Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected W/pestcapture & Or Public Messenger Ver2.03


  • Please log in to reply
5 replies to this topic

#1 tackstrip

tackstrip

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 23 December 2006 - 11:19 AM

Been getting un wanted pop ups from IE for pest capture. I use Netscape for my browser. Also found public messenger 2.03 in add/remove, and it won't remove.

Logfile of HijackThis v1.99.1
Scan saved at 10:10:27 AM, on 12/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Defender Pro Anti Spam\admin.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Defender Pro Anti Spam\dpantispam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dial
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\PROGRA~1\E-BOOK~1\FLIPVI~1\fplaunch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: (no name) - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163550943921
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C887D454-485E-4984-93EF-0058347CAA98}: NameServer = 205.242.56.13 205.242.56.14
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\cpmctl32.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: MSSQLSERVER - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SQLSERVERAGENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE" -i MSSQLSERVER (file missing)

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:43 AM

Posted 23 December 2006 - 11:49 AM

Hello tackstrip and welcome to the BC HijackThis forum. Let's start with the following.

Remove this installed program using Add or Remove Programs in the Control Panel:
  • Click Start.
  • Click Control Panel.
  • Double-click Add or Remove Programs.
  • Look in the Currently installed programs box for each program listed below and if it is there:
  • Click on it to select it.
  • Click Change (or Change/Remove) button.
  • If you are prompted to confirm the removal of the program, click Yes.
Relevant Knowledge
Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 tackstrip

tackstrip
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 24 December 2006 - 06:47 AM

Thanks for reply Ol' Timer.
When I removed "Relivent Knowladge" as wel as "public messenger" I got a error message saying there has been an error removing these programs, they may already be gone, do I want to remove from list? I said yes.
Here's log

WinPFind3 logfile created on: 12/24/2006 5:34:44 AM
WinPFind3U by OldTimer - Version 1.0.1 Folder = C:\Program Files\Netscape\Netscape Browser\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


[Processes - Non-Microsoft Only]
admin.exe -> C:\Program Files\Defender Pro Anti Spam\Admin.exe -> Mailshell.com [Ver = 2.01.0003 | Size = 495616 bytes | Modified Date = 11/14/2003 8:40:32 PM | Attr = ]
agent.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 618496 bytes | Modified Date = 8/11/2005 4:30:30 PM | Attr = ]
dlbtbmgr.exe -> C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe -> [Ver = 1.0.15.4 | Size = 290816 bytes | Modified Date = 11/10/2004 1:36:00 PM | Attr = ]
dlbtbmon.exe -> C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe -> [Ver = 1.0.15.4 | Size = 102400 bytes | Modified Date = 11/10/2004 1:59:26 PM | Attr = ]
dmxlauncher.exe -> C:\Program Files\Dell\Media Experience\DMXLauncher.exe -> [Ver = | Size = 86016 bytes | Modified Date = 1/27/2005 12:02:00 AM | Attr = ]
dpantispam.exe -> C:\Program Files\Defender Pro Anti Spam\dpantispam.exe -> [Ver = | Size = 688128 bytes | Modified Date = 11/14/2003 6:50:18 PM | Attr = ]
dvdlauncher.exe -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 4/28/2005 1:34:38 PM | Attr = ]
guard.exe -> C:\Program Files\ewido anti-spyware 4.0\guard.exe -> Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Modified Date = 6/16/2006 8:38:44 AM | Attr = ]
hkcmd.exe -> C:\WINDOWS\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 9/20/2005 9:32:24 AM | Attr = ]
iam.exe -> C:\Program Files\CallWave\IAM.exe -> CallWave, Inc. [Ver = 4.00.5 (29-Nov-2006) | Size = 1839168 bytes | Modified Date = 12/23/2006 5:38:56 AM | Attr = ]
igfxpers.exe -> C:\WINDOWS\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 9/20/2005 9:36:20 AM | Attr = ]
issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 4:30:30 PM | Attr = ]
isuspm.exe -> c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 249856 bytes | Modified Date = 8/11/2005 4:30:30 PM | Attr = ]
jusched.exe -> C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 11/19/2003 4:48:14 PM | Attr = ]
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 229376 bytes | Modified Date = 11/28/2005 12:11:36 PM | Attr = ]
mmtask.exe -> C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe -> Musicmatch Inc. [Ver = 9.0.0.1 | Size = 53248 bytes | Modified Date = 9/14/2004 7:50:48 AM | Attr = ]
netscape.exe -> C:\Program Files\Netscape\Netscape Browser\netscape.exe -> Netscape [Ver = 8.1.2 | Size = 97792 bytes | Modified Date = 9/12/2006 4:18:40 PM | Attr = ]
picasamediadetector.exe -> C:\Program Files\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.5.0 | Size = 249927 bytes | Modified Date = 9/14/2006 1:38:40 PM | Attr = ]
qttask.exe -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 12/16/2006 7:11:52 PM | Attr = ]
smax4pnp.exe -> C:\Program Files\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1404928 bytes | Modified Date = 10/14/2004 6:42:54 PM | Attr = ]
tfswctrl.exe -> C:\WINDOWS\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122941 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\Wayne\Desktop\winpfind3u.exe -> [Ver = | Size = 336680 bytes | Modified Date = 12/24/2006 5:29:28 AM | Attr = ]
winpfind3u.exe -> C:\Program Files\Netscape\Netscape Browser\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.1.0 | Size = 302592 bytes | Modified Date = 12/21/2006 8:20:08 PM | Attr = ]
wzqkpick.exe -> C:\Program Files\WinZip\WZQKPICK.EXE -> WinZip Computing LP [Ver = 1.0 (32-bit) | Size = 122880 bytes | Modified Date = 4/7/2006 9:00:00 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 229376 bytes | Modified Date = 11/28/2005 12:11:36 PM | Attr = ]
(dlbt_device) dlbt_device [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\system32\dlbtcoms.exe -> Dell [Ver = 1.27.33.0 | Size = 421888 bytes | Modified Date = 10/25/2004 3:01:52 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
(ewido anti-spyware 4.0 guard) ewido anti-spyware 4.0 guard [Win32_Own | Auto | Running] -> C:\Program Files\ewido anti-spyware 4.0\guard.exe -> Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Modified Date = 6/16/2006 8:38:44 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(kavsvc) kavsvc [Win32_Own | Auto | Running] -> C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe -> Defender Pro LLC [Ver = 5.0.390.1 | Size = 917610 bytes | Modified Date = 10/20/2005 8:48:24 AM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 1.6.3.0 | Size = 143360 bytes | Modified Date = 12/17/2003 12:59:48 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
103 -> C:\Program Files\Defender Pro Anti Spam\Admin.exe -> Mailshell.com [Ver = 2.01.0003 | Size = 495616 bytes | Modified Date = 11/14/2003 8:40:32 PM | Attr = ]
Dell Photo AIO Printer 922 -> C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe -> [Ver = 1.0.15.4 | Size = 290816 bytes | Modified Date = 11/10/2004 1:36:00 PM | Attr = ]
dla -> C:\WINDOWS\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122941 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr = ]
DLBTCATS -> C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbttime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16] -> [Ver = 0.1.11.5 | Size = 69632 bytes | Modified Date = 11/9/2004 3:41:32 PM | Attr = ]
DMXLauncher -> C:\Program Files\Dell\Media Experience\DMXLauncher.exe -> [Ver = | Size = 86016 bytes | Modified Date = 1/27/2005 12:02:00 AM | Attr = ]
DVDLauncher -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 4/28/2005 1:34:38 PM | Attr = ]
igfxhkcmd -> C:\WINDOWS\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 9/20/2005 9:32:24 AM | Attr = ]
igfxpers -> C:\WINDOWS\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 9/20/2005 9:36:20 AM | Attr = ]
igfxtray -> C:\WINDOWS\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 94208 bytes | Modified Date = 9/20/2005 9:35:40 AM | Attr = ]
ISUSPM Startup -> c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 249856 bytes | Modified Date = 8/11/2005 4:30:30 PM | Attr = ]
ISUSScheduler -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 4:30:30 PM | Attr = ]
KAVPersonal50 -> C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe -> Defender Pro LLC [Ver = 5.0.390.1 | Size = 387687 bytes | Modified Date = 10/21/2005 3:21:14 AM | Attr = ]
mmtask -> C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe -> Musicmatch Inc. [Ver = 9.0.0.1 | Size = 53248 bytes | Modified Date = 9/14/2004 7:50:48 AM | Attr = ]
NeroCheck -> C:\WINDOWS\system32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ]
Picasa Media Detector -> C:\Program Files\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.5.0 | Size = 249927 bytes | Modified Date = 9/14/2006 1:38:40 PM | Attr = ]
QuickTime Task -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 12/16/2006 7:11:52 PM | Attr = ]
SoundMAXPnP -> C:\Program Files\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1404928 bytes | Modified Date = 10/14/2004 6:42:54 PM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 11/19/2003 4:48:14 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DefenderProAutoRun -> C:\Program Files\Defender Pro Anti Spam\dpantispam.exe -> [Ver = | Size = 688128 bytes | Modified Date = 11/14/2003 6:50:18 PM | Attr = ]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk -> C:\Program Files\QUICKEN\billmind.exe -> Intuit [Ver = 008.000.000.000 | Size = 17408 bytes | Modified Date = 1/12/2006 2:20:14 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk -> C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk -> C:\Program Files\QUICKEN\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 57344 bytes | Modified Date = 1/12/2006 2:20:18 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll [ewido anti-spyware 4.0] -> Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 73728 bytes | Modified Date = 6/16/2006 8:38:50 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> C:\WINDOWS\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4396 | Size = 135168 bytes | Modified Date = 9/20/2005 9:31:28 AM | Attr = ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://yahoo.sbc.com/dial ->
HKLM: Main\\Default_Search_URL -> http://red.clientapps.yahoo.com/customize/...//www.yahoo.com ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://red.clientapps.yahoo.com/customize/.../search/ie.html ->
HKLM: Search Page -> http://www.google.com ->
HKLM: Start Page -> http://my.yahoo.com ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Page_URL -> http://www.dell4me.com/myway ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://red.clientapps.yahoo.com/customize/.../search/ie.html ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://my.yahoo.com ->
HKCU: URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} [HKLM] -> C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll [FlpLauncher Class] -> [Ver = 1, 1, 0, 2 | Size = 49152 bytes | Modified Date = 8/4/2004 4:18:14 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118844 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{2499216C-4BA5-11D5-BD9C-000103C116D5} -> 8193 - Reg Data - Key not found ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> 8194 - Reg Data - Key not found ->
{7F9DB11C-E358-4ca6-A83D-ACC663939424} -> 8197 - Reg Data - Value does not exist ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8195 - Reg Data - Value does not exist ->
{e2e2dd38-d088-4134-82b7-f2ba38496583} -> 8196 - @xpsp3res.dll,-20001 ->
NextId -> 8198 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] ->
{7F9DB11C-E358-4ca6-A83D-ACC663939424} -> Reg Data - Value does not exist [ButtonText: Bonjour] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] ->
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
Yahoo! Dictionary -> file:///C:\Program Files\Yahoo!\Common/ycdict.htm -> File not found
Yahoo! Search -> file:///C:\Program Files\Yahoo!\Common/ycsrch.htm -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118844 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
{9999A076-A9E2-4C99-8A2B-632FC9429223} [HKLM] -> C:\Program Files\Bonjour\ExplorerPlugin.dll [Bonjour] -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 454656 bytes | Modified Date = 11/28/2005 12:11:26 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 126464 bytes | Modified Date = 12/3/2006 2:53:06 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 4/7/2006 9:00:00 AM | Attr = ]
{E0D79305-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 4/7/2006 9:00:00 AM | Attr = ]
{E0D79306-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 4/7/2006 9:00:00 AM | Attr = ]
{E0D79307-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 4/7/2006 9:00:00 AM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\ewido anti-spyware 4.0\context.dll [ewido anti-spyware] -> Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 94208 bytes | Modified Date = 6/16/2006 8:38:38 AM | Attr = ]
{dd230880-495a-11d1-b064-008048ec2fc5} [HKLM] -> C:\Program Files\Defender Pro\Defender Pro Anti-Virus\shellex.dll [Kaspersky Anti-Virus] -> Defender Pro LLC [Ver = 5.0.390.1 | Size = 131179 bytes | Modified Date = 10/20/2005 11:36:38 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 12/3/2006 2:53:06 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 4/7/2006 9:00:00 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\ewido anti-spyware 4.0\context.dll [ewido anti-spyware] -> Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 94208 bytes | Modified Date = 6/16/2006 8:38:38 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 12/3/2006 2:53:06 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 4/7/2006 9:00:00 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> C:\WINDOWS\system32\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.4396 | Size = 147456 bytes | Modified Date = 9/20/2005 9:35:24 AM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{dd230880-495a-11d1-b064-008048ec2fc5} [HKLM] -> C:\Program Files\Defender Pro\Defender Pro Anti-Virus\shellex.dll [Kaspersky Anti-Virus] -> Defender Pro LLC [Ver = 5.0.390.1 | Size = 131179 bytes | Modified Date = 10/20/2005 11:36:38 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 12/3/2006 2:53:06 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 4/7/2006 9:00:00 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{79A474E2-79C9-4ACD-8FB6-2F988A20CD72} -> (Intel® PRO/100 VE Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
belarc -> C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll -> Belarc, Inc. [Ver = 7.0t | Size = 33280 bytes | Modified Date = 7/29/2005 3:06:02 PM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found


[Files - Created Wihin 30 days]
lcfep5b.drv -> C:\WINDOWS\lcfep5b.drv -> [Ver = | Size = 1204 bytes | Created Date = 12/22/2006 8:49:25 AM | Attr = HS]
NDNuninstall7_48.exe -> C:\WINDOWS\NDNuninstall7_48.exe -> [Ver = | Size = 183808 bytes | Created Date = 12/13/2006 5:34:35 PM | Attr = S]
BASSMOD.dll -> C:\WINDOWS\System32\BASSMOD.dll -> [Ver = | Size = 34308 bytes | Created Date = 12/22/2006 9:52:12 AM | Attr = ]
PTPITCP.dll -> C:\WINDOWS\System32\PTPITCP.dll -> FotoNation Inc. [Ver = 2.22.0.0 | Size = 64512 bytes | Created Date = 12/16/2006 7:09:26 PM | Attr = ]
zllictbl.dat -> C:\WINDOWS\System32\zllictbl.dat -> [Ver = | Size = 4212 bytes | Created Date = 12/23/2006 1:32:01 PM | Attr = H ]

[Files - Modified Wihin 30 days]
hiberfil.sys -> C:\hiberfil.sys -> [Ver = | Size = 534827008 bytes | Modified Date = 12/23/2006 2:14:22 PM | Attr = HS]
lfinfo.dat -> C:\Program Files\Common Files\Scanner\lfinfo.dat -> [Ver = | Size = 104 bytes | Modified Date = 12/20/2006 7:19:52 PM | Attr = ]
ppclean.exe -> C:\Program Files\Common Files\Scanner\ppclean.exe -> Computer Associates Int'l [Ver = 5.0.0.9 | Size = 486826 bytes | Modified Date = 12/13/2006 5:35:08 PM | Attr = ]
ppfile.dat -> C:\Program Files\Common Files\Scanner\ppfile.dat -> [Ver = | Size = 4268226 bytes | Modified Date = 12/13/2006 6:08:48 PM | Attr = ]
ppinfo.dat -> C:\Program Files\Common Files\Scanner\ppinfo.dat -> [Ver = | Size = 985046 bytes | Modified Date = 12/13/2006 6:13:50 PM | Attr = ]
pploc.dat -> C:\Program Files\Common Files\Scanner\pploc.dat -> [Ver = | Size = 618146 bytes | Modified Date = 12/13/2006 6:17:00 PM | Attr = ]
ppsrindex.dat -> C:\Program Files\Common Files\Scanner\ppsrindex.dat -> [Ver = | Size = 30546 bytes | Modified Date = 12/13/2006 5:35:10 PM | Attr = ]
AdobeFnt07.lst -> C:\Program Files\Common Files\Adobe\TypeSpt\AdobeFnt07.lst -> [Ver = | Size = 41946 bytes | Modified Date = 12/14/2006 10:18:08 PM | Attr = ]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Modified Date = 12/23/2006 2:16:06 PM | Attr = ]
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 12/23/2006 2:14:24 PM | Attr = S]
comsetup.log -> C:\WINDOWS\comsetup.log -> [Ver = | Size = 216083 bytes | Modified Date = 12/24/2006 5:25:44 AM | Attr = ]
D9H7ADHB.ocx -> C:\WINDOWS\D9H7ADHB.ocx -> [Ver = | Size = 3120 bytes | Modified Date = 12/23/2006 2:38:26 PM | Attr = ]
dellstat.ini -> C:\WINDOWS\dellstat.ini -> [Ver = | Size = 821 bytes | Modified Date = 12/22/2006 4:14:04 PM | Attr = ]
FaxSetup.log -> C:\WINDOWS\FaxSetup.log -> [Ver = | Size = 640152 bytes | Modified Date = 12/24/2006 5:25:44 AM | Attr = ]
iis6.log -> C:\WINDOWS\iis6.log -> [Ver = | Size = 93794 bytes | Modified Date = 12/24/2006 5:25:44 AM | Attr = ]
imsins.log -> C:\WINDOWS\imsins.log -> [Ver = | Size = 1943 bytes | Modified Date = 12/24/2006 5:25:44 AM | Attr = ]
lcfep5b.drv -> C:\WINDOWS\lcfep5b.drv -> [Ver = | Size = 1204 bytes | Modified Date = 12/22/2006 10:11:58 AM | Attr = HS]
ModemLog_Conexant D850 56K V.9x DFVc Modem.txt -> C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt -> [Ver = | Size = 70662 bytes | Modified Date = 12/24/2006 5:33:28 AM | Attr = ]
mozver.dat -> C:\WINDOWS\mozver.dat -> [Ver = | Size = 8969 bytes | Modified Date = 12/23/2006 6:39:46 PM | Attr = ]
msgsocm.log -> C:\WINDOWS\msgsocm.log -> [Ver = | Size = 32543 bytes | Modified Date = 12/24/2006 5:25:44 AM | Attr = ]
NDNuninstall7_48.exe -> C:\WINDOWS\NDNuninstall7_48.exe -> [Ver = | Size = 183808 bytes | Modified Date = 12/13/2006 5:34:36 PM | Attr = S]
ntdtcsetup.log -> C:\WINDOWS\ntdtcsetup.log -> [Ver = | Size = 134585 bytes | Modified Date = 12/24/2006 5:25:44 AM | Attr = ]
ocgen.log -> C:\WINDOWS\ocgen.log -> [Ver = | Size = 348392 bytes | Modified Date = 12/24/2006 5:25:44 AM | Attr = ]
ocmsn.log -> C:\WINDOWS\ocmsn.log -> [Ver = | Size = 35660 bytes | Modified Date = 12/24/2006 5:25:44 AM | Attr = ]
orun32.ini -> C:\WINDOWS\orun32.ini -> [Ver = | Size = 884 bytes | Modified Date = 12/1/2006 8:27:04 AM | Attr = ]
QTFont.for -> C:\WINDOWS\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 12/16/2006 7:11:52 PM | Attr = ]
QTFont.qfn -> C:\WINDOWS\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 12/17/2006 7:53:22 AM | Attr = H ]
SchedLgU.Txt -> C:\WINDOWS\SchedLgU.Txt -> [Ver = | Size = 32542 bytes | Modified Date = 12/23/2006 2:13:40 PM | Attr = ]
setupact.log -> C:\WINDOWS\setupact.log -> [Ver = | Size = 2124 bytes | Modified Date = 12/23/2006 7:16:24 AM | Attr = ]
setupapi.log -> C:\WINDOWS\setupapi.log -> [Ver = | Size = 226845 bytes | Modified Date = 12/24/2006 5:25:38 AM | Attr = ]
tsoc.log -> C:\WINDOWS\tsoc.log -> [Ver = | Size = 252382 bytes | Modified Date = 12/24/2006 5:25:44 AM | Attr = ]
wiadebug.log -> C:\WINDOWS\wiadebug.log -> [Ver = | Size = 252 bytes | Modified Date = 12/23/2006 2:38:10 PM | Attr = ]
wiaservc.log -> C:\WINDOWS\wiaservc.log -> [Ver = | Size = 50 bytes | Modified Date = 12/23/2006 2:14:32 PM | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 2021480 bytes | Modified Date = 12/23/2006 2:14:32 PM | Attr = ]
34BB3DF8ED.sys -> C:\WINDOWS\System32\34BB3DF8ED.sys -> [Ver = | Size = 56 bytes | Modified Date = 12/21/2006 6:57:58 AM | Attr = RHS]
BASSMOD.dll -> C:\WINDOWS\System32\BASSMOD.dll -> [Ver = | Size = 34308 bytes | Modified Date = 12/22/2006 10:08:28 AM | Attr = ]
HAF9SE8J.ocx -> C:\WINDOWS\System32\HAF9SE8J.ocx -> [Ver = | Size = 3120 bytes | Modified Date = 12/23/2006 2:38:26 PM | Attr = ]
KGyGaAvL.sys -> C:\WINDOWS\System32\KGyGaAvL.sys -> [Ver = | Size = 2516 bytes | Modified Date = 12/21/2006 6:57:58 AM | Attr = HS]
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [Ver = | Size = 88002 bytes | Modified Date = 12/22/2006 3:22:44 PM | Attr = ]
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [Ver = | Size = 466944 bytes | Modified Date = 12/22/2006 3:22:44 PM | Attr = ]
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [Ver = | Size = 565126 bytes | Modified Date = 12/22/2006 3:22:44 PM | Attr = ]
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 12/23/2006 2:38:12 PM | Attr = ]
zllictbl.dat -> C:\WINDOWS\System32\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 12/23/2006 1:54:44 PM | Attr = H ]

[File String Scan - Non-Microsoft Only]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 11/19/2003 9:50:24 PM | Attr = ]
UPX! , UPX0 , -> C:\Program Files\Common Files\Nullsoft\Video\ActiveX\plugins\nsvplayx_vp5_mp3.dll -> * * * [Ver = 1, 0, 0, 98 | Size = 177152 bytes | Modified Date = 9/1/2004 10:56:56 AM | Attr = ]
qoologic , SAHAgent , -> C:\Program Files\Common Files\Scanner\ppsrindex.dat -> [Ver = | Size = 30546 bytes | Modified Date = 12/13/2006 5:35:10 PM | Attr = ]
PEC2 , -> C:\WINDOWS\System32\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 2.00.0202 | Size = 874248 bytes | Modified Date = 6/14/2004 3:04:34 PM | Attr = ]
winsync , -> C:\WINDOWS\System32\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\XceedCry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.107.0 | Size = 512688 bytes | Modified Date = 11/19/2003 2:59:36 PM | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\XceedFTP.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.1.129.0 | Size = 279392 bytes | Modified Date = 12/6/2004 1:45:48 PM | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\XceedZip.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 5.0.117.0 | Size = 427864 bytes | Modified Date = 6/14/2004 2:56:26 PM | Attr = ]

< End of report >

Don't seem to be getting pop ups anymore, but real slow booting up.
Thanks again,Wayne

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:43 AM

Posted 24 December 2006 - 09:30 AM

Hi tackstrip. Let's do a little cleanup. Please follow the steps below in order.

Step #1

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Internet Explorer Settings > ->
YN -> HKLM: Main\\Default_Search_URL -> http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
YN -> HKLM: Search Bar -> http://red.clientapps.yahoo.com/customize/.../search/ie.html
YN -> HKCU: Search Bar -> http://red.clientapps.yahoo.com/customize/.../search/ie.html
YN -> HKCU: URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {7F9DB11C-E358-4ca6-A83D-ACC663939424} -> Reg Data - Value does not exist [ButtonText: Bonjour]
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com]
[Files - Created Wihin 30 days]
NY -> lcfep5b.drv -> C:\WINDOWS\lcfep5b.drv
NY -> NDNuninstall7_48.exe -> C:\WINDOWS\NDNuninstall7_48.exe
[Files - Modified Wihin 30 days]
NY -> NDNuninstall7_48.exe -> C:\WINDOWS\NDNuninstall7_48.exe
NY -> 34BB3DF8ED.sys -> C:\WINDOWS\System32\34BB3DF8ED.sys
[Reboot]


The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

Step #2

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
Note: the "XX" in the version will be whatever the latest version is.
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update XX.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_XX-windowsi586-p.exe to install the newest version.
Step #3

Post the following back here:
  • a new WinPFind3U report. Just use the default settings (I do not need any of the file scans this time).
  • the latest .log file from the WinPFind3u folder (it will have a name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 tackstrip

tackstrip
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 24 December 2006 - 02:16 PM

Thanks again OT,
Still taking forever to booy up. Seems to take until my screen saver kicks in???
Also , did see something about old java being infected when I removed it.
Here is latest log......

WinPFind3 logfile created on: 12/24/2006 1:11:07 PM
WinPFind3U by OldTimer - Version 1.0.1 Folder = C:\Program Files\Netscape\Netscape Browser\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


[Processes - Non-Microsoft Only]
admin.exe -> C:\Program Files\Defender Pro Anti Spam\Admin.exe -> Mailshell.com [Ver = 2.01.0003 | Size = 495616 bytes | Modified Date = 11/14/2003 8:40:32 PM | Attr = ]
dlbtbmgr.exe -> C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe -> [Ver = 1.0.15.4 | Size = 290816 bytes | Modified Date = 11/10/2004 1:36:00 PM | Attr = ]
dlbtbmon.exe -> C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe -> [Ver = 1.0.15.4 | Size = 102400 bytes | Modified Date = 11/10/2004 1:59:26 PM | Attr = ]
dmxlauncher.exe -> C:\Program Files\Dell\Media Experience\DMXLauncher.exe -> [Ver = | Size = 86016 bytes | Modified Date = 1/27/2005 12:02:00 AM | Attr = ]
dpantispam.exe -> C:\Program Files\Defender Pro Anti Spam\dpantispam.exe -> [Ver = | Size = 688128 bytes | Modified Date = 11/14/2003 6:50:18 PM | Attr = ]
dvdlauncher.exe -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 4/28/2005 1:34:38 PM | Attr = ]
guard.exe -> C:\Program Files\ewido anti-spyware 4.0\guard.exe -> Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Modified Date = 6/16/2006 8:38:44 AM | Attr = ]
hkcmd.exe -> C:\WINDOWS\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 9/20/2005 9:32:24 AM | Attr = ]
iam.exe -> C:\Program Files\CallWave\IAM.exe -> CallWave, Inc. [Ver = 4.00.5 (29-Nov-2006) | Size = 1839168 bytes | Modified Date = 12/23/2006 5:38:56 AM | Attr = ]
igfxpers.exe -> C:\WINDOWS\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 9/20/2005 9:36:20 AM | Attr = ]
issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 4:30:30 PM | Attr = ]
jusched.exe -> C:\Program Files\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 77824 bytes | Modified Date = 12/24/2006 12:40:06 PM | Attr = ]
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 229376 bytes | Modified Date = 11/28/2005 12:11:36 PM | Attr = ]
mmtask.exe -> C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe -> Musicmatch Inc. [Ver = 9.0.0.1 | Size = 53248 bytes | Modified Date = 9/14/2004 7:50:48 AM | Attr = ]
picasamediadetector.exe -> C:\Program Files\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.5.0 | Size = 249927 bytes | Modified Date = 9/14/2006 1:38:40 PM | Attr = ]
qttask.exe -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 12/16/2006 7:11:52 PM | Attr = ]
smax4pnp.exe -> C:\Program Files\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1404928 bytes | Modified Date = 10/14/2004 6:42:54 PM | Attr = ]
tfswctrl.exe -> C:\WINDOWS\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122941 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr = ]
winpfind3u.exe -> C:\Program Files\Netscape\Netscape Browser\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.1.0 | Size = 302592 bytes | Modified Date = 12/21/2006 8:20:08 PM | Attr = ]
wzqkpick.exe -> C:\Program Files\WinZip\WZQKPICK.EXE -> WinZip Computing LP [Ver = 1.0 (32-bit) | Size = 122880 bytes | Modified Date = 4/7/2006 9:00:00 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 229376 bytes | Modified Date = 11/28/2005 12:11:36 PM | Attr = ]
(dlbt_device) dlbt_device [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\system32\dlbtcoms.exe -> Dell [Ver = 1.27.33.0 | Size = 421888 bytes | Modified Date = 10/25/2004 3:01:52 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
(ewido anti-spyware 4.0 guard) ewido anti-spyware 4.0 guard [Win32_Own | Auto | Running] -> C:\Program Files\ewido anti-spyware 4.0\guard.exe -> Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Modified Date = 6/16/2006 8:38:44 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(kavsvc) kavsvc [Win32_Own | Auto | Running] -> C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe -> Defender Pro LLC [Ver = 5.0.390.1 | Size = 917610 bytes | Modified Date = 10/20/2005 8:48:24 AM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 1.6.3.0 | Size = 143360 bytes | Modified Date = 12/17/2003 12:59:48 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
103 -> C:\Program Files\Defender Pro Anti Spam\Admin.exe -> Mailshell.com [Ver = 2.01.0003 | Size = 495616 bytes | Modified Date = 11/14/2003 8:40:32 PM | Attr = ]
Dell Photo AIO Printer 922 -> C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe -> [Ver = 1.0.15.4 | Size = 290816 bytes | Modified Date = 11/10/2004 1:36:00 PM | Attr = ]
dla -> C:\WINDOWS\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122941 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr = ]
DLBTCATS -> C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbttime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16] -> [Ver = 0.1.11.5 | Size = 69632 bytes | Modified Date = 11/9/2004 3:41:32 PM | Attr = ]
DMXLauncher -> C:\Program Files\Dell\Media Experience\DMXLauncher.exe -> [Ver = | Size = 86016 bytes | Modified Date = 1/27/2005 12:02:00 AM | Attr = ]
DVDLauncher -> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 4/28/2005 1:34:38 PM | Attr = ]
igfxhkcmd -> C:\WINDOWS\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 9/20/2005 9:32:24 AM | Attr = ]
igfxpers -> C:\WINDOWS\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 9/20/2005 9:36:20 AM | Attr = ]
igfxtray -> C:\WINDOWS\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 94208 bytes | Modified Date = 9/20/2005 9:35:40 AM | Attr = ]
ISUSPM Startup -> c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 249856 bytes | Modified Date = 8/11/2005 4:30:30 PM | Attr = ]
ISUSScheduler -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 4:30:30 PM | Attr = ]
KAVPersonal50 -> C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe -> Defender Pro LLC [Ver = 5.0.390.1 | Size = 387687 bytes | Modified Date = 10/21/2005 3:21:14 AM | Attr = ]
mmtask -> C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe -> Musicmatch Inc. [Ver = 9.0.0.1 | Size = 53248 bytes | Modified Date = 9/14/2004 7:50:48 AM | Attr = ]
NeroCheck -> C:\WINDOWS\system32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ]
Picasa Media Detector -> C:\Program Files\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.5.0 | Size = 249927 bytes | Modified Date = 9/14/2006 1:38:40 PM | Attr = ]
QuickTime Task -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 12/16/2006 7:11:52 PM | Attr = ]
SoundMAXPnP -> C:\Program Files\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1404928 bytes | Modified Date = 10/14/2004 6:42:54 PM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 77824 bytes | Modified Date = 12/24/2006 12:40:06 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DefenderProAutoRun -> C:\Program Files\Defender Pro Anti Spam\dpantispam.exe -> [Ver = | Size = 688128 bytes | Modified Date = 11/14/2003 6:50:18 PM | Attr = ]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk -> C:\Program Files\QUICKEN\billmind.exe -> Intuit [Ver = 008.000.000.000 | Size = 17408 bytes | Modified Date = 1/12/2006 2:20:14 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk -> C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk -> C:\Program Files\QUICKEN\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 57344 bytes | Modified Date = 1/12/2006 2:20:18 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll [ewido anti-spyware 4.0] -> Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 73728 bytes | Modified Date = 6/16/2006 8:38:50 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> C:\WINDOWS\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4396 | Size = 135168 bytes | Modified Date = 9/20/2005 9:31:28 AM | Attr = ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://yahoo.sbc.com/dial ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.google.com ->
HKLM: Start Page -> http://my.yahoo.com ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Page_URL -> http://www.dell4me.com/myway ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://my.yahoo.com ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} [HKLM] -> C:\Program Files\E-Book Systems\FlipViewer\fplaunch.dll [FlpLauncher Class] -> [Ver = 1, 1, 0, 2 | Size = 49152 bytes | Modified Date = 8/4/2004 4:18:14 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118844 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 501384 bytes | Modified Date = 12/24/2006 12:40:06 PM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{2499216C-4BA5-11D5-BD9C-000103C116D5} -> 8193 - Reg Data - Key not found ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> 8194 - Reg Data - Key not found ->
{7F9DB11C-E358-4ca6-A83D-ACC663939424} -> 8197 - Reg Data - Key not found ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8195 - Reg Data - Key not found ->
{e2e2dd38-d088-4134-82b7-f2ba38496583} -> 8196 - @xpsp3res.dll,-20001 ->
NextId -> 8198 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll [MenuText: Sun Java Console] ->
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] ->
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
Yahoo! Dictionary -> file:///C:\Program Files\Yahoo!\Common/ycdict.htm -> File not found
Yahoo! Search -> file:///C:\Program Files\Yahoo!\Common/ycsrch.htm -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118844 bytes | Modified Date = 5/31/2005 4:33:00 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
{9999A076-A9E2-4C99-8A2B-632FC9429223} [HKLM] -> C:\Program Files\Bonjour\ExplorerPlugin.dll [Bonjour] -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 454656 bytes | Modified Date = 11/28/2005 12:11:26 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 126464 bytes | Modified Date = 12/3/2006 2:53:06 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 4/7/2006 9:00:00 AM | Attr = ]
{E0D79305-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 4/7/2006 9:00:00 AM | Attr = ]
{E0D79306-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 4/7/2006 9:00:00 AM | Attr = ]
{E0D79307-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 4/7/2006 9:00:00 AM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\ewido anti-spyware 4.0\context.dll [ewido anti-spyware] -> Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 94208 bytes | Modified Date = 6/16/2006 8:38:38 AM | Attr = ]
{dd230880-495a-11d1-b064-008048ec2fc5} [HKLM] -> C:\Program Files\Defender Pro\Defender Pro Anti-Virus\shellex.dll [Kaspersky Anti-Virus] -> Defender Pro LLC [Ver = 5.0.390.1 | Size = 131179 bytes | Modified Date = 10/20/2005 11:36:38 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 12/3/2006 2:53:06 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 4/7/2006 9:00:00 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> C:\Program Files\ewido anti-spyware 4.0\context.dll [ewido anti-spyware] -> Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 94208 bytes | Modified Date = 6/16/2006 8:38:38 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 12/3/2006 2:53:06 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 4/7/2006 9:00:00 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> C:\WINDOWS\system32\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.4396 | Size = 147456 bytes | Modified Date = 9/20/2005 9:35:24 AM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{dd230880-495a-11d1-b064-008048ec2fc5} [HKLM] -> C:\Program Files\Defender Pro\Defender Pro Anti-Virus\shellex.dll [Kaspersky Anti-Virus] -> Defender Pro LLC [Ver = 5.0.390.1 | Size = 131179 bytes | Modified Date = 10/20/2005 11:36:38 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 12/3/2006 2:53:06 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 4/7/2006 9:00:00 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{79A474E2-79C9-4ACD-8FB6-2F988A20CD72} -> (Intel® PRO/100 VE Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
belarc -> C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll -> Belarc, Inc. [Ver = 7.0t | Size = 33280 bytes | Modified Date = 7/29/2005 3:06:02 PM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found


< End of report >

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:43 AM

Posted 24 December 2006 - 02:34 PM

Hi tackstrip. The log looks clean. Good job!

The only other thing I see (and this might be related to the startup issue) is that I do not see your anti-virus program running. There is a service that says it is starting the program and an entry in the startup group, but the program does not show up in the list of active processes.

Can you verify that Defender Pro Anti-Virus is actually running and active? Is there an icon in the system tray to tell you this? If not, try starting the program manually and see if it opens up. If not, then we will need to look at that and resolve it.

Let me know.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users