Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Log File


  • This topic is locked This topic is locked
12 replies to this topic

#1 bluwtr

bluwtr

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 27 December 2006 - 09:58 PM

Logfile of HijackThis v1.99.1
Scan saved at 8:55:37 PM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\James\Desktop\Wes and Brandi\Wes\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.accuweather.com/index.asp?partner=accuweather
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [winlogons.exe] C:\Documents and Settings\James\Desktop\Wes and Brandi\Wes\Wes Work\Free KGB Key Logger\winlogons.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [pskl] C:\Documents and Settings\James\Desktop\Wes and Brandi\Wes\Wes Work\Keyboard Logger Pro\keyspy.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1142748075306
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


I hope some one knows what all of this means. I sure don't for the most part.

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:24 PM

Posted 27 December 2006 - 10:15 PM

Hello bluwtr and welcome to the BC HijackThis forum. I would like to look at some additional files. Let's try a different scanner and see what we find.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 bluwtr

bluwtr
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 28 December 2006 - 12:11 PM

WinPFind3 logfile created on: 12/28/2006 11:01:42 AM
WinPFind3U by OldTimer - Version 1.0.3 Folder = C:\Documents and Settings\James\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)


[Processes - Non-Microsoft Only]
acsd.exe -> C:\Program Files\Common Files\AOL\ACS\acsd.exe -> America Online, Inc. [Ver = 1,0,25,3 | Size = 1434848 bytes | Modified Date = 4/21/2004 11:16:02 AM | Attr = ]
bcmsmmsg.exe -> C:\WINDOWS\BCMSMMSG.exe -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 4:59:24 AM | Attr = ]
hkcmd.exe -> C:\WINDOWS\SYSTEM32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 6/21/2005 11:44:34 PM | Attr = ]
hpotdd01.exe -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 40960 bytes | Modified Date = 12/2/2002 8:56:10 PM | Attr = ]
hpwuschd2.exe -> C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 10:11:42 PM | Attr = ]
hpztsb08.exe -> C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb08.exe -> HP [Ver = 2,223,0,0 | Size = 172032 bytes | Modified Date = 3/11/2003 4:08:52 AM | Attr = ]
incd.exe -> C:\Program Files\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 14, 1 | Size = 1383936 bytes | Modified Date = 4/12/2005 3:15:30 AM | Attr = ]
incdsrv.exe -> C:\Program Files\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 14, 1 | Size = 869376 bytes | Modified Date = 4/12/2005 11:15:04 AM | Attr = ]
jusched.exe -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Modified Date = 10/12/2006 3:10:54 AM | Attr = ]
mcagent.exe -> C:\Program Files\McAfee.com\Agent\mcagent.exe -> Networks Associates Technology, Inc [Ver = 4, 2, 0, 8 | Size = 200704 bytes | Modified Date = 3/18/2003 1:53:52 PM | Attr = ]
mcshield.exe -> c:\Program Files\McAfee.com\VSO\McShield.exe -> [Ver = | Size = 225375 bytes | Modified Date = 3/13/2002 8:50:34 AM | Attr = ]
mcvsrte.exe -> c:\Program Files\McAfee.com\VSO\mcvsrte.exe -> Networks Associates Technology, Inc [Ver = 4, 4, 0, 35 | Size = 102400 bytes | Modified Date = 3/21/2003 12:51:52 PM | Attr = ]
mcvsshld.exe -> C:\Program Files\McAfee.com\VSO\mcvsshld.exe -> Networks Associates Technology, Inc [Ver = 4, 4, 0, 35 | Size = 159744 bytes | Modified Date = 3/21/2003 12:52:12 PM | Attr = ]
pcmservice.exe -> C:\Program Files\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 8/26/2003 7:47:34 PM | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\James\Desktop\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.3.0 | Size = 303104 bytes | Modified Date = 12/26/2006 9:48:50 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\AOL\ACS\acsd.exe -> America Online, Inc. [Ver = 1,0,25,3 | Size = 1434848 bytes | Modified Date = 4/21/2004 11:16:02 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> C:\Program Files\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 14, 1 | Size = 869376 bytes | Modified Date = 4/12/2005 11:15:04 AM | Attr = ]
(InCDsrvR) InCD Helper (read only) [Win32_Own | Auto | Stopped] -> C:\Program Files\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 14, 1 | Size = 869376 bytes | Modified Date = 4/12/2005 11:15:04 AM | Attr = ]
(McShield) McAfee.com McShield [Win32_Own | On_Demand | Running] -> c:\Program Files\McAfee.com\VSO\McShield.exe -> [Ver = | Size = 225375 bytes | Modified Date = 3/13/2002 8:50:34 AM | Attr = ]
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -> Networks Associates Technology, Inc [Ver = 4, 2, 0, 23 | Size = 245760 bytes | Modified Date = 8/4/2003 6:27:34 PM | Attr = ]
(MCVSRte) McAfee.com VirusScan Online Realtime Engine [Win32_Own | Auto | Running] -> c:\Program Files\McAfee.com\VSO\mcvsrte.exe -> Networks Associates Technology, Inc [Ver = 4, 4, 0, 35 | Size = 102400 bytes | Modified Date = 3/21/2003 12:51:52 PM | Attr = ]
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 11/24/2005 5:03:22 PM | Attr = ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 11/24/2005 4:57:44 PM | Attr = ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 69718 bytes | Modified Date = 11/24/2005 4:47:30 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BCMSMMSG -> C:\WINDOWS\BCMSMMSG.exe -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 4:59:24 AM | Attr = ]
DeviceDiscovery -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 40960 bytes | Modified Date = 12/2/2002 8:56:10 PM | Attr = ]
HotKeysCmds -> C:\WINDOWS\SYSTEM32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 6/21/2005 11:44:34 PM | Attr = ]
HP Software Update -> C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 10:11:42 PM | Attr = ]
HPDJ Taskbar Utility -> C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb08.exe -> HP [Ver = 2,223,0,0 | Size = 172032 bytes | Modified Date = 3/11/2003 4:08:52 AM | Attr = ]
IgfxTray -> C:\WINDOWS\SYSTEM32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 155648 bytes | Modified Date = 6/21/2005 11:48:18 PM | Attr = ]
InCD -> C:\Program Files\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 14, 1 | Size = 1383936 bytes | Modified Date = 4/12/2005 3:15:30 AM | Attr = ]
MCAgentExe -> c:\Program Files\McAfee.com\Agent\mcagent.exe -> Networks Associates Technology, Inc [Ver = 4, 2, 0, 8 | Size = 200704 bytes | Modified Date = 3/18/2003 1:53:52 PM | Attr = ]
MCUpdateExe -> C:\Program Files\McAfee.com\Agent\mcupdate.exe -> Networks Associates Technology, Inc [Ver = 4, 2, 0, 8 | Size = 159744 bytes | Modified Date = 8/4/2003 6:25:18 PM | Attr = ]
NeroFilterCheck -> C:\WINDOWS\SYSTEM32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ]
PCMService -> C:\Program Files\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 8/26/2003 7:47:34 PM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Modified Date = 10/12/2006 3:10:54 AM | Attr = ]
VirusScan Online -> c:\Program Files\McAfee.com\VSO\mcvsshld.exe -> Networks Associates Technology, Inc [Ver = 4, 4, 0, 35 | Size = 159744 bytes | Modified Date = 3/21/2003 12:52:12 PM | Attr = ]
VSOCheckTask -> c:\Program Files\McAfee.com\VSO\mcmnhdlr.exe -> Networks Associates Technology, Inc [Ver = 4, 4, 0, 35 | Size = 122880 bytes | Modified Date = 3/21/2003 12:50:32 PM | Attr = ]
winlogons.exe -> C:\Documents and Settings\James\Desktop\Wes and Brandi\Wes\Wes Work\Free KGB Key Logger\winlogons.exe -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MySpaceIM -> C:\Program Files\MySpace\IM\MySpaceIM.exe -> [Ver = 1.0.404.0 | Size = 1191936 bytes | Modified Date = 8/23/2006 11:22:56 AM | Attr = ]
pskl -> C:\Documents and Settings\James\Desktop\Wes and Brandi\Wes\Wes Work\Keyboard Logger Pro\keyspy.exe -> File not found
updateMgr -> C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 3:45:08 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 9:05:26 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\James\Start Menu\Programs\Startup
C:\Documents and Settings\James\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe -> Sony Corporation [Ver = 1.0.00.10282 | Size = 155648 bytes | Modified Date = 10/28/2005 1:12:04 PM | Attr = ]
-> C:\Documents and Settings\James\Start Menu\Programs\Startup\PowerReg Scheduler.exe -> [Ver = 2, 0, 0, 1 | Size = 256000 bytes | Modified Date = 11/14/2006 12:49:44 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Page_URL -> http://www.dell.com ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://home.accuweather.com/index.asp?partner=accuweather ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
secure_cableon.net [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 7:38:22 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8195 - Reg Data - Value does not exist ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8194 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8196 - Windows Messenger ->
NextId -> 8197 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 69746 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Windows Live Search -> C:\Program Files\Windows Live Toolbar\msntb.dll\search.htm -> File not found
Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found
E&xport to Microsoft Excel -> -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{330417E8-EF62-4047-82BE-D8305CEFF572} [HKLM] -> Reg Data - Key not found [AMEncShlExt extension] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\SYSTEM32\HTICONS.DLL [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] -> C:\Program Files\Ahead\InCD\incdshx.dll [Shell Extension for CDRW] -> Nero AG [Ver = 4, 3, 14, 1 | Size = 103424 bytes | Modified Date = 4/12/2005 11:16:02 AM | Attr = ]
{97090E2F-3062-4459-855B-014F0D3CDBB1} [HKLM] -> Reg Data - Key not found [Windows Deskbar] -> File not found
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> C:\WINDOWS\SYSTEM32\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.4342 | Size = 225280 bytes | Modified Date = 6/21/2005 11:47:56 PM | Attr = ]
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] -> C:\Program Files\Ahead\InCD\incdshx.dll [InCDMenu] -> Nero AG [Ver = 4, 3, 14, 1 | Size = 103424 bytes | Modified Date = 4/12/2005 11:16:02 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 1:20:02 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{2C0056F7-D2B5-4B29-8EF9-13A9F9C738CF} -> (Motorola SURFboard SB5101 USB Cable Modem) ->
{FA995967-1AE3-4949-8B04-0199F3071C9B} -> (Broadcom 440x 10/100 Integrated Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found


[Files - Created Wihin 30 days]
ctor.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69715 bytes | Created Date = 11/30/2006 3:43:10 PM | Attr = ]
DotNetInstaller.exe -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe -> InstallShield Software Corporation [Ver = 11.50.0.42618 | Size = 5632 bytes | Created Date = 11/30/2006 3:43:10 PM | Attr = ]
iGdi.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 200836 bytes | Created Date = 11/30/2006 3:43:09 PM | Attr = ]
iKernel.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 757760 bytes | Created Date = 11/30/2006 3:43:10 PM | Attr = ]
iscript.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 274432 bytes | Created Date = 11/30/2006 3:43:10 PM | Attr = ]
iuser.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 204800 bytes | Created Date = 11/30/2006 3:43:10 PM | Attr = ]
setup.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 331908 bytes | Created Date = 11/30/2006 3:43:08 PM | Attr = ]
IDNMitigationAPIs.log -> C:\WINDOWS\IDNMitigationAPIs.log -> [Ver = | Size = 13723 bytes | Created Date = 12/27/2006 2:19:27 PM | Attr = ]
ie7.log -> C:\WINDOWS\ie7.log -> [Ver = | Size = 53526 bytes | Created Date = 12/27/2006 2:19:48 PM | Attr = ]
ie7_main.log -> C:\WINDOWS\ie7_main.log -> [Ver = | Size = 24280 bytes | Created Date = 12/27/2006 8:54:28 AM | Attr = ]
KB904942.log -> C:\WINDOWS\KB904942.log -> [Ver = | Size = 10669 bytes | Created Date = 12/27/2006 2:16:13 PM | Attr = ]
KB911993-V2.log -> C:\WINDOWS\KB911993-V2.log -> [Ver = | Size = 13464 bytes | Created Date = 12/27/2006 3:38:24 PM | Attr = ]
KB914440.log -> C:\WINDOWS\KB914440.log -> [Ver = | Size = 5616 bytes | Created Date = 12/27/2006 2:17:26 PM | Attr = ]
KB915865.log -> C:\WINDOWS\KB915865.log -> [Ver = | Size = 12348 bytes | Created Date = 12/27/2006 2:18:38 PM | Attr = ]
KB923689.log -> C:\WINDOWS\KB923689.log -> [Ver = | Size = 10556 bytes | Created Date = 12/17/2006 3:01:53 AM | Attr = ]
KB923694.log -> C:\WINDOWS\KB923694.log -> [Ver = | Size = 12016 bytes | Created Date = 12/16/2006 11:46:15 AM | Attr = ]
KB925398.log -> C:\WINDOWS\KB925398.log -> [Ver = | Size = 9198 bytes | Created Date = 12/17/2006 3:02:26 AM | Attr = ]
KB925454.log -> C:\WINDOWS\KB925454.log -> [Ver = | Size = 31259 bytes | Created Date = 12/16/2006 11:48:07 AM | Attr = ]
KB926255.log -> C:\WINDOWS\KB926255.log -> [Ver = | Size = 12019 bytes | Created Date = 12/16/2006 11:46:31 AM | Attr = ]
NLSDownlevelMapping.log -> C:\WINDOWS\NLSDownlevelMapping.log -> [Ver = | Size = 13425 bytes | Created Date = 12/27/2006 2:18:59 PM | Attr = ]
setuperr.log -> C:\WINDOWS\setuperr.log -> [Ver = | Size = 0 bytes | Created Date = 12/27/2006 2:17:20 PM | Attr = ]
igfx.hlp -> C:\WINDOWS\System32\igfx.hlp -> [Ver = | Size = 57801 bytes | Created Date = 12/26/2006 11:16:18 AM | Attr = ]
java.exe -> C:\WINDOWS\System32\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49248 bytes | Created Date = 12/8/2006 12:21:30 PM | Attr = ]
javaw.exe -> C:\WINDOWS\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 53346 bytes | Created Date = 12/8/2006 12:21:30 PM | Attr = ]
javaws.exe -> C:\WINDOWS\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 127078 bytes | Created Date = 12/8/2006 12:21:30 PM | Attr = ]
jupdate-1.5.0_09-b03.log -> C:\WINDOWS\System32\jupdate-1.5.0_09-b03.log -> [Ver = | Size = 8428 bytes | Created Date = 12/8/2006 12:20:25 PM | Attr = ]

[Files - Modified Wihin 30 days]
hiberfil.sys -> C:\hiberfil.sys -> [Ver = | Size = 266407936 bytes | Modified Date = 12/27/2006 10:25:30 PM | Attr = HS]
hpfr3600.log -> C:\hpfr3600.log -> [Ver = | Size = 427369 bytes | Modified Date = 12/28/2006 10:49:30 AM | Attr = ]
omglog.txt -> C:\Program Files\Common Files\Sony Shared\OpenMG\omglog.txt -> [Ver = | Size = 3952 bytes | Modified Date = 12/2/2006 8:46:44 PM | Attr = ]
iGdi.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 200836 bytes | Modified Date = 11/30/2006 3:43:10 PM | Attr = ]
setup.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 331908 bytes | Modified Date = 11/30/2006 3:43:10 PM | Attr = ]
0.LOG -> C:\WINDOWS\0.LOG -> [Ver = | Size = 0 bytes | Modified Date = 12/27/2006 10:25:54 PM | Attr = ]
BOOTSTAT.DAT -> C:\WINDOWS\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 12/27/2006 10:25:32 PM | Attr = S]
COMSETUP.LOG -> C:\WINDOWS\COMSETUP.LOG -> [Ver = | Size = 275562 bytes | Modified Date = 12/27/2006 3:39:48 PM | Attr = ]
DirectX.log -> C:\WINDOWS\DirectX.log -> [Ver = | Size = 118010 bytes | Modified Date = 12/27/2006 9:54:40 PM | Attr = ]
FaxSetup.log -> C:\WINDOWS\FaxSetup.log -> [Ver = | Size = 985948 bytes | Modified Date = 12/27/2006 3:39:34 PM | Attr = ]
IDNMitigationAPIs.log -> C:\WINDOWS\IDNMitigationAPIs.log -> [Ver = | Size = 13723 bytes | Modified Date = 12/27/2006 2:19:48 PM | Attr = ]
IE4 Error Log.txt -> C:\WINDOWS\IE4 Error Log.txt -> [Ver = | Size = 944 bytes | Modified Date = 12/21/2006 2:25:40 PM | Attr = ]
ie7.log -> C:\WINDOWS\ie7.log -> [Ver = | Size = 53526 bytes | Modified Date = 12/27/2006 2:22:14 PM | Attr = ]
ie7_main.log -> C:\WINDOWS\ie7_main.log -> [Ver = | Size = 24280 bytes | Modified Date = 12/27/2006 2:22:32 PM | Attr = ]
IIS6.LOG -> C:\WINDOWS\IIS6.LOG -> [Ver = | Size = 151601 bytes | Modified Date = 12/27/2006 3:39:48 PM | Attr = ]
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 12/27/2006 2:22:14 PM | Attr = ]
imsins.log -> C:\WINDOWS\imsins.log -> [Ver = | Size = 1393 bytes | Modified Date = 12/27/2006 3:39:48 PM | Attr = ]
KB904942.log -> C:\WINDOWS\KB904942.log -> [Ver = | Size = 10669 bytes | Modified Date = 12/27/2006 2:17:24 PM | Attr = ]
KB911993-V2.log -> C:\WINDOWS\KB911993-V2.log -> [Ver = | Size = 13464 bytes | Modified Date = 12/27/2006 3:39:48 PM | Attr = ]
KB914440.log -> C:\WINDOWS\KB914440.log -> [Ver = | Size = 5616 bytes | Modified Date = 12/27/2006 2:17:56 PM | Attr = ]
KB915865.log -> C:\WINDOWS\KB915865.log -> [Ver = | Size = 12348 bytes | Modified Date = 12/27/2006 2:18:58 PM | Attr = ]
KB923689.log -> C:\WINDOWS\KB923689.log -> [Ver = | Size = 10556 bytes | Modified Date = 12/17/2006 3:02:28 AM | Attr = ]
KB923694.log -> C:\WINDOWS\KB923694.log -> [Ver = | Size = 12016 bytes | Modified Date = 12/17/2006 3:01:46 AM | Attr = ]
KB925398.log -> C:\WINDOWS\KB925398.log -> [Ver = | Size = 9198 bytes | Modified Date = 12/17/2006 3:02:46 AM | Attr = ]
KB925454.log -> C:\WINDOWS\KB925454.log -> [Ver = | Size = 31259 bytes | Modified Date = 12/27/2006 2:17:56 PM | Attr = ]
KB926255.log -> C:\WINDOWS\KB926255.log -> [Ver = | Size = 12019 bytes | Modified Date = 12/17/2006 3:01:54 AM | Attr = ]
ModemLog_BCM V.92 56K Modem.txt -> C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt -> [Ver = | Size = 4330 bytes | Modified Date = 12/27/2006 10:25:52 PM | Attr = ]
MSGSOCM.LOG -> C:\WINDOWS\MSGSOCM.LOG -> [Ver = | Size = 49031 bytes | Modified Date = 12/27/2006 3:39:36 PM | Attr = ]
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 12/13/2006 5:20:36 PM | Attr = ]
NLSDownlevelMapping.log -> C:\WINDOWS\NLSDownlevelMapping.log -> [Ver = | Size = 13425 bytes | Modified Date = 12/27/2006 2:19:26 PM | Attr = ]
ntdtcsetup.log -> C:\WINDOWS\ntdtcsetup.log -> [Ver = | Size = 167596 bytes | Modified Date = 12/27/2006 3:39:48 PM | Attr = ]
OCGEN.LOG -> C:\WINDOWS\OCGEN.LOG -> [Ver = | Size = 496419 bytes | Modified Date = 12/27/2006 3:39:36 PM | Attr = ]
OCMSN.LOG -> C:\WINDOWS\OCMSN.LOG -> [Ver = | Size = 36061 bytes | Modified Date = 12/27/2006 3:39:48 PM | Attr = ]
orun32.ini -> C:\WINDOWS\orun32.ini -> [Ver = | Size = 788 bytes | Modified Date = 12/3/2006 10:18:52 AM | Attr = ]
SchedLgU.Txt -> C:\WINDOWS\SchedLgU.Txt -> [Ver = | Size = 32472 bytes | Modified Date = 12/28/2006 10:49:02 AM | Attr = ]
SETUPACT.LOG -> C:\WINDOWS\SETUPACT.LOG -> [Ver = | Size = 193154 bytes | Modified Date = 12/26/2006 10:35:14 PM | Attr = ]
setupapi.log -> C:\WINDOWS\setupapi.log -> [Ver = | Size = 645804 bytes | Modified Date = 12/27/2006 3:39:34 PM | Attr = ]
setuperr.log -> C:\WINDOWS\setuperr.log -> [Ver = | Size = 0 bytes | Modified Date = 12/27/2006 2:17:22 PM | Attr = ]
spupdsvc.log -> C:\WINDOWS\spupdsvc.log -> [Ver = | Size = 40932 bytes | Modified Date = 12/27/2006 3:16:18 PM | Attr = ]
TSOC.LOG -> C:\WINDOWS\TSOC.LOG -> [Ver = | Size = 379121 bytes | Modified Date = 12/27/2006 3:39:48 PM | Attr = ]
updspapi.log -> C:\WINDOWS\updspapi.log -> [Ver = | Size = 71017 bytes | Modified Date = 12/27/2006 2:21:44 PM | Attr = ]
WIADEBUG.LOG -> C:\WINDOWS\WIADEBUG.LOG -> [Ver = | Size = 157 bytes | Modified Date = 12/27/2006 10:25:42 PM | Attr = ]
WIASERVC.LOG -> C:\WINDOWS\WIASERVC.LOG -> [Ver = | Size = 50 bytes | Modified Date = 12/27/2006 10:25:40 PM | Attr = ]
WIN.INI -> C:\WINDOWS\WIN.INI -> [Ver = | Size = 748 bytes | Modified Date = 12/27/2006 10:16:26 PM | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 1489118 bytes | Modified Date = 12/27/2006 10:25:42 PM | Attr = ]
wmsetup.log -> C:\WINDOWS\wmsetup.log -> [Ver = | Size = 78969 bytes | Modified Date = 12/14/2006 7:22:14 PM | Attr = ]
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [Ver = | Size = 118952 bytes | Modified Date = 12/26/2006 8:56:06 PM | Attr = ]
jupdate-1.5.0_09-b03.log -> C:\WINDOWS\System32\jupdate-1.5.0_09-b03.log -> [Ver = | Size = 8428 bytes | Modified Date = 12/8/2006 12:21:22 PM | Attr = ]
WPA.DBL -> C:\WINDOWS\System32\WPA.DBL -> [Ver = | Size = 1170 bytes | Modified Date = 12/28/2006 10:25:18 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 6/20/2003 6:50:54 AM | Attr = ]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 4/13/2005 3:22:10 AM | Attr = ]
USERTRUST , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4490872 bytes | Modified Date = 10/12/2006 3:41:58 AM | Attr = ]
UPX! , UPX0 , -> C:\Program Files\Common Files\Nullsoft\Video\ActiveX\plugins\nsvplayx_vp5_mp3.dll -> * * * [Ver = 1, 0, 0, 98 | Size = 177152 bytes | Modified Date = 8/9/2003 5:36:56 PM | Attr = ]
UPX! , UPX0 , -> C:\Program Files\Common Files\Sony Shared\OpenMG\InstallCheckTool.exe -> [Ver = 2.5.8.5 | Size = 223159 bytes | Modified Date = 11/24/2005 5:12:32 PM | Attr = ]
PEC2 , WSUD , -> C:\Program Files\Common Files\SpeechEngines\Microsoft\SR61\1033\AF031033.AM -> [Ver = | Size = 7048576 bytes | Modified Date = 11/22/2002 1:27:36 AM | Attr = ]
PEC2 , -> C:\WINDOWS\System32\DFRG.MSC -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
aspack , -> C:\WINDOWS\System32\lame_enc.dll -> [Ver = | Size = 120832 bytes | Modified Date = 3/19/2002 7:18:54 AM | Attr = ]
aspack , -> C:\WINDOWS\System32\NCTAudioFile.dll -> NCT Company [Ver = 1, 7, 6, 0 | Size = 491520 bytes | Modified Date = 12/3/2002 3:02:58 AM | Attr = ]
aspack , -> C:\WINDOWS\System32\NCTAudioInformation2.dll -> NCT Company Ltd. [Ver = 2, 1, 2, 0 | Size = 573440 bytes | Modified Date = 3/26/2003 6:59:40 AM | Attr = ]
aspack , -> C:\WINDOWS\System32\NCTAudioPlayer.dll -> NCT Company [Ver = 1, 7, 6, 0 | Size = 168448 bytes | Modified Date = 12/3/2002 3:07:08 AM | Attr = ]
aspack , -> C:\WINDOWS\System32\NCTWMAFile.dll -> NCT Company [Ver = 1, 7, 6, 0 | Size = 143872 bytes | Modified Date = 12/3/2002 3:11:10 AM | Attr = ]
winsync , -> C:\WINDOWS\System32\WBDBASE.DEU -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
PTech , -> C:\WINDOWS\System32\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 11:41:38 PM | Attr = ]
PTech , -> C:\WINDOWS\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 11:41:38 PM | Attr = ]

< End of report >

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:24 PM

Posted 28 December 2006 - 12:43 PM

Hi bluwtr. The only potential malware related issues I see is that there are the remains of 2 keyloggers installed on this machine. Do you know if they were purposely installed? If not, we will want to remove them.

Cheers.

OT

Edited by OldTimer, 28 December 2006 - 12:44 PM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 bluwtr

bluwtr
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 28 December 2006 - 04:36 PM

Hey OT, I had installed the keyloggers at one time. I have since uninstalled them so I would like to get rid of the remanants. How do I go about removing the rest of them?

Thanks,

bluwtr

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:24 PM

Posted 28 December 2006 - 04:51 PM

Hi bluwtr. To remove the remnants please do the following:

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> winlogons.exe -> C:\Documents and Settings\James\Desktop\Wes and Brandi\Wes\Wes Work\Free KGB Key Logger\winlogons.exe
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> pskl -> C:\Documents and Settings\James\Desktop\Wes and Brandi\Wes\Wes Work\Keyboard Logger Pro\keyspy.exe
[ Extra Files ]
C:\Documents and Settings\James\Desktop\Wes and Brandi\Wes\Wes Work\Free KGB Key Logger\
C:\Documents and Settings\James\Desktop\Wes and Brandi\Wes\Wes Work\Keyboard Logger Pro\


The fix should only take a very short time.

Post the following back here:
  • a new WinPFind3U report
  • the latest .log file from the WinPFind3u folder (it will be a .log file with a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 bluwtr

bluwtr
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 29 December 2006 - 12:12 PM

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winlogons.exe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\pskl deleted successfully.
[ Extra Files ]
Unable to move folder C:\Documents and Settings\James\Desktop\Wes and Brandi\Wes\Wes Work\Free KGB Key Logger\ .
Unable to move folder C:\Documents and Settings\James\Desktop\Wes and Brandi\Wes\Wes Work\Keyboard Logger Pro\ .
File C:\Documents and Settings\James\Desktop\Wes and Brandi\Wes\Wes Work\Keyboard Logger Pro not found!
< End of log >
Created on 12/29/2006 11:01:51


I will post the new scan asap. The program keeps hanging up so it's taking a little time.
Thanks again.

bluwtr

#8 bluwtr

bluwtr
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 29 December 2006 - 12:42 PM

Okay, here is the rest of it.
bw


WinPFind3 logfile created on: 12/29/2006 11:14:35 AM
WinPFind3U by OldTimer - Version 1.0.3 Folder = C:\Documents and Settings\James\Desktop\Wes and Brandi\Wes\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)


[Processes - Non-Microsoft Only]
acsd.exe -> C:\Program Files\Common Files\AOL\ACS\acsd.exe -> America Online, Inc. [Ver = 1,0,25,3 | Size = 1434848 bytes | Modified Date = 4/21/2004 11:16:02 AM | Attr = ]
bcmsmmsg.exe -> C:\WINDOWS\BCMSMMSG.exe -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 4:59:24 AM | Attr = ]
hkcmd.exe -> C:\WINDOWS\SYSTEM32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 6/21/2005 11:44:34 PM | Attr = ]
hpotdd01.exe -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 40960 bytes | Modified Date = 12/2/2002 8:56:10 PM | Attr = ]
hpwuschd2.exe -> C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 10:11:42 PM | Attr = ]
hpztsb08.exe -> C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb08.exe -> HP [Ver = 2,223,0,0 | Size = 172032 bytes | Modified Date = 3/11/2003 4:08:52 AM | Attr = ]
incd.exe -> C:\Program Files\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 14, 1 | Size = 1383936 bytes | Modified Date = 4/12/2005 3:15:30 AM | Attr = ]
incdsrv.exe -> C:\Program Files\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 14, 1 | Size = 869376 bytes | Modified Date = 4/12/2005 11:15:04 AM | Attr = ]
jusched.exe -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Modified Date = 10/12/2006 3:10:54 AM | Attr = ]
mcagent.exe -> C:\Program Files\McAfee.com\Agent\mcagent.exe -> Networks Associates Technology, Inc [Ver = 4, 2, 0, 8 | Size = 200704 bytes | Modified Date = 3/18/2003 1:53:52 PM | Attr = ]
mcshield.exe -> c:\Program Files\McAfee.com\VSO\McShield.exe -> [Ver = | Size = 225375 bytes | Modified Date = 3/13/2002 8:50:34 AM | Attr = ]
mcvsrte.exe -> c:\Program Files\McAfee.com\VSO\mcvsrte.exe -> Networks Associates Technology, Inc [Ver = 4, 4, 0, 35 | Size = 102400 bytes | Modified Date = 3/21/2003 12:51:52 PM | Attr = ]
mcvsshld.exe -> C:\Program Files\McAfee.com\VSO\mcvsshld.exe -> Networks Associates Technology, Inc [Ver = 4, 4, 0, 35 | Size = 159744 bytes | Modified Date = 3/21/2003 12:52:12 PM | Attr = ]
pcmservice.exe -> C:\Program Files\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 8/26/2003 7:47:34 PM | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\James\Desktop\Wes and Brandi\Wes\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.3.0 | Size = 303104 bytes | Modified Date = 12/26/2006 9:48:50 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\AOL\ACS\acsd.exe -> America Online, Inc. [Ver = 1,0,25,3 | Size = 1434848 bytes | Modified Date = 4/21/2004 11:16:02 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 1:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> C:\Program Files\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 14, 1 | Size = 869376 bytes | Modified Date = 4/12/2005 11:15:04 AM | Attr = ]
(InCDsrvR) InCD Helper (read only) [Win32_Own | Auto | Stopped] -> C:\Program Files\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 14, 1 | Size = 869376 bytes | Modified Date = 4/12/2005 11:15:04 AM | Attr = ]
(McShield) McAfee.com McShield [Win32_Own | On_Demand | Running] -> c:\Program Files\McAfee.com\VSO\McShield.exe -> [Ver = | Size = 225375 bytes | Modified Date = 3/13/2002 8:50:34 AM | Attr = ]
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -> Networks Associates Technology, Inc [Ver = 4, 2, 0, 23 | Size = 245760 bytes | Modified Date = 8/4/2003 6:27:34 PM | Attr = ]
(MCVSRte) McAfee.com VirusScan Online Realtime Engine [Win32_Own | Auto | Running] -> c:\Program Files\McAfee.com\VSO\mcvsrte.exe -> Networks Associates Technology, Inc [Ver = 4, 4, 0, 35 | Size = 102400 bytes | Modified Date = 3/21/2003 12:51:52 PM | Attr = ]
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 11/24/2005 5:03:22 PM | Attr = ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 11/24/2005 4:57:44 PM | Attr = ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 69718 bytes | Modified Date = 11/24/2005 4:47:30 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BCMSMMSG -> C:\WINDOWS\BCMSMMSG.exe -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 4:59:24 AM | Attr = ]
DeviceDiscovery -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 40960 bytes | Modified Date = 12/2/2002 8:56:10 PM | Attr = ]
HotKeysCmds -> C:\WINDOWS\SYSTEM32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 6/21/2005 11:44:34 PM | Attr = ]
HP Software Update -> C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 10:11:42 PM | Attr = ]
HPDJ Taskbar Utility -> C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb08.exe -> HP [Ver = 2,223,0,0 | Size = 172032 bytes | Modified Date = 3/11/2003 4:08:52 AM | Attr = ]
IgfxTray -> C:\WINDOWS\SYSTEM32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 155648 bytes | Modified Date = 6/21/2005 11:48:18 PM | Attr = ]
InCD -> C:\Program Files\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 14, 1 | Size = 1383936 bytes | Modified Date = 4/12/2005 3:15:30 AM | Attr = ]
MCAgentExe -> c:\Program Files\McAfee.com\Agent\mcagent.exe -> Networks Associates Technology, Inc [Ver = 4, 2, 0, 8 | Size = 200704 bytes | Modified Date = 3/18/2003 1:53:52 PM | Attr = ]
MCUpdateExe -> C:\Program Files\McAfee.com\Agent\mcupdate.exe -> Networks Associates Technology, Inc [Ver = 4, 2, 0, 8 | Size = 159744 bytes | Modified Date = 8/4/2003 6:25:18 PM | Attr = ]
NeroFilterCheck -> C:\WINDOWS\SYSTEM32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ]
PCMService -> C:\Program Files\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 8/26/2003 7:47:34 PM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49263 bytes | Modified Date = 10/12/2006 3:10:54 AM | Attr = ]
VirusScan Online -> c:\Program Files\McAfee.com\VSO\mcvsshld.exe -> Networks Associates Technology, Inc [Ver = 4, 4, 0, 35 | Size = 159744 bytes | Modified Date = 3/21/2003 12:52:12 PM | Attr = ]
VSOCheckTask -> c:\Program Files\McAfee.com\VSO\mcmnhdlr.exe -> Networks Associates Technology, Inc [Ver = 4, 4, 0, 35 | Size = 122880 bytes | Modified Date = 3/21/2003 12:50:32 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MySpaceIM -> C:\Program Files\MySpace\IM\MySpaceIM.exe -> [Ver = 1.0.404.0 | Size = 1191936 bytes | Modified Date = 8/23/2006 11:22:56 AM | Attr = ]
updateMgr -> C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 3:45:08 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 9:05:26 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\James\Start Menu\Programs\Startup
C:\Documents and Settings\James\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe -> Sony Corporation [Ver = 1.0.00.10282 | Size = 155648 bytes | Modified Date = 10/28/2005 1:12:04 PM | Attr = ]
-> C:\Documents and Settings\James\Start Menu\Programs\Startup\PowerReg Scheduler.exe -> [Ver = 2, 0, 0, 1 | Size = 256000 bytes | Modified Date = 11/14/2006 12:49:44 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Page_URL -> http://www.dell.com ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://home.accuweather.com/index.asp?partner=accuweather ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
secure_cableon.net [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 7:38:22 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8195 - Reg Data - Value does not exist ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8194 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8196 - Windows Messenger ->
NextId -> 8197 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 69746 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 434279 bytes | Modified Date = 10/12/2006 3:25:44 AM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Windows Live Search -> C:\Program Files\Windows Live Toolbar\msntb.dll\search.htm -> File not found
Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found
E&xport to Microsoft Excel -> -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{330417E8-EF62-4047-82BE-D8305CEFF572} [HKLM] -> Reg Data - Key not found [AMEncShlExt extension] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\SYSTEM32\HTICONS.DLL [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] -> C:\Program Files\Ahead\InCD\incdshx.dll [Shell Extension for CDRW] -> Nero AG [Ver = 4, 3, 14, 1 | Size = 103424 bytes | Modified Date = 4/12/2005 11:16:02 AM | Attr = ]
{97090E2F-3062-4459-855B-014F0D3CDBB1} [HKLM] -> Reg Data - Key not found [Windows Deskbar] -> File not found
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> C:\WINDOWS\SYSTEM32\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.4342 | Size = 225280 bytes | Modified Date = 6/21/2005 11:47:56 PM | Attr = ]
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] -> C:\Program Files\Ahead\InCD\incdshx.dll [InCDMenu] -> Nero AG [Ver = 4, 3, 14, 1 | Size = 103424 bytes | Modified Date = 4/12/2005 11:16:02 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 1:20:02 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{2C0056F7-D2B5-4B29-8EF9-13A9F9C738CF} -> (Motorola SURFboard SB5101 USB Cable Modem) ->
{FA995967-1AE3-4949-8B04-0199F3071C9B} -> (Broadcom 440x 10/100 Integrated Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found


[Files - Created Wihin 30 days]
ctor.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69715 bytes | Created Date = 11/30/2006 3:43:10 PM | Attr = ]
DotNetInstaller.exe -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe -> InstallShield Software Corporation [Ver = 11.50.0.42618 | Size = 5632 bytes | Created Date = 11/30/2006 3:43:10 PM | Attr = ]
iGdi.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 200836 bytes | Created Date = 11/30/2006 3:43:09 PM | Attr = ]
iKernel.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 757760 bytes | Created Date = 11/30/2006 3:43:10 PM | Attr = ]
iscript.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 274432 bytes | Created Date = 11/30/2006 3:43:10 PM | Attr = ]
iuser.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 204800 bytes | Created Date = 11/30/2006 3:43:10 PM | Attr = ]
setup.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 331908 bytes | Created Date = 11/30/2006 3:43:08 PM | Attr = ]
IDNMitigationAPIs.log -> C:\WINDOWS\IDNMitigationAPIs.log -> [Ver = | Size = 13723 bytes | Created Date = 12/27/2006 2:19:27 PM | Attr = ]
ie7.log -> C:\WINDOWS\ie7.log -> [Ver = | Size = 53526 bytes | Created Date = 12/27/2006 2:19:48 PM | Attr = ]
ie7_main.log -> C:\WINDOWS\ie7_main.log -> [Ver = | Size = 24280 bytes | Created Date = 12/27/2006 8:54:28 AM | Attr = ]
KB904942.log -> C:\WINDOWS\KB904942.log -> [Ver = | Size = 10669 bytes | Created Date = 12/27/2006 2:16:13 PM | Attr = ]
KB911993-V2.log -> C:\WINDOWS\KB911993-V2.log -> [Ver = | Size = 13464 bytes | Created Date = 12/27/2006 3:38:24 PM | Attr = ]
KB914440.log -> C:\WINDOWS\KB914440.log -> [Ver = | Size = 5616 bytes | Created Date = 12/27/2006 2:17:26 PM | Attr = ]
KB915865.log -> C:\WINDOWS\KB915865.log -> [Ver = | Size = 12348 bytes | Created Date = 12/27/2006 2:18:38 PM | Attr = ]
KB923689.log -> C:\WINDOWS\KB923689.log -> [Ver = | Size = 10556 bytes | Created Date = 12/17/2006 3:01:53 AM | Attr = ]
KB923694.log -> C:\WINDOWS\KB923694.log -> [Ver = | Size = 12016 bytes | Created Date = 12/16/2006 11:46:15 AM | Attr = ]
KB925398.log -> C:\WINDOWS\KB925398.log -> [Ver = | Size = 9198 bytes | Created Date = 12/17/2006 3:02:26 AM | Attr = ]
KB925454.log -> C:\WINDOWS\KB925454.log -> [Ver = | Size = 31259 bytes | Created Date = 12/16/2006 11:48:07 AM | Attr = ]
KB926255.log -> C:\WINDOWS\KB926255.log -> [Ver = | Size = 12019 bytes | Created Date = 12/16/2006 11:46:31 AM | Attr = ]
NLSDownlevelMapping.log -> C:\WINDOWS\NLSDownlevelMapping.log -> [Ver = | Size = 13425 bytes | Created Date = 12/27/2006 2:18:59 PM | Attr = ]
setuperr.log -> C:\WINDOWS\setuperr.log -> [Ver = | Size = 0 bytes | Created Date = 12/27/2006 2:17:20 PM | Attr = ]
igfx.hlp -> C:\WINDOWS\System32\igfx.hlp -> [Ver = | Size = 57801 bytes | Created Date = 12/26/2006 11:16:18 AM | Attr = ]
java.exe -> C:\WINDOWS\System32\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 49248 bytes | Created Date = 12/8/2006 12:21:30 PM | Attr = ]
javaw.exe -> C:\WINDOWS\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 53346 bytes | Created Date = 12/8/2006 12:21:30 PM | Attr = ]
javaws.exe -> C:\WINDOWS\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 127078 bytes | Created Date = 12/8/2006 12:21:30 PM | Attr = ]
jupdate-1.5.0_09-b03.log -> C:\WINDOWS\System32\jupdate-1.5.0_09-b03.log -> [Ver = | Size = 8428 bytes | Created Date = 12/8/2006 12:20:25 PM | Attr = ]

[Files - Modified Wihin 30 days]
hiberfil.sys -> C:\hiberfil.sys -> [Ver = | Size = 266407936 bytes | Modified Date = 12/27/2006 10:25:30 PM | Attr = HS]
hpfr3600.log -> C:\hpfr3600.log -> [Ver = | Size = 429332 bytes | Modified Date = 12/29/2006 10:32:14 AM | Attr = ]
omglog.txt -> C:\Program Files\Common Files\Sony Shared\OpenMG\omglog.txt -> [Ver = | Size = 3952 bytes | Modified Date = 12/2/2006 8:46:44 PM | Attr = ]
iGdi.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 200836 bytes | Modified Date = 11/30/2006 3:43:10 PM | Attr = ]
setup.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 331908 bytes | Modified Date = 11/30/2006 3:43:10 PM | Attr = ]
0.LOG -> C:\WINDOWS\0.LOG -> [Ver = | Size = 0 bytes | Modified Date = 12/27/2006 10:25:54 PM | Attr = ]
BOOTSTAT.DAT -> C:\WINDOWS\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 12/27/2006 10:25:32 PM | Attr = S]
COMSETUP.LOG -> C:\WINDOWS\COMSETUP.LOG -> [Ver = | Size = 275562 bytes | Modified Date = 12/27/2006 3:39:48 PM | Attr = ]
DirectX.log -> C:\WINDOWS\DirectX.log -> [Ver = | Size = 118010 bytes | Modified Date = 12/27/2006 9:54:40 PM | Attr = ]
FaxSetup.log -> C:\WINDOWS\FaxSetup.log -> [Ver = | Size = 985948 bytes | Modified Date = 12/27/2006 3:39:34 PM | Attr = ]
IDNMitigationAPIs.log -> C:\WINDOWS\IDNMitigationAPIs.log -> [Ver = | Size = 13723 bytes | Modified Date = 12/27/2006 2:19:48 PM | Attr = ]
IE4 Error Log.txt -> C:\WINDOWS\IE4 Error Log.txt -> [Ver = | Size = 944 bytes | Modified Date = 12/21/2006 2:25:40 PM | Attr = ]
ie7.log -> C:\WINDOWS\ie7.log -> [Ver = | Size = 53526 bytes | Modified Date = 12/27/2006 2:22:14 PM | Attr = ]
ie7_main.log -> C:\WINDOWS\ie7_main.log -> [Ver = | Size = 24280 bytes | Modified Date = 12/27/2006 2:22:32 PM | Attr = ]
IIS6.LOG -> C:\WINDOWS\IIS6.LOG -> [Ver = | Size = 151601 bytes | Modified Date = 12/27/2006 3:39:48 PM | Attr = ]
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 12/27/2006 2:22:14 PM | Attr = ]
imsins.log -> C:\WINDOWS\imsins.log -> [Ver = | Size = 1393 bytes | Modified Date = 12/27/2006 3:39:48 PM | Attr = ]
KB904942.log -> C:\WINDOWS\KB904942.log -> [Ver = | Size = 10669 bytes | Modified Date = 12/27/2006 2:17:24 PM | Attr = ]
KB911993-V2.log -> C:\WINDOWS\KB911993-V2.log -> [Ver = | Size = 13464 bytes | Modified Date = 12/27/2006 3:39:48 PM | Attr = ]
KB914440.log -> C:\WINDOWS\KB914440.log -> [Ver = | Size = 5616 bytes | Modified Date = 12/27/2006 2:17:56 PM | Attr = ]
KB915865.log -> C:\WINDOWS\KB915865.log -> [Ver = | Size = 12348 bytes | Modified Date = 12/27/2006 2:18:58 PM | Attr = ]
KB923689.log -> C:\WINDOWS\KB923689.log -> [Ver = | Size = 10556 bytes | Modified Date = 12/17/2006 3:02:28 AM | Attr = ]
KB923694.log -> C:\WINDOWS\KB923694.log -> [Ver = | Size = 12016 bytes | Modified Date = 12/17/2006 3:01:46 AM | Attr = ]
KB925398.log -> C:\WINDOWS\KB925398.log -> [Ver = | Size = 9198 bytes | Modified Date = 12/17/2006 3:02:46 AM | Attr = ]
KB925454.log -> C:\WINDOWS\KB925454.log -> [Ver = | Size = 31259 bytes | Modified Date = 12/27/2006 2:17:56 PM | Attr = ]
KB926255.log -> C:\WINDOWS\KB926255.log -> [Ver = | Size = 12019 bytes | Modified Date = 12/17/2006 3:01:54 AM | Attr = ]
ModemLog_BCM V.92 56K Modem.txt -> C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt -> [Ver = | Size = 4330 bytes | Modified Date = 12/27/2006 10:25:52 PM | Attr = ]
MSGSOCM.LOG -> C:\WINDOWS\MSGSOCM.LOG -> [Ver = | Size = 49031 bytes | Modified Date = 12/27/2006 3:39:36 PM | Attr = ]
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 12/13/2006 5:20:36 PM | Attr = ]
NLSDownlevelMapping.log -> C:\WINDOWS\NLSDownlevelMapping.log -> [Ver = | Size = 13425 bytes | Modified Date = 12/27/2006 2:19:26 PM | Attr = ]
ntdtcsetup.log -> C:\WINDOWS\ntdtcsetup.log -> [Ver = | Size = 167596 bytes | Modified Date = 12/27/2006 3:39:48 PM | Attr = ]
OCGEN.LOG -> C:\WINDOWS\OCGEN.LOG -> [Ver = | Size = 496419 bytes | Modified Date = 12/27/2006 3:39:36 PM | Attr = ]
OCMSN.LOG -> C:\WINDOWS\OCMSN.LOG -> [Ver = | Size = 36061 bytes | Modified Date = 12/27/2006 3:39:48 PM | Attr = ]
orun32.ini -> C:\WINDOWS\orun32.ini -> [Ver = | Size = 788 bytes | Modified Date = 12/3/2006 10:18:52 AM | Attr = ]
SchedLgU.Txt -> C:\WINDOWS\SchedLgU.Txt -> [Ver = | Size = 32492 bytes | Modified Date = 12/29/2006 11:10:02 AM | Attr = ]
SETUPACT.LOG -> C:\WINDOWS\SETUPACT.LOG -> [Ver = | Size = 193154 bytes | Modified Date = 12/26/2006 10:35:14 PM | Attr = ]
setupapi.log -> C:\WINDOWS\setupapi.log -> [Ver = | Size = 645804 bytes | Modified Date = 12/27/2006 3:39:34 PM | Attr = ]
setuperr.log -> C:\WINDOWS\setuperr.log -> [Ver = | Size = 0 bytes | Modified Date = 12/27/2006 2:17:22 PM | Attr = ]
spupdsvc.log -> C:\WINDOWS\spupdsvc.log -> [Ver = | Size = 40932 bytes | Modified Date = 12/27/2006 3:16:18 PM | Attr = ]
TSOC.LOG -> C:\WINDOWS\TSOC.LOG -> [Ver = | Size = 379121 bytes | Modified Date = 12/27/2006 3:39:48 PM | Attr = ]
updspapi.log -> C:\WINDOWS\updspapi.log -> [Ver = | Size = 71017 bytes | Modified Date = 12/27/2006 2:21:44 PM | Attr = ]
WIADEBUG.LOG -> C:\WINDOWS\WIADEBUG.LOG -> [Ver = | Size = 157 bytes | Modified Date = 12/27/2006 10:25:42 PM | Attr = ]
WIASERVC.LOG -> C:\WINDOWS\WIASERVC.LOG -> [Ver = | Size = 50 bytes | Modified Date = 12/27/2006 10:25:40 PM | Attr = ]
WIN.INI -> C:\WINDOWS\WIN.INI -> [Ver = | Size = 748 bytes | Modified Date = 12/27/2006 10:16:26 PM | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 1499428 bytes | Modified Date = 12/27/2006 10:25:42 PM | Attr = ]
wmsetup.log -> C:\WINDOWS\wmsetup.log -> [Ver = | Size = 78969 bytes | Modified Date = 12/14/2006 7:22:14 PM | Attr = ]
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [Ver = | Size = 118952 bytes | Modified Date = 12/26/2006 8:56:06 PM | Attr = ]
jupdate-1.5.0_09-b03.log -> C:\WINDOWS\System32\jupdate-1.5.0_09-b03.log -> [Ver = | Size = 8428 bytes | Modified Date = 12/8/2006 12:21:22 PM | Attr = ]
WPA.DBL -> C:\WINDOWS\System32\WPA.DBL -> [Ver = | Size = 1170 bytes | Modified Date = 12/28/2006 10:25:18 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 6/20/2003 6:50:54 AM | Attr = ]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 4/13/2005 3:22:10 AM | Attr = ]
USERTRUST , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4490872 bytes | Modified Date = 10/12/2006 3:41:58 AM | Attr = ]
UPX! , UPX0 , -> C:\Program Files\Common Files\Nullsoft\Video\ActiveX\plugins\nsvplayx_vp5_mp3.dll -> * * * [Ver = 1, 0, 0, 98 | Size = 177152 bytes | Modified Date = 8/9/2003 5:36:56 PM | Attr = ]
UPX! , UPX0 , -> C:\Program Files\Common Files\Sony Shared\OpenMG\InstallCheckTool.exe -> [Ver = 2.5.8.5 | Size = 223159 bytes | Modified Date = 11/24/2005 5:12:32 PM | Attr = ]
PEC2 , WSUD , -> C:\Program Files\Common Files\SpeechEngines\Microsoft\SR61\1033\AF031033.AM -> [Ver = | Size = 7048576 bytes | Modified Date = 11/22/2002 1:27:36 AM | Attr = ]
PEC2 , -> C:\WINDOWS\System32\DFRG.MSC -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
aspack , -> C:\WINDOWS\System32\lame_enc.dll -> [Ver = | Size = 120832 bytes | Modified Date = 3/19/2002 7:18:54 AM | Attr = ]
aspack , -> C:\WINDOWS\System32\NCTAudioFile.dll -> NCT Company [Ver = 1, 7, 6, 0 | Size = 491520 bytes | Modified Date = 12/3/2002 3:02:58 AM | Attr = ]
aspack , -> C:\WINDOWS\System32\NCTAudioInformation2.dll -> NCT Company Ltd. [Ver = 2, 1, 2, 0 | Size = 573440 bytes | Modified Date = 3/26/2003 6:59:40 AM | Attr = ]
aspack , -> C:\WINDOWS\System32\NCTAudioPlayer.dll -> NCT Company [Ver = 1, 7, 6, 0 | Size = 168448 bytes | Modified Date = 12/3/2002 3:07:08 AM | Attr = ]
aspack , -> C:\WINDOWS\System32\NCTWMAFile.dll -> NCT Company [Ver = 1, 7, 6, 0 | Size = 143872 bytes | Modified Date = 12/3/2002 3:11:10 AM | Attr = ]
winsync , -> C:\WINDOWS\System32\WBDBASE.DEU -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ]
PTech , -> C:\WINDOWS\System32\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 11:41:38 PM | Attr = ]
PTech , -> C:\WINDOWS\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 11:41:38 PM | Attr = ]

< End of report >

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:24 PM

Posted 29 December 2006 - 04:45 PM

Hi bluwtr. The log looks clean. No problems there.

For the following 2 folders, if they exists, just delete them in explorer.

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Find the following files/folders and delete them (don't worry if they are already gone):C:\Documents and Settings\James\Desktop\Wes and Brandi\Wes\Wes Work\Free KGB Key Logger\ .
C:\Documents and Settings\James\Desktop\Wes and Brandi\Wes\Wes Work\Keyboard Logger Pro\

Note: If you receive any error messages while trying to delete any of the above files/folders then reboot into Safe Mode and try to delete them again. See the instructions below on how to boot into Safe Mode.
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
When finished, reboot normally and post back your results.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 bluwtr

bluwtr
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 30 December 2006 - 04:20 PM

Hey OT,

I went through what you suggested and the files were not there, so I guess they have already been deleted. Thanks for all of your help. I really appreciate it.

bluwtr

#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:24 PM

Posted 30 December 2006 - 07:18 PM

Hi bluwtr. Excellent. Then let's do a little final cleanup.

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
  • CHECK the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
  • Turn off System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • CHECK Turn off System Restore.
    • Click Apply, and then click OK.
  • Restart your computer.
  • Turn ON System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • UN-Check Turn off System Restore.
    • Click Apply, and then click OK.
System Restore will now be active again.

You can also delete any WinPFind3u files/folders that are still on your desktop. If you need it in the future you can download the latest version at that time.

Now that you are clean, to help protect your computer in the future I recommend the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You already have a good anti-virus, and you should also have a good firewall for blocking unwanted access to and from your computer. These also are free for personal use:It is best to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit Microsoft Windows Update monthly. Microsoft puts out new updates on the 2nd Tuesday of every month so be sure to check regularly.

And to keep your system clean be aware of what emails you open, what websites you visit, and update and run these free malware scanners once a week:To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 bluwtr

bluwtr
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 02 January 2007 - 05:50 PM

Once again thanks. I've done all that you recommended. I've used SpyBot before and have installed it again.

Happy New Year,

bluwtr

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:24 PM

Posted 04 January 2007 - 04:55 PM

You are very welcome bluwtr. I am glad that we could help.

I will now close this toipic. If you have any malware related quesitons or issues in the future please start a new topic.

Cheers and Happy Computing :thumbsup:

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users