
\bwx0 - ()
\bwx0s - ()
\bwy0 - ()
\bwy0s - ()
\bwz0 - ()
\bwz0s - ()
\ipp - ()
\msdaipp - ()
\offline-8876480 - ()
\siteadvisor - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll (McAfee, Inc.)

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

>>>>Output for AddOn file HKCU_IEDesktop.def<<<<
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop]
Desktop\Components\\DeskHtmlVersion - 272
Desktop\Components\\DeskHtmlMinorVersion - 5
Desktop\Components\\Settings - 1
Desktop\Components\\GeneralFlags - 4
Desktop\General\\BackupWallpaper - %SystemRoot%\web\wallpaper\Bliss.bmp
Desktop\General\\WallpaperFileTime - 00 C7 FB F9 7D 7C C4 01
Desktop\General\\WallpaperLocalFileTime - 00 27 EA 72 5C 7C C4 01
Desktop\General\\TileWallpaper - 0
Desktop\General\\WallpaperStyle - 2
Desktop\General\\Wallpaper - %SystemRoot%\web\wallpaper\Bliss.bmp
Desktop\General\\ComponentsPositioned - 1
Desktop\Old WorkAreas\\NoOfOldWorkAreas - 1
Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 A0 05 00 00 62 03 00 00
Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt
Desktop\SafeMode\General\\VisitGallery - 0
Desktop\Scheme\\Edit -
Desktop\Scheme\\Display -

>>>>Output for AddOn file Policies.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\Explorer\\NoCDBurning - 0
policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} - 1
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\Ratings\\Key - EC 3A 50 1F BE BA 53 B2 DA 51 1F 9E 8F 58 65 FD
policies\Ratings\\Hint - Sticky
policies\Ratings\\FileName0 - C:\WINDOWS\system32\RSACi.rat
policies\Ratings\\WarnOnOff - 1
policies\Ratings\.Default\\Allow_Unknowns - 0
policies\Ratings\.Default\\PleaseMom - 1
policies\Ratings\.Default\\Enabled - 0
policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html\\l - 0
policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html\\n - 0
policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html\\s - 0
policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html\\v - 0
policies\Ratings\PICSRules\.Default\\NumSys - 0
policies\Ratings\PICSRules\.Default\0\\dwFlags - 0
policies\Ratings\PICSRules\.Default\0\\errLine - 0
policies\Ratings\PICSRules\.Default\0\PRPolicy\\PRNumPolicy - 4
policies\Ratings\PICSRules\.Default\0\PRPolicy\0\\PRPPolicyAttribute - 2
policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\\PRNumURLExpressions - 1
policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUInternetPattern - 1
policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUNonWild - 13
policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUSpecified - 31
policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUScheme - http
policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUHost - www.msn.com
policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUPort - 80
policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0\\PRBUUrl - www.msn.com
policies\Ratings\PICSRules\.Default\0\PRPolicy\1\\PRPPolicyAttribute - 2
policies\Ratings\PICSRules\.Default\0\PRPolicy\1\PRPPolicySub\\PRNumURLExpressions - 1
policies\Ratings\PICSRules\.Default\0\PRPolicy\1\PRPPolicySub\0\\PRBUInternetPattern - 1
policies\Ratings\PICSRules\.Default\0\PRPolicy\1\PRPPolicySub\0\\PRBUNonWild - 13
policies\Ratings\PICSRules\.Default\0\PRPolicy\1\PRPPolicySub\0\\PRBUSpecified - 31
policies\Ratings\PICSRules\.Default\0\PRPolicy\1\PRPPolicySub\0\\PRBUScheme - http
policies\Ratings\PICSRules\.Default\0\PRPolicy\1\PRPPolicySub\0\\PRBUHost - shopping.msn.com
policies\Ratings\PICSRules\.Default\0\PRPolicy\1\PRPPolicySub\0\\PRBUPort - 80
policies\Ratings\PICSRules\.Default\0\PRPolicy\1\PRPPolicySub\0\\PRBUUrl - shopping.msn.com
policies\Ratings\PICSRules\.Default\0\PRPolicy\2\\PRPPolicyAttribute - 2
policies\Ratings\PICSRules\.Default\0\PRPolicy\2\PRPPolicySub\\PRNumURLExpressions - 1
policies\Ratings\PICSRules\.Default\0\PRPolicy\2\PRPPolicySub\0\\PRBUInternetPattern - 1
policies\Ratings\PICSRules\.Default\0\PRPolicy\2\PRPPolicySub\0\\PRBUNonWild - 13
policies\Ratings\PICSRules\.Default\0\PRPolicy\2\PRPPolicySub\0\\PRBUSpecified - 31
policies\Ratings\PICSRules\.Default\0\PRPolicy\2\PRPPolicySub\0\\PRBUScheme - http
policies\Ratings\PICSRules\.Default\0\PRPolicy\2\PRPPolicySub\0\\PRBUHost - www.buycostumes.com
policies\Ratings\PICSRules\.Default\0\PRPolicy\2\PRPPolicySub\0\\PRBUPort - 80
policies\Ratings\PICSRules\.Default\0\PRPolicy\2\PRPPolicySub\0\\PRBUUrl - www.buycostumes.com
policies\Ratings\PICSRules\.Default\0\PRPolicy\3\\PRPPolicyAttribute - 2
policies\Ratings\PICSRules\.Default\0\PRPolicy\3\PRPPolicySub\\PRNumURLExpressions - 1
policies\Ratings\PICSRules\.Default\0\PRPolicy\3\PRPPolicySub\0\\PRBUInternetPattern - 1
policies\Ratings\PICSRules\.Default\0\PRPolicy\3\PRPPolicySub\0\\PRBUNonWild - 5
policies\Ratings\PICSRules\.Default\0\PRPolicy\3\PRPPolicySub\0\\PRBUSpecified - 31
policies\Ratings\PICSRules\.Default\0\PRPolicy\3\PRPPolicySub\0\\PRBUScheme - javascript
policies\Ratings\PICSRules\.Default\0\PRPolicy\3\PRPPolicySub\0\\PRBUHost - openwindowlink()
policies\Ratings\PICSRules\.Default\0\PRPolicy\3\PRPPolicySub\0\\PRBUUrl - openwindowlink()
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\Explorer\\NoDriveTypeAutoRun - 157
policies\Explorer\\RegWinBackUp - 0
policies\Explorer\\ClearRecentDocsOnExit - 1

>>>>Output for AddOn file SID_Run_Policies.def<<<<
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies]
Policies\Explorer\\NoDriveTypeAutoRun - 145

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies]
Policies\Explorer\\NoDriveTypeAutoRun - 145


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users