Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected with MALWARE


  • This topic is locked This topic is locked

#1
Pin-Cushion

Pin-Cushion

    Banned

  • Banned
  • PipPip
  • 24 posts
:whistling: Hello, this is my first time using the geeks to go website, and i am kind of computer illiterate.

I have recently been infected with spyware and malware. I have been struggling through the removal of these items. I have Mcafee installed on my computer, and they are not detecting it. I constantly had popups and a little yellow triangle near my clock. I followed some online steps and those items are gone. Yet i am still having problems accessing certain sites such as hotmail. I am told this may be malware. How can i get rid of what ever is affecting my computer.

Thanks for your help

Logfile of HijackThis v1.99.1
Scan saved at 8:54:57 PM, on 2/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe
C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\Randy\Local Settings\Temporary Internet Files\Content.IE5\608W9YPP\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-full\SpywareVanisher.exe -FastScan
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LimeWire 4.2.6.lnk = C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?82c9c9ff56ea41c6b0f85d16e059a315
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?82c9c9ff56ea41c6b0f85d16e059a315
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...84/mcinsctl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,21/mcgdmgr.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://D:\CDVIEWER\CdViewer.cab
O18 - Protocol: bw+0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {B71D15F9-ACD7-49DA-B325-A29FAD30902B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by Pin-Cushion, 06 February 2007 - 05:46 PM.

  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi Pin-Cushion and welcome to GeeksToGo! My name is Excal and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

Also, can you please go to control panel, add/remove programs>then remove LogitechDesktopMessenger

Its a not needed program and takes up valuable resources.

If you have resolved this issue please let us know.

:whistling:

Excal
  • 0

#3
Pin-Cushion

Pin-Cushion

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 24 posts
thx for replying. I removed the logitech desktop manager, and this is the new hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 4:38:53 PM, on 2/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe
C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-full\SpywareVanisher.exe -FastScan
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LimeWire 4.2.6.lnk = C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?82c9c9ff56ea41c6b0f85d16e059a315
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?82c9c9ff56ea41c6b0f85d16e059a315
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...84/mcinsctl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,21/mcgdmgr.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://D:\CDVIEWER\CdViewer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#4
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Did you purchase SpywareVanisher?

1. Download ComboFix.exe using either of these links:

BleepingComputer

Techsupportforum.com

2. Double click on combofix.exe & follow the prompts to allow the tool to run.

3. When it has finished, it will produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall



:whistling:


Excal
  • 0

#5
Pin-Cushion

Pin-Cushion

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 24 posts
Hey Excal, i did not purchase spyware vanisher. I used it to try and get rid of some spyware....surprisingly it didnt work. I am having a [bleep] of a time deleting it though...

Also, could you inform me about this "Fire Fox". I have heard of it, but im not too sure what it is all about.
Here are the logs you asked for.

** COMBO FIX LOG**

Randy" - 07-02-11 20:55:00 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\"

((((((((((((((((((((((((((((((( Files Created from 2007-01-11 to 2007-02-11 ))))))))))))))))))))))))))))))))))


2007-02-11 20:54 880,702 --a------ C:\combofix.exe
2007-02-11 16:38 218,112 --a------ C:\HijackThis.exe
2007-02-05 20:20 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-02-05 20:16 4,538 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-02-05 20:15 79,360 --a------ C:\WINDOWS\SYSTEM32\swxcacls.exe
2007-02-05 20:15 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-02-05 20:15 40,960 --a------ C:\WINDOWS\SYSTEM32\swsc.exe
2007-02-05 20:15 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-02-05 20:15 135,168 --a------ C:\WINDOWS\SYSTEM32\swreg.exe
2007-02-03 11:47 5,632 --a------ C:\WINDOWS\SYSTEM32\ptpusb.dll
2007-02-03 11:47 159,232 --a------ C:\WINDOWS\SYSTEM32\ptpusd.dll
2007-01-30 18:36 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-30 18:36 <DIR> d-------- C:\WINDOWS\SYSTEM32\en-US
2007-01-30 18:33 <DIR> d--h-c--- C:\WINDOWS\ie7
2007-01-30 18:29 121,856 --------- C:\WINDOWS\SYSTEM32\xmllite.dll
2007-01-30 18:25 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-27 09:09 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-01-24 22:39 <DIR> d-------- C:\DOCUME~1\Randy\Application Data\Google
2007-01-24 22:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-24 22:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google Updater
2007-01-22 20:30 <DIR> d-------- C:\Program Files\Windows Defender
2007-01-22 20:18 <DIR> d-------- C:\Program Files\NoAdware5.0
2007-01-22 20:12 8,192 --a------ C:\WINDOWS\Rpoint.exe
2007-01-22 18:37 724,992 --a------ C:\WINDOWS\iun6002.exe
2007-01-22 18:16 <DIR> d-------- C:\Program Files\XoftSpySE
2007-01-22 17:46 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-22 17:46 <DIR> d-------- C:\DOCUME~1\Randy\Application Data\PC Tools
2007-01-22 17:36 1,152 --a------ C:\WINDOWS\SYSTEM32\windrv.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-11 16:34 -------- d-------- C:\Program Files\logitech
2007-02-10 21:52 -------- d-------- C:\Program Files\starcraft
2007-02-05 20:23 -------- d-------- C:\DOCUME~1\Randy\Application Data\adobeum
2007-01-27 09:52 -------- d-------- C:\Program Files\partygaming
2007-01-27 09:00 -------- d-------- C:\Program Files\Common Files\adobe
2007-01-27 08:58 -------- d-------- C:\Program Files\google
2007-01-23 22:11 -------- d-------- C:\DOCUME~1\Randy\Application Data\viewpoint
2007-01-23 08:50 -------- d-------- C:\Program Files\aol 8.0
2007-01-10 21:54 -------- d-------- C:\Program Files\viewpoint
2007-01-04 21:53 -------- d-------- C:\Program Files\Common Files\viewpoint
2006-12-28 16:43 -------- d--h----- C:\Program Files\installshield installation information
2006-12-28 16:43 -------- d-------- C:\Program Files\ea sports
2006-12-07 22:39 117092 --a------ C:\WINDOWS\hpoins11.dat
2006-11-22 17:45 747 --a------ C:\WINDOWS\ereg.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"Spyware Vanisher"="C:\\spywarevanisher-full\\SpywareVanisher.exe -FastScan"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"="C:\\WINDOWS\\system32\\Macromed\\Flash\\GetFlash.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"BCMSMMSG"="BCMSMMSG.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MMTray"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mm_tray.exe"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"WT GameChannel"="C:\\Program Files\\WildTangent\\Apps\\GameChannel.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"ezShieldProtector for Px"="C:\\WINDOWS\\system32\\ezSP_Px.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mimboot.exe"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~2\\SsAAD.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"SNM"="C:\\Program Files\\SpyNoMore\\SNM.exe /startup"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{38D4D5D0-423E-4220-B6F9-30918C2AE4A4}"=""
"{FB153DCE-822E-47ec-8D00-2706E7864B37}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"none"="C:\\Program Files\\Video ActiveX Object\\pmsngr.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32ae9920-3a0d-11d8-ab48-806d6172696f}]
Shell\AutoRun\command E:\SETUP.EXE
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_GUSVC


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\XoftSpySE.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-11 21:06:13

**HJT LOG**

Logfile of HijackThis v1.99.1
Scan saved at 9:09:31 PM, on 2/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe
C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~2\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-full\SpywareVanisher.exe -FastScan
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LimeWire 4.2.6.lnk = C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?82c9c9ff56ea41c6b0f85d16e059a315
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?82c9c9ff56ea41c6b0f85d16e059a315
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...84/mcinsctl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.co...,21/mcgdmgr.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://D:\CDVIEWER\CdViewer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#6
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Firefox is another browser to use in lieu of Internet Explorer, its said to be safer :blink:
Click on the link in my signature if you want to try it out after we get you fixed.

Go to start>control panel>add/remove programs then find spyware vanisher and uninstall it.

Reboot and do the following:

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.



Thanks,

:whistling:

Excal
  • 0

#7
Pin-Cushion

Pin-Cushion

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 24 posts
In the "add/remove programs" Spyware vanisher is not present...
  • 0

#8
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Ok no worries, go ahead with the next part.


:whistling:

Excal
  • 0

#9
Pin-Cushion

Pin-Cushion

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 24 posts
hey excal...im having a hard time running WinPFind3U.exe... It starts scanning...then all of a sudden "stalls". And then it says it is not responding. Whats happening
  • 0

#10
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Go ahead and open WinPFind3 again. Keep the settings the same as before with the exception of File/Folder String and ADS Search, please put none.


Then try the scan again. Please let it run awhile, as sometimes windows thinks its not repsonding, but in fact it still is.


:whistling:



Excal
  • 0

Advertisements


#11
Pin-Cushion

Pin-Cushion

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 24 posts
There we go.

Here is the log file

WinPFind3 logfile created on: 2/12/2007 5:36:33 PM
WinPFind3U by OldTimer - Version 1.0.17 Folder = C:\Documents and Settings\Randy\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

522220 Kb Total Physical Memory | 160864 Kb Available Physical Memory | 30.80% Memory free
1276624 Kb Paging File | 638972 Kb Available in Paging File | 50.05% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78083932 Kb Total Space | 56561708 Kb Free Space | 72.44% Space Free
D: Drive not present or media not loaded
Drive E: | 656440 Kb Total Space | 0 Kb Free Space | 0.00% Space Free
F: Drive not present or media not loaded


[Processes - Non-Microsoft Only]
bcmsmmsg.exe -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 3:59:24 AM | Attr = ]
dsagnt.exe -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 0, 73 | Size = 306688 bytes | Modified Date = 7/19/2004 7:51:24 AM | Attr = ]
dsentry.exe -> %System32%\DSentry.exe -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 5, 0 | Size = 28672 bytes | Modified Date = 8/13/2003 9:27:40 AM | Attr = ]
ezsp_px.exe -> %System32%\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 10:29:26 AM | Attr = ]
gamechannel.exe -> %ProgramFiles%\WildTangent\Apps\GameChannel.exe -> WildTangent [Ver = 1, 5, 1, 19 | Size = 184784 bytes | Modified Date = 4/30/2003 3:21:14 PM | Attr = ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 4.2006.1008.2039 | Size = 190464 bytes | Modified Date = 10/13/2006 10:03:20 PM | Attr = ]
googledesktopcrawl.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopCrawl.exe -> Google [Ver = 4.2006.1008.2039 | Size = 243712 bytes | Modified Date = 10/13/2006 10:03:20 PM | Attr = ]
googledesktopindex.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopIndex.exe -> Google [Ver = 4.2006.1008.2039 | Size = 755712 bytes | Modified Date = 10/13/2006 10:03:20 PM | Attr = ]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.755.22488.beta | Size = 136952 bytes | Modified Date = 2/8/2007 1:39:44 PM | Attr = ]
harmonyclient.exe -> %ProgramFiles%\Logitech\Harmony Remote\harmonyClient.exe -> [Ver = | Size = 1478144 bytes | Modified Date = 4/18/2005 4:31:34 PM | Attr = R ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 9/20/2005 8:32:24 AM | Attr = ]
hpqimzone.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqimzone.exe -> Hewlett-Packard Development Company, L.P. [Ver = 065.000.117.000 | Size = 479232 bytes | Modified Date = 2/10/2006 7:56:12 AM | Attr = ]
hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 239320 bytes | Modified Date = 2/19/2006 5:24:52 AM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2/19/2006 4:21:22 AM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 2/19/2006 2:41:10 AM | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 10, 1, 1, 5 | Size = 69632 bytes | Modified Date = 3/3/2006 9:03:10 PM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 9/20/2005 8:36:20 AM | Attr = ]
igfxsrvc.exe -> %System32%\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 159744 bytes | Modified Date = 9/20/2005 8:32:16 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
jucheck.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jucheck.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 241775 bytes | Modified Date = 11/10/2005 12:03:52 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/10/2005 12:03:52 PM | Attr = ]
limewire.exe -> %ProgramFiles%\LimeWire\LimeWire 4.2.6\LimeWire.exe -> LimeWire, LLC [Ver = 2, 0, 0, 1 | Size = 86016 bytes | Modified Date = 10/28/2004 2:17:32 PM | Attr = ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Modified Date = 9/22/2005 6:29:08 PM | Attr = ]
mcdetect.exe -> %ProgramFiles%\McAfee.com\Agent\Mcdetect.exe -> McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Modified Date = 10/13/2005 6:56:16 PM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee.com\VSO\McShield.exe -> McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Modified Date = 8/10/2005 10:22:02 AM | Attr = ]
mctskshd.exe -> %ProgramFiles%\McAfee.com\Agent\McTskshd.exe -> McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Modified Date = 8/24/2005 3:01:04 PM | Attr = ]
mcvsescn.exe -> %ProgramFiles%\McAfee.com\VSO\McVSEscn.exe -> McAfee, Inc. [Ver = 10, 0, 0, 20 | Size = 483328 bytes | Modified Date = 7/8/2005 5:16:16 PM | Attr = ]
mcvsftsn.exe -> %ProgramFiles%\McAfee.com\VSO\mcvsftsn.exe -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 299008 bytes | Modified Date = 7/1/2005 7:43:00 PM | Attr = ]
mcvsshld.exe -> %ProgramFiles%\McAfee.com\VSO\mcvsshld.exe -> McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Modified Date = 8/10/2005 11:49:20 AM | Attr = ]
mm_tray.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 110592 bytes | Modified Date = 1/19/2006 10:06:18 AM | Attr = ]
oasclnt.exe -> %ProgramFiles%\McAfee.com\VSO\oasclnt.exe -> McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Modified Date = 8/11/2005 9:02:44 PM | Attr = ]
pcmservice.exe -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 8/26/2003 6:47:34 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 6:58:18 PM | Attr = ]
realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 12/12/2003 6:57:44 PM | Attr = ]
ssaad.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe -> [Ver = 3.0.00.13241 | Size = 81920 bytes | Modified Date = 1/24/2005 6:58:02 PM | Attr = ]
ssscsisv.exe -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 3.0.00.13241 | Size = 69632 bytes | Modified Date = 1/24/2005 5:36:52 PM | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.05b | Size = 114741 bytes | Modified Date = 8/6/2003 12:04:00 AM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 2:38:20 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 2:38:10 PM | Attr = ]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 7, 0, 0, 2 | Size = 65536 bytes | Modified Date = 5/23/2003 4:38:28 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.17.0 | Size = 308736 bytes | Modified Date = 2/11/2007 12:42:18 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
(HP Port Resolver) HP Port Resolver [Win32_Own | On_Demand | Stopped] -> %System32%\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE -> Hewlett-Packard Company [Ver = 1, 0, 50, 0 | Size = 81920 bytes | Modified Date = 5/20/2005 10:37:12 AM | Attr = ]
(HP Status Server) HP Status Server [Win32_Own | On_Demand | Stopped] -> %System32%\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE -> Hewlett-Packard Company [Ver = 1, 0, 46, 0 | Size = 73728 bytes | Modified Date = 10/16/2004 5:31:06 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
(McDetect.exe) McAfee WSC Integration [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\Agent\Mcdetect.exe -> McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Modified Date = 10/13/2005 6:56:16 PM | Attr = ]
(McShield) McAfee.com McShield [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\VSO\McShield.exe -> McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Modified Date = 8/10/2005 10:22:02 AM | Attr = ]
(McTskshd.exe) McAfee Task Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\Agent\McTskshd.exe -> McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Modified Date = 8/24/2005 3:01:04 PM | Attr = ]
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee.com\Agent\mcupdmgr.exe -> McAfee, Inc [Ver = 6, 0, 0, 4 | Size = 245760 bytes | Modified Date = 7/1/2005 6:22:50 PM | Attr = ]
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.1.00.13261 | Size = 53337 bytes | Modified Date = 1/26/2005 2:30:04 PM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 1.2.26.0 | Size = 143360 bytes | Modified Date = 3/3/2003 12:33:40 PM | Attr = ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.1.00.13261 | Size = 53337 bytes | Modified Date = 1/26/2005 2:25:34 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Running] -> -> File not found
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.1.00.13261 | Size = 69718 bytes | Modified Date = 1/26/2005 2:20:14 PM | Attr = ]
(SSScsiSV) SonicStage SCSI Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 3.0.00.13241 | Size = 69632 bytes | Modified Date = 1/24/2005 5:36:52 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 2:38:10 PM | Attr = ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 7, 0, 0, 2 | Size = 65536 bytes | Modified Date = 5/23/2003 4:38:28 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.755.22488.beta | Size = 136952 bytes | Modified Date = 2/8/2007 1:39:44 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BCMSMMSG -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 3:59:24 AM | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.05b | Size = 114741 bytes | Modified Date = 8/6/2003 12:04:00 AM | Attr = ]
DVDSentry -> %System32%\DSentry.exe -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 5, 0 | Size = 28672 bytes | Modified Date = 8/13/2003 9:27:40 AM | Attr = ]
ezShieldProtector for Px -> %System32%\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 10:29:26 AM | Attr = ]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 4.2006.1008.2039 | Size = 190464 bytes | Modified Date = 10/13/2006 10:03:20 PM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 2/19/2006 2:41:10 AM | Attr = ]
igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 9/20/2005 8:32:24 AM | Attr = ]
igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 9/20/2005 8:36:20 AM | Attr = ]
igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 94208 bytes | Modified Date = 9/20/2005 8:35:40 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
MCAgentExe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Modified Date = 9/22/2005 6:29:08 PM | Attr = ]
MCUpdateExe -> %ProgramFiles%\McAfee.com\Agent\mcupdate.exe -> McAfee, Inc [Ver = 6, 0, 0, 21 | Size = 212992 bytes | Modified Date = 1/11/2006 12:05:42 PM | Attr = ]
MimBoot -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 11776 bytes | Modified Date = 1/19/2006 10:06:16 AM | Attr = ]
MMTray -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.00.4033 | Size = 110592 bytes | Modified Date = 1/19/2006 10:06:18 AM | Attr = ]
OASClnt -> %ProgramFiles%\McAfee.com\VSO\oasclnt.exe -> McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Modified Date = 8/11/2005 9:02:44 PM | Attr = ]
PCMService -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 8/26/2003 6:47:34 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 6:58:18 PM | Attr = ]
RealTray -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 12/12/2003 6:57:44 PM | Attr = ]
SNM -> %ProgramFiles%\SpyNoMore\SNM.exe -> File not found
SsAAD.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe -> [Ver = 3.0.00.13241 | Size = 81920 bytes | Modified Date = 1/24/2005 6:58:02 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/10/2005 12:03:52 PM | Attr = ]
UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 8/19/2003 1:01:00 AM | Attr = ]
VirusScan Online -> %ProgramFiles%\McAfee.com\VSO\mcvsshld.exe -> McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Modified Date = 8/10/2005 11:49:20 AM | Attr = ]
VSOCheckTask -> %ProgramFiles%\McAfee.com\VSO\mcmnhdlr.exe -> McAfee, Inc. [Ver = 10, 0, 0, 20 | Size = 151552 bytes | Modified Date = 7/8/2005 5:18:22 PM | Attr = ]
WT GameChannel -> %ProgramFiles%\WildTangent\Apps\GameChannel.exe -> WildTangent [Ver = 1, 5, 1, 19 | Size = 184784 bytes | Modified Date = 4/30/2003 3:21:14 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DellSupport -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 0, 73 | Size = 306688 bytes | Modified Date = 7/19/2004 7:51:24 AM | Attr = ]
Spyware Vanisher -> %SystemDrive%\spywarevanisher-full\SpywareVanisher.exe -> File not found
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 1/24/2007 10:38:56 PM | Attr = ]
< RunOnce [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
FlashPlayerUpdate -> %System32%\Macromed\Flash\GetFlash.exe -> Macromedia, Inc. [Ver = 8,0,22,0 | Size = 128648 bytes | Modified Date = 8/27/2005 1:38:58 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
%AllUsersStartup%\AOL 8.0 Tray Icon.lnk -> %ProgramFiles%\AOL 8.0\aoltray.exe -> America Online, Inc. [Ver = 8.00.000 | Size = 36937 bytes | Modified Date = 5/23/2003 4:35:36 PM | Attr = H ]
%AllUsersStartup%\Forget Me Not.lnk -> %ProgramFiles%\Broderbund\AG CreataCard\AGRemind.exe -> TLC Multimedia Inc. [Ver = 1, 0, 0, 600 | Size = 323584 bytes | Modified Date = 6/20/2000 10:34:12 AM | Attr = ]
%AllUsersStartup%\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.0.755.22488.beta | Size = 123640 bytes | Modified Date = 2/8/2007 1:39:40 PM | Attr = ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 2/19/2006 4:21:22 AM | Attr = ]
%AllUsersStartup%\HP Photosmart Premier Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 065.000.117.000 | Size = 73728 bytes | Modified Date = 2/10/2006 7:56:20 AM | Attr = ]
%AllUsersStartup%\LimeWire 4.2.6.lnk -> %ProgramFiles%\LimeWire\LimeWire 4.2.6\LimeWire.exe -> LimeWire, LLC [Ver = 2, 0, 0, 1 | Size = 86016 bytes | Modified Date = 10/28/2004 2:17:32 PM | Attr = ]
%AllUsersStartup%\Logitech Harmony Remote.lnk -> %ProgramFiles%\Logitech\Harmony Remote\harmonyClient.exe -> [Ver = | Size = 1478144 bytes | Modified Date = 4/18/2005 4:31:34 PM | Attr = R ]
%AllUsersStartup%\NkbMonitor.exe.lnk -> %ProgramFiles%\Nikon\PictureProject\NkbMonitor.exe -> Nikon Corporation [Ver = 1, 5, 0, 3004 | Size = 118784 bytes | Modified Date = 1/24/2005 5:52:36 PM | Attr = ]
< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
regfile [merge] -> Reg Data - Key not found ->
scrfile [open] -> "%1" /S ->
scrfile [config] -> "%1" ->
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> %programfiles%\internet explorer\iexplore.exe -> File not found
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\\Command ->
NewLinkHere -> -> File not found
%1 -> -> File not found
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\\Command ->
Briefcase_Create -> -> File not found
%2!d! -> -> File not found
%1 -> -> File not found
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{44BBA851-CC51-11CF-AAFA-00AA00B6015C} -> rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install ->
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -> C:\WINDOWS\system32\ieudinit.exe
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
< WOW Command Line [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
*wowcmdline* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW\\wowcmdline ->
-a -> -> File not found
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> autocheck autochk *; ->
< SharedTaskScheduler [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{38D4D5D0-423E-4220-B6F9-30918C2AE4A4} [HKLM] -> [] -> File not found
{FB153DCE-822E-47ec-8D00-2706E7864B37} [HKLM] -> Reg Data - Key not found [] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\none -> C:\Program Files\Video ActiveX Object\pmsngr.exe ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft...p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page -> http://www.microsoft...p...&ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
online_musicmatch.com [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [Yahoo! Companion BHO] -> Yahoo! Inc. [Ver = 2004, 9, 28, 1 | Size = 292947 bytes | Modified Date = 9/29/2004 12:02:16 PM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.05b | Size = 106548 bytes | Modified Date = 8/6/2003 12:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 12:22:12 PM | Attr = ]
{A7327C09-B521-4EDB-8509-7D2660C9EC98} [HKLM] -> %ProgramFiles%\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll [Viewpoint Toolbar BHO] -> Viewpoint Corporation [Ver = 3, 7, 0, 40 | Size = 38584 bytes | Modified Date = 11/1/2006 11:19:28 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 3576 | Size = 2403392 bytes | Modified Date = 1/24/2007 10:38:50 PM | Attr = R ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{7BED0340-176B-44BC-915E-C21C1DD6F617} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 3576 | Size = 2403392 bytes | Modified Date = 1/24/2007 10:38:50 PM | Attr = R ]
{BA52B914-B692-46c4-B683-905236F6F655} [HKLM] -> %ProgramFiles%\McAfee.com\VSO\mcvsshl.dll [McAfee VirusScan] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Modified Date = 7/1/2005 7:44:30 PM | Attr = ]
{D49E9D35-254C-4c6a-9D17-95018D228FF5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [Yahoo! Companion] -> Yahoo! Inc. [Ver = 2004, 9, 28, 1 | Size = 292947 bytes | Modified Date = 9/29/2004 12:02:16 PM | Attr = ]
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} [HKLM] -> %CommonProgramFiles%\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll [Viewpoint Toolbar] -> Viewpoint Corporation [Ver = 3, 7, 0, 40 | Size = 333472 bytes | Modified Date = 11/1/2006 11:19:14 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 3576 | Size = 2403392 bytes | Modified Date = 1/24/2007 10:38:50 PM | Attr = R ]
WebBrowser\\{2D51D869-C36B-42BD-AE68-0A81BC771FA5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{7BED0340-176B-44BC-915E-C21C1DD6F617} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{84938242-5C5B-4A55-B6B9-A1507543B418} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{D49E9D35-254C-4C6A-9D17-95018D228FF5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [Yahoo! Companion] -> Yahoo! Inc. [Ver = 2004, 9, 28, 1 | Size = 292947 bytes | Modified Date = 9/29/2004 12:02:16 PM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8198 - Reg Data - Key not found ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8195 - Reg Data - Value does not exist ->
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -> 8197 - PartyPoker.com ->
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8194 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8196 - Windows Messenger ->
NextId -> 8199 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 12:22:12 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 12:22:12 PM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [ButtonText: PartyPoker.com] -> [Ver = 1, 0, 0, 2 | Size = 110592 bytes | Modified Date = 6/23/2006 11:05:24 AM | Attr = ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&MSN Search -> %ProgramFiles%\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll\search.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
Open in new background tab -> -> File not found
Open in new foreground tab -> -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{28710882-150A-48A6-A858-2FC774BA822E} [HKLM] -> %CommonProgramFiles%\Viewpoint\Toolbar Runtime\3.7.0\FotomatShellExt.dll [Viewpoint Photos Shell Extension] -> Viewpoint Corporation [Ver = 3, 7, 0, 40 | Size = 83672 bytes | Modified Date = 11/1/2006 11:20:00 AM | Attr = ]
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{4621934C-FFED-4d4f-8146-290D6B7289BC} [HKLM] -> %CommonProgramFiles%\aolshare\shell\ca\shellext.dll [AOL] -> America Online, Inc. [Ver = 2, 0, 0, 1 | Size = 106496 bytes | Modified Date = 5/23/2003 4:22:32 PM | Attr = H ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.05b | Size = 106548 bytes | Modified Date = 8/6/2003 12:04:00 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\HTICONS.DLL [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/29/2002 4:00:00 AM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> %SystemDrive%\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL [Web Folders] -> File not found
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} [HKLM] -> %ProgramFiles%\Sonic\RecordNow!\shlext.dll [RecordNow! SendToExt] -> Sonic Solutions [Ver = 1.0.0.1 | Size = 77824 bytes | Modified Date = 8/13/2003 5:00:00 AM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{CFC7205E-2792-4378-9591-3879CC6C9022} [HKLM] -> %ProgramFiles%\McAfee.com\VSO\mcvsshl.dll [VSCContextMenu Class] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Modified Date = 7/1/2005 7:44:30 PM | Attr = ]
{28710882-150A-48A6-A858-2FC774BA822E} [HKLM] -> %CommonProgramFiles%\Viewpoint\Toolbar Runtime\3.7.0\FotomatShellExt.dll [ViewpointPhotosExt] -> Viewpoint Corporation [Ver = 3, 7, 0, 40 | Size = 83672 bytes | Modified Date = 11/1/2006 11:20:00 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} [HKLM] -> %System32%\igfxpph.dll [igfxcui] -> Intel Corporation [Ver = 3.0.0.4396 | Size = 147456 bytes | Modified Date = 9/20/2005 8:35:24 AM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{CFC7205E-2792-4378-9591-3879CC6C9022} [HKLM] -> %ProgramFiles%\McAfee.com\VSO\mcvsshl.dll [VSCContextMenu Class] -> McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Modified Date = 7/1/2005 7:44:30 PM | Attr = ]
{28710882-150A-48A6-A858-2FC774BA822E} [HKLM] -> %CommonProgramFiles%\Viewpoint\Toolbar Runtime\3.7.0\FotomatShellExt.dll [ViewpointPhotosExt] -> Viewpoint Corporation [Ver = 3, 7, 0, 40 | Size = 83672 bytes | Modified Date = 11/1/2006 11:20:00 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{5ED1AA28-B408-4B53-B624-A4B7EEE14AC7} -> (Intel® PRO/100 VE Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macr...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft....k/?linkid=39204 ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.micr...922/wmv9VCM.CAB ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -> McAfee.com Operating System Class - CodeBase = http://bin.mcafee.co...84/mcinsctl.cab ->
{62475759-9E84-458E-A1AB-5D2C442ADFDE} -> - CodeBase = http://a1540.g.akama...meInstaller.exe ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -> DwnldGroupMgr Class - CodeBase = http://bin.mcafee.co...,21/mcgdmgr.cab ->
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} -> Java Plug-in 1.4.2 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> Shockwave Flash Object - CodeBase = http://fpdownload.ma...ash/swflash.cab ->
{FC11A119-C2F7-46F4-9E32-937ABA26816E} -> AMI DicomDir TreeView Control 2.1 - CodeBase = file://D:\CDVIEWER\CdViewer.cab ->
RaptisoftGameLoader -> - CodeBase = http://www.miniclip....tgameloader.cab ->


[Files - Created Within 30 days]
combofix.exe -> %SystemDrive%\combofix.exe -> [Ver = 0. 0. 0. 0 | Size = 880702 bytes | Created Date = 2/11/2007 8:54:15 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\combofix.exe:Zone.Identifier ->
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 534827008 bytes | Created Date = 1/1/1601 7:00:00 AM | Attr = HS]
HijackThis.exe -> %SystemDrive%\HijackThis.exe -> Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Created Date = 2/11/2007 4:38:05 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\HijackThis.exe:Zone.Identifier ->
winpfind3u.exe -> %SystemDrive%\winpfind3u.exe -> [Ver = | Size = 342399 bytes | Created Date = 2/12/2007 4:30:56 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\winpfind3u.exe:Zone.Identifier ->
Google Updater.lnk -> %AllUsersStartup%\Google Updater.lnk -> [Ver = | Size = 920 bytes | Created Date = 1/24/2007 10:38:07 PM | Attr = ]
Shortcut to Internet Explorer.lnk -> %UserDesktop%\Shortcut to Internet Explorer.lnk -> [Ver = | Size = 104 bytes | Created Date = 1/30/2007 8:29:27 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342399 bytes | Created Date = 2/12/2007 4:53:07 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
dumphive.exe -> %UserDesktop%\SmitfraudFix\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 2/5/2007 8:15:42 PM | Attr = ]
GenericRenosFix.exe -> %UserDesktop%\SmitfraudFix\GenericRenosFix.exe -> S!Ri [Ver = | Size = 81920 bytes | Created Date = 2/5/2007 8:15:42 PM | Attr = ]
Process.exe -> %UserDesktop%\SmitfraudFix\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 2/5/2007 8:15:42 PM | Attr = ]
Reboot.exe -> %UserDesktop%\SmitfraudFix\Reboot.exe -> Option^Explicit Software [Ver = 1.00 | Size = 24576 bytes | Created Date = 2/5/2007 8:15:43 PM | Attr = ]
restart.exe -> %UserDesktop%\SmitfraudFix\restart.exe -> WareSoft Software [Ver = 1.00 | Size = 16384 bytes | Created Date = 2/5/2007 8:15:43 PM | Attr = ]
SmitfraudFix.cmd -> %UserDesktop%\SmitfraudFix\SmitfraudFix.cmd -> [Ver = | Size = 938679 bytes | Created Date = 2/5/2007 8:15:43 PM | Attr = ]
SmiUpdate.exe -> %UserDesktop%\SmitfraudFix\SmiUpdate.exe -> S-Software [Ver = 1.00.0039 | Size = 20480 bytes | Created Date = 2/5/2007 8:15:44 PM | Attr = ]
SrchSTS.exe -> %UserDesktop%\SmitfraudFix\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 2/5/2007 8:15:44 PM | Attr = ]
swreg.exe -> %UserDesktop%\SmitfraudFix\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 2/5/2007 8:15:44 PM | Attr = ]
swsc.exe -> %UserDesktop%\SmitfraudFix\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 2/5/2007 8:15:44 PM | Attr = ]
swxcacls.exe -> %UserDesktop%\SmitfraudFix\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 2/5/2007 8:15:44 PM | Attr = ]
unzip.exe -> %UserDesktop%\SmitfraudFix\unzip.exe -> [Ver = | Size = 167936 bytes | Created Date = 2/5/2007 8:15:45 PM | Attr = ]
WinPFind3U.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.17.0 | Size = 308736 bytes | Created Date = 2/12/2007 4:53:15 PM | Attr = ]
2007 CHEROKEE FIFTH WHEEL PURCHASE.doc -> %UserDocuments%\2007 CHEROKEE FIFTH WHEEL PURCHASE.doc -> [Ver = | Size = 29696 bytes | Created Date = 1/28/2007 11:57:26 AM | Attr = ]
3-4Checklist.doc -> %UserDocuments%\3-4Checklist.doc -> [Ver = | Size = 55808 bytes | Created Date = 1/25/2007 6:58:03 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\3-4Checklist.doc:Zone.Identifier ->
ECCE 1120 Play experience 1 form.doc -> %UserDocuments%\ECCE 1120 Play experience 1 form.doc -> [Ver = | Size = 37888 bytes | Created Date = 1/27/2007 8:00:19 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\ECCE 1120 Play experience 1 form.doc:Zone.Identifier ->
Ephesians.doc -> %UserDocuments%\Ephesians.doc -> [Ver = | Size = 21504 bytes | Created Date = 1/31/2007 7:08:51 PM | Attr = ]
Flight.doc -> %UserDocuments%\Flight.doc -> [Ver = | Size = 24064 bytes | Created Date = 2/12/2007 5:33:18 PM | Attr = ]
French 30 Final Exam.doc -> %UserDocuments%\French 30 Final Exam.doc -> [Ver = | Size = 26112 bytes | Created Date = 1/15/2007 4:57:54 PM | Attr = ]
HockeyCalendar.xls -> %UserDocuments%\HockeyCalendar.xls -> [Ver = | Size = 46592 bytes | Created Date = 1/29/2007 6:38:55 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\HockeyCalendar.xls:Zone.Identifier ->
Hurt's Truck.doc -> %UserDocuments%\Hurt's Truck.doc -> [Ver = | Size = 22528 bytes | Created Date = 1/21/2007 2:53:37 PM | Attr = ]
hurts truck.doc -> %UserDocuments%\hurts truck.doc -> [Ver = | Size = 19968 bytes | Created Date = 1/21/2007 9:50:27 PM | Attr = ]
parentpermission.doc -> %UserDocuments%\parentpermission.doc -> [Ver = | Size = 733696 bytes | Created Date = 1/14/2007 2:50:09 PM | Attr = ]
TO DO LIST.doc -> %UserDocuments%\TO DO LIST.doc -> [Ver = | Size = 22016 bytes | Created Date = 2/6/2007 7:47:19 PM | Attr = ]
Sample Pictures.lnk -> %UserDocuments%\My Pictures\Sample Pictures.lnk -> [Ver = | Size = 668 bytes | Created Date = 1/30/2007 8:32:33 PM | Attr = ]
iTunes Library.itl -> %UserDocuments%\My Music\iTunes\iTunes Library.itl -> [Ver = | Size = 128013 bytes | Created Date = 2/11/2007 6:49:20 PM | Attr = ]
iTunes Music Library.xml -> %UserDocuments%\My Music\iTunes\iTunes Music Library.xml -> [Ver = | Size = 144939 bytes | Created Date = 2/11/2007 6:48:21 PM | Attr = ]
IMG_0067.JPG -> %UserDocuments%\My Pictures\Jasc Paint Shop Photo Album Images\February 03, 2007\IMG_0067.JPG -> [Ver = | Size = 1439146 bytes | Created Date = 2/3/2007 11:49:41 AM | Attr = ]
IMG_0241.JPG -> %UserDocuments%\My Pictures\Jasc Paint Shop Photo Album Images\February 03, 2007\IMG_0241.JPG -> [Ver = | Size = 956841 bytes | Created Date = 2/3/2007 11:49:33 AM | Attr = ]
IMG_0250.JPG -> %UserDocuments%\My Pictures\Jasc Paint Shop Photo Album Images\February 03, 2007\IMG_0250.JPG -> [Ver = | Size = 1162849 bytes | Created Date = 2/3/2007 11:49:52 AM | Attr = ]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.2 | Size = 724992 bytes | Created Date = 1/22/2007 6:37:39 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 2/11/2007 6:45:47 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 2/11/2007 6:45:47 PM | Attr = H ]
Rpoint.exe -> %SystemRoot%\Rpoint.exe -> [Ver = | Size = 8192 bytes | Created Date = 1/22/2007 8:12:01 PM | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 2/5/2007 8:15:50 PM | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 2/5/2007 8:20:07 PM | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 2/5/2007 8:15:50 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 2/5/2007 8:15:49 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 2/5/2007 8:15:50 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 2/5/2007 8:15:50 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 4538 bytes | Created Date = 2/5/2007 8:16:24 PM | Attr = ]
windrv.sys -> %System32%\windrv.sys -> [Ver = | Size = 1152 bytes | Created Date = 1/22/2007 5:36:17 PM | Attr = ]

[Files - Modified Within 30 days]
combofix.exe -> %SystemDrive%\combofix.exe -> [Ver = 0. 0. 0. 0 | Size = 880702 bytes | Modified Date = 2/11/2007 8:54:20 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\combofix.exe:Zone.Identifier ->
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 534827008 bytes | Modified Date = 2/5/2007 8:22:12 PM | Attr = HS]
HijackThis.exe -> %SystemDrive%\HijackThis.exe -> Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Modified Date = 2/11/2007 4:38:08 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\HijackThis.exe:Zone.Identifier ->
winpfind3u.exe -> %SystemDrive%\winpfind3u.exe -> [Ver = | Size = 342399 bytes | Modified Date = 2/12/2007 4:30:58 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\winpfind3u.exe:Zone.Identifier ->
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 2205456 bytes | Modified Date = 2/5/2007 8:21:20 PM | Attr = H ]
Google Updater.lnk -> %AllUsersStartup%\Google Updater.lnk -> [Ver = | Size = 920 bytes | Modified Date = 2/8/2007 1:39:58 PM | Attr = ]
Microsoft Office Excel 2003.lnk -> %UserDesktop%\Microsoft Office Excel 2003.lnk -> [Ver = | Size = 2495 bytes | Modified Date = 2/9/2007 6:47:42 PM | Attr = ]
Microsoft Office Word 2003.lnk -> %UserDesktop%\Microsoft Office Word 2003.lnk -> [Ver = | Size = 2497 bytes | Modified Date = 2/12/2007 4:39:44 PM | Attr = ]
Shortcut to Internet Explorer.lnk -> %UserDesktop%\Shortcut to Internet Explorer.lnk -> [Ver = | Size = 104 bytes | Modified Date = 1/30/2007 8:29:28 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342399 bytes | Modified Date = 2/12/2007 4:53:10 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
GenericRenosFix.exe -> %UserDesktop%\SmitfraudFix\GenericRenosFix.exe -> S!Ri [Ver = | Size = 81920 bytes | Modified Date = 2/2/2007 5:00:16 PM | Attr = ]
SmitfraudFix.cmd -> %UserDesktop%\SmitfraudFix\SmitfraudFix.cmd -> [Ver = | Size = 938679 bytes | Modified Date = 2/2/2007 6:13:24 PM | Attr = ]
WinPFind3U.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.17.0 | Size = 308736 bytes | Modified Date = 2/11/2007 12:42:18 PM | Attr = ]
2007 CHEROKEE FIFTH WHEEL PURCHASE.doc -> %UserDocuments%\2007 CHEROKEE FIFTH WHEEL PURCHASE.doc -> [Ver = | Size = 29696 bytes | Modified Date = 2/1/2007 8:35:22 PM | Attr = ]
3-4Checklist.doc -> %UserDocuments%\3-4Checklist.doc -> [Ver = | Size = 55808 bytes | Modified Date = 1/25/2007 6:58:08 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\3-4Checklist.doc:Zone.Identifier ->
BI-MONTHLY SUMMARY.xls -> %UserDocuments%\BI-MONTHLY SUMMARY.xls -> [Ver = | Size = 35328 bytes | Modified Date = 2/9/2007 6:58:42 PM | Attr = ]
DESKTOP.INI -> %UserDocuments%\DESKTOP.INI -> [Ver = | Size = 76 bytes | Modified Date = 1/30/2007 8:32:34 PM | Attr = HS]
ECCE 1120 Play experience 1 form.doc -> %UserDocuments%\ECCE 1120 Play experience 1 form.doc -> [Ver = | Size = 37888 bytes | Modified Date = 1/27/2007 8:00:42 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\ECCE 1120 Play experience 1 form.doc:Zone.Identifier ->
Ephesians.doc -> %UserDocuments%\Ephesians.doc -> [Ver = | Size = 21504 bytes | Modified Date = 1/31/2007 7:08:54 PM | Attr = ]
Flight.doc -> %UserDocuments%\Flight.doc -> [Ver = | Size = 24064 bytes | Modified Date = 2/12/2007 5:33:30 PM | Attr = ]
French 30 Final Exam.doc -> %UserDocuments%\French 30 Final Exam.doc -> [Ver = | Size = 26112 bytes | Modified Date = 1/15/2007 4:57:56 PM | Attr = ]
HockeyCalendar.xls -> %UserDocuments%\HockeyCalendar.xls -> [Ver = | Size = 46592 bytes | Modified Date = 1/29/2007 6:39:52 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\HockeyCalendar.xls:Zone.Identifier ->
Hurt's Truck.doc -> %UserDocuments%\Hurt's Truck.doc -> [Ver = | Size = 22528 bytes | Modified Date = 1/21/2007 2:53:40 PM | Attr = ]
hurts truck.doc -> %UserDocuments%\hurts truck.doc -> [Ver = | Size = 19968 bytes | Modified Date = 1/21/2007 9:50:30 PM | Attr = ]
parentpermission.doc -> %UserDocuments%\parentpermission.doc -> [Ver = | Size = 733696 bytes | Modified Date = 1/14/2007 2:50:14 PM | Attr = ]
TO DO LIST.doc -> %UserDocuments%\TO DO LIST.doc -> [Ver = | Size = 22016 bytes | Modified Date = 2/10/2007 6:35:18 PM | Attr = ]
Desktop.ini -> %UserDocuments%\My Music\Desktop.ini -> [Ver = | Size = 181 bytes | Modified Date = 1/30/2007 8:32:36 PM | Attr = HS]
Desktop.ini -> %UserDocuments%\My Pictures\Desktop.ini -> [Ver = | Size = 183 bytes | Modified Date = 1/30/2007 8:32:34 PM | Attr = HS]
Sample Pictures.lnk -> %UserDocuments%\My Pictures\Sample Pictures.lnk -> [Ver = | Size = 668 bytes | Modified Date = 1/30/2007 8:32:34 PM | Attr = ]
iTunes Library.itl -> %UserDocuments%\My Music\iTunes\iTunes Library.itl -> [Ver = | Size = 128013 bytes | Modified Date = 2/11/2007 6:49:22 PM | Attr = ]
iTunes Music Library.xml -> %UserDocuments%\My Music\iTunes\iTunes Music Library.xml -> [Ver = | Size = 144939 bytes | Modified Date = 2/11/2007 6:49:22 PM | Attr = ]
Thumbs.db -> %UserDocuments%�
  • 0

#12
Pin-Cushion

Pin-Cushion

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 24 posts
%\My Music\iTunes\iTunes Music Library.xml -> [Ver = | Size = 144939 bytes | Modified Date = 2/11/2007 6:49:22 PM | Attr = ]
Thumbs.db -> %UserDocuments%\My Pictures\Jasc Paint Shop Photo Album Images\Thumbs.db -> [Ver = | Size = 5120 bytes | Modified Date = 2/3/2007 12:09:26 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDocuments%\My Pictures\Jasc Paint Shop Photo Album Images\Thumbs.db:encryptable ->
IMG_0067.JPG -> %UserDocuments%\My Pictures\Jasc Paint Shop Photo Album Images\February 03, 2007\IMG_0067.JPG -> [Ver = | Size = 1439146 bytes | Modified Date = 2/3/2007 11:49:42 AM | Attr = ]
IMG_0241.JPG -> %UserDocuments%\My Pictures\Jasc Paint Shop Photo Album Images\February 03, 2007\IMG_0241.JPG -> [Ver = | Size = 956841 bytes | Modified Date = 2/3/2007 11:49:34 AM | Attr = ]
IMG_0250.JPG -> %UserDocuments%\My Pictures\Jasc Paint Shop Photo Album Images\February 03, 2007\IMG_0250.JPG -> [Ver = | Size = 1162849 bytes | Modified Date = 2/3/2007 11:49:54 AM | Attr = ]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 2/5/2007 8:22:12 PM | Attr = S]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 1/30/2007 6:32:30 PM | Attr = ]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.2 | Size = 724992 bytes | Modified Date = 1/22/2007 6:37:34 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 2/11/2007 6:45:48 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2/11/2007 6:45:48 PM | Attr = H ]
Rpoint.exe -> %SystemRoot%\Rpoint.exe -> [Ver = | Size = 8192 bytes | Modified Date = 1/22/2007 8:13:14 PM | Attr = ]
WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 933 bytes | Modified Date = 1/23/2007 8:51:04 AM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 4538 bytes | Modified Date = 2/5/2007 8:20:18 PM | Attr = ]
windrv.sys -> %System32%\windrv.sys -> [Ver = | Size = 1152 bytes | Modified Date = 1/22/2007 5:36:18 PM | Attr = ]
WPA.DBL -> %System32%\WPA.DBL -> [Ver = | Size = 1170 bytes | Modified Date = 2/5/2007 8:24:56 PM | Attr = ]

< End of report >
  • 0

#13
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
sorry for the wait :blink:

If you don't know this from your training already in GeekU, let me be the first to let you know how bad using a P2P is. Sometimes you can get malware just by installing the program. Just downloading a simple JPeg, can get you some real nasties. I highly recommend that you go to add/remove and take out limewire.

Here is some good reading:

http://www.roseindia...r_systems.shtml

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> SNM -> %ProgramFiles%\SpyNoMore\SNM.exe
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Spyware Vanisher -> %SystemDrive%\spywarevanisher-full\SpywareVanisher.exe
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\none -> C:\Program Files\Video ActiveX Object\pmsngr.exe
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {D49E9D35-254C-4c6a-9D17-95018D228FF5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{2D51D869-C36B-42BD-AE68-0A81BC771FA5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{7BED0340-176B-44BC-915E-C21C1DD6F617} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{84938242-5C5B-4A55-B6B9-A1507543B418} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{D49E9D35-254C-4C6A-9D17-95018D228FF5} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
YN -> {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8198 - Reg Data - Key not found
YN -> {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8195 - Reg Data - Value does not exist
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8194 - Reg Data - Value does not exist
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research]
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> RaptisoftGameLoader -> - CodeBase = http://www.miniclip....tgameloader.cab
[Files - Created Within 30 days]
NY -> iun6002.exe -> %SystemRoot%\iun6002.exe
NY -> Rpoint.exe -> %SystemRoot%\Rpoint.exe
[Files - Modified Within 30 days]
NY -> iun6002.exe -> %SystemRoot%\iun6002.exe
NY -> Rpoint.exe -> %SystemRoot%\Rpoint.exe


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and you may be asked if you want to reboot. Click Yes if asked.

After the reboot (if necessary), locate the latest .log file in the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log) and post that back here.



Let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

thanks,

:whistling:

Excal
  • 0

#14
Pin-Cushion

Pin-Cushion

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 24 posts
So firstly, what exactly is a P2P? And if i remove limewire, is there another "safer" program to download that kind of stuff?
  • 0

#15
Pin-Cushion

Pin-Cushion

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 24 posts
K, i had no problem running the steps, yet i am still having problems accesing certain sites such as hotmail.

here is the log.

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SNM deleted successfully.
File C:\Program Files\SpyNoMore\SNM.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Spyware Vanisher deleted successfully.
File C:\spywarevanisher-full\SpywareVanisher.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\none deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{D49E9D35-254C-4c6a-9D17-95018D228FF5} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} deleted successfully.
Starting removal of ActiveX control RaptisoftGameLoader
RSGameLoader.dll moved successfully.
File move failed. scheduled to be moved on reboot.
File move failed. scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\RaptisoftGameLoader deleted successfully.
Removal of ActiveX control RaptisoftGameLoader complete!
[Files - Created Within 30 days]
C:\WINDOWS\iun6002.exe moved successfully.
C:\WINDOWS\Rpoint.exe moved successfully.
[Files - Modified Within 30 days]
File C:\WINDOWS\iun6002.exe not found!
File C:\WINDOWS\Rpoint.exe not found!
< End of log >
Created on 02/13/2007 22:48:01
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP