Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seem To Be Infected But Cannot Identify


  • This topic is locked This topic is locked
21 replies to this topic

#1 prampara

prampara

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 28 December 2006 - 06:55 AM

Hi, I need whatever help to resolve my problems. I am a firefox user but use IE once in a while. Over the last few days I find IE is not opening. It shows the "Internet explorer is not your default browser, do you want to make it your default browser" screen and then immaterial of the answer, it dies out. I have even tried reinstalling IE but has unfortunately not helped. My windows update is also enabled and is up to date. Also, I access the net thru lan and have to access the net using the ISP (Sify) provided application. I find that even when not connected my sent/ received numbers are huge (even GBs at times) which was not the case earlier. My average daily usage does not go beyond 50 mb. I have scanned my PC using spware doctor, ad-aware and spybot. Ad-aware detected alexa and spware doctor detected some tracking cookies. I find that my computer has become slower and less responsive. I am posting the HJT log for analysis. Please help.
Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 4:47:57 PM, on 12/28/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\ups.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\program files\advanced system optimizer\memtuneup.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Sify Broadband\BB_CustomMessage.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\SiteAdvisor\SiteAdv.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\saIE.dll
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~4\tools\iesdsg.dll
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
O2 - BHO: (no name) - {A491D208-B353-490F-B81A-A8A3DC97042D} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~4\tools\iesdpb.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: CBHO Object - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll
O2 - BHO: (no name) - {CE57DA55-F491-45C6-B3DB-6C98E4B17CDC} - (no file)
O2 - BHO: (no name) - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)
O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\Speed Video Splitter\msdxm.ocx
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [Openwares LiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe"
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] "C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe"
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe
O4 - Startup: AbsoluteShield Internet Eraser.lnk = C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Ashampoo Magical Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &WordWeb... - res://C:\WINNT\wweb32.dll/lookup.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Broadband - {1A388C31-133D-11d7-AEC2-0050BAD92AF7} - http://mum.sifybroadband.com/bbandnew/customerlogin.php3 (file missing)
O9 - Extra 'Tools' menuitem: Sify Broadband - {1A388C31-133D-11d7-AEC2-0050BAD92AF7} - http://mum.sifybroadband.com/bbandnew/customerlogin.php3 (file missing)
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~4\tools\iesdpb.dll
O9 - Extra button: FreshDownload - {73617ADE-7BFE-4BB3-B1CD-786AE38011B6} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O10 - Broken Internet access because of LSP provider 'smnsp.dll' missing
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123749308584
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A12EA09A-13DE-4C71-9AE6-0299D1009C65}: NameServer = 202.144.115.4,202.144.10.50
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\toolbars\Shared\Skype4ComAPI.dll
O20 - Winlogon Notify: klogon - C:\WINNT\system32\klogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: C-DillaSrv - Unknown owner - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:35 PM

Posted 28 December 2006 - 09:53 AM

Hello prampara and welcome to the BC HijackThis forum. Let's try a different scanner and see what it shows us.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 prampara

prampara
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 29 December 2006 - 04:10 AM

Thanks for helping me me out. Here is the log as reqd by you:


WinPFind3U by OldTimer - Version 1.0.4 Folder = C:\Documents and Settings\pramod\Desktop\WinPFind3u\
Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195)
Internet Explorer (Version = 6.0.2800.1106)


[Processes - Non-Microsoft Only]
ad-watch.exe -> C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe -> Lavasoft Sweden [Ver = 3.1.2.17 | Size = 517632 bytes | Modified Date = 5/25/2005 12:12:36 PM | Attr = ]
adefragctrl.exe -> C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe -> [Ver = 1, 1, 1, 1 | Size = 4112497 bytes | Modified Date = 3/27/2006 3:26:56 PM | Attr = ]
adefragservice.exe -> C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe -> [Ver = 1, 1, 1, 1 | Size = 876663 bytes | Modified Date = 3/27/2006 3:30:40 PM | Attr = ]
aluschedulersvc.exe -> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.166 | Size = 100032 bytes | Modified Date = 5/15/2006 6:24:34 PM | Attr = ]
avp.exe -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 155751 bytes | Modified Date = 11/8/2006 6:28:30 PM | Attr = ]
avp.exe -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 155751 bytes | Modified Date = 11/8/2006 6:28:30 PM | Attr = ]
bb_custommessage.exe -> C:\Program Files\Sify Broadband\BB_CustomMessage.exe -> Sify [Ver = 1, 0, 0, 1 | Size = 57344 bytes | Modified Date = 10/1/2005 11:48:30 AM | Attr = ]
bbimpsec.exe -> C:\Program Files\Sify Broadband\BBImpSec.exe -> [Ver = 1, 2, 0, 1 | Size = 135243 bytes | Modified Date = 12/29/2006 10:57:42 AM | Attr = ]
cseraser.exe -> C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe -> SysShield Consulting, Inc. [Ver = 3, 3, 7, 0 | Size = 585216 bytes | Modified Date = 7/15/2004 10:29:12 AM | Attr = ]
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.1: 2006120418 | Size = 7620696 bytes | Modified Date = 12/20/2006 2:43:36 PM | Attr = ]
jusched.exe -> C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 36975 bytes | Modified Date = 6/3/2005 3:52:54 AM | Attr = ]
memtuneup.exe -> C:\program files\advanced system optimizer\memtuneup.exe -> Systweak Inc [Ver = 2,1,4,400 | Size = 113152 bytes | Modified Date = 7/7/2005 4:58:10 PM | Attr = ]
pctspk.exe -> C:\WINNT\system32\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 68608 bytes | Modified Date = 1/19/2000 6:00:56 PM | Attr = ]
schedhlp.exe -> C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe -> Acronis [Ver = 1,0,0,237 | Size = 87584 bytes | Modified Date = 10/16/2006 9:13:32 PM | Attr = ]
schedul2.exe -> C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,237 | Size = 230944 bytes | Modified Date = 10/16/2006 9:13:28 PM | Attr = ]
sdhelp.exe -> C:\Program Files\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 | Size = 895088 bytes | Modified Date = 11/2/2006 5:17:14 PM | Attr = ]
spywareterminatorshield.exe -> C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe -> Crawler.com [Ver = 1.1.0.316 | Size = 1654272 bytes | Modified Date = 8/31/2006 4:00:38 PM | Attr = ]
timountermonitor.exe -> C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe -> Acronis [Ver = 3.3 build 443 | Size = 1941784 bytes | Modified Date = 10/16/2006 9:17:16 PM | Attr = ]
trueimagemonitor.exe -> C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe -> Acronis [Ver = 10,0,0,4871 | Size = 1164912 bytes | Modified Date = 10/16/2006 9:12:20 PM | Attr = ]
vsmon.exe -> C:\WINNT\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\pramod\Desktop\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.4.0 | Size = 303104 bytes | Modified Date = 12/28/2006 1:16:46 PM | Attr = ]
zlclient.exe -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 8/23/2006 11:38:28 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,237 | Size = 230944 bytes | Modified Date = 10/16/2006 9:13:28 PM | Attr = ]
(AshampooDefragService) AshampooDefragService [Win32_Own | Auto | Running] -> C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe -> [Ver = 1, 1, 1, 1 | Size = 876663 bytes | Modified Date = 3/27/2006 3:30:40 PM | Attr = ]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> File not found
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.166 | Size = 100032 bytes | Modified Date = 5/15/2006 6:24:34 PM | Attr = ]
(AVP) Kaspersky Anti-Virus 6.0 [Win32_Own | Auto | Running] -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 155751 bytes | Modified Date = 11/8/2006 6:28:30 PM | Attr = ]
(C-DillaSrv) C-DillaSrv [Win32_Own | Auto | Stopped] -> C:\WINNT\system32\DRIVERS\CDANTSRV.EXE -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINNT\system32\dmadmin.exe -> VERITAS Software Corp. [Ver = 2195.6624.297.3 | Size = 147728 bytes | Modified Date = 6/20/2003 12:35:04 AM | Attr = ]
(EpsonBidirectionalService) EpsonBidirectionalService [Win32_Own | Auto | Stopped] -> C:\Program Files\EPSON\ESM2\eEBSvc.exe -> [Ver = | Size = 77824 bytes | Modified Date = 1/30/2002 7:33:14 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.166 | Size = 2086592 bytes | Modified Date = 5/15/2006 6:24:34 PM | Attr = ]
(OracleOraHome90ManagementServer) OracleOraHome90ManagementServer [Win32_Own | Disabled | Stopped] -> -> File not found
(OracleOraHome90TNSListener) OracleOraHome90TNSListener [Win32_Own | Disabled | Stopped] -> -> File not found
(OracleOraHome90TNSListenerLISTENER1) OracleOraHome90TNSListenerLISTENER1 [Win32_Own | Disabled | Stopped] -> -> File not found
(OracleServiceOEMREP) OracleServiceOEMREP [Win32_Own | Disabled | Stopped] -> e:\oracle\ora90\bin\ORACLE.EXE -> File not found
(OracleServicePRASU) OracleServicePRASU [Win32_Own | Disabled | Stopped] -> e:\oracle\ora90\bin\ORACLE.EXE -> File not found
(Pctspk) W2K PCtel speaker phone [Win32_Own | Auto | Running] -> C:\WINNT\system32\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 68608 bytes | Modified Date = 1/19/2000 6:00:56 PM | Attr = ]
(SDhelper) PC Tools Spyware Doctor [Win32_Own | Auto | Running] -> C:\Program Files\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 | Size = 895088 bytes | Modified Date = 11/2/2006 5:17:14 PM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Stopped] -> C:\WINNT\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Stopped] -> C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
Acronis Scheduler2 Service -> C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe -> Acronis [Ver = 1,0,0,237 | Size = 87584 bytes | Modified Date = 10/16/2006 9:13:32 PM | Attr = ]
AcronisTimounterMonitor -> C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe -> Acronis [Ver = 3.3 build 443 | Size = 1941784 bytes | Modified Date = 10/16/2006 9:17:16 PM | Attr = ]
AVP -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 155751 bytes | Modified Date = 11/8/2006 6:28:30 PM | Attr = ]
CountrySelection -> C:\WINNT\system32\pctptt.exe -> PCtel, Inc. [Ver = 1, 0, 0, 0 | Size = 68096 bytes | Modified Date = 1/5/2000 4:11:36 PM | Attr = ]
Openwares LiveUpdate -> C:\Program Files\LiveUpdate\LiveUpdate.exe -> Openwares [Ver = 1, 0, 0, 1 | Size = 61440 bytes | Modified Date = 12/13/2003 10:47:22 PM | Attr = ]
OSSelectorReinstall -> C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe -> [Ver = | Size = 1544099 bytes | Modified Date = 11/29/2005 1:22:14 PM | Attr = ]
SpywareTerminator -> C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe -> Crawler.com [Ver = 1.1.0.316 | Size = 1654272 bytes | Modified Date = 8/31/2006 4:00:38 PM | Attr = ]
TrueImageMonitor.exe -> C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe -> Acronis [Ver = 10,0,0,4871 | Size = 1164912 bytes | Modified Date = 10/16/2006 9:12:20 PM | Attr = ]
VTPreset -> C:\WINNT\system32\VTPreset.exe -> S3 Graphics, Inc. [Ver = 1.01.00.0102 | Size = 45056 bytes | Modified Date = 2/24/2004 8:17:18 PM | Attr = ]
Zone Labs Client -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 8/23/2006 11:38:28 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AWMON -> C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe -> Lavasoft Sweden [Ver = 3.1.2.17 | Size = 517632 bytes | Modified Date = 5/25/2005 12:12:36 PM | Attr = ]
SifyBB -> C:\Program Files\Sify Broadband\BBImpSec.exe -> [Ver = 1, 2, 0, 1 | Size = 135243 bytes | Modified Date = 12/29/2006 10:57:42 AM | Attr = ]
Systweak Memory Optimizer -> c:\program files\advanced system optimizer\memtuneup.exe -> Systweak Inc [Ver = 2,1,4,400 | Size = 113152 bytes | Modified Date = 7/7/2005 4:58:10 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 3:06:48 PM | Attr = ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 1:48:20 AM | Attr = ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/23/2006 12:01:50 AM | Attr = ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ashampoo Magical Defrag.lnk -> C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe -> [Ver = 1, 1, 1, 1 | Size = 4112497 bytes | Modified Date = 3/27/2006 3:26:56 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\pramod\Start Menu\Programs\Startup
C:\Documents and Settings\pramod\Start Menu\Programs\Startup\AbsoluteShield Internet Eraser.lnk -> C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe -> SysShield Consulting, Inc. [Ver = 3, 3, 7, 0 | Size = 585216 bytes | Modified Date = 7/15/2004 10:29:12 AM | Attr = ]
C:\Documents and Settings\pramod\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk -> C:\WINNT\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe -> [Ver = | Size = 28160 bytes | Modified Date = 12/8/2003 2:04:34 PM | Attr = R ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
KShareAP.dll -> KShareAP.dll -> File not found
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
klogon -> C:\WINNT\system32\klogon.dll -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 94314 bytes | Modified Date = 11/1/2006 5:42:54 PM | Attr = ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoBackButton -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoFileMru -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsHistory -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInstrumentation -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINNT\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> local;<local> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0000CC75-ACF3-4cac-A0A9-DD3868E06852} [HKLM] -> C:\Program Files\DAP\DAPBHO.dll [DAPHelper Class] -> Speedbit Ltd. [Ver = 8, 0, 0, 0 | Size = 122946 bytes | Modified Date = 7/26/2006 6:17:14 PM | Attr = ]
{029CA12C-89C1-46a7-A3C7-82F2F98635CB} [HKLM] -> Reg Data - Key not found [ZIBho Class] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ]
{089FD14D-132B-48FC-8861-0048AE113215} [HKLM] -> C:\Program Files\SiteAdvisor\saIE.dll [Reg Data - Value does not exist] -> Site Advisor [Ver = 1.2.0.27 | Size = 532480 bytes | Modified Date = 3/24/2006 2:25:26 AM | Attr = ]
{0A87E45F-537A-40B4-B812-E2544C21A09F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 3, 0, 12 | Size = 744960 bytes | Modified Date = 5/12/2004 1:03:00 AM | Attr = ]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKLM] -> C:\Program Files\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.6.0.2071 | Size = 825528 bytes | Modified Date = 8/1/2006 3:27:06 PM | Attr = ]
{9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} [HKLM] -> C:\Program Files\SysShield Tools\Internet Eraser\PKExt.dll [PopKiller Class] -> SysShield Consulting, Inc. [Ver = 1, 4, 0, 0 | Size = 66048 bytes | Modified Date = 6/14/2004 8:23:10 PM | Attr = ]
{A491D208-B353-490F-B81A-A8A3DC97042D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKLM] -> C:\Program Files\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Modified Date = 8/1/2006 3:23:12 PM | Attr = ]
{BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} [HKLM] -> C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll [CBHO Object] -> CoreStreet, Ltd. [Ver = 1.02 | Size = 94208 bytes | Modified Date = 8/18/2004 9:40:40 AM | Attr = ]
{CE57DA55-F491-45C6-B3DB-6C98E4B17CDC} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{E24AD748-155E-4254-B674-4EDF86E7E1DF} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKLM] -> C:\Program Files\SiteAdvisor\saIE.dll [SiteAdvisor] -> Site Advisor [Ver = 1.2.0.27 | Size = 532480 bytes | Modified Date = 3/24/2006 2:25:26 AM | Attr = ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ]
{4D46ED77-1429-4CF6-8F63-C84B5D710BAF} [HKLM] -> C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll [SpoofStick] -> CoreStreet, Ltd. [Ver = 1.02 | Size = 176128 bytes | Modified Date = 8/18/2004 9:40:46 AM | Attr = ]
{ED0E8CA5-42FB-4B18-997B-769E0408E79D} [HKLM] -> C:\Program Files\FreshDevices\FreshDownload\fdiebar.dll [FreshDownload Bar] -> FreshDevices Corp. [Ver = 1.0.0.0 | Size = 232448 bytes | Modified Date = 11/23/2006 9:02:04 AM | Attr = ]
{EE9DD090-902D-4623-9360-FB7D8666202B} [HKLM] -> C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll [AbsoluteShield] -> AbsoluteShield Software [Ver = 3, 0, 0, 0 | Size = 139264 bytes | Modified Date = 6/14/2004 8:23:18 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ]
WebBrowser\\{4D46ED77-1429-4CF6-8F63-C84B5D710BAF} [HKLM] -> C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll [SpoofStick] -> CoreStreet, Ltd. [Ver = 1.02 | Size = 176128 bytes | Modified Date = 8/18/2004 9:40:46 AM | Attr = ]
WebBrowser\\{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{7435856C-6CA1-45CF-A00D-82178387F223} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8193 - Sun Java Console ->
{17A197DD-BDC2-4CD7-9CB5-EC9F8C9558F7} -> 8205 - Reg Data - Key not found ->
{1A388C31-133D-11d7-AEC2-0050BAD92AF7} -> 8194 - Sify Broadband ->
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} -> 8209 - Reg Data - Value does not exist ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8200 - Reg Data - Value does not exist ->
{2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} -> 8202 - Reg Data - Key not found ->
{320AF880-6646-11D3-ABEE-C5DBF3571F46} -> 8197 - Reg Data - Key not found ->
{320AF880-6646-11D3-ABEE-C5DBF3571F49} -> 8198 - Reg Data - Key not found ->
{5393EDD0-762F-46B0-93ED-807389A0D6D4} -> 8206 - Reg Data - Key not found ->
{553EEAC2-ED97-448A-9E10-BD531C01099F} -> 8201 - Reg Data - Key not found ->
{55AE40CA-2C9E-4D21-84B2-BC8B0B84D224} -> 8203 - Reg Data - Key not found ->
{5D938D1D-3172-4190-8FF7-1F901DD367A1} -> 8207 - Reg Data - Key not found ->
{724d43aa-0d85-11d4-9908-00400523e39a} -> 8199 - Reg Data - Key not found ->
{73617ADE-7BFE-4BB3-B1CD-786AE38011B6} -> 8210 - Reg Data - Value does not exist ->
{BCDB12DA-0432-48FD-B798-29AF05EF9911} -> 8204 - Reg Data - Key not found ->
NextId -> 8212 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 69746 bytes | Modified Date = 6/3/2005 4:09:54 AM | Attr = ]
{1A388C31-133D-11d7-AEC2-0050BAD92AF7} -> http:\mum.sifybroadband.com\bbandnew\customerlogin.php [ButtonText: Broadband] -> File not found
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} -> Reg Data - Value does not exist [ButtonText: Web Anti-Virus] -> File not found
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> Reg Data - Value does not exist [ButtonText: Spyware Doctor] -> File not found
{73617ADE-7BFE-4BB3-B1CD-786AE38011B6} -> C:\Program Files\FreshDevices\FreshDownload\fd.exe [ButtonText: FreshDownload] -> FreshDevices.com. [Ver = 7.66.0.0 | Size = 648704 bytes | Modified Date = 11/23/2006 9:02:02 AM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Clean Traces -> C:\Program Files\DAP\Privacy Package\dapcleanerie.htm -> [Ver = | Size = 1748 bytes | Modified Date = 7/26/2006 6:17:18 PM | Attr = ]
&Download with &DAP -> C:\Program Files\DAP\dapextie.htm -> [Ver = | Size = 2020 bytes | Modified Date = 7/26/2006 6:17:20 PM | Attr = ]
&WordWeb... -> C:\WINNT\wweb32.dll\lookup.htm -> File not found
Convert link target to Adobe PDF -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert link target to existing PDF -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert selected links to Adobe PDF -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm -> File not found
Convert selected links to existing PDF -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm -> File not found
Convert selection to Adobe PDF -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert selection to existing PDF -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert to Adobe PDF -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert to existing PDF -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Download &All by FD -> Reg Data - Value does not exist -> File not found
Download &all with DAP -> C:\Program Files\DAP\dapextie2.htm -> [Ver = | Size = 1041 bytes | Modified Date = 7/26/2006 6:17:20 PM | Attr = ]
Download with &FD -> Reg Data - Value does not exist -> File not found
Get It With Kontiki -> -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.htm -> C:\Program Files\Netscape\Netscape Browser\plugins\npTrident.dll [Trident Plugin for Netscape] -> Netscape Communications Corp. [Ver = 2004, 0, 0, 1 | Size = 202752 bytes | Modified Date = 1/28/2006 1:20:52 AM | Attr = ]
.spop -> C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 1:56:24 PM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{1D2680C9-0E2A-469d-B787-065558BC7D43} [HKLM] -> Reg Data - Key not found [Fusion Cache] -> File not found
{23170F69-40C1-278A-1000-000100020000} [HKLM] -> C:\Program Files\7-Zip\7-zip.dll [7-Zip Shell Extension] -> [Ver = | Size = 136704 bytes | Modified Date = 12/9/2005 1:41:06 PM | Attr = ]
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} [HKLM] -> Reg Data - Key not found [dBpowerAMP Music Converter] -> File not found
{2F25CF20-C569-11D1-B94C-00608CB45480} [HKLM] -> C:\Program Files\TextPad 4\system\shellext.dll [TextPad] -> Helios Software Solutions [Ver = 1.3 | Size = 24576 bytes | Modified Date = 1/1/2003 4:59:02 AM | Attr = ]
{40950107-FEA6-4d53-A65F-B2DCBA57DD58} [HKLM] -> C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll [Nokia Phone Browser] -> Nokia [Ver = 6, 41, 64, 0 | Size = 247296 bytes | Modified Date = 11/16/2004 9:27:44 AM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} [HKLM] -> C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll [TuneUp Shredder Shell Extension] -> TuneUp Software GmbH [Ver = 2.0.0.2 | Size = 25608 bytes | Modified Date = 12/19/2006 4:53:48 PM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7F1CF152-04F8-453A-B34C-E609530A9DC8} [HKLM] -> Reg Data - Key not found [NeroDigitalPropSheetHandler] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{85E0B171-04FA-11D1-B7DA-00A0C90348D6} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll [Web Anti-Virus] -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 184430 bytes | Modified Date = 11/1/2006 5:41:48 PM | Attr = ]
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINNT\system32\HTICONS.DLL [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.00.2195.6684 | Size = 21776 bytes | Modified Date = 6/20/2003 12:35:04 AM | Attr = ]
{A9AACA72-1C51-4F84-804D-90EDBA0D58F4} [HKLM] -> C:\Program Files\Common Files\Zinio\ZSHExt.dll [Zinio Magazine Column Provider] -> Zinio Systems, Inc. [Ver = 3.3.2.3160 | Size = 135168 bytes | Modified Date = 8/18/2005 10:14:16 PM | Attr = ]
{AB77609F-2178-4E6F-9C4B-44AC179D937A} [HKLM] -> Reg Data - Key not found [a Context Menu Shell Extension] -> File not found
{AC0B5D2E-B691-4E12-A4F9-CA88492579A2} [HKLM] -> C:\Program Files\Common Files\Zinio\ZSHExt.dll [Zinio Shell Extension] -> Zinio Systems, Inc. [Ver = 3.3.2.3160 | Size = 135168 bytes | Modified Date = 8/18/2005 10:14:16 PM | Attr = ]
{B327765E-D724-4347-8B16-78AE18552FC3} [HKLM] -> Reg Data - Key not found [NeroDigitalIconHandler] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{B4579AA5-E3A0-49A1-AC0B-5112AFBD215B} [HKLM] -> Reg Data - Key not found [iSQL*Plus Servers] -> File not found
{C0C4375A-5B72-4efe-929D-3B848C3A1E91} [HKLM] -> C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll [Message View] -> Nokia [Ver = 6, 41, 64, 0 | Size = 299008 bytes | Modified Date = 11/16/2004 9:36:08 AM | Attr = ]
{C539A15A-3AF9-4c92-B771-50CB78F5C751} [HKLM] -> C:\Program Files\Acronis\TrueImageHome\tishell.dll [Acronis True Image Shell Context Menu Extension] -> Acronis [Ver = 10,0,0,4871 | Size = 499872 bytes | Modified Date = 10/16/2006 9:17:08 PM | Attr = ]
{C539A15B-3AF9-4c92-B771-50CB78F5C751} [HKLM] -> C:\Program Files\Acronis\TrueImageHome\tishell.dll [Acronis True Image Shell Extension] -> Acronis [Ver = 10,0,0,4871 | Size = 499872 bytes | Modified Date = 10/16/2006 9:17:08 PM | Attr = ]
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [Adobe.Acrobat.ContextMenu] -> Adobe Systems Inc. [Ver = 7.0.0.2004121400\0 | Size = 577536 bytes | Modified Date = 12/14/2004 3:11:42 AM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 11/27/2001 8:10:00 AM | Attr = ]
{E0D79305-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 11/27/2001 8:10:00 AM | Attr = ]
{E0D79306-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 11/27/2001 8:10:00 AM | Attr = ]
{E0D79307-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 11/27/2001 8:10:00 AM | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> C:\Program Files\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2021 | Size = 49198 bytes | Modified Date = 10/10/2005 7:39:16 PM | Attr = ]
{FBFE7864-D495-41f0-B7DC-4BB601CC295E} [HKLM] -> C:\Program Files\Nokia\Nokia PC Suite 6\ContactView.dll [Contact View] -> Nokia [Ver = 6, 41, 64, 0 | Size = 302592 bytes | Modified Date = 11/16/2004 9:30:16 AM | Attr = ]
{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> Reg Data - Key not found [dBpowerAMP Music Converter 1] -> File not found
< Approved Shell Extensions [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL [Web Folders] -> [Ver = | Size = 561210 bytes | Modified Date = 11/3/1999 4:38:34 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{B33DE746-DEFE-4D7A-87DB-900864B1D3A8} [HKLM] -> C:\Program Files\Ashampoo\Ashampoo WinOptimizer Platinum 3\ContextHandler.dll [WOP3_ContextMenuHandler] -> [Ver = | Size = 418304 bytes | Modified Date = 11/10/2005 7:08:58 PM | Attr = ]
{C539A15A-3AF9-4c92-B771-50CB78F5C751} [HKLM] -> C:\Program Files\Acronis\TrueImageHome\tishell.dll [Acronis True Image Shell Context Menu Extension] -> Acronis [Ver = 10,0,0,4871 | Size = 499872 bytes | Modified Date = 10/16/2006 9:17:08 PM | Attr = ]
{23170F69-40C1-278A-1000-000100020000} [HKLM] -> C:\Program Files\7-Zip\7-zip.dll [7-Zip] -> [Ver = | Size = 136704 bytes | Modified Date = 12/9/2005 1:41:06 PM | Attr = ]
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [Adobe.Acrobat.ContextMenu] -> Adobe Systems Inc. [Ver = 7.0.0.2004121400\0 | Size = 577536 bytes | Modified Date = 12/14/2004 3:11:42 AM | Attr = ]
{BED4C38B-F765-45AC-8C56-613F76BBF43E} [HKLM] -> C:\Program Files\DAP\Privacy Package\DAPCtxMenuShell.dll [DAP_Menu] -> Speedbit Ltd. [Ver = 8, 0, 0, 2 | Size = 53339 bytes | Modified Date = 7/26/2006 6:17:18 PM | Attr = ]
{BED4C38B-F765-45AC-8C56-613F76BBF43E} [HKLM] -> C:\Program Files\DAP\Privacy Package\DAPCtxMenuShell.dll [DAP_ShredMenu] -> Speedbit Ltd. [Ver = 8, 0, 0, 2 | Size = 53339 bytes | Modified Date = 7/26/2006 6:17:18 PM | Attr = ]
{90A07ACC-0331-4aee-9AAD-A854A9C37667} [HKLM] -> C:\Program Files\Advanced System Optimizer\ShellExt.dll [FileEncrypt] -> Systweak Inc [Ver = 2,1,4,400 | Size = 190976 bytes | Modified Date = 7/7/2005 4:55:24 PM | Attr = ]
{dd230880-495a-11d1-b064-008048ec2fc5} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll [Kaspersky Anti-Virus] -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 41067 bytes | Modified Date = 11/1/2006 5:43:06 PM | Attr = ]
{2F25CF20-C569-11D1-B94C-00608CB45480} [HKLM] -> C:\Program Files\TextPad 4\system\shellext.dll [TextPad] -> Helios Software Solutions [Ver = 1.3 | Size = 24576 bytes | Modified Date = 1/1/2003 4:59:02 AM | Attr = ]
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} [HKLM] -> C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll [TuneUp Shredder Shell Extension] -> TuneUp Software GmbH [Ver = 2.0.0.2 | Size = 25608 bytes | Modified Date = 12/19/2006 4:53:48 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 11/27/2001 8:10:00 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{23170F69-40C1-278A-1000-000100020000} [HKLM] -> C:\Program Files\7-Zip\7-zip.dll [7-Zip] -> [Ver = | Size = 136704 bytes | Modified Date = 12/9/2005 1:41:06 PM | Attr = ]
{BED4C38B-F765-45AC-8C56-613F76BBF43E} [HKLM] -> C:\Program Files\DAP\Privacy Package\DAPCtxMenuShell.dll [DAP_ShredMenu] -> Speedbit Ltd. [Ver = 8, 0, 0, 2 | Size = 53339 bytes | Modified Date = 7/26/2006 6:17:18 PM | Attr = ]
{90A07ACC-0331-4aee-9AAD-A854A9C37667} [HKLM] -> C:\Program Files\Advanced System Optimizer\ShellExt.dll [FileEncrypt] -> Systweak Inc [Ver = 2,1,4,400 | Size = 190976 bytes | Modified Date = 7/7/2005 4:55:24 PM | Attr = ]
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} [HKLM] -> C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll [TuneUp Shredder Shell Extension] -> TuneUp Software GmbH [Ver = 2.0.0.2 | Size = 25608 bytes | Modified Date = 12/19/2006 4:53:48 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 11/27/2001 8:10:00 AM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{B33DE746-DEFE-4D7A-87DB-900864B1D3A8} [HKLM] -> C:\Program Files\Ashampoo\Ashampoo WinOptimizer Platinum 3\ContextHandler.dll [WOP3_ContextMenuHandler] -> [Ver = | Size = 418304 bytes | Modified Date = 11/10/2005 7:08:58 PM | Attr = ]
{C539A15A-3AF9-4c92-B771-50CB78F5C751} [HKLM] -> C:\Program Files\Acronis\TrueImageHome\tishell.dll [Acronis True Image Shell Context Menu Extension] -> Acronis [Ver = 10,0,0,4871 | Size = 499872 bytes | Modified Date = 10/16/2006 9:17:08 PM | Attr = ]
{dd230880-495a-11d1-b064-008048ec2fc5} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll [Kaspersky Anti-Virus] -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 41067 bytes | Modified Date = 11/1/2006 5:43:06 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 11/27/2001 8:10:00 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{A9AACA72-1C51-4F84-804D-90EDBA0D58F4} [HKLM] -> C:\Program Files\Common Files\Zinio\ZSHExt.dll [MyMagazinesColumn Class] -> Zinio Systems, Inc. [Ver = 3.3.2.3160 | Size = 135168 bytes | Modified Date = 8/18/2005 10:14:16 PM | Attr = ]
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 8.0.0.0 | Size = 372736 bytes | Modified Date = 10/22/2006 11:28:04 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{748376F9-3E37-405E-BB41-FA3C6C095EA1} -> (D-Link USB Remote NDIS Network Device) ->
{A12EA09A-13DE-4C71-9AE6-0299D1009C65} -> 202.144.115.4,202.144.10.50 (VIA Rhine II Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
skype4com -> C:\Program Files\Skype\toolbars\Shared\Skype4ComAPI.dll -> Skype Technologies [Ver = 1, 0, 0, 21 | Size = 1662976 bytes | Modified Date = 7/3/2006 4:30:02 PM | Attr = ]

[Files - Created Wihin 30 days]
WISC8BB491212D942AEB571E580D8CD1B5B_6_0_1255.MSI -> C:\Program Files\Common Files\Wise Installation Wizard\WISC8BB491212D942AEB571E580D8CD1B5B_6_0_1255.MSI -> [Ver = | Size = 8005632 bytes | Created Date = 12/21/2006 4:41:35 PM | Attr = ]
ctor.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll -> Macrovision Corporation [Ver = 11.50.43969 | Size = 69715 bytes | Created Date = 12/21/2006 12:56:52 PM | Attr = ]
DotNetInstaller.exe -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe -> InstallShield Software Corporation [Ver = 11.50.0.42618 | Size = 5632 bytes | Created Date = 12/21/2006 12:56:19 PM | Attr = ]
iGdi.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 200836 bytes | Created Date = 12/21/2006 12:55:43 PM | Attr = ]
iKernel.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll -> Macrovision Corporation [Ver = 11.50.43969 | Size = 757760 bytes | Created Date = 12/21/2006 12:56:19 PM | Attr = ]
iscript.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll -> Macrovision Corporation [Ver = 11.50.43969 | Size = 274432 bytes | Created Date = 12/21/2006 12:56:53 PM | Attr = ]
iuser.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll -> Macrovision Corporation [Ver = 11.50.43969 | Size = 204800 bytes | Created Date = 12/21/2006 12:56:53 PM | Attr = ]
setup.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 331908 bytes | Created Date = 12/21/2006 12:55:39 PM | Attr = ]
Active Setup Log.BAK -> C:\WINNT\Active Setup Log.BAK -> [Ver = | Size = 783 bytes | Created Date = 12/27/2006 10:56:04 AM | Attr = ]
system.ini.bak -> C:\WINNT\system.ini.bak -> [Ver = | Size = 341 bytes | Created Date = 12/21/2006 6:30:41 PM | Attr = ]
system.tmp -> C:\WINNT\system.tmp -> [Ver = | Size = 375 bytes | Created Date = 12/25/2006 7:12:04 PM | Attr = ]
win.tmp -> C:\WINNT\win.tmp -> [Ver = | Size = 1751 bytes | Created Date = 12/25/2006 7:12:03 PM | Attr = ]
Perflib_Perfdata_408.dat -> C:\WINNT\System32\Perflib_Perfdata_408.dat -> [Ver = | Size = 16384 bytes | Created Date = 12/21/2006 4:59:01 PM | Attr = ]
Perflib_Perfdata_74c.dat -> C:\WINNT\System32\Perflib_Perfdata_74c.dat -> [Ver = | Size = 16384 bytes | Created Date = 1/2/1601 6:30:00 PM | Attr = ]
pudrglst.ocx -> C:\WINNT\System32\pudrglst.ocx -> http://www.mvps.org/vb [Ver = 1.01.0047 | Size = 118784 bytes | Created Date = 11/30/2006 12:38:57 PM | Attr = ]
puxpman.exe -> C:\WINNT\System32\puxpman.exe -> ashampoo GmbH & Co. KG [Ver = 1.04.0394 | Size = 102400 bytes | Created Date = 11/30/2006 12:38:58 PM | Attr = ]
PUXPPLAT.UND -> C:\WINNT\System32\PUXPPLAT.UND -> [Ver = | Size = 39381 bytes | Created Date = 11/30/2006 1:00:29 PM | Attr = ]
puxptwks.exe -> C:\WINNT\System32\puxptwks.exe -> ashampoo GmbH & Co. KG [Ver = 1.40.0106 | Size = 45056 bytes | Created Date = 11/30/2006 12:38:58 PM | Attr = ]
pwrupcid.dll -> C:\WINNT\System32\pwrupcid.dll -> [Ver = | Size = 163840 bytes | Created Date = 11/30/2006 12:38:58 PM | Attr = ]
pwrupic.icl -> C:\WINNT\System32\pwrupic.icl -> [Ver = | Size = 15392 bytes | Created Date = 11/30/2006 12:38:58 PM | Attr = ]
tmp.reg -> C:\WINNT\System32\tmp.reg -> [Ver = | Size = 2396 bytes | Created Date = 12/28/2006 5:45:03 PM | Attr = ]
xipopup.dll -> C:\WINNT\System32\xipopup.dll -> DBI Technologies Inc. [Ver = 2, 0, 0, 1 | Size = 98304 bytes | Created Date = 11/30/2006 12:38:58 PM | Attr = ]
xipush.dll -> C:\WINNT\System32\xipush.dll -> Gamesman Inc. [Ver = 4,0,0,0 | Size = 90112 bytes | Created Date = 11/30/2006 12:38:59 PM | Attr = ]
xislide.dll -> C:\WINNT\System32\xislide.dll -> Gamesman Inc. [Ver = 3,0,0,1 | Size = 94208 bytes | Created Date = 11/30/2006 12:39:00 PM | Attr = ]
xitabs.dll -> C:\WINNT\System32\xitabs.dll -> FarPoint Technologies, Inc. [Ver = 3.1.10 | Size = 448192 bytes | Created Date = 11/30/2006 12:39:00 PM | Attr = ]
xithreed.dll -> C:\WINNT\System32\xithreed.dll -> Sheridan Software Systems, Inc. [Ver = 3.02.0005 | Size = 345544 bytes | Created Date = 11/30/2006 12:38:49 PM | Attr = ]
fidbox.dat -> C:\WINNT\System32\drivers\fidbox.dat -> [Ver = | Size = 9599776 bytes | Created Date = 1/2/1601 6:30:00 PM | Attr = HS]
fidbox.idx -> C:\WINNT\System32\drivers\fidbox.idx -> [Ver = | Size = 129428 bytes | Created Date = 1/2/1601 6:30:00 PM | Attr = HS]
fidbox2.dat -> C:\WINNT\System32\drivers\fidbox2.dat -> [Ver = | Size = 678688 bytes | Created Date = 1/2/1601 6:30:00 PM | Attr = HS]
fidbox2.idx -> C:\WINNT\System32\drivers\fidbox2.idx -> [Ver = | Size = 64484 bytes | Created Date = 1/2/1601 6:30:00 PM | Attr = HS]
ikhfile.sys -> C:\WINNT\System32\drivers\ikhfile.sys -> PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2014 | Size = 30592 bytes | Created Date = 12/25/2006 10:00:49 PM | Attr = ]
ikhlayer.sys -> C:\WINNT\System32\drivers\ikhlayer.sys -> PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2011 | Size = 51072 bytes | Created Date = 12/25/2006 9:59:19 PM | Attr = ]
klick.sys -> C:\WINNT\System32\drivers\klick.sys -> Kaspersky Lab [Ver = 2.0.0.348 | Size = 61584 bytes | Created Date = 12/7/2006 10:24:05 AM | Attr = ]
klif.sys -> C:\WINNT\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.247 | Size = 174864 bytes | Created Date = 12/7/2006 10:22:27 AM | Attr = ]
klin.sys -> C:\WINNT\System32\drivers\klin.sys -> Kaspersky Lab [Ver = 2.0.0.333 | Size = 59536 bytes | Created Date = 12/7/2006 10:24:05 AM | Attr = ]
tmcomm.sys -> C:\WINNT\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 12/24/2006 12:22:11 PM | Attr = ]

[Files - Modified Wihin 30 days]
boot.ini -> C:\boot.ini -> [Ver = | Size = 193 bytes | Modified Date = 12/29/2006 4:16:16 PM | Attr = RH ]
bootwiz.sys -> C:\bootwiz.sys -> [Ver = | Size = 22528 bytes | Modified Date = 12/17/2006 2:32:30 PM | Attr = RHS]
deb.sbl -> C:\deb.sbl -> [Ver = | Size = 45510 bytes | Modified Date = 12/29/2006 10:41:14 AM | Attr = ]
ntdetect.com -> C:\ntdetect.com -> [Ver = | Size = 34724 bytes | Modified Date = 12/29/2006 4:16:16 PM | Attr = RHS]
WISC8BB491212D942AEB571E580D8CD1B5B_6_0_1255.MSI -> C:\Program Files\Common Files\Wise Installation Wizard\WISC8BB491212D942AEB571E580D8CD1B5B_6_0_1255.MSI -> [Ver = | Size = 8005632 bytes | Modified Date = 12/21/2006 4:41:38 PM | Attr = ]
iGdi.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 200836 bytes | Modified Date = 12/21/2006 12:55:44 PM | Attr = ]
setup.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 331908 bytes | Modified Date = 12/21/2006 12:55:40 PM | Attr = ]
Active Setup Log.BAK -> C:\WINNT\Active Setup Log.BAK -> [Ver = | Size = 783 bytes | Modified Date = 12/27/2006 2:10:40 PM | Attr = ]
imsins.BAK -> C:\WINNT\imsins.BAK -> [Ver = | Size = 1428 bytes | Modified Date = 12/13/2006 2:56:22 PM | Attr = ]
ODBC.INI -> C:\WINNT\ODBC.INI -> [Ver = | Size = 1160 bytes | Modified Date = 12/21/2006 6:32:34 PM | Attr = ]
ODBCINST.INI -> C:\WINNT\ODBCINST.INI -> [Ver = | Size = 4073 bytes | Modified Date = 12/21/2006 6:32:36 PM | Attr = ]
QTFont.qfn -> C:\WINNT\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 12/12/2006 10:39:54 AM | Attr = H ]
system.ini -> C:\WINNT\system.ini -> [Ver = | Size = 375 bytes | Modified Date = 12/21/2006 6:30:42 PM | Attr = ]
system.tmp -> C:\WINNT\system.tmp -> [Ver = | Size = 375 bytes | Modified Date = 12/21/2006 6:30:42 PM | Attr = ]
BOOTBAK.INI -> C:\WINNT\System32\BOOTBAK.INI -> [Ver = | Size = 193 bytes | Modified Date = 11/30/2006 6:28:12 PM | Attr = ]
Perflib_Perfdata_408.dat -> C:\WINNT\System32\Perflib_Perfdata_408.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/21/2006 4:59:02 PM | Attr = ]
Perflib_Perfdata_74c.dat -> C:\WINNT\System32\Perflib_Perfdata_74c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/29/2006 10:50:28 AM | Attr = ]
PUXPPLAT.UND -> C:\WINNT\System32\PUXPPLAT.UND -> [Ver = | Size = 39381 bytes | Modified Date = 11/30/2006 1:00:30 PM | Attr = ]
tmp.reg -> C:\WINNT\System32\tmp.reg -> [Ver = | Size = 2396 bytes | Modified Date = 12/28/2006 5:45:04 PM | Attr = ]
vsconfig.xml -> C:\WINNT\System32\vsconfig.xml -> [Ver = | Size = 48877 bytes | Modified Date = 12/29/2006 10:53:04 AM | Attr = H ]
fidbox.dat -> C:\WINNT\System32\drivers\fidbox.dat -> [Ver = | Size = 9599776 bytes | Modified Date = 12/29/2006 12:28:48 PM | Attr = HS]
fidbox.idx -> C:\WINNT\System32\drivers\fidbox.idx -> [Ver = | Size = 129428 bytes | Modified Date = 12/29/2006 10:45:56 AM | Attr = HS]
fidbox2.dat -> C:\WINNT\System32\drivers\fidbox2.dat -> [Ver = | Size = 678688 bytes | Modified Date = 12/29/2006 12:30:18 PM | Attr = HS]
fidbox2.idx -> C:\WINNT\System32\drivers\fidbox2.idx -> [Ver = | Size = 64484 bytes | Modified Date = 12/29/2006 10:45:56 AM | Attr = HS]
klick.sys -> C:\WINNT\System32\drivers\klick.sys -> Kaspersky Lab [Ver = 2.0.0.348 | Size = 61584 bytes | Modified Date = 12/8/2006 9:56:40 AM | Attr = ]
klif.sys -> C:\WINNT\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.247 | Size = 174864 bytes | Modified Date = 12/7/2006 10:22:30 AM | Attr = ]
klin.sys -> C:\WINNT\System32\drivers\klin.sys -> Kaspersky Lab [Ver = 2.0.0.333 | Size = 59536 bytes | Modified Date = 12/7/2006 10:24:06 AM | Attr = ]
snapman.sys -> C:\WINNT\System32\drivers\snapman.sys -> Acronis [Ver = 3.0 build 303 | Size = 114048 bytes | Modified Date = 12/15/2006 11:31:16 AM | Attr = ]
tifsfilt.sys -> C:\WINNT\System32\drivers\tifsfilt.sys -> Acronis [Ver = 3.3 build 443 | Size = 39264 bytes | Modified Date = 12/16/2006 10:33:48 AM | Attr = ]
timntr.sys -> C:\WINNT\System32\drivers\timntr.sys -> Acronis [Ver = 3.3 build 443 | Size = 395744 bytes | Modified Date = 12/16/2006 10:33:48 AM | Attr = ]
tmcomm.sys -> C:\WINNT\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 12/24/2006 11:18:42 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , -> C:\bootwiz.sys -> [Ver = | Size = 22528 bytes | Modified Date = 12/17/2006 2:32:30 PM | Attr = RHS]
UPX! , UPX0 , -> C:\Program Files\Common Files\Acronis\CDRecord\cdrecord.exe -> Acronis [Ver = 2.01-1.9 | Size = 135680 bytes | Modified Date = 12/6/2005 8:58:06 PM | Attr = ]
UPX! , UPX0 , -> C:\Program Files\Common Files\Acronis\CDRecord\cygwin1.dll -> Red Hat [Ver = 1.5.6 | Size = 438153 bytes | Modified Date = 11/29/2005 2:00:24 PM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\MediaBuilder\bootmenu.exe -> [Ver = | Size = 33736 bytes | Modified Date = 11/29/2005 1:22:14 PM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\MediaBuilder\bootwiz.sys -> [Ver = | Size = 22528 bytes | Modified Date = 10/16/2006 1:47:54 PM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\MediaBuilder\kernel.dat -> [Ver = | Size = 664914 bytes | Modified Date = 10/16/2006 5:18:58 AM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\MediaBuilder\mouse.com -> [Ver = | Size = 4850 bytes | Modified Date = 11/29/2005 1:22:14 PM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\MediaBuilder\ramdisk.exe -> [Ver = | Size = 18931 bytes | Modified Date = 10/16/2006 1:42:46 PM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\TrueImage\bootwiz.sys -> [Ver = | Size = 22528 bytes | Modified Date = 10/16/2006 1:47:54 PM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\TrueImage\kernel.dat -> [Ver = | Size = 664914 bytes | Modified Date = 10/16/2006 5:18:58 AM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\TrueImage\mouse.com -> [Ver = | Size = 4850 bytes | Modified Date = 10/16/2006 5:16:20 AM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\TrueImage\splash.run -> [Ver = | Size = 23388 bytes | Modified Date = 10/16/2006 1:42:58 PM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\TrueImageHome\bootmenu.exe -> [Ver = | Size = 1852473 bytes | Modified Date = 10/16/2006 2:00:54 PM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\TrueImageHome\bootwiz.sys -> [Ver = | Size = 22528 bytes | Modified Date = 10/16/2006 1:47:54 PM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\TrueImageHome\kernel.dat -> [Ver = | Size = 664914 bytes | Modified Date = 10/16/2006 5:18:58 AM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\TrueImageHome\mouse.com -> [Ver = | Size = 4850 bytes | Modified Date = 10/16/2006 5:16:20 AM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\TrueImageHome\splash.run -> [Ver = | Size = 23388 bytes | Modified Date = 10/16/2006 2:37:04 PM | Attr = ]
PEC2 , -> C:\Program Files\Common Files\GTK\2.0\bin\libglib-2.0-0.dll -> The GLib developer community [Ver = 2.10.3.0 | Size = 582621 bytes | Modified Date = 5/27/2006 8:51:10 AM | Attr = ]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 11/19/2003 10:50:24 PM | Attr = ]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 12/6/2004 10:57:36 PM | Attr = ]
PTech , -> C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\serk\1033\ADOVIEW.HTM -> [Ver = | Size = 40987 bytes | Modified Date = 12/8/1998 7:31:10 PM | Attr = ]
PEC2 , PECompact2 , -> C:\Program Files\Common Files\Real\GToolbar\GDSSetup.exe -> [Ver = | Size = 743016 bytes | Modified Date = 10/10/2005 7:40:00 PM | Attr = ]
aspack , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041006.020\NAVEX15.SYS -> Symantec Corporation [Ver = 2004.2.1.10 | Size = 617288 bytes | Modified Date = 10/6/2004 1:30:00 PM | Attr = ]
aspack , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041006.020\NAVEX15.VXD -> [Ver = | Size = 876529 bytes | Modified Date = 10/6/2004 1:30:00 PM | Attr = ]
aspack , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041006.020\NAVEX32A.DLL -> Symantec Corporation [Ver = 2004.2.1.10 | Size = 672936 bytes | Modified Date = 10/6/2004 1:30:00 PM | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDef

#4 prampara

prampara
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 29 December 2006 - 04:21 AM

SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041006.020\VIRSCAN1.DAT -> [Ver = | Size = 889363 bytes | Modified Date = 10/6/2004 1:30:00 PM | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041006.020\VIRSCAN8.DAT -> [Ver = | Size = 1170741 bytes | Modified Date = 10/6/2004 1:30:00 PM | Attr = ]
UPX! , FSG! , WSUD , UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041006.020\VIRSCAN9.DAT -> [Ver = | Size = 1634601 bytes | Modified Date = 10/6/2004 1:30:00 PM | Attr = ]
aspack , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20051005.037\NAVEX15.SYS -> Symantec Corporation [Ver = 20051.2.0.18 | Size = 665816 bytes | Modified Date = 10/5/2005 1:30:00 PM | Attr = ]
aspack , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20051005.037\NAVEX15.VXD -> [Ver = | Size = 963069 bytes | Modified Date = 10/5/2005 1:30:00 PM | Attr = ]
aspack , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20051005.037\NAVEX32A.DLL -> Symantec Corporation [Ver = 20051.2.0.18 | Size = 706168 bytes | Modified Date = 10/5/2005 1:30:00 PM | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20051005.037\VIRSCAN1.DAT -> [Ver = | Size = 963471 bytes | Modified Date = 10/5/2005 1:30:00 PM | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20051005.037\VIRSCAN8.DAT -> [Ver = | Size = 1414159 bytes | Modified Date = 10/5/2005 1:30:00 PM | Attr = ]
UPX! , FSG! , WSUD , UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20051005.037\VIRSCAN9.DAT -> [Ver = | Size = 2724799 bytes | Modified Date = 10/5/2005 1:30:00 PM | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060908.024\TCDEFS.DAT -> [Ver = | Size = 48806 bytes | Modified Date = 9/8/2006 1:30:00 PM | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060908.024\VIRSCAN8.DAT -> [Ver = | Size = 1594351 bytes | Modified Date = 9/8/2006 1:30:00 PM | Attr = ]
FSG! , WSUD , UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060908.024\VIRSCAN9.DAT -> [Ver = | Size = 3630155 bytes | Modified Date = 9/8/2006 1:30:00 PM | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061118.006\TCDEFS.DAT -> [Ver = | Size = 186850 bytes | Modified Date = 11/18/2006 2:30:00 PM | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061118.006\VIRSCAN8.DAT -> [Ver = | Size = 1633816 bytes | Modified Date = 11/18/2006 2:30:00 PM | Attr = ]
FSG! , WSUD , UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061118.006\VIRSCAN9.DAT -> [Ver = | Size = 3856795 bytes | Modified Date = 11/18/2006 2:30:00 PM | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061119.004\TCDEFS.DAT -> [Ver = | Size = 186850 bytes | Modified Date = 11/19/2006 2:30:00 PM | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061119.004\VIRSCAN8.DAT -> [Ver = | Size = 1634183 bytes | Modified Date = 11/19/2006 2:30:00 PM | Attr = ]
FSG! , WSUD , UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061119.004\VIRSCAN9.DAT -> [Ver = | Size = 3857169 bytes | Modified Date = 11/19/2006 2:30:00 PM | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcdefs.dat -> [Ver = | Size = 47313 bytes | Modified Date = 6/14/2006 1:30:00 PM | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan8.dat -> [Ver = | Size = 1549953 bytes | Modified Date = 6/14/2006 1:30:00 PM | Attr = ]
FSG! , WSUD , UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan9.dat -> [Ver = | Size = 3337932 bytes | Modified Date = 6/14/2006 1:30:00 PM | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp6882.tmp\TCDEFS.DAT -> [Ver = | Size = 186736 bytes | Modified Date = 11/13/2006 2:30:00 PM | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp6882.tmp\VIRSCAN8.DAT -> [Ver = | Size = 1630135 bytes | Modified Date = 11/13/2006 2:30:00 PM | Attr = ]
FSG! , WSUD , UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp6882.tmp\VIRSCAN9.DAT -> [Ver = | Size = 3841214 bytes | Modified Date = 11/13/2006 2:30:00 PM | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp933.tmp\TCDEFS.DAT -> [Ver = | Size = 46770 bytes | Modified Date = 5/17/2006 1:30:00 PM | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp933.tmp\VIRSCAN8.DAT -> [Ver = | Size = 1536947 bytes | Modified Date = 5/17/2006 1:30:00 PM | Attr = ]
UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp933.tmp\VIRSCAN9.DAT -> [Ver = | Size = 3265824 bytes | Modified Date = 5/19/2006 8:50:34 PM | Attr = ]
UPX! , UPX0 , -> C:\WINNT\System32\asmwZipIt.ocx -> asmwsoft.com [Ver = 1.00.0002 | Size = 21504 bytes | Modified Date = 10/21/2004 8:31:50 AM | Attr = ]
UPX! , -> C:\WINNT\System32\aswBoot.exe -> [Ver = 4, 6, 665, 0 | Size = 433152 bytes | Modified Date = 7/9/2005 2:33:06 PM | Attr = ]
UPX! , -> C:\WINNT\System32\Cgrm_en.dll -> Centigram Communications Corp. [Ver = 5, 0, 0, 49 | Size = 1294336 bytes | Modified Date = 6/11/1997 5:51:30 PM | Attr = ]
PEC2 , -> C:\WINNT\System32\CO2C40EN.DLL -> [Ver = 4.6.1.106 | Size = 748160 bytes | Modified Date = 11/18/1996 | Attr = ]
aspack , -> C:\WINNT\System32\Incinerator.dll -> [Ver = | Size = 1211904 bytes | Modified Date = 2/2/2006 6:42:38 PM | Attr = ]
Thawte Consulting , -> C:\WINNT\System32\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 63144 bytes | Modified Date = 8/25/2006 9:17:00 AM | Attr = ]
Thawte Consulting , -> C:\WINNT\System32\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 67240 bytes | Modified Date = 8/25/2006 9:17:00 AM | Attr = ]
Thawte Consulting , -> C:\WINNT\System32\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 62632 bytes | Modified Date = 8/25/2006 9:17:00 AM | Attr = ]
Thawte Consulting , -> C:\WINNT\System32\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Modified Date = 8/25/2006 9:17:00 AM | Attr = ]
UPX! , UPX0 , -> C:\WINNT\System32\t3odm.dll -> Cyberlink [Ver = 1.00.1016 | Size = 28672 bytes | Modified Date = 5/1/2004 4:46:24 AM | Attr = ]
winsync , -> C:\WINNT\System32\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 12/7/1999 9:30:00 AM | Attr = ]
aspack , -> C:\WINNT\System32\wodfamoh.dll -> Abrosoft [Ver = 3, 6, 2, 0 | Size = 816640 bytes | Modified Date = 8/18/2006 11:24:36 AM | Attr = H ]
UPX! , UPX0 , -> C:\WINNT\System32\Zipdll.dll -> [Ver = 1, 4, 0, 0 | Size = 47616 bytes | Modified Date = 10/22/1999 1:49:22 PM | Attr = ]
UPX! , UPX0 , -> C:\WINNT\System32\Zipit.dll -> [Ver = | Size = 102400 bytes | Modified Date = 8/18/2000 12:01:56 AM | Attr = ]

< End of report >

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:35 PM

Posted 29 December 2006 - 10:20 AM

Hi prampara. I do not see any signs of viruses or malwrae in the log. There are a number of left-over items in the registry from programs that have been uninstalled. They are more than likely present due to programs like Ad-Watch which prevent registry changes. These programs might also be interfering with the IE installation since it needs to make changes to the registry. We can clean these out but we will need to first disable all of these programs.

Step #1

Please disable Ad-Watch, as it may hinder the removal of some registry entries. You can re-enable it after your computer is clean.

To disable Ad-Watch:

1. Right click on the Ad-Watch icon in the system tray and select "Restore Ad-Watch".
2. At the bottom of the screen there will be two checkable items called "Active" and "Automatic".Active: Switches Monitoring On or Off without closing
Automatic: Switches Automatic Blocking On or Off
3. Uncheck (red X) both items.

Spyware Doctor's OnGuard protective functionality may interfere with certain registry fixes we need to make. Please follow these instructions to disable it:

To disable Spyware Doctor's OnGuard Tools:

1. From within Spyware Doctor, click the "OnGuard" button on the left side.
2. Uncheck "Activate OnGuard".

You can reenable it once your system is clean.

We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

To disable Windows Defender:

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

After all of the fixes are complete you can enable Real-time Protection again.

Step #2

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {029CA12C-89C1-46a7-A3C7-82F2F98635CB} [HKLM] -> Reg Data - Key not found [ZIBho Class]
YN -> {0A87E45F-537A-40B4-B812-E2544C21A09F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {A491D208-B353-490F-B81A-A8A3DC97042D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {CE57DA55-F491-45C6-B3DB-6C98E4B17CDC} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {E24AD748-155E-4254-B674-4EDF86E7E1DF} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{7435856C-6CA1-45CF-A00D-82178387F223} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
YN -> {7D4D6379-F301-4311-BEBA-E26EB0561882} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]


The fix should only take a very short time.

Step #3

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
Note: If there is an Update XX in the name then the "XX" in the version will be whatever the latest version is.
  • Download the latest version of Java Runtime Environment (JRE) 6.0 Update XX (if present).
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_XX-windowsi586-p.exe to install the newest version.
Step #4

Before re-enabling all of the blocking software, reinstall IE and see if it installs properly.

Post back with your results.

CHeers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 prampara

prampara
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 30 December 2006 - 08:27 AM

Thanks for your time and the detailed instructions. Followed it and got IE working, infact browsing using it right now. I'm posting a fresh log of WinPfind3 for your review and confirmation. The problem of the high sent / received numbers remains though. I've just got on the net and it shows my received amount as 323,845,728 bytes. Any suggestions?

WinPFind3 logfile created on: 12/30/2006 6:15:06 PM
WinPFind3U by OldTimer - Version 1.0.4 Folder = D:\Download Files\SecurityTools\WinPFind3u\
Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195)
Internet Explorer (Version = 6.0.2800.1106)


[Processes - Non-Microsoft Only]
ad-watch.exe -> C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe -> Lavasoft Sweden [Ver = 3.1.2.17 | Size = 517632 bytes | Modified Date = 5/25/2005 12:12:36 PM | Attr = ]
adefragctrl.exe -> C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe -> [Ver = 1, 1, 1, 1 | Size = 4112497 bytes | Modified Date = 3/27/2006 3:26:56 PM | Attr = ]
adefragservice.exe -> C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe -> [Ver = 1, 1, 1, 1 | Size = 876663 bytes | Modified Date = 3/27/2006 3:30:40 PM | Attr = ]
aluschedulersvc.exe -> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.166 | Size = 100032 bytes | Modified Date = 5/15/2006 6:24:34 PM | Attr = ]
avp.exe -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 155751 bytes | Modified Date = 11/8/2006 6:28:30 PM | Attr = ]
avp.exe -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 155751 bytes | Modified Date = 11/8/2006 6:28:30 PM | Attr = ]
bbimpsec.exe -> C:\Program Files\Sify Broadband\BBImpSec.exe -> [Ver = 1, 2, 0, 1 | Size = 135243 bytes | Modified Date = 12/30/2006 4:32:22 PM | Attr = ]
cseraser.exe -> C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe -> SysShield Consulting, Inc. [Ver = 3, 3, 7, 0 | Size = 585216 bytes | Modified Date = 7/15/2004 10:29:12 AM | Attr = ]
jusched.exe -> C:\Program Files\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 77824 bytes | Modified Date = 12/30/2006 4:34:36 PM | Attr = ]
memtuneup.exe -> C:\program files\advanced system optimizer\memtuneup.exe -> Systweak Inc [Ver = 2,1,4,400 | Size = 113152 bytes | Modified Date = 7/7/2005 4:58:10 PM | Attr = ]
pctspk.exe -> C:\WINNT\system32\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 68608 bytes | Modified Date = 1/19/2000 6:00:56 PM | Attr = ]
schedhlp.exe -> C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe -> Acronis [Ver = 1,0,0,237 | Size = 87584 bytes | Modified Date = 10/16/2006 9:13:32 PM | Attr = ]
schedul2.exe -> C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,237 | Size = 230944 bytes | Modified Date = 10/16/2006 9:13:28 PM | Attr = ]
sdhelp.exe -> C:\Program Files\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 | Size = 895088 bytes | Modified Date = 11/2/2006 5:17:14 PM | Attr = ]
spywareterminatorshield.exe -> C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe -> Crawler.com [Ver = 1.1.0.316 | Size = 1654272 bytes | Modified Date = 8/31/2006 4:00:38 PM | Attr = ]
swdoctor.exe -> C:\Program Files\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 4.0.0.2621 | Size = 2801664 bytes | Modified Date = 12/19/2006 9:33:32 PM | Attr = ]
timountermonitor.exe -> C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe -> Acronis [Ver = 3.3 build 443 | Size = 1941784 bytes | Modified Date = 10/16/2006 9:17:16 PM | Attr = ]
trueimagemonitor.exe -> C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe -> Acronis [Ver = 10,0,0,4871 | Size = 1164912 bytes | Modified Date = 10/16/2006 9:12:20 PM | Attr = ]
vsmon.exe -> C:\WINNT\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]
winpfind3u.exe -> D:\Download Files\SecurityTools\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.4.0 | Size = 303104 bytes | Modified Date = 12/28/2006 1:16:46 PM | Attr = ]
zlclient.exe -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 8/23/2006 11:38:28 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,237 | Size = 230944 bytes | Modified Date = 10/16/2006 9:13:28 PM | Attr = ]
(AshampooDefragService) AshampooDefragService [Win32_Own | Auto | Running] -> C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe -> [Ver = 1, 1, 1, 1 | Size = 876663 bytes | Modified Date = 3/27/2006 3:30:40 PM | Attr = ]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> File not found
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.166 | Size = 100032 bytes | Modified Date = 5/15/2006 6:24:34 PM | Attr = ]
(AVP) Kaspersky Anti-Virus 6.0 [Win32_Own | Auto | Running] -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 155751 bytes | Modified Date = 11/8/2006 6:28:30 PM | Attr = ]
(C-DillaSrv) C-DillaSrv [Win32_Own | Auto | Stopped] -> C:\WINNT\system32\DRIVERS\CDANTSRV.EXE -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINNT\system32\dmadmin.exe -> VERITAS Software Corp. [Ver = 2195.6624.297.3 | Size = 147728 bytes | Modified Date = 6/20/2003 12:35:04 AM | Attr = ]
(EpsonBidirectionalService) EpsonBidirectionalService [Win32_Own | Auto | Stopped] -> C:\Program Files\EPSON\ESM2\eEBSvc.exe -> [Ver = | Size = 77824 bytes | Modified Date = 1/30/2002 7:33:14 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.166 | Size = 2086592 bytes | Modified Date = 5/15/2006 6:24:34 PM | Attr = ]
(OracleOraHome90ManagementServer) OracleOraHome90ManagementServer [Win32_Own | Disabled | Stopped] -> -> File not found
(OracleOraHome90TNSListener) OracleOraHome90TNSListener [Win32_Own | Disabled | Stopped] -> -> File not found
(OracleOraHome90TNSListenerLISTENER1) OracleOraHome90TNSListenerLISTENER1 [Win32_Own | Disabled | Stopped] -> -> File not found
(OracleServiceOEMREP) OracleServiceOEMREP [Win32_Own | Disabled | Stopped] -> e:\oracle\ora90\bin\ORACLE.EXE -> File not found
(OracleServicePRASU) OracleServicePRASU [Win32_Own | Disabled | Stopped] -> e:\oracle\ora90\bin\ORACLE.EXE -> File not found
(Pctspk) W2K PCtel speaker phone [Win32_Own | Auto | Running] -> C:\WINNT\system32\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 68608 bytes | Modified Date = 1/19/2000 6:00:56 PM | Attr = ]
(SDhelper) PC Tools Spyware Doctor [Win32_Own | Auto | Running] -> C:\Program Files\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 | Size = 895088 bytes | Modified Date = 11/2/2006 5:17:14 PM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Stopped] -> C:\WINNT\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Stopped] -> C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
Acronis Scheduler2 Service -> C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe -> Acronis [Ver = 1,0,0,237 | Size = 87584 bytes | Modified Date = 10/16/2006 9:13:32 PM | Attr = ]
AcronisTimounterMonitor -> C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe -> Acronis [Ver = 3.3 build 443 | Size = 1941784 bytes | Modified Date = 10/16/2006 9:17:16 PM | Attr = ]
AVP -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 155751 bytes | Modified Date = 11/8/2006 6:28:30 PM | Attr = ]
CountrySelection -> C:\WINNT\system32\pctptt.exe -> PCtel

#7 prampara

prampara
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 30 December 2006 - 08:30 AM

Thanks for your time and the detailed instructions. Followed it and got IE working, infact browsing using it right now. I'm posting a fresh log of WinPfind3 for your review and confirmation. The problem of the high sent / received numbers remains though. I've just got on the net and it shows my received amount as 323,845,728 bytes. Any suggestions?

WinPFind3 logfile created on: 12/30/2006 6:15:06 PM
WinPFind3U by OldTimer - Version 1.0.4 Folder = D:\Download Files\SecurityTools\WinPFind3u\
Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195)
Internet Explorer (Version = 6.0.2800.1106)


[Processes - Non-Microsoft Only]
ad-watch.exe -> C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe -> Lavasoft Sweden [Ver = 3.1.2.17 | Size = 517632 bytes | Modified Date = 5/25/2005 12:12:36 PM | Attr = ]
adefragctrl.exe -> C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe -> [Ver = 1, 1, 1, 1 | Size = 4112497 bytes | Modified Date = 3/27/2006 3:26:56 PM | Attr = ]
adefragservice.exe -> C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe -> [Ver = 1, 1, 1, 1 | Size = 876663 bytes | Modified Date = 3/27/2006 3:30:40 PM | Attr = ]
aluschedulersvc.exe -> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.166 | Size = 100032 bytes | Modified Date = 5/15/2006 6:24:34 PM | Attr = ]
avp.exe -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 155751 bytes | Modified Date = 11/8/2006 6:28:30 PM | Attr = ]
avp.exe -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 155751 bytes | Modified Date = 11/8/2006 6:28:30 PM | Attr = ]
bbimpsec.exe -> C:\Program Files\Sify Broadband\BBImpSec.exe -> [Ver = 1, 2, 0, 1 | Size = 135243 bytes | Modified Date = 12/30/2006 4:32:22 PM | Attr = ]
cseraser.exe -> C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe -> SysShield Consulting, Inc. [Ver = 3, 3, 7, 0 | Size = 585216 bytes | Modified Date = 7/15/2004 10:29:12 AM | Attr = ]
jusched.exe -> C:\Program Files\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 77824 bytes | Modified Date = 12/30/2006 4:34:36 PM | Attr = ]
memtuneup.exe -> C:\program files\advanced system optimizer\memtuneup.exe -> Systweak Inc [Ver = 2,1,4,400 | Size = 113152 bytes | Modified Date = 7/7/2005 4:58:10 PM | Attr = ]
pctspk.exe -> C:\WINNT\system32\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 68608 bytes | Modified Date = 1/19/2000 6:00:56 PM | Attr = ]
schedhlp.exe -> C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe -> Acronis [Ver = 1,0,0,237 | Size = 87584 bytes | Modified Date = 10/16/2006 9:13:32 PM | Attr = ]
schedul2.exe -> C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,237 | Size = 230944 bytes | Modified Date = 10/16/2006 9:13:28 PM | Attr = ]
sdhelp.exe -> C:\Program Files\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 | Size = 895088 bytes | Modified Date = 11/2/2006 5:17:14 PM | Attr = ]
spywareterminatorshield.exe -> C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe -> Crawler.com [Ver = 1.1.0.316 | Size = 1654272 bytes | Modified Date = 8/31/2006 4:00:38 PM | Attr = ]
swdoctor.exe -> C:\Program Files\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 4.0.0.2621 | Size = 2801664 bytes | Modified Date = 12/19/2006 9:33:32 PM | Attr = ]
timountermonitor.exe -> C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe -> Acronis [Ver = 3.3 build 443 | Size = 1941784 bytes | Modified Date = 10/16/2006 9:17:16 PM | Attr = ]
trueimagemonitor.exe -> C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe -> Acronis [Ver = 10,0,0,4871 | Size = 1164912 bytes | Modified Date = 10/16/2006 9:12:20 PM | Attr = ]
vsmon.exe -> C:\WINNT\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]
winpfind3u.exe -> D:\Download Files\SecurityTools\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.4.0 | Size = 303104 bytes | Modified Date = 12/28/2006 1:16:46 PM | Attr = ]
zlclient.exe -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 8/23/2006 11:38:28 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,237 | Size = 230944 bytes | Modified Date = 10/16/2006 9:13:28 PM | Attr = ]
(AshampooDefragService) AshampooDefragService [Win32_Own | Auto | Running] -> C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe -> [Ver = 1, 1, 1, 1 | Size = 876663 bytes | Modified Date = 3/27/2006 3:30:40 PM | Attr = ]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> File not found
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.166 | Size = 100032 bytes | Modified Date = 5/15/2006 6:24:34 PM | Attr = ]
(AVP) Kaspersky Anti-Virus 6.0 [Win32_Own | Auto | Running] -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 155751 bytes | Modified Date = 11/8/2006 6:28:30 PM | Attr = ]
(C-DillaSrv) C-DillaSrv [Win32_Own | Auto | Stopped] -> C:\WINNT\system32\DRIVERS\CDANTSRV.EXE -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINNT\system32\dmadmin.exe -> VERITAS Software Corp. [Ver = 2195.6624.297.3 | Size = 147728 bytes | Modified Date = 6/20/2003 12:35:04 AM | Attr = ]
(EpsonBidirectionalService) EpsonBidirectionalService [Win32_Own | Auto | Stopped] -> C:\Program Files\EPSON\ESM2\eEBSvc.exe -> [Ver = | Size = 77824 bytes | Modified Date = 1/30/2002 7:33:14 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.166 | Size = 2086592 bytes | Modified Date = 5/15/2006 6:24:34 PM | Attr = ]
(OracleOraHome90ManagementServer) OracleOraHome90ManagementServer [Win32_Own | Disabled | Stopped] -> -> File not found
(OracleOraHome90TNSListener) OracleOraHome90TNSListener [Win32_Own | Disabled | Stopped] -> -> File not found
(OracleOraHome90TNSListenerLISTENER1) OracleOraHome90TNSListenerLISTENER1 [Win32_Own | Disabled | Stopped] -> -> File not found
(OracleServiceOEMREP) OracleServiceOEMREP [Win32_Own | Disabled | Stopped] -> e:\oracle\ora90\bin\ORACLE.EXE -> File not found
(OracleServicePRASU) OracleServicePRASU [Win32_Own | Disabled | Stopped] -> e:\oracle\ora90\bin\ORACLE.EXE -> File not found
(Pctspk) W2K PCtel speaker phone [Win32_Own | Auto | Running] -> C:\WINNT\system32\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 68608 bytes | Modified Date = 1/19/2000 6:00:56 PM | Attr = ]
(SDhelper) PC Tools Spyware Doctor [Win32_Own | Auto | Running] -> C:\Program Files\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 | Size = 895088 bytes | Modified Date = 11/2/2006 5:17:14 PM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Stopped] -> C:\WINNT\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 8/23/2006 11:38:26 PM | Attr = ]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Stopped] -> C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
Acronis Scheduler2 Service -> C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe -> Acronis [Ver = 1,0,0,237 | Size = 87584 bytes | Modified Date = 10/16/2006 9:13:32 PM | Attr = ]
AcronisTimounterMonitor -> C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe -> Acronis [Ver = 3.3 build 443 | Size = 1941784 bytes | Modified Date = 10/16/2006 9:17:16 PM | Attr = ]
AVP -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 155751 bytes | Modified Date = 11/8/2006 6:28:30 PM | Attr = ]
CountrySelection -> C:\WINNT\system32\pctptt.exe -> PCtel, Inc. [Ver = 1, 0, 0, 0 | Size = 68096 bytes | Modified Date = 1/5/2000 4:11:36 PM | Attr = ]
Openwares LiveUpdate -> C:\Program Files\LiveUpdate\LiveUpdate.exe -> Openwares [Ver = 1, 0, 0, 1 | Size = 61440 bytes | Modified Date = 12/13/2003 10:47:22 PM | Attr = ]
OSSelectorReinstall -> C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe -> [Ver = | Size = 1544099 bytes | Modified Date = 11/29/2005 1:22:14 PM | Attr = ]
SpywareTerminator -> C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe -> Crawler.com [Ver = 1.1.0.316 | Size = 1654272 bytes | Modified Date = 8/31/2006 4:00:38 PM | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.6.0\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 77824 bytes | Modified Date = 12/30/2006 4:34:36 PM | Attr = ]
TrueImageMonitor.exe -> C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe -> Acronis [Ver = 10,0,0,4871 | Size = 1164912 bytes | Modified Date = 10/16/2006 9:12:20 PM | Attr = ]
VTPreset -> C:\WINNT\system32\VTPreset.exe -> S3 Graphics, Inc. [Ver = 1.01.00.0102 | Size = 45056 bytes | Modified Date = 2/24/2004 8:17:18 PM | Attr = ]
Zone Labs Client -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 8/23/2006 11:38:28 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AWMON -> C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe -> Lavasoft Sweden [Ver = 3.1.2.17 | Size = 517632 bytes | Modified Date = 5/25/2005 12:12:36 PM | Attr = ]
SifyBB -> C:\Program Files\Sify Broadband\BBImpSec.exe -> [Ver = 1, 2, 0, 1 | Size = 135243 bytes | Modified Date = 12/30/2006 4:32:22 PM | Attr = ]
Systweak Memory Optimizer -> c:\program files\advanced system optimizer\memtuneup.exe -> Systweak Inc [Ver = 2,1,4,400 | Size = 113152 bytes | Modified Date = 7/7/2005 4:58:10 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 3:06:48 PM | Attr = ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 1:48:20 AM | Attr = ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/23/2006 12:01:50 AM | Attr = ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ashampoo Magical Defrag.lnk -> C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe -> [Ver = 1, 1, 1, 1 | Size = 4112497 bytes | Modified Date = 3/27/2006 3:26:56 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\pramod\Start Menu\Programs\Startup
C:\Documents and Settings\pramod\Start Menu\Programs\Startup\AbsoluteShield Internet Eraser.lnk -> C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe -> SysShield Consulting, Inc. [Ver = 3, 3, 7, 0 | Size = 585216 bytes | Modified Date = 7/15/2004 10:29:12 AM | Attr = ]
C:\Documents and Settings\pramod\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk -> C:\WINNT\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe -> [Ver = | Size = 28160 bytes | Modified Date = 12/8/2003 2:04:34 PM | Attr = R ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
KShareAP.dll -> KShareAP.dll -> File not found
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
klogon -> C:\WINNT\system32\klogon.dll -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 94314 bytes | Modified Date = 11/1/2006 5:42:54 PM | Attr = ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoBackButton -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoFileMru -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsHistory -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInstrumentation -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINNT\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> local;<local> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0000CC75-ACF3-4cac-A0A9-DD3868E06852} [HKLM] -> C:\Program Files\DAP\DAPBHO.dll [DAPHelper Class] -> Speedbit Ltd. [Ver = 8, 0, 0, 0 | Size = 122946 bytes | Modified Date = 7/26/2006 6:17:14 PM | Attr = ]
{029CA12C-89C1-46a7-A3C7-82F2F98635CB} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ]
{089FD14D-132B-48FC-8861-0048AE113215} [HKLM] -> C:\Program Files\SiteAdvisor\saIE.dll [Reg Data - Value does not exist] -> Site Advisor [Ver = 1.2.0.27 | Size = 532480 bytes | Modified Date = 3/24/2006 2:25:26 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 3, 0, 12 | Size = 744960 bytes | Modified Date = 5/12/2004 1:03:00 AM | Attr = ]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKLM] -> C:\Program Files\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.6.0.2071 | Size = 825528 bytes | Modified Date = 8/1/2006 3:27:06 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 501384 bytes | Modified Date = 12/30/2006 4:34:38 PM | Attr = ]
{9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} [HKLM] -> C:\Program Files\SysShield Tools\Internet Eraser\PKExt.dll [PopKiller Class] -> SysShield Consulting, Inc. [Ver = 1, 4, 0, 0 | Size = 66048 bytes | Modified Date = 6/14/2004 8:23:10 PM | Attr = ]
{A491D208-B353-490F-B81A-A8A3DC97042D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKLM] -> C:\Program Files\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Modified Date = 8/1/2006 3:23:12 PM | Attr = ]
{BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} [HKLM] -> C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll [CBHO Object] -> CoreStreet, Ltd. [Ver = 1.02 | Size = 94208 bytes | Modified Date = 8/18/2004 9:40:40 AM | Attr = ]
{CE57DA55-F491-45C6-B3DB-6C98E4B17CDC} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{E24AD748-155E-4254-B674-4EDF86E7E1DF} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKLM] -> C:\Program Files\SiteAdvisor\saIE.dll [SiteAdvisor] -> Site Advisor [Ver = 1.2.0.27 | Size = 532480 bytes | Modified Date = 3/24/2006 2:25:26 AM | Attr = ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ]
{4D46ED77-1429-4CF6-8F63-C84B5D710BAF} [HKLM] -> C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll [SpoofStick] -> CoreStreet, Ltd. [Ver = 1.02 | Size = 176128 bytes | Modified Date = 8/18/2004 9:40:46 AM | Attr = ]
{ED0E8CA5-42FB-4B18-997B-769E0408E79D} [HKLM] -> C:\Program Files\FreshDevices\FreshDownload\fdiebar.dll [FreshDownload Bar] -> FreshDevices Corp. [Ver = 1.0.0.0 | Size = 232448 bytes | Modified Date = 11/23/2006 9:02:04 AM | Attr = ]
{EE9DD090-902D-4623-9360-FB7D8666202B} [HKLM] -> C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll [AbsoluteShield] -> AbsoluteShield Software [Ver = 3, 0, 0, 0 | Size = 139264 bytes | Modified Date = 6/14/2004 8:23:18 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ]
WebBrowser\\{4D46ED77-1429-4CF6-8F63-C84B5D710BAF} [HKLM] -> C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll [SpoofStick] -> CoreStreet, Ltd. [Ver = 1.02 | Size = 176128 bytes | Modified Date = 8/18/2004 9:40:46 AM | Attr = ]
WebBrowser\\{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{7435856C-6CA1-45CF-A00D-82178387F223} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8193 - Sun Java Console ->
{17A197DD-BDC2-4CD7-9CB5-EC9F8C9558F7} -> 8205 - Reg Data - Key not found ->
{1A388C31-133D-11d7-AEC2-0050BAD92AF7} -> 8194 - Sify Broadband ->
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} -> 8209 - Reg Data - Value does not exist ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8200 - Reg Data - Value does not exist ->
{2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} -> 8202 - Reg Data - Key not found ->
{320AF880-6646-11D3-ABEE-C5DBF3571F46} -> 8197 - Reg Data - Key not found ->
{320AF880-6646-11D3-ABEE-C5DBF3571F49} -> 8198 - Reg Data - Key not found ->
{5393EDD0-762F-46B0-93ED-807389A0D6D4} -> 8206 - Reg Data - Key not found ->
{553EEAC2-ED97-448A-9E10-BD531C01099F} -> 8201 - Reg Data - Key not found ->
{55AE40CA-2C9E-4D21-84B2-BC8B0B84D224} -> 8203 - Reg Data - Key not found ->
{5D938D1D-3172-4190-8FF7-1F901DD367A1} -> 8207 - Reg Data - Key not found ->
{724d43aa-0d85-11d4-9908-00400523e39a} -> 8199 - Reg Data - Key not found ->
{73617ADE-7BFE-4BB3-B1CD-786AE38011B6} -> 8210 - Reg Data - Value does not exist ->
{BCDB12DA-0432-48FD-B798-29AF05EF9911} -> 8204 - Reg Data - Key not found ->
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> 8212 - @shdoclc.dll,-864 ->
NextId -> 8213 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 132744 bytes | Modified Date = 12/30/2006 4:34:36 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> C:\Program Files\Java\jre1.6.0\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 501384 bytes | Modified Date = 12/30/2006 4:34:38 PM | Attr = ]
{1A388C31-133D-11d7-AEC2-0050BAD92AF7} -> http:\mum.sifybroadband.com\bbandnew\customerlogin.php [ButtonText: Broadband] -> File not found
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} -> Reg Data - Value does not exist [ButtonText: Web Anti-Virus] -> File not found
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> Reg Data - Value does not exist [ButtonText: Spyware Doctor] -> File not found
{73617ADE-7BFE-4BB3-B1CD-786AE38011B6} -> C:\Program Files\FreshDevices\FreshDownload\fd.exe [ButtonText: FreshDownload] -> FreshDevices.com. [Ver = 7.66.0.0 | Size = 648704 bytes | Modified Date = 11/23/2006 9:02:02 AM | Attr = ]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> C:\WINNT\Web\RELATED.HTM [ButtonText: @shdoclc.dll,-866] -> [Ver = | Size = 654 bytes | Modified Date = 8/29/2002 7:14:40 AM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Clean Traces -> C:\Program Files\DAP\Privacy Package\dapcleanerie.htm -> [Ver = | Size = 1748 bytes | Modified Date = 7/26/2006 6:17:18 PM | Attr = ]
&Download with &DAP -> C:\Program Files\DAP\dapextie.htm -> [Ver = | Size = 2020 bytes | Modified Date = 7/26/2006 6:17:20 PM | Attr = ]
&WordWeb... -> C:\WINNT\wweb32.dll\lookup.htm -> File not found
Convert link target to Adobe PDF -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert link target to existing PDF -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert selected links to Adobe PDF -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm -> File not found
Convert selected links to existing PDF -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm -> File not found
Convert selection to Adobe PDF -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert selection to existing PDF -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Convert to Adobe PDF -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found
Convert to existing PDF -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found
Download &All by FD -> Reg Data - Value does not exist -> File not found
Download &all with DAP -> C:\Program Files\DAP\dapextie2.htm -> [Ver = | Size = 1041 bytes | Modified Date = 7/26/2006 6:17:20 PM | Attr = ]
Download with &FD -> Reg Data - Value does not exist -> File not found
Get It With Kontiki -> -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.htm -> C:\Program Files\Netscape\Netscape Browser\plugins\npTrident.dll [Trident Plugin for Netscape] -> Netscape Communications Corp. [Ver = 2004, 0, 0, 1 | Size = 202752 bytes | Modified Date = 1/28/2006 1:20:52 AM | Attr = ]
.spop -> C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 1:56:24 PM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{1D2680C9-0E2A-469d-B787-065558BC7D43} [HKLM] -> Reg Data - Key not found [Fusion Cache] -> File not found
{23170F69-40C1-278A-1000-000100020000} [HKLM] -> C:\Program Files\7-Zip\7-zip.dll [7-Zip Shell Extension] -> [Ver = | Size = 136704 bytes | Modified Date = 12/9/2005 1:41:06 PM | Attr = ]
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} [HKLM] -> Reg Data - Key not found [dBpowerAMP Music Converter] -> File not found
{2F25CF20-C569-11D1-B94C-00608CB45480} [HKLM] -> C:\Program Files\TextPad 4\system\shellext.dll [TextPad] -> Helios Software Solutions [Ver = 1.3 | Size = 24576 bytes | Modified Date = 1/1/2003 4:59:02 AM | Attr = ]
{40950107-FEA6-4d53-A65F-B2DCBA57DD58} [HKLM] -> C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll [Nokia Phone Browser] -> Nokia [Ver = 6, 41, 64, 0 | Size = 247296 bytes | Modified Date = 11/16/2004 9:27:44 AM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} [HKLM] -> C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll [TuneUp Shredder Shell Extension] -> TuneUp Software GmbH [Ver = 2.0.0.2 | Size = 25608 bytes | Modified Date = 12/19/2006 4:53:48 PM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7F1CF152-04F8-453A-B34C-E609530A9DC8} [HKLM] -> Reg Data - Key not found [NeroDigitalPropSheetHandler] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{85E0B171-04FA-11D1-B7DA-00A0C90348D6} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll [Web Anti-Virus] -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 184430 bytes | Modified Date = 11/1/2006 5:41:48 PM | Attr = ]
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINNT\system32\HTICONS.DLL [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.00.2195.6684 | Size = 21776 bytes | Modified Date = 6/20/2003 12:35:04 AM | Attr = ]
{A9AACA72-1C51-4F84-804D-90EDBA0D58F4} [HKLM] -> C:\Program Files\Common Files\Zinio\ZSHExt.dll [Zinio Magazine Column Provider] -> Zinio Systems, Inc. [Ver = 3.3.2.3160 | Size = 135168 bytes | Modified Date = 8/18/2005 10:14:16 PM | Attr = ]
{AB77609F-2178-4E6F-9C4B-44AC179D937A} [HKLM] -> Reg Data - Key not found [a Context Menu Shell Extension] -> File not found
{AC0B5D2E-B691-4E12-A4F9-CA88492579A2} [HKLM] -> C:\Program Files\Common Files\Zinio\ZSHExt.dll [Zinio Shell Extension] -> Zinio Systems, Inc. [Ver = 3.3.2.3160 | Size = 135168 bytes | Modified Date = 8/18/2005 10:14:16 PM | Attr = ]
{B327765E-D724-4347-8B16-78AE18552FC3} [HKLM] -> Reg Data - Key not found [NeroDigitalIconHandler] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{B4579AA5-E3A0-49A1-AC0B-5112AFBD215B} [HKLM] -> Reg Data - Key not found [iSQL*Plus Servers] -> File not found
{C0C4375A-5B72-4efe-929D-3B848C3A1E91} [HKLM] -> C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll [Message View] -> Nokia [Ver = 6, 41, 64, 0 | Size = 299008 bytes | Modified Date = 11/16/2004 9:36:08 AM | Attr = ]
{C539A15A-3AF9-4c92-B771-50CB78F5C751} [HKLM] -> C:\Program Files\Acronis\TrueImageHome\tishell.dll [Acronis True Image Shell Context Menu Extension] -> Acronis [Ver = 10,0,0,4871 | Size = 499872 bytes | Modified Date = 10/16/2006 9:17:08 PM | Attr = ]
{C539A15B-3AF9-4c92-B771-50CB78F5C751} [HKLM] -> C:\Program Files\Acronis\TrueImageHome\tishell.dll [Acronis True Image Shell Extension] -> Acronis [Ver = 10,0,0,4871 | Size = 499872 bytes | Modified Date = 10/16/2006 9:17:08 PM | Attr = ]
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [Adobe.Acrobat.ContextMenu] -> Adobe Systems Inc. [Ver = 7.0.0.2004121400\0 | Size = 577536 bytes | Modified Date = 12/14/2004 3:11:42 AM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 11/27/2001 8:10:00 AM | Attr = ]
{E0D79305-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 11/27/2001 8:10:00 AM | Attr = ]
{E0D79306-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 11/27/2001 8:10:00 AM | Attr = ]
{E0D79307-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 11/27/2001 8:10:00 AM | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> C:\Program Files\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2021 | Size = 49198 bytes | Modified Date = 10/10/2005 7:39:16 PM | Attr = ]
{FBFE7864-D495-41f0-B7DC-4BB601CC295E} [HKLM] -> C:\Program Files\Nokia\Nokia PC Suite 6\ContactView.dll [Contact View] -> Nokia [Ver = 6, 41, 64, 0 | Size = 302592 bytes | Modified Date = 11/16/2004 9:30:16 AM | Attr = ]
{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> Reg Data - Key not found [dBpowerAMP Music Converter 1] -> File not found
< Approved Shell Extensions [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL [Web Folders] -> [Ver = | Size = 561210 bytes | Modified Date = 11/3/1999 4:38:34 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{B33DE746-DEFE-4D7A-87DB-900864B1D3A8} [HKLM] -> C:\Program Files\Ashampoo\Ashampoo WinOptimizer Platinum 3\ContextHandler.dll [WOP3_ContextMenuHandler] -> [Ver = | Size = 418304 bytes | Modified Date = 11/10/2005 7:08:58 PM | Attr = ]
{C539A15A-3AF9-4c92-B771-50CB78F5C751} [HKLM] -> C:\Program Files\Acronis\TrueImageHome\tishell.dll [Acronis True Image Shell Context Menu Extension] -> Acronis [Ver = 10,0,0,4871 | Size = 499872 bytes | Modified Date = 10/16/2006 9:17:08 PM | Attr = ]
{23170F69-40C1-278A-1000-000100020000} [HKLM] -> C:\Program Files\7-Zip\7-zip.dll [7-Zip] -> [Ver = | Size = 136704 bytes | Modified Date = 12/9/2005 1:41:06 PM | Attr = ]
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [Adobe.Acrobat.ContextMenu] -> Adobe Systems Inc. [Ver = 7.0.0.2004121400\0 | Size = 577536 bytes | Modified Date = 12/14/2004 3:11:42 AM | Attr = ]
{BED4C38B-F765-45AC-8C56-613F76BBF43E} [HKLM] -> C:\Program Files\DAP\Privacy Package\DAPCtxMenuShell.dll [DAP_Menu] -> Speedbit Ltd. [Ver = 8, 0, 0, 2 | Size = 53339 bytes | Modified Date = 7/26/2006 6:17:18 PM | Attr = ]
{BED4C38B-F765-45AC-8C56-613F76BBF43E} [HKLM] -> C:\Program Files\DAP\Privacy Package\DAPCtxMenuShell.dll [DAP_ShredMenu] -> Speedbit Ltd. [Ver = 8, 0, 0, 2 | Size = 53339 bytes | Modified Date = 7/26/2006 6:17:18 PM | Attr = ]
{90A07ACC-0331-4aee-9AAD-A854A9C37667} [HKLM] -> C:\Program Files\Advanced System Optimizer\ShellExt.dll [FileEncrypt] -> Systweak Inc [Ver = 2,1,4,400 | Size = 190976 bytes | Modified Date = 7/7/2005 4:55:24 PM | Attr = ]
{dd230880-495a-11d1-b064-008048ec2fc5} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll [Kaspersky Anti-Virus] -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 41067 bytes | Modified Date = 11/1/2006 5:43:06 PM | Attr = ]
{2F25CF20-C569-11D1-B94C-00608CB45480} [HKLM] -> C:\Program Files\TextPad 4\system\shellext.dll [TextPad] -> Helios Software Solutions [Ver = 1.3 | Size = 24576 bytes | Modified Date = 1/1/2003 4:59:02 AM | Attr = ]
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} [HKLM] -> C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll [TuneUp Shredder Shell Extension] -> TuneUp Software GmbH [Ver = 2.0.0.2 | Size = 25608 bytes | Modified Date = 12/19/2006 4:53:48 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 11/27/2001 8:10:00 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{23170F69-40C1-278A-1000-000100020000} [HKLM] -> C:\Program Files\7-Zip\7-zip.dll [7-Zip] -> [Ver = | Size = 136704 bytes | Modified Date = 12/9/2005 1:41:06 PM | Attr = ]
{BED4C38B-F765-45AC-8C56-613F76BBF43E} [HKLM] -> C:\Program Files\DAP\Privacy Package\DAPCtxMenuShell.dll [DAP_ShredMenu] -> Speedbit Ltd. [Ver = 8, 0, 0, 2 | Size = 53339 bytes | Modified Date = 7/26/2006 6:17:18 PM | Attr = ]
{90A07ACC-0331-4aee-9AAD-A854A9C37667} [HKLM] -> C:\Program Files\Advanced System Optimizer\ShellExt.dll [FileEncrypt] -> Systweak Inc [Ver = 2,1,4,400 | Size = 190976 bytes | Modified Date = 7/7/2005 4:55:24 PM | Attr = ]
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} [HKLM] -> C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll [TuneUp Shredder Shell Extension] -> TuneUp Software GmbH [Ver = 2.0.0.2 | Size = 25608 bytes | Modified Date = 12/19/2006 4:53:48 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 11/27/2001 8:10:00 AM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{B33DE746-DEFE-4D7A-87DB-900864B1D3A8} [HKLM] -> C:\Program Files\Ashampoo\Ashampoo WinOptimizer Platinum 3\ContextHandler.dll [WOP3_ContextMenuHandler] -> [Ver = | Size = 418304 bytes | Modified Date = 11/10/2005 7:08:58 PM | Attr = ]
{C539A15A-3AF9-4c92-B771-50CB78F5C751} [HKLM] -> C:\Program Files\Acronis\TrueImageHome\tishell.dll [Acronis True Image Shell Context Menu Extension] -> Acronis [Ver = 10,0,0,4871 | Size = 499872 bytes | Modified Date = 10/16/2006 9:17:08 PM | Attr = ]
{dd230880-495a-11d1-b064-008048ec2fc5} [HKLM] -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll [Kaspersky Anti-Virus] -> Kaspersky Lab [Ver = 6.0.1.411 | Size = 41067 bytes | Modified Date = 11/1/2006 5:43:06 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 10/7/2005 3:05:32 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\Program Files\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 11/27/2001 8:10:00 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{A9AACA72-1C51-4F84-804D-90EDBA0D58F4} [HKLM] -> C:\Program Files\Common Files\Zinio\ZSHExt.dll [MyMagazinesColumn Class] -> Zinio Systems, Inc. [Ver = 3.3.2.3160 | Size = 135168 bytes | Modified Date = 8/18/2005 10:14:16 PM | Attr = ]
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 8.0.0.0 | Size = 372736 bytes | Modified Date = 10/22/2006 11:28:04 PM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{748376F9-3E37-405E-BB41-FA3C6C095EA1} -> (D-Link USB Remote NDIS Network Device) ->
{A12EA09A-13DE-4C71-9AE6-0299D1009C65} -> 202.144.115.4,202.144.10.50 (VIA Rhine II Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
skype4com -> C:\Program Files\Skype\toolbars\Shared\Skype4ComAPI.dll -> Skype Technologies [Ver = 1, 0, 0, 21 | Size = 1662976 bytes | Modified Date = 7/3/2006 4:30:02 PM | Attr = ]

[Files - Created Wihin 30 days]
WISC8BB491212D942AEB571E580D8CD1B5B_6_0_1255.MSI -> C:\Program Files\Common Files\Wise Installation Wizard\WISC8BB491212D942AEB571E580D8CD1B5B_6_0_1255.MSI -> [Ver = | Size = 8005632 bytes | Created Date = 12/21/2006 4:41:35 PM | Attr = ]
ctor.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll -> Macrovision Corporation [Ver = 11.50.43969 | Size = 69715 bytes | Created Date = 12/21/2006 12:56:52 PM | Attr = ]
DotNetInstaller.exe -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe -> InstallShield Software Corporation [Ver = 11.50.0.42618 | Size = 5632 bytes | Created Date = 12/21/2006 12:56:19 PM | Attr = ]
iGdi.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 200836 bytes | Created Date = 12/21/2006 12:55:43 PM | Attr = ]
iKernel.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll -> Macrovision Corporation [Ver = 11.50.43969 | Size = 757760 bytes | Created Date = 12/21/2006 12:56:19 PM | Attr = ]
iscript.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll -> Macrovision Corporation [Ver = 11.50.43969 | Size = 274432 bytes | Created Date = 12/21/2006 12:56:53 PM | Attr = ]
iuser.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll -> Macrovision Corporation [Ver = 11.50.43969 | Size = 204800 bytes | Created Date = 12/21/2006 12:56:53 PM | Attr = ]
setup.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 331908 bytes | Created Date = 12/21/2006 12:55:39 PM | Attr = ]
Active Setup Log.BAK -> C:\WINNT\Active Setup Log.BAK -> [Ver = | Size = 783 bytes | Created Date = 12/27/2006 10:56:04 AM | Attr = ]
system.ini.bak -> C:\WINNT\system.ini.bak -> [Ver = | Size = 341 bytes | Created Date = 12/21/2006 6:30:41 PM | Attr = ]
system.tmp -> C:\WINNT\system.tmp -> [Ver = | Size = 375 bytes | Created Date = 12/25/2006 7:12:04 PM | Attr = ]
win.tmp -> C:\WINNT\win.tmp -> [Ver = | Size = 1751 bytes | Created Date = 12/25/2006 7:12:03 PM | Attr = ]
java.exe -> C:\WINNT\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Created Date = 12/30/2006 4:36:30 PM | Attr = ]
javacpl.cpl -> C:\WINNT\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 69632 bytes | Created Date = 12/30/2006 4:36:31 PM | Attr = ]
javaw.exe -> C:\WINNT\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Created Date = 12/30/2006 4:36:30 PM | Attr = ]
javaws.exe -> C:\WINNT\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 139264 bytes | Created Date = 12/30/2006 4:36:30 PM | Attr = ]
Perflib_Perfdata_408.dat -> C:\WINNT\System32\Perflib_Perfdata_408.dat -> [Ver = | Size = 16384 bytes | Created Date = 12/21/2006 4:59:01 PM | Attr = ]
Perflib_Perfdata_6e4.dat -> C:\WINNT\System32\Perflib_Perfdata_6e4.dat -> [Ver = | Size = 16384 bytes | Created Date = 12/30/2006 2:41:59 PM | Attr = ]
Perflib_Perfdata_7a4.dat -> C:\WINNT\System32\Perflib_Perfdata_7a4.dat -> [Ver = | Size = 16384 bytes | Created Date = 1/2/1601 6:30:00 PM | Attr = ]
tmp.reg -> C:\WINNT\System32\tmp.reg -> [Ver = | Size = 2396 bytes | Created Date = 12/28/2006 5:45:03 PM | Attr = ]
fidbox.dat -> C:\WINNT\System32\drivers\fidbox.dat -> [Ver = | Size = 9800480 bytes | Created Date = 1/2/1601 6:30:00 PM | Attr = HS]
fidbox.idx -> C:\WINNT\System32\drivers\fidbox.idx -> [Ver = | Size = 132092 bytes | Created Date = 1/2/1601 6:30:00 PM | Attr = HS]
fidbox2.dat -> C:\WINNT\System32\drivers\fidbox2.dat -> [Ver = | Size = 696608 bytes | Created Date = 1/2/1601 6:30:00 PM | Attr = HS]
fidbox2.idx -> C:\WINNT\System32\drivers\fidbox2.idx -> [Ver = | Size = 66188 bytes | Created Date = 1/2/1601 6:30:00 PM | Attr = HS]
ikhfile.sys -> C:\WINNT\System32\drivers\ikhfile.sys -> PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2014 | Size = 30592 bytes | Created Date = 12/25/2006 10:00:49 PM | Attr = ]
ikhlayer.sys -> C:\WINNT\System32\drivers\ikhlayer.sys -> PCTools Research Pty Ltd. [Ver = 3, 6, 1, 2011 | Size = 51072 bytes | Created Date = 12/25/2006 9:59:19 PM | Attr = ]
klick.sys -> C:\WINNT\System32\drivers\klick.sys -> Kaspersky Lab [Ver = 2.0.0.348 | Size = 61584 bytes | Created Date = 12/7/2006 10:24:05 AM | Attr = ]
klif.sys -> C:\WINNT\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.247 | Size = 174864 bytes | Created Date = 12/7/2006 10:22:27 AM | Attr = ]
klin.sys -> C:\WINNT\System32\drivers\klin.sys -> Kaspersky Lab [Ver = 2.0.0.333 | Size = 59536 bytes | Created Date = 12/7/2006 10:24:05 AM | Attr = ]
tmcomm.sys -> C:\WINNT\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 12/24/2006 12:22:11 PM | Attr = ]

[Files - Modified Wihin 30 days]
boot.ini -> C:\boot.ini -> [Ver = | Size = 193 bytes | Modified Date = 12/30/2006 10:23:32 PM | Attr = RH ]
bootwiz.sys -> C:\bootwiz.sys -> [Ver = | Size = 22528 bytes | Modified Date = 12/17/2006 2:32:30 PM | Attr = RHS]
deb.sbl -> C:\deb.sbl -> [Ver = | Size = 45510 bytes | Modified Date = 12/29/2006 10:41:14 AM | Attr = ]
ntdetect.com -> C:\ntdetect.com -> [Ver = | Size = 34724 bytes | Modified Date = 12/30/2006 10:23:32 PM | Attr = RHS]
WISC8BB491212D942AEB571E580D8CD1B5B_6_0_1255.MSI -> C:\Program Files\Common Files\Wise Installation Wizard\WISC8BB491212D942AEB571E580D8CD1B5B_6_0_1255.MSI -> [Ver = | Size = 8005632 bytes | Modified Date = 12/21/2006 4:41:38 PM | Attr = ]
iGdi.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 200836 bytes | Modified Date = 12/21/2006 12:55:44 PM | Attr = ]
setup.dll -> C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 331908 bytes | Modified Date = 12/21/2006 12:55:40 PM | Attr = ]
Active Setup Log.BAK -> C:\WINNT\Active Setup Log.BAK -> [Ver = | Size = 783 bytes | Modified Date = 12/27/2006 2:10:40 PM | Attr = ]
imsins.BAK -> C:\WINNT\imsins.BAK -> [Ver = | Size = 1428 bytes | Modified Date = 12/13/2006 2:56:22 PM | Attr = ]
ODBC.INI -> C:\WINNT\ODBC.INI -> [Ver = | Size = 1160 bytes | Modified Date = 12/21/2006 6:32:34 PM | Attr = ]
ODBCINST.INI -> C:\WINNT\ODBCINST.INI -> [Ver = | Size = 4073 bytes | Modified Date = 12/21/2006 6:32:36 PM | Attr = ]
QTFont.qfn -> C:\WINNT\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 12/12/2006 10:39:54 AM | Attr = H ]
system.ini -> C:\WINNT\system.ini -> [Ver = | Size = 375 bytes | Modified Date = 12/21/2006 6:30:42 PM | Attr = ]
system.tmp -> C:\WINNT\system.tmp -> [Ver = | Size = 375 bytes | Modified Date = 12/21/2006 6:30:42 PM | Attr = ]
java.exe -> C:\WINNT\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 12/30/2006 4:34:34 PM | Attr = ]
javacpl.cpl -> C:\WINNT\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 69632 bytes | Modified Date = 12/30/2006 4:34:34 PM | Attr = ]
javaw.exe -> C:\WINNT\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 12/30/2006 4:34:34 PM | Attr = ]
javaws.exe -> C:\WINNT\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 139264 bytes | Modified Date = 12/30/2006 4:34:34 PM | Attr = ]
Perflib_Perfdata_408.dat -> C:\WINNT\System32\Perflib_Perfdata_408.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/21/2006 4:59:02 PM | Attr = ]
Perflib_Perfdata_6e4.dat -> C:\WINNT\System32\Perflib_Perfdata_6e4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/30/2006 2:42:02 PM | Attr = ]
Perflib_Perfdata_7a4.dat -> C:\WINNT\System32\Perflib_Perfdata_7a4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/30/2006 4:59:14 PM | Attr = ]
tmp.reg -> C:\WINNT\System32\tmp.reg -> [Ver = | Size = 2396 bytes | Modified Date = 12/28/2006 5:45:04 PM | Attr = ]
vsconfig.xml -> C:\WINNT\System32\vsconfig.xml -> [Ver = | Size = 48877 bytes | Modified Date = 12/30/2006 5:03:56 PM | Attr = H ]
fidbox.dat -> C:\WINNT\System32\drivers\fidbox.dat -> [Ver = | Size = 9800480 bytes | Modified Date = 12/30/2006 6:07:12 PM | Attr = HS]
fidbox.idx -> C:\WINNT\System32\drivers\fidbox.idx -> [Ver = | Size = 132092 bytes | Modified Date = 12/30/2006 4:53:10 PM | Attr = HS]
fidbox2.dat -> C:\WINNT\System32\drivers\fidbox2.dat -> [Ver = | Size = 696608 bytes | Modified Date = 12/30/2006 6:12:04 PM | Attr = HS]
fidbox2.idx -> C:\WINNT\System32\drivers\fidbox2.idx -> [Ver = | Size = 66188 bytes | Modified Date = 12/30/2006 4:53:10 PM | Attr = HS]
klick.sys -> C:\WINNT\System32\drivers\klick.sys -> Kaspersky Lab [Ver = 2.0.0.348 | Size = 61584 bytes | Modified Date = 12/8/2006 9:56:40 AM | Attr = ]
klif.sys -> C:\WINNT\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.247 | Size = 174864 bytes | Modified Date = 12/7/2006 10:22:30 AM | Attr = ]
klin.sys -> C:\WINNT\System32\drivers\klin.sys -> Kaspersky Lab [Ver = 2.0.0.333 | Size = 59536 bytes | Modified Date = 12/7/2006 10:24:06 AM | Attr = ]
snapman.sys -> C:\WINNT\System32\drivers\snapman.sys -> Acronis [Ver = 3.0 build 303 | Size = 114048 bytes | Modified Date = 12/15/2006 11:31:16 AM | Attr = ]
tifsfilt.sys -> C:\WINNT\System32\drivers\tifsfilt.sys -> Acronis [Ver = 3.3 build 443 | Size = 39264 bytes | Modified Date = 12/16/2006 10:33:48 AM | Attr = ]
timntr.sys -> C:\WINNT\System32\drivers\timntr.sys -> Acronis [Ver = 3.3 build 443 | Size = 395744 bytes | Modified Date = 12/16/2006 10:33:48 AM | Attr = ]
tmcomm.sys -> C:\WINNT\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 12/24/2006 11:18:42 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , -> C:\bootwiz.sys -> [Ver = | Size = 22528 bytes | Modified Date = 12/17/2006 2:32:30 PM | Attr = RHS]
UPX! , UPX0 , -> C:\Program Files\Common Files\Acronis\CDRecord\cdrecord.exe -> Acronis [Ver = 2.01-1.9 | Size = 135680 bytes | Modified Date = 12/6/2005 8:58:06 PM | Attr = ]
UPX! , UPX0 , -> C:\Program Files\Common Files\Acronis\CDRecord\cygwin1.dll -> Red Hat [Ver = 1.5.6 | Size = 438153 bytes | Modified Date = 11/29/2005 2:00:24 PM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\MediaBuilder\bootmenu.exe -> [Ver = | Size = 33736 bytes | Modified Date = 11/29/2005 1:22:14 PM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\MediaBuilder\bootwiz.sys -> [Ver = | Size = 22528 bytes | Modified Date = 10/16/2006 1:47:54 PM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\MediaBuilder\kernel.dat -> [Ver = | Size = 664914 bytes | Modified Date = 10/16/2006 5:18:58 AM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\MediaBuilder\mouse.com -> [Ver = | Size = 4850 bytes | Modified Date = 11/29/2005 1:22:14 PM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\MediaBuilder\ramdisk.exe -> [Ver = | Size = 18931 bytes | Modified Date = 10/16/2006 1:42:46 PM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\TrueImage\bootwiz.sys -> [Ver = | Size = 22528 bytes | Modified Date = 10/16/2006 1:47:54 PM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\TrueImage\kernel.dat -> [Ver = | Size = 664914 bytes | Modified Date = 10/16/2006 5:18:58 AM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\TrueImage\mouse.com -> [Ver = | Size = 4850 bytes | Modified Date = 10/16/2006 5:16:20 AM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\TrueImage\splash.run -> [Ver = | Size = 23388 bytes | Modified Date = 10/16/2006 1:42:58 PM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\TrueImageHome\bootmenu.exe -> [Ver = | Size = 1852473 bytes | Modified Date = 10/16/2006 2:00:54 PM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\TrueImageHome\bootwiz.sys -> [Ver = | Size = 22528 bytes | Modified Date = 10/16/2006 1:47:54 PM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\TrueImageHome\kernel.dat -> [Ver = | Size = 664914 bytes | Modified Date = 10/16/2006 5:18:58 AM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\TrueImageHome\mouse.com -> [Ver = | Size = 4850 bytes | Modified Date = 10/16/2006 5:16:20 AM | Attr = ]
UPX! , -> C:\Program Files\Common Files\Acronis\TrueImageHome\splash.run -> [Ver = | Size = 23388 bytes | Modified Date = 10/16/2006 2:37:04 PM | Attr = ]
PEC2 , -> C:\Program Files\Common Files\GTK\2.0\bin\libglib-2.0-0.dll -> The GLib developer community [Ver = 2.10.3.0 | Size = 582621 bytes | Modified Date = 5/27/2006 8:51:10 AM | Attr = ]
Thawte Consulting , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 12/6/2004 10:57:36 PM | Attr = ]
Thawte Consulting , USERTRUST , -> C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip -> [Ver = | Size = 4868848 bytes | Modified Date = 11/29/2006 3:41:36 AM | Attr = ]
PTech , -> C:\P

#8 prampara

prampara
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 30 December 2006 - 08:33 AM

PTech , -> C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\serk\1033\ADOVIEW.HTM -> [Ver = | Size = 40987 bytes | Modified Date = 12/8/1998 7:31:10 PM | Attr = ]
PEC2 , PECompact2 , -> C:\Program Files\Common Files\Real\GToolbar\GDSSetup.exe -> [Ver = | Size = 743016 bytes | Modified Date = 10/10/2005 7:40:00 PM | Attr = ]
aspack , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041006.020\NAVEX15.SYS -> Symantec Corporation [Ver = 2004.2.1.10 | Size = 617288 bytes | Modified Date = 10/6/2004 1:30:00 PM | Attr = ]
aspack , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041006.020\NAVEX15.VXD -> [Ver = | Size = 876529 bytes | Modified Date = 10/6/2004 1:30:00 PM | Attr = ]
aspack , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041006.020\NAVEX32A.DLL -> Symantec Corporation [Ver = 2004.2.1.10 | Size = 672936 bytes | Modified Date = 10/6/2004 1:30:00 PM | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041006.020\VIRSCAN1.DAT -> [Ver = | Size = 889363 bytes | Modified Date = 10/6/2004 1:30:00 PM | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041006.020\VIRSCAN8.DAT -> [Ver = | Size = 1170741 bytes | Modified Date = 10/6/2004 1:30:00 PM | Attr = ]
UPX! , FSG! , WSUD , UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041006.020\VIRSCAN9.DAT -> [Ver = | Size = 1634601 bytes | Modified Date = 10/6/2004 1:30:00 PM | Attr = ]
aspack , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20051005.037\NAVEX15.SYS -> Symantec Corporation [Ver = 20051.2.0.18 | Size = 665816 bytes | Modified Date = 10/5/2005 1:30:00 PM | Attr = ]
aspack , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20051005.037\NAVEX15.VXD -> [Ver = | Size = 963069 bytes | Modified Date = 10/5/2005 1:30:00 PM | Attr = ]
aspack , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20051005.037\NAVEX32A.DLL -> Symantec Corporation [Ver = 20051.2.0.18 | Size = 706168 bytes | Modified Date = 10/5/2005 1:30:00 PM | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20051005.037\VIRSCAN1.DAT -> [Ver = | Size = 963471 bytes | Modified Date = 10/5/2005 1:30:00 PM | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20051005.037\VIRSCAN8.DAT -> [Ver = | Size = 1414159 bytes | Modified Date = 10/5/2005 1:30:00 PM | Attr = ]
UPX! , FSG! , WSUD , UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20051005.037\VIRSCAN9.DAT -> [Ver = | Size = 2724799 bytes | Modified Date = 10/5/2005 1:30:00 PM | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060908.024\TCDEFS.DAT -> [Ver = | Size = 48806 bytes | Modified Date = 9/8/2006 1:30:00 PM | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060908.024\VIRSCAN8.DAT -> [Ver = | Size = 1594351 bytes | Modified Date = 9/8/2006 1:30:00 PM | Attr = ]
FSG! , WSUD , UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060908.024\VIRSCAN9.DAT -> [Ver = | Size = 3630155 bytes | Modified Date = 9/8/2006 1:30:00 PM | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061118.006\TCDEFS.DAT -> [Ver = | Size = 186850 bytes | Modified Date = 11/18/2006 2:30:00 PM | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061118.006\VIRSCAN8.DAT -> [Ver = | Size = 1633816 bytes | Modified Date = 11/18/2006 2:30:00 PM | Attr = ]
FSG! , WSUD , UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061118.006\VIRSCAN9.DAT -> [Ver = | Size = 3856795 bytes | Modified Date = 11/18/2006 2:30:00 PM | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061119.004\TCDEFS.DAT -> [Ver = | Size = 186850 bytes | Modified Date = 11/19/2006 2:30:00 PM | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061119.004\VIRSCAN8.DAT -> [Ver = | Size = 1634183 bytes | Modified Date = 11/19/2006 2:30:00 PM | Attr = ]
FSG! , WSUD , UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061119.004\VIRSCAN9.DAT -> [Ver = | Size = 3857169 bytes | Modified Date = 11/19/2006 2:30:00 PM | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcdefs.dat -> [Ver = | Size = 47313 bytes | Modified Date = 6/14/2006 1:30:00 PM | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan8.dat -> [Ver = | Size = 1549953 bytes | Modified Date = 6/14/2006 1:30:00 PM | Attr = ]
FSG! , WSUD , UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan9.dat -> [Ver = | Size = 3337932 bytes | Modified Date = 6/14/2006 1:30:00 PM | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp6882.tmp\TCDEFS.DAT -> [Ver = | Size = 186736 bytes | Modified Date = 11/13/2006 2:30:00 PM | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp6882.tmp\VIRSCAN8.DAT -> [Ver = | Size = 1630135 bytes | Modified Date = 11/13/2006 2:30:00 PM | Attr = ]
FSG! , WSUD , UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp6882.tmp\VIRSCAN9.DAT -> [Ver = | Size = 3841214 bytes | Modified Date = 11/13/2006 2:30:00 PM | Attr = ]
SAHAgent , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp933.tmp\TCDEFS.DAT -> [Ver = | Size = 46770 bytes | Modified Date = 5/17/2006 1:30:00 PM | Attr = ]
FSG! , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp933.tmp\VIRSCAN8.DAT -> [Ver = | Size = 1536947 bytes | Modified Date = 5/17/2006 1:30:00 PM | Attr = ]
UPX0 , -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp933.tmp\VIRSCAN9.DAT -> [Ver = | Size = 3265824 bytes | Modified Date = 5/19/2006 8:50:34 PM | Attr = ]
UPX! , UPX0 , -> C:\WINNT\System32\asmwZipIt.ocx -> asmwsoft.com [Ver = 1.00.0002 | Size = 21504 bytes | Modified Date = 10/21/2004 8:31:50 AM | Attr = ]
UPX! , -> C:\WINNT\System32\aswBoot.exe -> [Ver = 4, 6, 665, 0 | Size = 433152 bytes | Modified Date = 7/9/2005 2:33:06 PM | Attr = ]
UPX! , -> C:\WINNT\System32\Cgrm_en.dll -> Centigram Communications Corp. [Ver = 5, 0, 0, 49 | Size = 1294336 bytes | Modified Date = 6/11/1997 5:51:30 PM | Attr = ]
PEC2 , -> C:\WINNT\System32\CO2C40EN.DLL -> [Ver = 4.6.1.106 | Size = 748160 bytes | Modified Date = 11/18/1996 | Attr = ]
aspack , -> C:\WINNT\System32\Incinerator.dll -> [Ver = | Size = 1211904 bytes | Modified Date = 2/2/2006 6:42:38 PM | Attr = ]
Thawte Consulting , -> C:\WINNT\System32\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 63144 bytes | Modified Date = 8/25/2006 9:17:00 AM | Attr = ]
Thawte Consulting , -> C:\WINNT\System32\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 67240 bytes | Modified Date = 8/25/2006 9:17:00 AM | Attr = ]
Thawte Consulting , -> C:\WINNT\System32\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 62632 bytes | Modified Date = 8/25/2006 9:17:00 AM | Attr = ]
Thawte Consulting , -> C:\WINNT\System32\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Modified Date = 8/25/2006 9:17:00 AM | Attr = ]
UPX! , UPX0 , -> C:\WINNT\System32\t3odm.dll -> Cyberlink [Ver = 1.00.1016 | Size = 28672 bytes | Modified Date = 5/1/2004 4:46:24 AM | Attr = ]
winsync , -> C:\WINNT\System32\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 12/7/1999 9:30:00 AM | Attr = ]
aspack , -> C:\WINNT\System32\wodfamoh.dll -> Abrosoft [Ver = 3, 6, 2, 0 | Size = 816640 bytes | Modified Date = 8/18/2006 11:24:36 AM | Attr = H ]
UPX! , UPX0 , -> C:\WINNT\System32\Zipdll.dll -> [Ver = 1, 4, 0, 0 | Size = 47616 bytes | Modified Date = 10/22/1999 1:49:22 PM | Attr = ]
UPX! , UPX0 , -> C:\WINNT\System32\Zipit.dll -> [Ver = | Size = 102400 bytes | Modified Date = 8/18/2000 12:01:56 AM | Attr = ]

< End of report >

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:35 PM

Posted 30 December 2006 - 07:14 PM

Hi prampara. My first thought with the network traffic volume would be to check if Windows is downloading updates in the background. If the machine was incapable of being updated for a period of time and now it is working again, Windows might be catching up with the latest updates.

It looks like some of the registry entries are still present. They are not critical because the files are missing but we should get them cleaned up.

There is a new version of WinPFind3u out that will show a log of everything that occurred during the fix when the fix is complete. Please delete any current WinPFind3u files/folders from your desktop and download the newer version shown below.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder on your desktop and double-click on the WinPFind3U.exe file to start the program. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {029CA12C-89C1-46a7-A3C7-82F2F98635CB} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {A491D208-B353-490F-B81A-A8A3DC97042D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {CE57DA55-F491-45C6-B3DB-6C98E4B17CDC} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {E24AD748-155E-4254-B674-4EDF86E7E1DF} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{7435856C-6CA1-45CF-A00D-82178387F223} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} -> Reg Data - Value does not exist [ButtonText: Web Anti-Virus]
YN -> {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> Reg Data - Value does not exist [ButtonText: Spyware Doctor]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> Download &All by FD -> Reg Data - Value does not exist
YN -> Download with &FD -> Reg Data - Value does not exist


The fix should only take a very short time. When it is finished, a message box will pop up telling you that it has completed. Click the Ok button and Notepad will open with the details of what occurred during the fix. Please post that information back here so I can review it.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#10 prampara

prampara
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 31 December 2006 - 12:49 AM

Greetings Old Timer,

Here's the log of the Fix for your review:

[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{029CA12C-89C1-46a7-A3C7-82F2F98635CB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A491D208-B353-490F-B81A-A8A3DC97042D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE57DA55-F491-45C6-B3DB-6C98E4B17CDC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E24AD748-155E-4254-B674-4EDF86E7E1DF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download &All by FD deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &FD deleted successfully.
< End of log >
Created on 12/31/2006 11:02:35

Regarding the network traffic volume, I've got windows update set to automatically download the updates. Moreover I do it manually atleast once a week to reconfirm. Infact as I write this I've got a message to restart the computer to complete installed updates. So windows update can be ruled out. It was working fine till about a week back. It was the huge volume that really got me scared. Anyway do let me know if you can figure out what could be causing it.

Here's wishing you a new year so bright that it radiates abundant joy and immeasurable prosperity for you to bask in. Wish you a Happy, Prosperous and Healthy 2007.

Prampara

#11 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:35 PM

Posted 31 December 2006 - 12:24 PM

Hi prampara. Everything looks clean so I do not think we are dealing with malware at this time. There is a freeware program that you can use to see what processes are accessing the internet and the volume of data being sent and received. It's called NetLimiter 2. Here's a link: http://www.netlimiter.com/

There are 3 versions. You want the free version (it is just a monitor). Install it and let it run and see what processes are creating network traffic and in what volumes.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#12 prampara

prampara
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 01 January 2007 - 02:01 AM

Greetings Old Timer,

Welcome to the New Year !!!

Got netlimiter and everything seems to be fine. The traffic volume too is under permissible levels. One question though, do svchost.exe, cidaemon.exe, lsass.exe and services.exe need access to the net?

Thanks,

Prampara

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:35 PM

Posted 01 January 2007 - 10:24 AM

Hi prampara. Yes, all of those process could produce a firewall message. The They might not be trying to access the internet but only the local machine through 127.0.0.1. The firewall will see this as an attempt to access the network (not necessarily the internet).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 prampara

prampara
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 02 January 2007 - 12:27 AM

Greetings Old Timer,

Thanks for your time and advice. Net Limiter is working fine but windows net traffic volumes are still haywire though.

Prampara

#15 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:35 PM

Posted 02 January 2007 - 04:20 PM

Hi prampara. Net Limiter should tell you what each process's network volume is. Look for the process that is sending and/or receiving the most.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users