Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

COMPUTER INFECTED?

Started by ecspoilprincess , Jan 02 2007 07:29 PM

This topic is locked

#16
Excal

Posted 03 January 2007 - 10:25 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

Ok, I will be here. Have a good nite.

:whistling:

Excal

#17
ecspoilprincess

Posted 04 January 2007 - 07:07 PM

Member

Topic Starter
Member
20 posts

Hi Excal,
HOw are you?
Anyhow i did what you said to do so here it is i hope i did it right.. :whistling:

Logfile of HijackThis v1.99.1
Scan saved at 4:56:23 PM, on 1/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\Program Files\Cox\Applications\App\syssvcnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Cox\Applications\app\Console.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\vbkngpnh.exe
C:\Documents and Settings\Admin\My Documents\HIJACK THIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\ntsystem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ESP] c:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authenti.../bin/wizard.exe
O16 - DPF: {2A510DC8-C9B5-4269-B9BA-E5B04D47D981} (CPlayFirstDDSonicControl Object) - http://www.shockwave...ic.1.0.0.92.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildt...iveLauncher.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay12...es/MsnPUpld.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave...h2.1.0.0.53.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131494351434
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141594522062
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.lln...eck_1_0_0_4.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.lln...0_15_Silent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\Cox\Applications\App\syssvcnt.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

_________________________________________________________________________________________

SmitFraudFix v2.132

Scan done at 16:44:43.59, Thu 01/04/2007
Run from C:\Documents and Settings\Admin\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\winstall.exe Deleted
C:\Documents and Settings\Admin\Application Data\Install.dat Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

#18
Excal

Posted 04 January 2007 - 07:16 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

You did good :blink:

Tell me exactly whats going on with your computer now.

:whistling:

Excal

#19
ecspoilprincess

Posted 04 January 2007 - 07:25 PM

Member

Topic Starter
Member
20 posts

Well it still has that red bubble that says (YOUR COMPUTER IS INFECTED) so does it have a virus alot of syware or what did the logs say? since i dont understand any of that stuff. lol
Thank you....

Edited by ecspoilprincess, 04 January 2007 - 07:25 PM.

#20
Excal

Posted 04 January 2007 - 07:40 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

The log said that it cleaned part of a left over infection you had. That bubble doesn't mean your infected. Its a way that the bad guys get you to buy their product... :whistling:

I want to get one more log from you.

Download WinPFind and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.
don't do anything with it yet.

boot into safe mode

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Inside c:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

reboot

Please post the winpfind log

#21
ecspoilprincess

Posted 04 January 2007 - 08:12 PM

Member

Topic Starter
Member
20 posts

so when i go to download the winpfind do i click where it says run or save and when i save where is the C:\ folder. sorry if i sound a little dumb but i dont even know where that folder is at??

#22
Excal

Posted 04 January 2007 - 08:16 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

nah ur not dumb, it can be confusing, trust me I know.

the c folder they are refering to is your c drive. Does that help?

:whistling:

Excal

#23
ecspoilprincess

Posted 04 January 2007 - 09:56 PM

Member

Topic Starter
Member
20 posts

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 1/4/2007 7:28:41 PM
WinPFind v1.5.0 Folder = C:\WinPFind\WinPFind\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 3/18/2005 3:54:00 AM 43391 C:\WINDOWS\browser.exe ()
UPX! 12/30/2006 12:18:46 AM 65536 C:\WINDOWS\IFinst27.exe ()

Checking %System% folder...
aspack 3/18/2005 4:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 5/26/2005 2:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 7/22/2005 6:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 12/5/2005 5:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 2/3/2006 7:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack 3/31/2006 11:40:58 AM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
PEC2 8/4/2004 2:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PEC2 9/28/2005 1:29:14 PM 693248 C:\WINDOWS\SYSTEM32\DivX.dll (DivXNetworks)
PECompact2 9/28/2005 1:29:14 PM 693248 C:\WINDOWS\SYSTEM32\DivX.dll (DivXNetworks)
WSUD 7/30/2006 12:04:40 PM 200704 C:\WINDOWS\SYSTEM32\dwSock6.dll (Desaware Inc.)
PTech 6/19/2006 3:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 12/7/2006 3:13:46 PM 10716584 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 12/7/2006 3:13:46 PM 10716584 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 8/4/2004 2:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 2:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 8/4/2004 2:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 1/4/2007 4:43:54 PM 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe (S!Ri)
UPX! 1/4/2007 4:43:54 PM 135168 C:\WINDOWS\SYSTEM32\swreg.exe (SteelWerX)
UPX! 1/4/2007 4:43:54 PM 40960 C:\WINDOWS\SYSTEM32\swsc.exe ()
UPX! 1/4/2007 4:43:54 PM 79360 C:\WINDOWS\SYSTEM32\swxcacls.exe (SteelWerX)
winsync 8/4/2004 2:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 6/19/2006 3:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)
PEC2 10/18/2006 9:47:20 PM 8231936 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)
WSUD 10/18/2006 9:47:20 PM 8231936 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/4/2007 6:43:38 PM S 2048 C:\WINDOWS\bootstat.dat ()
1/4/2007 10:28:18 AM H 54156 C:\WINDOWS\QTFont.qfn ()
12/27/2006 2:30:18 PM RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme ()
12/27/2006 2:30:18 PM RH 0 C:\WINDOWS\assembly\pubpol1.dat ()
12/27/2006 11:14:20 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index22.dat ()
12/28/2006 7:11:12 AM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index23.dat ()
12/25/2006 7:04:58 PM RHS 56 C:\WINDOWS\system32\FFFC8EF4C0.sys ()
12/25/2006 7:04:58 PM HS 1682 C:\WINDOWS\system32\KGyGaAvL.sys ()
11/7/2006 9:04:24 PM S 42340 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ie7.cat ()
11/7/2006 9:24:16 PM S 11671 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923694.cat ()
11/17/2006 10:05:18 PM S 22261 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925454.cat ()
11/12/2006 10:05:44 PM S 15355 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925876.cat ()
11/18/2006 9:53:42 AM S 8847 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB928388.cat ()
11/28/2006 11:22:38 PM S 8847 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929120.cat ()
11/6/2006 11:36:22 AM S 10525 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\msdrmv1.cat ()
1/4/2007 6:43:30 PM H 8192 C:\WINDOWS\system32\config\default.LOG ()
1/4/2007 6:44:02 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
1/4/2007 6:43:44 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
1/4/2007 7:02:46 PM H 102400 C:\WINDOWS\system32\config\software.LOG ()
1/4/2007 6:43:50 PM H 987136 C:\WINDOWS\system32\config\system.LOG ()
12/27/2006 2:00:10 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
12/27/2006 2:37:22 PM H 0 C:\WINDOWS\system32\drivers\umdf\MsftWdf_user_01_00_00.Wdf ()
12/30/2006 7:35:06 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\c75758db-67f7-4fd6-93a4-fa69b66628fa ()
12/30/2006 7:35:06 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
1/4/2007 6:36:14 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/4/2004 2:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
8/4/2004 2:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
5/8/2003 4:25:18 PM 815104 C:\WINDOWS\SYSTEM32\B57exp.cpl (Broadcom Corporation)
10/7/2003 10:39:00 AM 184320 C:\WINDOWS\SYSTEM32\bdeadmin.cpl (Borland Software Corporation)
8/4/2004 2:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
9/18/2003 12:18:00 AM R 24576 C:\WINDOWS\SYSTEM32\cpl_moh.cpl ()
8/4/2004 2:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 2:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 2:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
10/19/2005 8:59:12 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation)
10/17/2006 12:05:48 PM 1817088 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 2:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 2:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
7/27/2004 1:50:48 PM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
8/4/2004 2:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
4/13/2005 3:48:52 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/4/2004 2:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 2:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/4/2004 2:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/4/2004 2:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 2:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/4/2004 2:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 2:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
8/4/2004 2:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/4/2004 2:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 2:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 2:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
10/17/2006 12:05:48 PM 1817088 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
1/23/2005 1:33:44 PM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\igfxcpl.cpl (Intel Corporation)

Checking for Downloaded Program Files...
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://fpdownload.ma...director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft....k/?linkid=39204
{1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - CNavigationManager Object - CodeBase = http://www3.authenti.../bin/wizard.exe
{2A510DC8-C9B5-4269-B9BA-E5B04D47D981} - CPlayFirstDDSonicControl Object - CodeBase = http://www.shockwave...ic.1.0.0.92.cab
{3A7FE611-1994-4EF1-A09F-99456752289D} - - CodeBase = http://install.wildt...iveLauncher.cab
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} - MSN Photo Upload Tool - CodeBase = http://by120fd.bay12...es/MsnPUpld.cab
{639658F3-B141-4D6B-B936-226F75A5EAC3} - CPlayFirstDinerDash2Control Object - CodeBase = http://www.shockwave...h2.1.0.0.53.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase = http://update.micros...b?1131494351434
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.micros...b?1141594522062
{A17E30C4-A9BA-11D4-8673-60DB54C10000} - YahooYMailTo Class - CodeBase = http://download.yaho...mail/ymmapi.dll
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn...pDownloader.cab
{CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - CentrinoCheck Control - CodeBase = http://entriq.vo.lln...eck_1_0_0_4.cab
{CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - - CodeBase = http://entriq.vo.lln...0_15_Silent.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.ma...ent/swflash.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
8/10/2004 10:04:12 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/10/2004 9:57:42 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
12/30/2006 4:46:16 PM 2924 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
8/10/2004 10:04:12 AM HS 84 C:\Documents and Settings\Admin\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
8/10/2004 9:57:42 AM HS 62 C:\Documents and Settings\Admin\Application Data\desktop.ini ()
1/4/2007 4:53:48 PM 1434987 C:\Documents and Settings\Admin\Application Data\Install.dat ()
2/22/2006 9:28:46 AM 12358 C:\Documents and Settings\Admin\Application Data\PFP120JCM.{PB ()
2/22/2006 9:28:46 AM 61678 C:\Documents and Settings\Admin\Application Data\PFP120JPR.{PB ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft...p...ER}&ar=home
\\Search Page - http://www.microsoft...amp;ar=iesearch
\\Default_Page_URL - http://www.microsoft...p...&ar=msnhome
\\Default_Search_URL - http://www.microsoft...amp;ar=iesearch
\\Local Page - C:\windows\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.google.com/
\\Search Page - http://www.microsoft...amp;ar=iesearch
\\Default_Search_URL - http://www.microsoft...amp;ar=iesearch
\\Local Page - C:\windows\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn...st/srchcust.htm
\\SearchAssistant - http://ie.search.msn...st/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - AOLTBSearch Class = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{02478D38-C3F9-4efb-9B51-7695ECA05670} - Yahoo! Companion BHO = C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll (Yahoo! Inc.)
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - AOL Toolbar Launcher = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
\{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - CNisExtBho Class = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
\{BDF3E430-B101-42AD-A544-FADC6B084872} - CNavExtBho Class = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (Yahoo! Inc.)
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\system32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{21569614-B795-46B1-85F4-E737A8DC09AD} - Shell Search Band = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\{30D02401-6A81-11D0-8274-00C04FD5AE38} - IE Search Band = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (Yahoo! Inc.)
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
\{FF059E31-CC5A-4E2E-BF3B-96E929D65503} - &Research = C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Norton Internet Security = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion = C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll (Yahoo! Inc.)
\\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Norton Internet Security = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion = C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll (Yahoo! Inc.)
\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = Sun Java Console
\\NEXTID - 8201
\\{2499216C-4BA5-11D5-BD9C-000103C116D5} - 8193 = Yahoo! Login
\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - 8194 = Yahoo! Messenger
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8195 =
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8196 =
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8197 = Windows Messenger
\\{3369AF0D-62E9-4bda-8103-B4C75499B578} - 8198 =
\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8199 =
\\{e2e2dd38-d088-4134-82b7-f2ba38496583} - 8200 = @xpsp3res.dll,-20001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\WINDOWS\system32\msjava.dll (Microsoft Corporation)
\{2499216C-4BA5-11D5-BD9C-000103C116D5} - ButtonText: Yahoo! Login =
\{3369AF0D-62E9-4bda-8103-B4C75499B578} - ButtonText: AOL Toolbar =
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - ButtonText: Messenger =
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc.)
\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com =
\{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{7D5C4BDD-B015-4401-8731-1507B87DE297} - QBVersionTool = C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll (Intuit, Inc.)
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\Program Files\Yahoo!\common\ymmapi.dll (Yahoo! Inc.)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
\\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\common\ymmapi.dll (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\system32\igfxpph.dll (Intel Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
gwiz - C:\WINDOWS\system32\ntsystem.exe ()
ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
ESP - c:\Program Files\Cox\Applications\app\start.exe (Authentium, Inc.)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
WMPNSCFG - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
Windows installer - C:\winstall.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Admin\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^LimeWire On Startup.lnk
path C:\Documents and Settings\Admin\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
location Startup
command C:\PROGRA~1\LimeWire\LimeWire.exe -startup
item LimeWire On Startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk
backup C:\WINDOWS\pss\dlbcserv.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\DELLPH~1\dlbcserv.exe
item dlbcserv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe
item QuickBooks Update Agent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\SBCSEL~1\bin\matcli.exe -boot
item SBC Self Support Tool

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item p2pnetworking
hkey HKLM
command p2pnetworking.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command C:\Program Files\AIM\aim.exe -cnetwait.odl
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BJCFD
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CFD
hkey HKLM
command C:\Program Files\BroadJump\Client Foundation\CFD.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccApp
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ccApp
hkey HKLM
command "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command C:\WINDOWS\system32\ctfmon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DellSupport
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DSAgnt
hkey HKCU
command "C:\Program Files\Dell Support\DSAgnt.exe" /startup
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dla
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tfswctrl
hkey HKLM
command C:\WINDOWS\system32\dla\tfswctrl.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DVDLauncher
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DVDLauncher
hkey HKLM
command "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gwiz
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ntsystem
hkey HKLM
command C:\WINDOWS\system32\ntsystem.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hkcmd
hkey HKLM
command C:\WINDOWS\system32\hkcmd.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item igfxtray
hkey HKLM
command C:\WINDOWS\system32\igfxtray.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelMeM
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IntelMEM
hkey HKLM
command C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ISUSPM
hkey HKLM
command C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item issch
hkey HKLM
command "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Motive SmartBridge
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MotiveSB
hkey HKLM
command C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PestTrap
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PestTrap
hkey HKCU
command C:\Program Files\PestTrap\PestTrap.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundMAXPnP
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item smax4pnp
hkey HKLM
command C:\Program Files\Analog Devices\Core\smax4pnp.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Steam
hkey HKCU
command "C:\Program Files\Steam\Steam.exe" -silent
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec NetDriver Monitor
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SNDMon
hkey HKLM
command C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Weather
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Weather
hkey HKCU
command C:\Program Files\AWS\WeatherBug\Weather.exe 1
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WMPNSCFG
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WMPNSCFG
hkey HKCU
command C:\Program Files\Windows Media Player\WMPNSCFG.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YBrowser
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ybrwicon
hkey HKLM
command C:\Program Files\Yahoo!\browser\ybrwicon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 1

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
\\WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\igfxcui - igfxsrvc.dll = (Intel Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{2705368C-B610-4A8C-8CB0-360259A5D585} - (Broadcom 440x 10/100 Integrated Controller)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

o0k i hope its right sorry i took so long it was sort of confusing i dont think i had extracted the files right, but it worked. I hope, well now theres 2 of those annoying red bubbles how do i get rid of them? i unistall that pesttrap thing im not sure how it got there in the first place. But thank you so much for all your help i really appreciate it. :blink:

#24
Excal

Posted 05 January 2007 - 03:00 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

Still have some things to clean up :whistling:

1. Please download Ewido Anti-Malware

Install ewido anti-malware
Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
Exit Ewido, do not run the scan yet!

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

2. Please download Brute Force Uninstaller to your desktop.

Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

4. Once in Safe Mode, Open Ewido:

Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware.

5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.

Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.

#25
ecspoilprincess

Posted 05 January 2007 - 07:33 PM

Member

Topic Starter
Member
20 posts

5:29 PM 1/5/2007Logfile of HijackThis v1.99.1
Scan saved at 5:27:38 PM, on 1/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Cox\Applications\App\syssvcnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Cox\Applications\app\Console.exe
C:\Documents and Settings\Admin\meypxmdc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\Desktop\COMPUTER HELP LOGS\HIJACK THIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_1_6_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\ntsystem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ESP] c:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authenti.../bin/wizard.exe
O16 - DPF: {2A510DC8-C9B5-4269-B9BA-E5B04D47D981} (CPlayFirstDDSonicControl Object) - http://www.shockwave...ic.1.0.0.92.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildt...iveLauncher.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay12...es/MsnPUpld.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave...h2.1.0.0.53.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131494351434
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141594522062
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.lln...eck_1_0_0_4.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.lln...0_15_Silent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\Cox\Applications\App\syssvcnt.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

_________________________________________________________________________________________
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:52:43 PM 1/5/2007

+ Scan result:

HKU\S-1-5-21-3899621047-566810250-3357088160-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Windows installer -> Adware.PestTrap : Ignored.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0093611.dll -> Adware.SpyMarshal : Ignored.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0093612.dll -> Adware.SpyMarshal : Ignored.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0093613.dll -> Adware.SpyMarshal : Ignored.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0093614.dll -> Adware.SpyMarshal : Ignored.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0094049.dll -> Adware.SpyMarshal : Ignored.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0094050.dll -> Adware.SpyMarshal : Ignored.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0094051.dll -> Adware.SpyMarshal : Ignored.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0094052.dll -> Adware.SpyMarshal : Ignored.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0093473.exe -> Adware.SpySheriff : Ignored.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0094053.exe -> Adware.SpySheriff : Ignored.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP361\A0093733.exe -> Backdoor.EggDrop.v : Ignored.
C:\WINDOWS\browser.exe -> Hijacker.Small : Ignored.
C:\Documents and Settings\Admin\chhiiztq.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Ignored.
C:\Documents and Settings\Admin\cyzsgwcj.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Ignored.
C:\Documents and Settings\Admin\eksqcuuu.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Ignored.
C:\Documents and Settings\Admin\gjytgzca.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Ignored.
C:\Documents and Settings\Admin\htucgpvo.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Ignored.
C:\Documents and Settings\Admin\jctuovvx.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Ignored.
C:\Documents and Settings\Admin\jyrnolxs.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Ignored.
C:\Documents and Settings\Admin\nhvahoxv.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Ignored.
C:\Documents and Settings\Admin\ruwldtvg.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Ignored.
C:\Documents and Settings\Admin\vbkngpnh.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Ignored.
C:\Documents and Settings\Admin\wlbzvtsh.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Ignored.
C:\Documents and Settings\Admin\xepdfxxg.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Ignored.
C:\Documents and Settings\Admin\zojhluxm.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Ignored.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP362\A0093860.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Ignored.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0093896.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Ignored.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP364\A0093993.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Ignored.
C:\winstall.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Ignored.
C:\Documents and Settings\Admin\Cookies\admin@2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Admin\Cookies\admin@adbrite[2].txt -> TrackingCookie.Adbrite : Ignored.
C:\Documents and Settings\Admin\Cookies\admin@zedo[2].txt -> TrackingCookie.Zedo : Ignored.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0093460.exe -> Trojan.Agent.rx : Ignored.

::Report end

#26
Excal

Posted 05 January 2007 - 10:07 PM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

one slight problem. I need you to run ewido again :blink:

C:\Documents and Settings\Admin\zojhluxm.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Ignored.

all the files that should have been cleaned were ignored.

You need to ensure when ewido first tells you that you have a bad file, that you select the CLEAN option.

So can you please boot up in safe mode and run Ewido one more time.

Thanks for your patience,

:whistling:

Excal

#27
ecspoilprincess

Posted 14 January 2007 - 01:24 AM

Member

Topic Starter
Member
20 posts

when i did ewido scan it never prompted me to clean anything, it just said "Ignore once" so im not sure on what to do? If i right click it gives me the option of quarantine or delete or ingnore?? so i really don't know what to do. thank you so much for your help sorry to be taking up so much of you time...

#28
Excal

Posted 14 January 2007 - 11:18 AM

Malware Slayer Extraordinaire!

Retired Staff
12,739 posts

Welcome back :blink:

Going to try a different approach

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

:whistling:

Excal

#29
ecspoilprincess

Posted 15 January 2007 - 05:10 PM

Member

Topic Starter
Member
20 posts

WinPFind3 logfile created on: 1/15/2007 2:42:38 PM
WinPFind3U by OldTimer - Version 1.0.10 Folder = C:\Documents and Settings\Admin\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

522240 Kb Total Physical Memory | 209384 Kb Available Physical Memory | 40.09% Memory free
1278760 Kb Paging File | 894440 Kb Available in Paging File | 69.95% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74453240 Kb Total Space | 44847140 Kb Free Space | 60.24% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

[Processes - Non-Microsoft Only]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 4:20:00 AM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.5.8.2 | Size = 49824 bytes | Modified Date = 4/12/2006 12:54:46 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.5.8.2 | Size = 186016 bytes | Modified Date = 4/12/2006 12:54:50 PM | Attr = ]
ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 103.5.9.2 | Size = 239264 bytes | Modified Date = 6/13/2006 3:02:50 PM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.5.8.2 | Size = 177824 bytes | Modified Date = 4/12/2006 12:55:10 PM | Attr = ]
console.exe -> %ProgramFiles%\Cox\Applications\App\console.exe -> Authentium, Inc. [Ver = 3.00.0003 | Size = 2532912 bytes | Modified Date = 12/11/2006 8:31:46 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 6:13:20 AM | Attr = ]
issvc.exe -> %ProgramFiles%\Norton Internet Security\ISSVC.exe -> Symantec Corporation [Ver = 8.2.0.34 | Size = 83584 bytes | Modified Date = 3/15/2005 12:34:12 PM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.45 | Size = 311296 bytes | Modified Date = 3/4/2004 7:30:48 PM | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.45 | Size = 174592 bytes | Modified Date = 3/4/2004 7:26:20 PM | Attr = ]
lrccwrte.exe -> %SystemDrive%\Documents and Settings\Admin\lrccwrte.exe -> [Ver = | Size = 29184 bytes | Modified Date = 1/15/2007 8:49:32 AM | Attr = ]
navapsvc.exe -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.5.7.2 | Size = 128112 bytes | Modified Date = 10/7/2005 3:30:44 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 5/19/2006 12:11:00 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 12/23/2005 1:38:32 PM | Attr = ]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 4/5/2005 11:17:22 AM | Attr = ]
symwsc.exe -> %CommonProgramFiles%\Symantec Shared\Security Center\symwsc.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 4:59:50 PM | Attr = ]
syssvcnt.exe -> %ProgramFiles%\Cox\Applications\App\syssvcnt.exe -> Authentium, Inc. [Ver = 3.0.1.5 | Size = 112160 bytes | Modified Date = 12/11/2006 8:23:18 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.10.0 | Size = 306176 bytes | Modified Date = 1/12/2007 4:20:26 PM | Attr = ]
winstall.exe -> %SystemDrive%\winstall.exe -> [Ver = | Size = 29184 bytes | Modified Date = 1/5/2007 5:11:46 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AuthSysSvc) Cox High Speed Internet Security Suite System Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Cox\Applications\App\syssvcnt.exe -> Authentium, Inc. [Ver = 3.0.1.5 | Size = 112160 bytes | Modified Date = 12/11/2006 8:23:18 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 9/28/2006 6:13:20 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.5.8.2 | Size = 186016 bytes | Modified Date = 4/12/2006 12:54:50 PM | Attr = ]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 103.5.9.2 | Size = 239264 bytes | Modified Date = 6/13/2006 3:02:50 PM | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 103.5.8.2 | Size = 83616 bytes | Modified Date = 4/12/2006 12:55:04 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.5.8.2 | Size = 177824 bytes | Modified Date = 4/12/2006 12:55:10 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:00:00 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(ISSVC) ISSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton Internet Security\ISSVC.exe -> Symantec Corporation [Ver = 8.2.0.34 | Size = 83584 bytes | Modified Date = 3/15/2005 12:34:12 PM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.45 | Size = 311296 bytes | Modified Date = 3/4/2004 7:30:48 PM | Attr = ]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.5.7.2 | Size = 128112 bytes | Modified Date = 10/7/2005 3:30:44 PM | Attr = ]
(SAVScan) SAVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE -> Symantec Corporation [Ver = 9.7.0.10 | Size = 198368 bytes | Modified Date = 8/26/2005 2:22:48 PM | Attr = ]
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBSERV.EXE -> Symantec Corporation [Ver = 11.5.7.2 | Size = 67184 bytes | Modified Date = 10/7/2005 2:56:46 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 4/5/2005 11:17:22 AM | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,5,0,122 | Size = 992864 bytes | Modified Date = 3/15/2005 12:33:52 PM | Attr = ]
(SymWSC) SymWMI Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\Security Center\symwsc.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 4:59:50 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 10/7/2006 4:20:00 AM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.5.8.2 | Size = 49824 bytes | Modified Date = 4/12/2006 12:54:46 PM | Attr = ]
ESP -> %ProgramFiles%\Cox\Applications\App\start.exe -> Authentium, Inc. [Ver = 3.0.0.2 | Size = 62952 bytes | Modified Date = 12/11/2006 8:31:54 AM | Attr = ]
gwiz -> %System32%\ntsystem.exe -> [Ver = | Size = 4096 bytes | Modified Date = 12/31/2006 8:55:18 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 5/19/2006 12:11:00 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 12/23/2005 1:38:32 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows installer -> %SystemDrive%\winstall.exe -> [Ver = | Size = 29184 bytes | Modified Date = 1/5/2007 5:11:46 PM | Attr = ]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^Admin^Start Menu^Programs^Startup^LimeWire On Startup.lnk -> %SystemDrive%\PROGRA~1\LimeWire\LimeWire.exe -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk -> %ProgramFiles%\Dell Photo Printer 720\dlbcserv.exe -> [Ver = 1.0.0.1 | Size = 315392 bytes | Modified Date = 1/9/2005 2:42:54 AM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> Intuit, Inc. [Ver = 15.0 R2 | Size = 806912 bytes | Modified Date = 11/11/2004 8:59:36 AM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk -> %ProgramFiles%\SBC Self Support Tool\bin\matcli.exe -> Motive Communications, Inc. [Ver = 5.6.1.asst_classic.asst_matcli.20031010_085000 | Size = 217088 bytes | Modified Date = 10/10/2003 9:06:10 AM | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl -> File not found
BJCFD -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> [Ver = | Size = 368706 bytes | Modified Date = 9/10/2002 9:26:26 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.5.8.2 | Size = 49824 bytes | Modified Date = 4/12/2006 12:54:46 PM | Attr = ]
DellSupport -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Modified Date = 5/14/2005 11:04:12 PM | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122941 bytes | Modified Date = 5/31/2005 5:33:00 AM | Attr = ]
DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Modified Date = 2/23/2005 1:19:56 PM | Attr = ]
gwiz -> %System32%\ntsystem.exe -> [Ver = | Size = 4096 bytes | Modified Date = 12/31/2006 8:55:18 PM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 10/19/2005 8:59:12 AM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 155648 bytes | Modified Date = 10/19/2005 8:59:14 AM | Attr = ]
IntelMeM -> %ProgramFiles%\Intel\Modem Event Monitor\IntelMEM.exe -> Intel Corporation [Ver = 0, 1, 0, 10 | Size = 221184 bytes | Modified Date = 9/3/2003 5:12:44 PM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 7/27/2004 1:50:42 PM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 1:50:18 PM | Attr = ]
Motive SmartBridge -> %ProgramFiles%\SBC Self Support Tool\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 5.6.7.asst_classic.smartbridge.20031210_035000 | Size = 380928 bytes | Modified Date = 12/10/2003 4:52:40 AM | Attr = ]
PestTrap -> %ProgramFiles%\PestTrap\PestTrap.exe -> File not found
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 5/19/2006 12:11:00 PM | Attr = ]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1404928 bytes | Modified Date = 10/14/2004 4:42:54 PM | Attr = ]
Steam -> %ProgramFiles%\Steam\steam.exe -> Valve Corporation [Ver = 1.0.0.0 | Size = 1249280 bytes | Modified Date = 12/28/2006 2:57:56 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 36975 bytes | Modified Date = 4/13/2005 3:48:52 AM | Attr = ]
Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 100056 bytes | Modified Date = 11/8/2005 4:01:56 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 12/23/2005 1:38:32 PM | Attr = ]
Weather -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> AWS Convergence Technologies, Inc. [Ver = 6, 7, 0, 10 | Size = 1343488 bytes | Modified Date = 4/7/2006 2:02:24 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YPager.exe -> [Ver = | Size = 3092480 bytes | Modified Date = 8/15/2005 3:24:08 PM | Attr = ]
YBrowser -> %ProgramFiles%\Yahoo!\browser\ybrwicon.exe -> Yahoo!, Inc. [Ver = 2003, 7, 11, 1 | Size = 57344 bytes | Modified Date = 7/11/2003 1:51:16 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 9/28/2006 6:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
ntoskrnl.dll -> ntoskrnl.dll -> File not found
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallpaper -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\Wallpaper -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\GeneralTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\SecurityTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\ConnectionsTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\ProgramsTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\PrivacyTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\AdvancedTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\ResetWebSettings -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Settings -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\CertifPers -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\CertifSite -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\CertifPub -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Profiles -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\FormSuggest -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\Ratings -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\\ContentTab -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\\NoBrowserOptions -> 0 ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft...p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft...p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page -> http://www.google.com/ ->
HKCU: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOLTBSearch Class] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 10:41:14 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> 127.0.0.1 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\common\ycomp5_1_6_0.dll [Yahoo! Companion BHO] -> Yahoo! Inc. [Ver = 2003, 6, 19, 1 | Size = 209489 bytes | Modified Date = 6/20/2003 6:57:18 PM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 7:38:22 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118844 bytes | Modified Date = 5/31/2005 5:33:00 AM | Attr = ]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar Launcher] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 10:41:14 AM | Attr = ]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} [HKLM] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [CNisExtBho Class] -> Symantec Corporation [Ver = 8.2.0.34 | Size = 104064 bytes | Modified Date = 3/15/2005 12:34:12 PM | Attr = ]
{BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 11.5.7.2 | Size = 218736 bytes | Modified Date = 10/7/2005 2:43:20 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2003, 6, 23, 1 | Size = 274503 bytes | Modified Date = 6/23/2003 1:30:02 PM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2003, 6, 23, 1 | Size = 274503 bytes | Modified Date = 6/23/2003 1:30:02 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} [HKLM] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Norton Internet Security] -> Symantec Corporation [Ver = 8.2.0.34 | Size = 104064 bytes | Modified Date = 3/15/2005 12:34:12 PM | Attr = ]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.5.7.2 | Size = 218736 bytes | Modified Date = 10/7/2005 2:43:20 PM | Attr = ]
{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 10:41:14 AM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\common\ycomp5_1_6_0.dll [&Yahoo! Companion] -> Yahoo! Inc. [Ver = 2003, 6, 19, 1 | Size = 209489 bytes | Modified Date = 6/20/2003 6:57:18 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.5.7.2 | Size = 218736 bytes | Modified Date = 10/7/2005 2:43:20 PM | Attr = ]
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Norton Internet Security] -> Symantec Corporation [Ver = 8.2.0.34 | Size = 104064 bytes | Modified Date = 3/15/2005 12:34:12 PM | Attr = ]
WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 10:41:14 AM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\common\ycomp5_1_6_0.dll [&Yahoo! Companion] -> Yahoo! Inc. [Ver = 2003, 6, 19, 1 | Size = 209489 bytes | Modified Date = 6/20/2003 6:57:18 PM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{2499216C-4BA5-11D5-BD9C-000103C116D5} -> 8193 - Yahoo! Login ->
{3369AF0D-62E9-4bda-8103-B4C75499B578} -> 8198 - Reg Data - Value does not exist ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> 8194 - Yahoo! Messenger ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8195 - Reg Data - Value does not exist ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8199 - Reg Data - Value does not exist ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8196 - Reg Data - Value does not exist ->
{e2e2dd38-d088-4134-82b7-f2ba38496583} -> 8200 - @xpsp3res.dll,-20001 ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8197 - Windows Messenger ->
NextId -> 8201 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2499216C-4BA5-11D5-BD9C-000103C116D5} -> Reg Data - Value does not exist [ButtonText: Yahoo! Login] -> File not found
{3369AF0D-62E9-4bda-8103-B4C75499B578} -> Reg Data - Value does not exist [ButtonText: AOL Toolbar] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> Reg Data - Value does not exist [ButtonText: Messenger] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 2:08:26 PM | Attr = ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&AOL Toolbar Search -> %ProgramFiles%\aol\aol toolbar 2.0\resources\en-US\local\search.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
Yahoo! Dictionary -> %ProgramFiles%\Yahoo!\common\YCDICT.HTM -> [Ver = | Size = 609 bytes | Modified Date = 4/9/2003 6:51:48 PM | Attr = ]
Yahoo! Search -> %ProgramFiles%\Yahoo!\common\YCSRCH.HTM -> [Ver = | Size = 598 bytes | Modified Date = 4/9/2003 6:47:56 PM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> %ProgramFiles%\Yahoo!\common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2003, 7, 12, 1 | Size = 145120 bytes | Modified Date = 7/12/2003 3:54:56 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118844 bytes | Modified Date = 5/31/2005 5:33:00 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7D5C4BDD-B015-4401-8731-1507B87DE297} [HKLM] -> %CommonProgramFiles%\Intuit\QuickBooks\QBVersionTool.dll [QBVersionTool] -> Intuit, Inc. [Ver = 15.0D R2 | Size = 212992 bytes | Modified Date = 11/11/2004 9:19:34 AM | Attr = ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/4/2004 2:00:00 AM | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2219 | Size = 49198 bytes | Modified Date = 12/23/2005 1:38:44 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 3:40:48 AM | Attr = ]
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} [HKLM] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 11.5.7.2 | Size = 218736 bytes | Modified Date = 10/7/2005 2:43:20 PM | Attr = ]
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> %ProgramFiles%\Yahoo!\common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2003, 7, 12, 1 | Size = 145120 bytes | Modified Date = 7/12/2003 3:54:56 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 10/6/2006 3:40:48 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> %System32%\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.4342 | Size = 225280 bytes | Modified Date = 10/19/2005 8:59:14 AM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} [HKLM] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 11.5.7.2 | Size = 218736 bytes | Modified Date = 10/7/2005 2:43:20 PM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 1:20:02 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{2705368C-B610-4A8C-8CB0-360259A5D585} -> (Broadcom 440x 10/100 Integrated Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.ma...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft....k/?linkid=39204 ->
{1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} -> CNavigationManager Object - CodeBase = http://www3.authenti.../bin/wizard.exe ->
{2A510DC8-C9B5-4269-B9BA-E5B04D47D981} -> CPlayFirstDDSonicControl Object - CodeBase = http://www.shockwave...ic.1.0.0.92.cab ->
{3A7FE611-1994-4EF1-A09F-99456752289D} -> - CodeBase = http://install.wildt...iveLauncher.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://by120fd.bay12...es/MsnPUpld.cab ->
{639658F3-B141-4D6B-B936-226F75A5EAC3} -> CPlayFirstDinerDash2Control Object - CodeBase = http://www.shockwave...h2.1.0.0.53.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.micros...b?1131494351434 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.micros...b?1141594522062 ->
{A17E30C4-A9BA-11D4-8673-60DB54C10000} -> YahooYMailTo Class - CodeBase = http://download.yaho...mail/ymmapi.dll ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn...pDownloader.cab ->
{CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} -> CentrinoCheck Control - CodeBase = http://entriq.vo.lln...eck_1_0_0_4.cab ->
{CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} -> - CodeBase = http://entriq.vo.lln...0_15_Silent.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.ma...ent/swflash.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

[Files - Created Wihin 30 days]
desktop.ico -> %SystemDrive%\desktop.ico -> [Ver = | Size = 12862 bytes | Created Date = 12/31/2006 8:22:32 PM | Attr = ]
WinPFind.zip -> %SystemDrive%\WinPFind.zip -> [Ver = | Size = 351138 bytes | Created Date = 1/4/2007 6:24:19 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\WinPFind.zip:Zone.Identifier ->
winstall.exe -> %SystemDrive%\winstall.exe -> [Ver = | Size = 29184 bytes | Created Date = 1/5/2007 5:11:46 PM | Attr = ]
cvus.msi -> %CommonProgramFiles%\Authentium Shared\cvus.msi -> [Ver = | Size = 1368064 bytes | Created Date = 12/31/2006 8:50:39 PM | Attr = ]
esp.msi -> %CommonProgramFiles%\Authentium Shared\esp.msi -> [Ver = | Size = 4896768 bytes | Created Date = 12/31/2006 8:50:39 PM | Attr = ]
ppas.msi -> %CommonProgramFiles%\Authentium Shared\ppas.msi -> [Ver = | Size = 7043584 bytes | Created Date = 12/31/2006 8:51:01 PM | Attr = ]
thirdparty.msi -> %CommonProgramFiles%\Authentium Shared\thirdparty.msi -> [Ver = | Size = 3227136 bytes | Created Date = 12/31/2006 8:50:45 PM | Attr = ]
ppv5exc.dat -> %CommonProgramFiles%\PestPatrol\ppv5exc.dat -> [Ver = | Size = 0 bytes | Created Date = 12/31/2006 9:07:21 PM | Attr = ]
bootstrapper.dll -> %CommonProgramFiles%\Authentium Shared\Core\bootstrapper.dll -> Authentium, Inc. [Ver = 3.0.0.1 | Size = 111616 bytes | Created Date = 12/31/2006 8:34:41 PM | Attr = ]
core100.dll -> %CommonProgramFiles%\Authentium Shared\Core\core100.dll -> Authentium, Inc. [Ver = 3.0.0.1 | Size = 64000 bytes | Created Date = 12/31/2006 8:34:41 PM | Attr = ]
core101.dll -> %CommonProgramFiles%\Authentium Shared\Core\core101.dll -> Authentium, Inc. [Ver = 3.0.0.1 | Size = 58368 bytes | Created Date = 12/31/2006 8:34:41 PM | Attr = ]
core102.dll -> %CommonProgramFiles%\Authentium Shared\Core\core102.dll -> Authentium, Inc.
[Ver = 3.1.0.1
| Size = 52736 bytes | Created Date = 12/31/2006 8:35:04 PM | Attr = ]
core103.dll -> %CommonProgramFiles%\Authentium Shared\Core\core103.dll -> Authentium, Inc. [Ver = 3.0.0.1 | Size = 45056 bytes | Created Date = 12/31/2006 8:34:41 PM | Attr = ]
core104.dll -> %CommonProgramFiles%\Authentium Shared\Core\core104.dll -> Authentium, Inc. [Ver = 3.0.0.1 | Size = 57344 bytes | Created Date = 12/31/2006 8:35:21 PM | Attr = ]
core105.dll -> %CommonProgramFiles%\Authentium Shared\Core\core105.dll -> Authentium, Inc. [Ver = 3.0.0.1 | Size = 83488 bytes | Created Date = 12/31/2006 8:35:15 PM | Attr = ]
installmanager.dll -> %CommonProgramFiles%\Authentium Shared\Core\installmanager.dll -> Authentium, Inc. [Ver = 3.0.1.2 | Size = 73728 bytes | Created Date = 12/31/2006 8:35:17 PM | Attr = ]
threadmanager.dll -> %CommonProgramFiles%\Authentium Shared\Core\threadmanager.dll -> Authentium, Inc. [Ver = 3.0.0.1 | Size = 21504 bytes | Created Date = 12/31/2006 8:35:18 PM | Attr = ]
uninstaller.dll -> %CommonProgramFiles%\Authentium Shared\Core\uninstaller.dll -> Authentium, Inc. [Ver = 3.0.0.1 | Size = 53248 bytes | Created Date = 12/31/2006 8:35:08 PM | Attr = ]
webwiz.dll -> %CommonProgramFiles%\Authentium Shared\Core\webwiz.dll -> Authentium, Inc. [Ver = 3.0.0.1 | Size = 110592 bytes | Created Date = 12/31/2006 8:34:41 PM | Attr = ]
webwiz100.dll -> %CommonProgramFiles%\Authentium Shared\Core\webwiz100.dll -> Authentium, Inc. [Ver = 3.0.0.1 | Size = 97280 bytes | Created Date = 12/31/2006 8:35:06 PM | Attr = ]
webwiz101.dll -> %CommonProgramFiles%\Authentium Shared\Core\webwiz101.dll -> Authentium, Inc. [Ver = 3.0.0.1 | Size = 67584 bytes | Created Date = 12/31/2006 8:35:10 PM | Attr = ]
webwiz102.dll -> %CommonProgramFiles%\Authentium Shared\Core\webwiz102.dll -> Authentium, Inc. [Ver = 3.0.0.1 | Size = 38400 bytes | Created Date = 12/31/2006 8:35:12 PM | Attr = ]
webwiz103.dll -> %CommonProgramFiles%\Authentium Shared\Core\webwiz103.dll -> Authentium, Inc. [Ver = 3.0.0.1 | Size = 102912 bytes | Created Date = 12/31/2006 8:35:23 PM | Attr = ]
webwiz104.dll -> %CommonProgramFiles%\Authentium Shared\Core\webwiz104.dll -> Authentium, Inc. [Ver = 3.0.0.1 | Size = 119296 bytes | Created Date = 12/31/2006 8:35:25 PM | Attr = ]
IDSSettg.BAK -> %CommonProgramFiles%\Symantec Shared\IDS\IDSSettg.BAK -> [Ver = | Size = 4668 bytes | Created Date = 1/10/2007 3:05:27 PM | Attr = ]
UIHelper.dll -> %CommonProgramFiles%\Symantec Shared\Options\UIHelper.dll -> Symantec Corporation [Ver = 2006.1.01.19 | Size = 124560 bytes | Created Date = 12/31/2006 7:05:56 PM | Attr = ]
AuthUninstall.inf -> %CommonProgramFiles%\Authentium Shared\Core\_Sfx493\AuthUninstall.inf -> [Ver = | Size = 1143 bytes | Created Date = 12/31/2006 8:34:41 PM | Attr = ]
BootStrapper.dll -> %CommonProgramFiles%\Authentium Shared\Core\_Sfx493\BootStrapper.dll -> Authentium, Inc. [Ver = 3.0.0.1 | Size = 111616 bytes | Created Date = 12/31/2006 8:34:41 PM | Attr = ]
core100.dll -> %CommonProgramFiles%\Authentium Shared\Core\_Sfx493\core100.dll -> Authentium, Inc. [Ver = 3.0.0.1 | Size = 64000 bytes | Created Date = 12/31/2006 8:34:41 PM | Attr = ]
Core101.dll -> %CommonProgramFiles%\Authentium Shared\Core\_Sfx493\Core101.dll -> Authentium, Inc. [Ver = 3.0.0.1 | Size = 58368 bytes | Created Date = 12/31/2006 8:34:41 PM | Attr = ]
core103.dll -> %CommonProgramFiles%\Authentium Shared\Core\_Sfx493\core103.dll -> Authentium, Inc. [Ver = 3.0.0.1 | Size = 45056 bytes | Created Date = 12/31/2006 8:34:41 PM | Attr = ]
WebWiz.dll -> %CommonProgramFiles%\Authentium Shared\Core\_Sfx493\WebWiz.dll -> Authentium, Inc. [Ver = 3.0.0.1 | Size = 110592 bytes | Created Date = 12/31/2006 8:34:41 PM | Attr = ]
CATALOG.DAT -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.003\CATALOG.DAT -> [Ver = | Size = 728 bytes | Created Date = 1/12/2007 3:10:45 PM | Attr = ]
IDS9xx86.dll -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.003\IDS9xx86.dll -> Symantec Corporation [Ver = 6.3.0.5 | Size = 157384 bytes | Created Date = 1/12/2007 3:10:45 PM | Attr = ]
IDSVia64.cat -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.003\IDSVia64.cat -> [Ver = | Size = 8016 bytes | Created Date = 1/12/2007 3:10:45 PM | Attr = ]
IDSVia64.INF -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.003\IDSVia64.INF -> [Ver = | Size = 1043 bytes | Created Date = 1/12/2007 3:10:45 PM | Attr = ]
IDSviA64.sys -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.003\IDSviA64.sys -> Symantec Corporation [Ver = 7.2.0.17 | Size = 278840 bytes | Created Date = 1/12/2007 3:10:45 PM | Attr = ]
IDSVix86.cat -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.003\IDSVix86.cat -> [Ver = | Size = 7958 bytes | Created Date = 1/12/2007 3:10:45 PM | Attr = ]
IDSVix86.INF -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.003\IDSVix86.INF -> [Ver = | Size = 839 bytes | Created Date = 1/12/2007 3:10:45 PM | Attr = ]
IDSvix86.sys -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.003\IDSvix86.sys -> Symantec Corporation [Ver = 7.2.0.17 | Size = 212280 bytes | Created Date = 1/12/2007 3:10:45 PM | Attr = ]
IDSxpx86.dll -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.003\IDSxpx86.dll -> Symantec Corporation [Ver = 7.2.0.17 | Size = 513656 bytes | Created Date = 1/12/2007 3:10:45 PM | Attr = ]
Metadata.dat -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.003\Metadata.dat -> [Ver = | Size = 87820 bytes | Created Date = 1/12/2007 3:10:45 PM | Attr = ]
sigs.dat -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.003\sigs.dat -> [Ver = | Size = 2382080 bytes | Created Date = 1/12/2007 3:10:45 PM | Attr = ]
SymIDSCo.sys -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.003\SymIDSCo.sys -> Symantec Corporation [Ver = 7.1.0.30 | Size = 177272 bytes | Created Date = 1/12/2007 3:10:45 PM | Attr = ]
SymIDSCo.vxd -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.003\SymIDSCo.vxd -> [Ver = | Size = 216777 bytes | Created Date = 1/12/2007 3:10:45 PM | Attr = ]
SymIDSI.dll -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.003\SymIDSI.dll -> Symantec Corporation [Ver = 6.3.0.5 | Size = 157384 bytes | Created Date = 1/12/2007 3:10:45 PM | Attr = ]
v.grd -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.003\v.grd -> [Ver = | Size = 1245 bytes | Created Date = 1/12/2007 3:10:46 PM | Attr = ]
v.sig -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.003\v.sig -> [Ver = | Size = 2249 bytes | Created Date = 1/12/2007 3:10:46 PM | Attr = ]
VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.003\VIRSCAN1.DAT -> [Ver = | Size = 32 bytes | Created Date = 1/12/2007 3:10:46 PM | Attr = ]
zdone.dat -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.003\zdone.dat -> [Ver = | Size = 224 bytes | Created Date = 1/12/2007 3:10:46 PM | Attr = ]
CATALOG.DAT -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.005\CATALOG.DAT -> [Ver = | Size = 728 bytes | Created Date = 1/12/2007 11:12:52 PM | Attr = ]
IDS9xx86.dll -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.005\IDS9xx86.dll -> Symantec Corporation [Ver = 6.3.0.5 | Size = 157384 bytes | Created Date = 1/12/2007 11:12:52 PM | Attr = ]
IDSVia64.cat -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.005\IDSVia64.cat -> [Ver = | Size = 8016 bytes | Created Date = 1/12/2007 11:12:52 PM | Attr = ]
IDSVia64.INF -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.005\IDSVia64.INF -> [Ver = | Size = 1043 bytes | Created Date = 1/12/2007 11:12:52 PM | Attr = ]
IDSviA64.sys -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.005\IDSviA64.sys -> Symantec Corporation [Ver = 7.1.0.28 | Size = 266088 bytes | Created Date = 1/12/2007 11:12:52 PM | Attr = ]
IDSVix86.cat -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.005\IDSVix86.cat -> [Ver = | Size = 7958 bytes | Created Date = 1/12/2007 11:12:52 PM | Attr = ]
IDSVix86.INF -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.005\IDSVix86.INF -> [Ver = | Size = 839 bytes | Created Date = 1/12/2007 11:12:52 PM | Attr = ]
IDSvix86.sys -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.005\IDSvix86.sys -> Symantec Corporation [Ver = 7.1.0.28 | Size = 202872 bytes | Created Date = 1/12/2007 11:12:52 PM | Attr = ]
IDSxpx86.dll -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.005\IDSxpx86.dll -> Symantec Corporation [Ver = 7.1.0.28 | Size = 509560 bytes | Created Date = 1/12/2007 11:12:52 PM | Attr = ]
Metadata.dat -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.005\Metadata.dat -> [Ver = | Size = 87820 bytes | Created Date = 1/12/2007 11:12:52 PM | Attr = ]
sigs.dat -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.005\sigs.dat -> [Ver = | Size = 2382080 bytes | Created Date = 1/12/2007 11:12:52 PM | Attr = ]
SymIDSCo.sys -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.005\SymIDSCo.sys -> Symantec Corporation [Ver = 7.1.0.28 | Size = 176760 bytes | Created Date = 1/12/2007 11:12:52 PM | Attr = ]
SymIDSCo.vxd -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.005\SymIDSCo.vxd -> [Ver = | Size = 216777 bytes | Created Date = 1/12/2007 11:12:52 PM | Attr = ]
SymIDSI.dll -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.005\SymIDSI.dll -> Symantec Corporation [Ver = 7.1.0.28 | Size = 104056 bytes | Created Date = 1/12/2007 11:12:53 PM | Attr = ]
v.grd -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.005\v.grd -> [Ver = | Size = 1245 bytes | Created Date = 1/12/2007 11:12:53 PM | Attr = ]
v.sig -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.005\v.sig -> [Ver = | Size = 2249 bytes | Created Date = 1/12/2007 11:12:53 PM | Attr = ]
VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.005\VIRSCAN1.DAT -> [Ver = | Size = 32 bytes | Created Date = 1/12/2007 11:12:53 PM | Attr = ]
zdone.dat -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.005\zdone.dat -> [Ver = | Size = 224 bytes | Created Date = 1/12/2007 11:12:53 PM | Attr = ]
IDS9xx86.dll -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\BinHub\IDS9xx86.dll -> Symantec Corporation [Ver = 6.3.0.5 | Size = 157384 bytes | Created Date = 12/27/2006 1:50:12 PM | Attr = ]
IDSVia64.cat -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\BinHub\IDSVia64.cat -> [Ver = | Size = 8016 bytes | Created Date = 12/27/2006 4:16:10 PM | Attr = ]
IDSVia64.INF -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\BinHub\IDSVia64.INF -> [Ver = | Size = 1043 bytes | Created Date = 12/27/2006 4:16:11 PM | Attr = ]
IDSviA64.sys -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\BinHub\IDSviA64.sys -> Symantec Corporation [Ver = 7.2.0.17 | Size = 278840 bytes | Created Date = 12/27/2006 2:48:28 PM | Attr = ]
IDSVix86.cat -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\BinHub\IDSVix86.cat -> [Ver = | Size = 7958 bytes | Created Date = 12/27/2006 4:16:13 PM | Attr = ]
IDSVix86.INF -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\BinHub\IDSVix86.INF -> [Ver = | Size = 839 bytes | Created Date = 12/27/2006 4:16:14 PM | Attr = ]
IDSvix86.sys -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\BinHub\IDSvix86.sys -> Symantec Corporation [Ver = 7.2.0.17 | Size = 212280 bytes | Created Date = 12/27/2006 2:48:25 PM | Attr = ]
IDSxpx86.dll -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\BinHub\IDSxpx86.dll -> Symantec Corporation [Ver = 7.2.0.17 | Size = 513656 bytes | Created Date = 12/27/2006 2:48:22 PM | Attr = ]
metadata.dat -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\BinHub\metadata.dat -> [Ver = | Size = 87820 bytes | Created Date = 1/8/2007 1:24:04 PM | Attr = ]
sigs.dat -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\BinHub\sigs.dat -> [Ver = | Size = 2382080 bytes | Created Date = 1/8/2007 1:24:03 PM | Attr = ]
symidsco.sys -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\BinHub\symidsco.sys -> Symantec Corporation [Ver = 7.2.0.17 | Size = 185976 bytes | Created Date = 12/27/2006 2:48:06 PM | Attr = ]
SymIDSI.dll -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\BinHub\SymIDSI.dll -> Symantec Corporation [Ver = 7.2.0.17 | Size = 104056 bytes | Created Date = 12/27/2006 2:48:10 PM | Attr = ]
v.grd -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\BinHub\v.grd -> [Ver = | Size = 1245 bytes | Created Date = 1/8/2007 1:24:05 PM | Attr = ]
v.sig -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\BinHub\v.sig -> [Ver = | Size = 2269 bytes | Created Date = 1/8/2007 1:24:12 PM | Attr = ]
virscan1.dat -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\BinHub\virscan1.dat -> [Ver = | Size = 32 bytes | Created Date = 1/8/2007 1:24:04 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 12/27/2006 11:40:34 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 12/27/2006 11:40:34 PM | Attr = H ]
d3d8caps.dat -> %System32%\d3d8caps.dat -> [Ver = | Size = 444 bytes | Created Date = 1/4/2007 7:02:45 PM | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 1/4/2007 4:44:11 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\dumphive.exe:Zone.Identifier ->
ntsystem.exe -> %System32%\ntsystem.exe -> [Ver = | Size = 4096 bytes | Created Date = 12/31/2006 7:30:46 AM | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 1/4/2007 4:44:11 PM | Att

#30
ecspoilprincess

Posted 15 January 2007 - 05:17 PM

Member

Topic Starter
Member
20 posts

Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Modified Date = 1/4/2007 4:43:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\Process.exe:Zone.Identifier ->
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 1/4/2007 4:43:54 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\SrchSTS.exe:Zone.Identifier ->
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 1/4/2007 4:43:54 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swreg.exe:Zone.Identifier ->
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 1/4/2007 4:43:54 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swsc.exe:Zone.Identifier ->
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 1/4/2007 4:43:54 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swxcacls.exe:Zone.Identifier ->
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 1796 bytes | Modified Date = 1/4/2007 4:44:50 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/15/2007 8:46:06 AM | Attr = ]
inetx137.img -> %System32%\drivers\inetx137.img -> [Ver = | Size = 4116 bytes | Modified Date = 12/31/2006 12:23:42 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
FSG! , -> %CommonProgramFiles%\Authentium Shared\thirdparty.msi -> [Ver = | Size = 3227136 bytes | Modified Date = 12/31/2006 8:51:02 PM | Attr = ]
aspack , -> %CommonProgramFiles%\Intuit\QuickBooks\SR_FedEx_PLS.exe -> Z-Firm LLC [Ver = 2.0.0.362 | Size = 1179816 bytes | Modified Date = 10/7/2004 1:53:44 PM | Attr = ]
aspack , -> %CommonProgramFiles%\Intuit\QuickBooks\ZRush_ShipRush3_QB.ocx -> Z-Firm LLC [Ver = 3.0.0.477 | Size = 3425960 bytes | Modified Date = 7/30/2004 12:29:06 PM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\j2re1.4.2-b28\core3.zip -> [Ver = | Size = 4648893 bytes | Modified Date = 11/19/2003 7:50:24 PM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 4/13/2005 4:22:10 AM | Attr = ]
UPX! , UPX0 , -> %CommonProgramFiles%\Nullsoft\Video\ActiveX\plugins\nsvplayx_vp5_mp3.dll -> * * * [Ver = 1, 0, 0, 98 | Size = 177152 bytes | Modified Date = 9/1/2004 8:56:56 AM | Attr = ]
qoologic , SAHAgent , -> %CommonProgramFiles%\PestPatrol\ppsrindex.dat -> [Ver = | Size = 33662 bytes | Modified Date = 12/11/2006 8:23:58 AM | Attr = ]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Real\GToolbar\GDSSetup.exe -> [Ver = | Size = 746600 bytes | Modified Date = 12/23/2005 1:39:10 PM | Attr = ]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Real\GToolbar\GoogleToolbarInstaller.exe -> Google [Ver = 3, 0, 126, 3 | Size = 559784 bytes | Modified Date = 12/23/2005 1:39:10 PM | Attr = ]
PEC2 , WSUD , -> %CommonProgramFiles%\SpeechEngines\Microsoft\SR61\1033\AF031033.AM -> [Ver = | Size = 7048576 bytes | Modified Date = 11/22/2002 12:27:36 AM | Attr = ]
PTech , -> %CommonProgramFiles%\Symantec Shared\AntiSpam\bteuclid.dll -> Basis Technology [Ver = 1.7.6 | Size = 3928064 bytes | Modified Date = 3/15/2005 12:34:08 PM | Attr = R ]
aspack , Thawte Consulting , USERTRUST , -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC-2005.1.00.111-2005-10-04-17-42-10-953.dmp -> [Ver = | Size = 42399065 bytes | Modified Date = 10/4/2005 2:42:18 PM | Attr = ]
aspack , Thawte Consulting , USERTRUST , -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC-2005.1.2.20-2006-01-20-16-29-35-171.dmp -> [Ver = | Size = 39204189 bytes | Modified Date = 1/20/2006 4:29:42 PM | Attr = ]
aspack , Thawte Consulting , USERTRUST , -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC-2005.1.2.20-2006-10-18-11-07-02-906.dmp -> [Ver = | Size = 45468738 bytes | Modified Date = 10/18/2006 10:07:20 AM | Attr = ]
abetterinternet.com , ad-w-a-r-e.com , MZKERNEL32.DLL , UPX0 , -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.003\sigs.dat -> [Ver = | Size = 2382080 bytes | Modified Date = 1/8/2007 1:24:04 PM | Attr = ]
abetterinternet.com , ad-w-a-r-e.com , MZKERNEL32.DLL , UPX0 , -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070112.005\sigs.dat -> [Ver = | Size = 2382080 bytes | Modified Date = 1/8/2007 1:24:04 PM | Attr = ]
abetterinternet.com , ad-w-a-r-e.com , MZKERNEL32.DLL , UPX0 , -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\BinHub\sigs.dat -> [Ver = | Size = 2382080 bytes | Modified Date = 1/8/2007 1:24:04 PM | Attr = ]
aspack , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20050309.018\NAVEX15.SYS -> Symantec Corporation [Ver = 2004.4.0.15 | Size = 631040 bytes | Modified Date = 3/15/2005 12:33:58 PM | Attr = ]
aspack , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20050309.018\NAVEX15.VXD -> [Ver = | Size = 900089 bytes | Modified Date = 3/15/2005 12:33:58 PM | Attr = ]
aspack , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20050309.018\NAVEX32A.DLL -> Symantec Corporation [Ver = 2004.4.0.15 | Size = 685728 bytes | Modified Date = 3/15/2005 12:33:58 PM | Attr = ]
SAHAgent , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20050309.018\VIRSCAN1.DAT -> [Ver = | Size = 918039 bytes | Modified Date = 3/15/2005 12:33:58 PM | Attr = ]
FSG! , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20050309.018\VIRSCAN8.DAT -> [Ver = | Size = 1254957 bytes | Modified Date = 3/15/2005 12:33:58 PM | Attr = ]
UPX! , FSG! , WSUD , UPX0 , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20050309.018\VIRSCAN9.DAT -> [Ver = | Size = 2037111 bytes | Modified Date = 3/15/2005 12:33:58 PM | Attr = ]
aspack , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060201.021\NAVEX15.SYS -> Symantec Corporation [Ver = 20051.3.1.11 | Size = 750952 bytes | Modified Date = 12/14/2005 1:00:00 AM | Attr = ]
aspack , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060201.021\NAVEX15.VXD -> [Ver = | Size = 907851 bytes | Modified Date = 12/14/2005 1:00:00 AM | Attr = ]
aspack , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060201.021\NAVEX32A.DLL -> Symantec Corporation [Ver = 20051.3.1.11 | Size = 788136 bytes | Modified Date = 12/14/2005 1:00:00 AM | Attr = ]
SAHAgent , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060201.021\TCDEFS.DAT -> [Ver = | Size = 41633 bytes | Modified Date = 2/1/2006 1:00:00 AM | Attr = ]
FSG! , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060201.021\VIRSCAN8.DAT -> [Ver = | Size = 1478790 bytes | Modified Date = 2/1/2006 1:00:00 AM | Attr = ]
UPX! , FSG! , WSUD , UPX0 , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060201.021\VIRSCAN9.DAT -> [Ver = | Size = 3036693 bytes | Modified Date = 2/1/2006 1:00:00 AM | Attr = ]
aspack , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060202.023\NAVEX15.SYS -> Symantec Corporation [Ver = 20051.3.1.11 | Size = 750952 bytes | Modified Date = 12/14/2005 1:00:00 AM | Attr = ]
aspack , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060202.023\NAVEX15.VXD -> [Ver = | Size = 907851 bytes | Modified Date = 12/14/2005 1:00:00 AM | Attr = ]
aspack , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060202.023\NAVEX32A.DLL -> Symantec Corporation [Ver = 20051.3.1.11 | Size = 788136 bytes | Modified Date = 12/14/2005 1:00:00 AM | Attr = ]
SAHAgent , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060202.023\TCDEFS.DAT -> [Ver = | Size = 41752 bytes | Modified Date = 2/2/2006 1:00:00 AM | Attr = ]
FSG! , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060202.023\VIRSCAN8.DAT -> [Ver = | Size = 1479438 bytes | Modified Date = 2/2/2006 1:00:00 AM | Attr = ]
UPX! , FSG! , WSUD , UPX0 , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20060202.023\VIRSCAN9.DAT -> [Ver = | Size = 3037912 bytes | Modified Date = 2/2/2006 1:00:00 AM | Attr = ]
aspack , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\navex15.sys -> Symantec Corporation [Ver = 20051.3.1.11 | Size = 750952 bytes | Modified Date = 12/14/2005 1:00:00 AM | Attr = ]
aspack , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\navex15.vxd -> [Ver = | Size = 907851 bytes | Modified Date = 12/14/2005 1:00:00 AM | Attr = ]
aspack , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\navex32a.dll -> Symantec Corporation [Ver = 20051.3.1.11 | Size = 788136 bytes | Modified Date = 12/14/2005 1:00:00 AM | Attr = ]
SAHAgent , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\tcdefs.dat -> [Ver = | Size = 40290 bytes | Modified Date = 12/14/2005 1:00:00 AM | Attr = ]
FSG! , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\virscan8.dat -> [Ver = | Size = 1454934 bytes | Modified Date = 12/14/2005 1:00:00 AM | Attr = ]
UPX! , FSG! , WSUD , UPX0 , -> %CommonProgramFiles%\Symantec Shared\VirusDefs\BinHub\virscan9.dat -> [Ver = | Size = 2930846 bytes | Modified Date = 12/14/2005 1:00:00 AM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\browser.exe -> [Ver = 2, 64, 0, 0 | Size = 43391 bytes | Modified Date = 3/18/2005 3:54:00 AM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\IFinst27.exe -> [Ver = | Size = 65536 bytes | Modified Date = 12/30/2006 12:18:46 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 2:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivXNetworks [Ver = 6,0,0,1697 | Size = 693248 bytes | Modified Date = 9/28/2005 1:29:14 PM | Attr = ]
WSUD , -> %System32%\dwSock6.dll -> Desaware Inc. [Ver = 1.01.0004 | Size = 200704 bytes | Modified Date = 7/30/2006 12:04:40 PM | Attr = ]
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 1/4/2007 4:43:54 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 1/4/2007 4:43:54 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 1/4/2007 4:43:54 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 1/4/2007 4:43:54 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/4/2004 2:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedFTP.dll -> Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com [Ver = 1.1.129.0 | Size = 279392 bytes | Modified Date = 12/6/2004 2:45:48 PM | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com [Ver = 5.1.5062.0 | Size = 456536 bytes | Modified Date = 7/30/2006 12:04:42 PM | Attr = ]