Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32.Trojan.Agent.ODD and Win32.Trojan.Agent.ABND


  • This topic is locked This topic is locked

#1
babacomp

babacomp

    Member

  • Member
  • PipPip
  • 15 posts
I AM SORRY FOR THE CAPS
OK ITS BEEN ABOUT 3 MONTHS WHEN I STARTED READING UP ON HOW TO MAKE YOUR COMPUTER FASTER AND SAFER AND I SAW THAT NORTON ANTIVIRUS ISN'T THE BEST AV OUT THERE..SO I SWITCHED TO FILSECLAB TWISTER AV..WHICH TO ME IS PRETTY GOOD IN DETECTION AND IS LIGHTWEIGHT THEN ONE DAY ABOUT 2 DAYS AGO IT STARTED ACTING UP SO I DELETED IT AND GOT NOD32 WHICH IS GOOD TOO. NOW I NOTICE THAT NOD32 FOUND THESE TROJAN DOWNLOADERS....
Win32/TrojanDownloader.Agent.ODD Trojan which is over 5000 in count and the other one is
win32/TrojanDownloader.Agent.ODD Trojan which is over 1000 in count!

please help me...I dont know what to do. this is my hijack this log ...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:46 PM, on 8/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\TheDoc.exe.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.client.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.liv...es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1163301321307
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1163301307526
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O20 - Winlogon Notify: 449b0e6b382 - C:\WINDOWS\
O20 - Winlogon Notify: __c00F6107 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 6963 bytes

* i have combofix, hijackthis renamed TheDoc.exe and Nod32

Edited by babacomp, 22 August 2008 - 07:47 PM.

  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello babacomp

Welcome to G2Go. :)
=====================
Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you (it gets saved on your desktop as well ), post that log here.

  • 0

#3
babacomp

babacomp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
here is OTVireIT.txt log...
OTViewIt logfile created on: 8/23/2008 9:17:11 AM - Run 1
OTViewIt by OldTimer - Version 1.0.0.7 Folder = C:\Documents and Settings\baljot\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

253.80 Mb Total Physical Memory | 77.61 Mb Available Physical Memory | 30.58% Memory free
1008.23 Mb Paging File | 446.41 Mb Available in Paging File | 44.28% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.78 Gb Total Space | 29.79 Gb Free Space | 41.51% Space Free | Partition Type: NTFS
Drive D: | 2.74 Gb Total Space | 0.52 Gb Free Space | 18.94% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RANDHAWA-B8CDF4
Current User Name: baljot
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

===== Processes - Non-Microsoft Only =====

[09/07/2004 05:25 PM | 01,151,090 | ---- | M] (Ahead Software AG) - C:\Program Files\Ahead\InCD\InCDsrv.exe
[08/18/2003 06:37 AM | 00,303,104 | ---- | M] (Lexmark International, Inc.) - C:\WINDOWS\system32\LEXBCES.EXE
[08/18/2003 06:32 AM | 00,174,592 | ---- | M] (Lexmark International, Inc.) - C:\WINDOWS\system32\LEXPPS.EXE
[08/03/2006 06:12 AM | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\soundman.exe
[02/20/2008 11:06 AM | 01,443,072 | ---- | M] (ESET) - C:\Program Files\ESET\ESET Smart Security\egui.exe
[02/20/2008 11:08 AM | 00,472,320 | ---- | M] (ESET) - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
[08/23/2008 09:16 AM | 01,399,296 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\baljot\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Adobe LM Service) Adobe LM Service [On_Demand | Stopped]
[07/30/2008 05:18 PM | 00,072,704 | ---- | M] (Adobe Systems) - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/04/2004 08:00 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(EhttpSrv) Eset HTTP Server [On_Demand | Stopped]
[02/20/2008 11:14 AM | 00,019,200 | ---- | M] (ESET) - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

(ekrn) Eset Service [Auto | Running]
[02/20/2008 11:08 AM | 00,472,320 | ---- | M] (ESET) - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

(GoogleDesktopManager) GoogleDesktopManager [Disabled | Stopped]
[04/23/2007 04:18 PM | 00,069,120 | ---- | M] (Google) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe

(InCDsrv) InCD Helper [Auto | Running]
[09/07/2004 05:25 PM | 01,151,090 | ---- | M] (Ahead Software AG) - C:\Program Files\Ahead\InCD\InCDsrv.exe

(LexBceS) LexBce Server [Auto | Running]
[08/18/2003 06:37 AM | 00,303,104 | ---- | M] (Lexmark International, Inc.) - C:\WINDOWS\system32\LEXBCES.EXE

(YPCService) YPCService [Disabled | Stopped]
[05/19/2003 05:07 PM | 00,086,016 | ---- | M] (Yahoo! Inc.) - C:\WINDOWS\system32\YPcservice.exe

===== Driver Services - Non-Microsoft Only =====

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [On_Demand | Running]
[10/13/2006 06:31 PM | 04,022,528 | R--- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\alcxwdm.sys

(AR5523) 802.11 Wireless Network Adapter Service [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\ar5523.sys

(ATHFMWDL) 802.11 USB Wireless Adapter Bootloader driver [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\Drivers\ATHFMWDL.sys

(dmboot) dmboot [Disabled | Stopped]
[08/04/2004 08:00 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[08/04/2004 08:00 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[08/04/2004 08:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(E100B) Intel® PRO Network Connection Driver [On_Demand | Running]
[01/12/2006 05:27 PM | 00,163,328 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys

(eamon) eamon [Auto | Running]
[02/20/2008 11:01 AM | 00,039,944 | ---- | M] (ESET) - C:\WINDOWS\system32\drivers\eamon.sys

(easdrv) easdrv [System | Running]
[02/20/2008 11:02 AM | 00,029,704 | ---- | M] (ESET) - C:\WINDOWS\system32\drivers\easdrv.sys

(epfw) epfw [Auto | Running]
[02/20/2008 11:11 AM | 00,071,176 | ---- | M] (ESET) - C:\WINDOWS\system32\drivers\epfw.sys

(Epfwndis) Eset Personal Firewall [On_Demand | Running]
[02/20/2008 11:11 AM | 00,030,728 | ---- | M] (ESET) - C:\WINDOWS\system32\drivers\epfwndis.sys

(epfwtdi) epfwtdi [System | Running]
[02/20/2008 11:11 AM | 00,054,280 | ---- | M] (ESET) - C:\WINDOWS\system32\drivers\epfwtdi.sys

(ialm) ialm [On_Demand | Running]
[06/21/2005 06:12 PM | 00,807,998 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmnt5.sys

(InCDfs) InCD File System [Disabled | Running]
[09/07/2004 05:27 PM | 00,091,136 | ---- | M] (Ahead Software AG) - C:\WINDOWS\System32\drivers\InCDfs.sys

(InCDPass) InCDPass [System | Running]
[09/07/2004 05:27 PM | 00,028,544 | ---- | M] (Ahead Software AG) - C:\WINDOWS\system32\drivers\InCDpass.sys

(pfc) Padus ASPI Shell [On_Demand | Running]
[04/01/2004 04:30 PM | 00,010,368 | ---- | M] (Padus, Inc.) - C:\WINDOWS\system32\drivers\pfc.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/04/2004 08:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 06:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(sptd) sptd [Boot | Running]
[07/03/2008 09:25 AM | 00,717,296 | ---- | M] () - C:\WINDOWS\system32\drivers\sptd.sys

(symlcbrd) symlcbrd [Auto | Running]
[11/12/2006 12:10 AM | 00,010,344 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symlcbrd.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui" = "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [02/20/2008 11:06 AM | 01,443,072 | ---- | M] (ESET)
"SoundMan" = SOUNDMAN.EXE [08/03/2006 06:12 AM | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.)
"TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [09/14/2007 07:40 AM | 00,185,632 | ---- | M] (RealNetworks, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"" =
"Installed" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"" =
"Installed" = 1
"NoChange" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"" =
"Installed" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater" = C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [03/01/2007 10:37 AM | 02,321,600 | R--- | M] (Adobe Systems Incorporated)
"PowerBar" = "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime [04/21/2004 11:26 AM | 00,086,016 | ---- | M] (Cyberlink, Corp.)
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [09/12/2007 03:04 PM | 04,670,704 | ---- | M] (Yahoo! Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" =

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" =

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-1454471165-492894223-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater" = C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [03/01/2007 10:37 AM | 02,321,600 | R--- | M] (Adobe Systems Incorporated)
"PowerBar" = "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime [04/21/2004 11:26 AM | 00,086,016 | ---- | M] (Cyberlink, Corp.)
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [09/12/2007 03:04 PM | 04,670,704 | ---- | M] (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1454471165-492894223-682003330-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

[baljot Startup Folder - C:\Documents and Settings\baljot\Start Menu\Programs\Startup]

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
HKLM CLSID: (Yahoo! Toolbar Helper) - [10/26/2006 12:28 PM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [10/22/2006 11:08 PM | 00,062,080 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
HKLM CLSID: (Yahoo! IE Services Button) - [10/31/2006 05:33 PM | 00,198,136 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [10/12/2006 04:25 AM | 00,434,279 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
HKLM CLSID: (SidebarAutoLaunch Class) - [02/03/2005 06:07 PM | 00,124,032 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [10/26/2006 12:28 PM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{C4069E3A-68F1-403E-B40E-20066696354B}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [10/26/2006 12:28 PM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_USERS\S-1-5-21-1454471165-492894223-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{C4069E3A-68F1-403E-B40E-20066696354B}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_USERS\S-1-5-21-1454471165-492894223-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [10/26/2006 12:28 PM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"ShowSuperHidden" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" = 1
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}" = 1073741857
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}" = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"CDRAutoRun" = 1
"NoDriveTypeAutoRun" = 149
"NoRecentDocsHistory" = 1
"ClearRecentDocsOnExit" = 1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-21-1454471165-492894223-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"CDRAutoRun" = 1
"NoDriveTypeAutoRun" = 149
"NoRecentDocsHistory" = 1
"ClearRecentDocsOnExit" = 1

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 08:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 12:34 PM | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe [10/02/2007 06:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 08:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 08:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe [10/13/2004 12:24 PM | 01,694,208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [09/12/2007 03:04 PM | 04,670,704 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe [08/30/2007 06:43 PM | 00,091,376 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 12:34 PM | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe [10/02/2007 06:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe [08/15/2008 03:45 PM | 00,267,056 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe [05/17/2007 05:45 PM | 04,277,608 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe [05/17/2007 05:45 PM | 00,279,912 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 08:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 06:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/04/2004 08:00 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 08:00 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/25/2007 11:36 PM | 08,454,656 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 08:00 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00F6107]
"DllName" = File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\449b0e6b382]
"DllName" = C:\WINDOWS\system32\__c00B5BFF.dat [08/23/2008 09:12 AM | 00,074,240 | ---- | M] ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\WINDOWS\system32\igfxsrvc.dll [06/21/2005 05:44 PM | 00,348,160 | ---- | M] (Intel Corporation)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
"GoogleDesktopManager" = 3
"ERSvc" = 2
"YPCService" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk File not found
"backup" = C:\WINDOWS\pss\Microsoft Office.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Microsoft Office\Office10\OSA.EXE [02/13/2001 02:01 AM | 00,083,360 | ---- | M] (Microsoft Corporation)
"item" = Microsoft Office

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = Reader_sl
"hkey" = HKLM
"command" = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [05/11/2007 03:06 AM | 00,040,048 | ---- | M] (Adobe Systems Incorporated)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\system32\ctfmon.exe [08/04/2004 08:00 AM | 00,015,360 | ---- | M] (Microsoft Corporation)
"hkey" = HKCU
"command" = C:\WINDOWS\system32\ctfmon.exe [08/04/2004 08:00 AM | 00,015,360 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = daemon
"hkey" = HKCU
"command" = C:\Program Files\DAEMON Tools Lite\daemon.exe [04/01/2008 05:39 AM | 00,486,856 | ---- | M] (DT Soft Ltd)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Desktop Search]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = GoogleDesktop
"hkey" = HKCU
"command" = C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [03/02/2007 07:48 PM | 00,120,320 | ---- | M] ()
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\system32\hkcmd.exe [06/21/2005 05:44 PM | 00,126,976 | ---- | M] (Intel Corporation)
"hkey" = HKLM
"command" = C:\WINDOWS\system32\hkcmd.exe [06/21/2005 05:44 PM | 00,126,976 | ---- | M] (Intel Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\system32\igfxtray.exe [06/21/2005 05:48 PM | 00,155,648 | ---- | M] (Intel Corporation)
"hkey" = HKLM
"command" = C:\WINDOWS\system32\igfxtray.exe [06/21/2005 05:48 PM | 00,155,648 | ---- | M] (Intel Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InCD]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = InCD
"hkey" = HKLM
"command" = C:\Program Files\Ahead\InCD\InCD.exe [09/07/2004 09:25 AM | 01,400,944 | ---- | M] (Ahead Software AG)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = dumprep 0 -k
"hkey" = HKLM
"command" = %systemroot%\system32\dumprep 0 -k
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lexmark X1100 Series]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = lxbkbmgr
"hkey" = HKLM
"command" = C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [08/19/2003 06:43 AM | 00,057,344 | ---- | M] (Lexmark International, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LifeCam]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = LifeExp
"hkey" = HKLM
"command" = C:\Program Files\Microsoft LifeCam\LifeExp.exe [05/17/2007 05:45 PM | 00,279,912 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Works Update Detection]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = WkUFind
"hkey" = HKLM
"command" = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [06/07/2003 07:32 AM | 00,050,688 | ---- | M] (Microsoft® Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = msnmsgr
"hkey" = HKCU
"command" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 12:34 PM | 05,724,184 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NapsterShell]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = napster
"hkey" = HKLM
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBJ]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = NBJ
"hkey" = HKCU
"command" = C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [09/22/2004 05:10 PM | 01,871,872 | ---- | M] (Ahead Software AG)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\system32\NeroCheck.exe [07/09/2001 12:50 PM | 00,155,648 | ---- | M] (Ahead Software Gmbh)
"hkey" = HKLM
"command" = C:\WINDOWS\system32\NeroCheck.exe [07/09/2001 12:50 PM | 00,155,648 | ---- | M] (Ahead Software Gmbh)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\osCheck]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = osCheck
"hkey" = HKLM
"command" = C:\PROGRA~1\Symantec\osCheck.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PowerBar]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = PowerBar
"hkey" = HKCU
"command" = C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe [04/21/2004 11:26 AM | 00,086,016 | ---- | M] (Cyberlink, Corp.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RamBooster]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = Rambooster
"hkey" = HKCU
"command" = C:\Program Files\RamBooster 2.0\Rambooster.exe [11/17/2005 07:32 AM | 00,561,664 | ---- | M] (J.Pajula)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = PDVDServ
"hkey" = HKLM
"command" = C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [12/08/2003 06:35 PM | 00,032,768 | ---- | M] (Cyberlink Corp.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RogersAgent]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = rogersagent
"hkey" = HKCU
"command" = c:\Program Files\Rogers\SelfHealing\RogersAgent.exe [04/23/2007 04:51 PM | 00,478,968 | ---- | M] (Rogers Cable Communications)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SHS]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = SHS
"hkey" = HKCU
"command" = C:\Program Files\Rogers\SelfHealing\SHS.exe [10/12/2007 04:30 PM | 05,166,392 | ---- | M] (Rogers Cable Communications)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = jusched
"hkey" = HKLM
"command" = C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [10/12/2006 04:10 AM | 00,049,263 | ---- | M] (Sun Microsystems, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = realsched
"hkey" = HKLM
"command" = C:\Program Files\Common Files\Real\Update_OB\realsched.exe [09/14/2007 07:40 AM | 00,185,632 | ---- | M] (RealNetworks, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Update Manager]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = UpdateManager
"hkey" = HKCU
"command" = C:\Program Files\Rogers\Update Manager\UpdateManager.exe [10/12/2007 04:30 PM | 00,136,504 | ---- | M] (Rogers Cable Communications Inc. )
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VX1000]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\vVX1000.exe [04/10/2007 05:46 PM | 00,709,992 | ---- | M] (Microsoft Corporation)
"hkey" = HKLM
"command" = C:\WINDOWS\vVX1000.exe [04/10/2007 05:46 PM | 00,709,992 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WMPNSCFG]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = WMPNSCFG
"hkey" = HKCU
"command" = C:\Program Files\Windows Media Player\wmpnscfg.exe [10/18/2006 09:05 PM | 00,204,288 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = YahooMessenger
"hkey" = HKCU
"command" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [09/12/2007 03:04 PM | 04,670,704 | ---- | M] (Yahoo! Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YOP]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = yop
"hkey" = HKLM
"command" = C:\Program Files\Yahoo!\YOP\yop.exe [06/26/2007 02:48 PM | 00,509,224 | ---- | M] (Yahoo! Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 2
"startup" = 2

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{4D39D953-B982-48CD-815F-B1CD4CC30D49}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{6A019242-C362-4256-AC47-7CCD4B9CDC2E}]
Servers: | Description: Intel® PRO/100 VE Network Connection

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"DependOnGroup" = SCSI miniport;
"ErrorControl" = 1
"Group" = SCSI CDROM Class
"Start" = 1
"Tag" = 2
"Type" = 1
"DisplayName" = CD-ROM Driver
"ImagePath" = C:\WINDOWS\system32\drivers\cdrom.sys [08/04/2004 08:00 AM | 00,049,536 | ---- | M] (Microsoft Corporation)
"AutoRun" = 1
"AutoRunAlwaysDisable" = NEC MBR-7 ;NEC MBR-7.4 ;PIONEER CHANGR DRM-1804X;PIONEER CD-ROM DRM-6324X;PIONEER CD-ROM DRM-624X ;TORiSAN CD-ROM CDR_C36;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum]
"0" = IDE\CdRomATAPI_DVD_DUAL_16X4X12__________________G8C9____\39393542314e3035334333343034373732305053
"Count" = 3
"NextInstance" = 3
"1" = SCSI\CdRom&Ven_VO7562V&Prod_TKZ354P&Rev_1.01\5&36e5972&0&000
"2" = SCSI\CdRom&Ven_VO7562V&Prod_TKZ354P&Rev_1.01\5&36e5972&0&010
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] - [11/11/2006 09:51 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

===== CDRom AutoRun Settings =====

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
"BaseClass" = Drive

===== Hosts File =====

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts



[Files/Folders - Created Within 90 days]
[08/21/2008 08:51 PM | ---D | C] - C:\Config.Msi
[07/30/2008 05:28 PM | ---D | C] - C:\Temp
[07/03/2008 09:25 AM | 00,717,296 | ---- | M] () - C:\WINDOWS\System32\drivers\sptd.sys
[08/21/2008 11:06 AM | 00,000,080 | RHS- | M] () - C:\WINDOWS\System32\9B09F35911.dll
[07/28/2008 05:45 PM | ---D | C] - C:\WINDOWS\System32\en-US
[2 C:\WINDOWS\System32\*.tmp files]
[07/28/2008 10:28 AM | ---D | C] - C:\WINDOWS\System32\NtmsData
[08/07/2007 11:32 AM | 00,057,344 | ---- | M] (NexiTech, Inc.) - C:\WINDOWS\System32\Wnaspint.dll
[08/23/2008 09:12 AM | 00,074,240 | ---- | M] () - C:\WINDOWS\System32\__c00B5BFF.dat
[07/28/2008 05:23 PM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[3 C:\WINDOWS\*.tmp files]
[07/28/2008 05:19 PM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[08/07/2008 05:51 PM | -HSD | C] - C:\WINDOWS\CSC
[07/14/2008 07:10 PM | -HSD | C] - C:\WINDOWS\ftpcache
[08/05/2008 09:35 PM | -H-D | C] - C:\WINDOWS\ie7
[08/14/2008 03:15 AM | ---D | C] - C:\WINDOWS\ie7updates
[07/29/2008 01:17 PM | ---D | C] - C:\WINDOWS\Minidump
[08/05/2008 09:20 PM | ---D | C] - C:\WINDOWS\network diagnostic
[01/07/2008 02:29 PM | 00,000,352 | -H-- | M] () - C:\WINDOWS\nod32fixtemdono.reg
[08/06/2008 09:52 AM | 00,000,000 | ---- | M] () - C:\WINDOWS\nsreg.dat
[07/27/2008 02:20 PM | ---D | C] - C:\WINDOWS\pss
[07/30/2008 02:17 PM | 00,000,105 | ---- | M] () - C:\WINDOWS\sme.INI
[04/10/2007 05:46 PM | 00,015,498 | ---- | M] () - C:\WINDOWS\VX1000.ini
[04/10/2007 05:46 PM | 00,013,023 | ---- | M] () - C:\WINDOWS\VX1000.src
[08/05/2008 09:39 PM | ---D | C] - C:\WINDOWS\WBEM
[06/24/2008 02:40 PM | 00,000,274 | -H-- | M] () - C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
[07/03/2008 09:27 AM | 00,000,178 | -H-- | M] () - C:\WINDOWS\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
[08/12/2008 12:31 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Acoustica
[07/30/2008 05:23 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Adobe Systems
[08/21/2008 12:17 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\ESET
[06/23/2008 09:11 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Napster
[08/21/2008 11:04 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Protexis
[08/23/2008 09:11 AM | 00,000,013 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\020000006e0645bbC.manifest
[08/23/2008 09:11 AM | 00,000,011 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\020000006e0645bbO.manifest
[08/23/2008 09:11 AM | 00,000,359 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\020000006e0645bbP.manifest
[08/23/2008 09:11 AM | 00,000,007 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\020000006e0645bbR.manifest
[08/23/2008 09:11 AM | 00,000,011 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\020000006e0645bbS.manifest
[08/22/2008 09:45 AM | 00,000,000 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\76487-OEM-0042456-91665C.manifest
[08/22/2008 10:31 AM | 00,000,011 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\76487-OEM-0042456-91665O.manifest
[08/22/2008 10:31 AM | 00,000,359 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\76487-OEM-0042456-91665P.manifest
[08/22/2008 09:45 AM | 00,000,000 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\76487-OEM-0042456-91665R.manifest
[08/22/2008 09:45 AM | 00,000,000 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\76487-OEM-0042456-91665S.manifest
[08/12/2008 12:46 PM | ---D | C] - C:\Documents and Settings\baljot\Application Data\Acoustica
[07/03/2008 09:25 AM | ---D | C] - C:\Documents and Settings\baljot\Application Data\DAEMON Tools
[08/21/2008 11:46 AM | ---D | C] - C:\Documents and Settings\baljot\Application Data\Digital Support
[08/21/2008 12:21 PM | ---D | C] - C:\Documents and Settings\baljot\Application Data\ESET
[08/07/2008 07:10 PM | ---D | C] - C:\Documents and Settings\baljot\Application Data\MetaProducts
[06/19/2008 12:17 PM | ---D | C] - C:\Documents and Settings\baljot\Application Data\Mozilla
[06/23/2008 09:06 PM | ---D | C] - C:\Documents and Settings\baljot\Application Data\Roxio
[07/03/2008 10:26 AM | ---D | C] - C:\Documents and Settings\baljot\Application Data\vlc
[08/22/2008 09:12 AM | ---D | C] - C:\Documents and Settings\baljot\Local Settings\Application Data\ESET
[07/28/2008 09:50 AM | ---D | C] - C:\Documents and Settings\baljot\Local Settings\Application Data\Identities
[06/19/2008 12:17 PM | ---D | C] - C:\Documents and Settings\baljot\Local Settings\Application Data\Mozilla
[06/30/2008 03:25 PM | ---D | C] - C:\Documents and Settings\baljot\My Documents\2008
[08/06/2008 04:55 PM | ---D | C] - C:\Documents and Settings\baljot\My Documents\computer fixers
[08/06/2008 03:18 AM | 00,000,077 | -HS- | M] () - C:\Documents and Settings\baljot\My Documents\desktop.ini
[08/18/2008 03:56 PM | ---D | C] - C:\Documents and Settings\baljot\My Documents\important-old-documents
[08/22/2008 03:35 PM | R--D | C] - C:\Documents and Settings\baljot\My Documents\LifeCam Files
[08/18/2008 07:50 PM | ---D | C] - C:\Documents and Settings\baljot\My Documents\My Chat Logs
[08/22/2008 10:01 PM | 00,000,575 | ---- | M] () - C:\Documents and Settings\baljot\My Documents\My Sharing Folders.lnk
[08/15/2008 10:09 AM | ---D | C] - C:\Documents and Settings\baljot\My Documents\new mixes
[08/21/2008 02:13 PM | ---D | C] - C:\Documents and Settings\baljot\My Documents\Setups
[06/30/2008 03:11 PM | 00,127,488 | -HS- | M] () - C:\Documents and Settings\baljot\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
[07/30/2008 04:45 PM | ---D | C] - C:\Documents and Settings\baljot\My Documents\Unused Desktop Shortcuts
[08/21/2008 02:12 PM | ---D | C] - C:\Documents and Settings\baljot\My Documents\VirtualDJ
[08/21/2008 04:55 PM | 00,064,804 | ---- | M] () - C:\Documents and Settings\baljot\My Documents\yyyyyyyy.jpg
@Alternate Data Stream - 304 bytes -> %UserProfile%\My Documents\yyyyyyyy.jpg:SummaryInformation
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\yyyyyyyy.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
[07/21/2008 05:06 PM | 07,786,755 | ---- | M] () - C:\Documents and Settings\baljot\My Documents\[Đc] 10 - Gippy Grewal - Mere Yaar Ne (By.Soldi-tank-wala) [DholCutz.net].mp3
[05/31/2008 05:07 PM | 00,000,162 | -H-- | M] () - C:\Documents and Settings\baljot\My Documents\~$Am Sam.doc
[07/30/2008 09:22 PM | 00,001,732 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Audition 1.5.lnk
[07/03/2008 09:38 AM | 00,000,733 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[06/24/2008 09:22 AM | 00,001,886 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Microsoft LifeCam.lnk
[06/19/2008 12:16 PM | 00,001,602 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[07/03/2008 10:25 AM | 00,000,719 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[08/22/2008 01:53 PM | 02,720,466 | ---- | M] () - C:\Documents and Settings\baljot\Desktop\ComboFix.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier
[07/29/2008 04:29 PM | 00,001,596 | ---- | M] () - C:\Documents and Settings\baljot\Desktop\DC++.lnk
[08/22/2008 01:50 PM | 00,812,344 | ---- | M] (Trend Micro Inc.) - C:\Documents and Settings\baljot\Desktop\HJTInstall.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier
[08/23/2008 09:16 AM | 01,399,296 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\baljot\Desktop\OTViewIt.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTViewIt.exe:Zone.Identifier
[08/22/2008 01:55 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\baljot\Desktop\TheDoc.exe.lnk
[07/03/2008 08:04 AM | 00,000,704 | ---- | M] () - C:\Documents and Settings\baljot\Desktop\WinRAR.lnk
[08/12/2008 10:31 AM | 00,000,630 | ---- | M] () - C:\Documents and Settings\baljot\Desktop\µTorrent.lnk
[07/30/2008 05:18 PM | ---D | C] - C:\Program Files\Common Files\Adobe Systems Shared
[08/21/2008 11:52 AM | ---D | C] - C:\Program Files\Common Files\Filseclab
[08/21/2008 02:09 PM | ---D | C] - C:\Program Files\Acoustica Mixcraft 4
[08/12/2008 12:46 PM | ---D | C] - C:\Program Files\Acoustica Shared Effects
[07/28/2008 10:27 AM | 16,546,22207 | ---- | M] () - C:\Program Files\Backup-Of-Everything.bkf
[07/03/2008 09:38 AM | ---D | C] - C:\Program Files\DAEMON Tools Lite
[08/22/2008 09:42 AM | ---D | C] - C:\Program Files\DC++
[08/18/2008 08:30 AM | ---D | C] - C:\Program Files\Digital Support
[08/21/2008 08:40 PM | ---D | C] - C:\Program Files\ESET
[06/24/2008 09:22 AM | ---D | C] - C:\Program Files\Microsoft LifeCam
[08/23/2008 09:11 AM | ---D | C] - C:\Program Files\Mozilla Firefox
[08/06/2008 04:49 PM | ---D | C] - C:\Program Files\RamBooster 2.0
[08/07/2008 09:59 PM | ---D | C] - C:\Program Files\StartUp Organizer
[08/22/2008 01:51 PM | ---D | C] - C:\Program Files\Trend Micro
[08/12/2008 10:34 AM | ---D | C] - C:\Program Files\uTorrent
[08/12/2008 10:34 AM | ---D | C] - C:\Program Files\utorrent setup
[07/03/2008 10:24 AM | ---D | C] - C:\Program Files\VideoLAN
[07/29/2008 12:17 PM | ---D | C] - C:\Program Files\WinRAR(2)

[Files/Folders - Modified Within 90 days]
[08/08/2008 10:39 AM | 00,000,211 | -HS- | M] () - C:\boot.ini
[08/21/2008 08:51 PM | ---D | M] - C:\Config.Msi
[07/15/2008 08:05 AM | ---D | M] - C:\Documents and Settings
[08/22/2008 01:51 PM | R--D | M] - C:\Program Files
[08/15/2008 09:53 AM | -HSD | M] - C:\RECYCLER
[07/19/2008 07:12 PM | 00,000,268 | -H-- | M] () - C:\sqmdata09.sqm
[07/19/2008 07:12 PM | 00,000,244 | -H-- | M] () - C:\sqmnoopt01.sqm
[07/28/2008 12:41 PM | -HSD | M] - C:\System Volume Information
[07/30/2008 05:28 PM | ---D | M] - C:\Temp
[08/21/2008 08:56 PM | ---D | M] - C:\WINDOWS
[07/03/2008 09:25 AM | 00,717,296 | ---- | M] () - C:\WINDOWS\System32\drivers\sptd.sys
[08/21/2008 11:06 AM | 00,000,080 | RHS- | M] () - C:\WINDOWS\System32\9B09F35911.dll
[06/11/2008 03:04 PM | ---D | M] - C:\WINDOWS\System32\appmgmt
[2 C:\WINDOWS\System32\*.tmp files]
[08/07/2008 10:06 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/22/2008 10:58 AM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[07/28/2008 01:04 PM | 00,000,016 | ---- | M] () - C:\WINDOWS\System32\coh.cache
[08/07/2008 10:00 PM | ---D | M] - C:\WINDOWS\System32\config
[06/24/2008 09:16 AM | ---D | M] - C:\WINDOWS\System32\DirectX
[08/14/2008 03:33 AM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/21/2008 08:51 PM | ---D | M] - C:\WINDOWS\System32\drivers
[06/24/2008 09:23 AM | ---D | M] - C:\WINDOWS\System32\DRVSTORE
[07/28/2008 05:45 PM | ---D | M] - C:\WINDOWS\System32\en-US
[07/30/2008 09:29 PM | 00,256,656 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[07/28/2008 10:28 AM | ---D | M] - C:\WINDOWS\System32\NtmsData
[08/07/2008 10:00 PM | ---D | M] - C:\WINDOWS\System32\wbem
[08/20/2008 10:50 PM | 00,013,646 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/23/2008 09:12 AM | 00,074,240 | ---- | M] () - C:\WINDOWS\System32\__c00B5BFF.dat
[08/14/2008 03:30 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[3 C:\WINDOWS\*.tmp files]
[07/28/2008 05:23 PM | -H-D | M] - C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[07/28/2008 05:19 PM | -H-D | M] - C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[08/22/2008 10:57 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[06/26/2008 07:33 PM | 00,000,825 | ---- | M] () - C:\WINDOWS\cdplayer.ini
[08/07/2008 05:51 PM | -HSD | M] - C:\WINDOWS\CSC
[08/15/2008 12:55 PM | ---D | M] - C:\WINDOWS\Downloaded Installations
[08/21/2008 01:50 PM | R-SD | M] - C:\WINDOWS\Fonts
[07/14/2008 07:10 PM | -HSD | M] - C:\WINDOWS\ftpcache
[07/28/2008 06:58 PM | ---D | M] - C:\WINDOWS\Help
[08/05/2008 09:35 PM | -H-D | M] - C:\WINDOWS\ie7
[08/14/2008 03:15 AM | ---D | M] - C:\WINDOWS\ie7updates
[08/14/2008 03:32 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/21/2008 08:51 PM | -H-D | M] - C:\WINDOWS\inf
[08/21/2008 08:51 PM | -HSD | M] - C:\WINDOWS\Installer
[08/11/2008 11:59 AM | 00,000,379 | ---- | M] () - C:\WINDOWS\lexstat.ini
[07/28/2008 05:32 PM | ---D | M] - C:\WINDOWS\Media
[07/29/2008 01:17 PM | ---D | M] - C:\WINDOWS\Minidump
[08/22/2008 03:26 PM | 00,000,116 | ---- | M] () - C:\WINDOWS\NeroDigital.ini
[08/05/2008 09:20 PM | ---D | M] - C:\WINDOWS\network diagnostic
[08/06/2008 09:52 AM | 00,000,000 | ---- | M] () - C:\WINDOWS\nsreg.dat
[08/23/2008 09:16 AM | ---D | M] - C:\WINDOWS\Prefetch
[07/27/2008 02:20 PM | ---D | M] - C:\WINDOWS\pss
[08/07/2008 10:00 PM | ---D | M] - C:\WINDOWS\Registration
[07/28/2008 10:28 AM | ---D | M] - C:\WINDOWS\repair
[08/15/2008 03:40 PM | ---D | M] - C:\WINDOWS\security
[07/30/2008 02:17 PM | 00,000,105 | ---- | M] () - C:\WINDOWS\sme.INI
[08/08/2008 10:39 AM | 00,000,227 | ---- | M] () - C:\WINDOWS\system.ini
[08/23/2008 09:12 AM | ---D | M] - C:\WINDOWS\system32
[08/15/2008 12:53 PM | --SD | M] - C:\WINDOWS\Tasks
[08/23/2008 09:12 AM | ---D | M] - C:\WINDOWS\Temp
[06/24/2008 09:25 AM | ---D | M] - C:\WINDOWS\twain_32
[08/05/2008 09:39 PM | ---D | M] - C:\WINDOWS\WBEM
[08/08/2008 10:39 AM | 00,000,604 | ---- | M] () - C:\WINDOWS\win.ini
[06/21/2008 08:09 AM | ---D | M] - C:\WINDOWS\WinSxS
[08/23/2008 08:38 AM | 00,000,256 | ---- | M] () - C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[06/24/2008 02:40 PM | 00,000,274 | -H-- | M] () - C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
[07/03/2008 09:27 AM | 00,000,178 | -H-- | M] () - C:\WINDOWS\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
[08/22/2008 10:57 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/12/2008 12:31 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Acoustica
[07/30/2008 09:09 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Adobe
[07/30/2008 05:23 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Adobe Systems
[08/21/2008 12:17 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\ESET
[07/28/2008 10:24 AM | --SD | M] - C:\Documents and Settings\All Users\Application Data\Microsoft
[06/23/2008 09:11 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Napster
[08/21/2008 11:04 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Protexis
[06/21/2008 08:09 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\YAHOO
[08/23/2008 09:11 AM | 00,000,013 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\020000006e0645bbC.manifest
[08/23/2008 09:11 AM | 00,000,011 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\020000006e0645bbO.manifest
[08/23/2008 09:11 AM | 00,000,359 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\020000006e0645bbP.manifest
[08/23/2008 09:11 AM | 00,000,007 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\020000006e0645bbR.manifest
[08/23/2008 09:11 AM | 00,000,011 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\020000006e0645bbS.manifest
[08/22/2008 09:45 AM | 00,000,000 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\76487-OEM-0042456-91665C.manifest
[08/22/2008 10:31 AM | 00,000,011 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\76487-OEM-0042456-91665O.manifest
[08/22/2008 10:31 AM | 00,000,359 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\76487-OEM-0042456-91665P.manifest
[08/22/2008 09:45 AM | 00,000,000 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\76487-OEM-0042456-91665R.manifest
[08/22/2008 09:45 AM | 00,000,000 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\76487-OEM-0042456-91665S.manifest
[08/12/2008 12:46 PM | ---D | M] - C:\Documents and Settings\baljot\Application Data\Acoustica
[07/30/2008 09:20 PM | ---D | M] - C:\Documents and Settings\baljot\Application Data\Adobe
[07/03/2008 09:25 AM | ---D | M] - C:\Documents and Settings\baljot\Application Data\DAEMON Tools
[08/21/2008 11:46 AM | ---D | M] - C:\Documents and Settings\baljot\Application Data\Digital Support
[08/21/2008 12:21 PM | ---D | M] - C:\Documents and Settings\baljot\Application Data\ESET
[08/07/2008 07:10 PM | ---D | M] - C:\Documents and Settings\baljot\Application Data\MetaProducts
[07/30/2008 08:52 AM | --SD | M] - C:\Documents and Settings\baljot\Application Data\Microsoft
[06/19/2008 12:17 PM | ---D | M] - C:\Documents and Settings\baljot\Application Data\Mozilla
[06/23/2008 09:06 PM | ---D | M] - C:\Documents and Settings\baljot\Application Data\Roxio
[08/21/2008 08:44 PM | ---D | M] - C:\Documents and Settings\baljot\Application Data\uTorrent
[07/03/2008 10:26 AM | ---D | M] - C:\Documents and Settings\baljot\Application Data\vlc
[08/11/2008 11:58 AM | 00,032,274 | ---- | M] () - C:\Documents and Settings\baljot\Application Data\wklnhst.dat
[07/29/2008 05:23 PM | ---D | M] - C:\Documents and Settings\baljot\Local Settings\Application Data\Adobe
[08/21/2008 08:28 PM | 00,042,496 | ---- | M] () - C:\Documents and Settings\baljot\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/22/2008 09:12 AM | ---D | M] - C:\Documents and Settings\baljot\Local Settings\Application Data\ESET
[07/30/2008 09:30 PM | 00,076,696 | ---- | M] () - C:\Documents and Settings\baljot\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[08/21/2008 08:55 PM | 10,177,942 | -H-- | M] () - C:\Documents and Settings\baljot\Local Settings\Application Data\IconCache.db
[07/28/2008 09:50 AM | ---D | M] - C:\Documents and Settings\baljot\Local Settings\Application Data\Identities
[08/17/2008 09:06 PM | ---D | M] - C:\Documents and Settings\baljot\Local Settings\Application Data\Microsoft
[06/19/2008 12:17 PM | ---D | M] - C:\Documents and Settings\baljot\Local Settings\Application Data\Mozilla
[06/21/2008 08:09 AM | ---D | M] - C:\Documents and Settings\baljot\Local Settings\Application Data\Yahoo
[06/30/2008 03:25 PM | ---D | M] - C:\Documents and Settings\baljot\My Documents\2008
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Some of the log was cut off can you repost it in 2 parts so I can see the rest please.

Also do you have a log from Nod?
  • 0

#5
babacomp

babacomp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
OTViewIt logfile created on: 8/23/2008 9:17:11 AM - Run 1
OTViewIt by OldTimer - Version 1.0.0.7 Folder = C:\Documents and Settings\baljot\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

253.80 Mb Total Physical Memory | 77.61 Mb Available Physical Memory | 30.58% Memory free
1008.23 Mb Paging File | 446.41 Mb Available in Paging File | 44.28% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.78 Gb Total Space | 29.79 Gb Free Space | 41.51% Space Free | Partition Type: NTFS
Drive D: | 2.74 Gb Total Space | 0.52 Gb Free Space | 18.94% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RANDHAWA-B8CDF4
Current User Name: baljot
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

===== Processes - Non-Microsoft Only =====

[09/07/2004 05:25 PM | 01,151,090 | ---- | M] (Ahead Software AG) - C:\Program Files\Ahead\InCD\InCDsrv.exe
[08/18/2003 06:37 AM | 00,303,104 | ---- | M] (Lexmark International, Inc.) - C:\WINDOWS\system32\LEXBCES.EXE
[08/18/2003 06:32 AM | 00,174,592 | ---- | M] (Lexmark International, Inc.) - C:\WINDOWS\system32\LEXPPS.EXE
[08/03/2006 06:12 AM | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\soundman.exe
[02/20/2008 11:06 AM | 01,443,072 | ---- | M] (ESET) - C:\Program Files\ESET\ESET Smart Security\egui.exe
[02/20/2008 11:08 AM | 00,472,320 | ---- | M] (ESET) - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
[08/23/2008 09:16 AM | 01,399,296 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\baljot\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Adobe LM Service) Adobe LM Service [On_Demand | Stopped]
[07/30/2008 05:18 PM | 00,072,704 | ---- | M] (Adobe Systems) - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/04/2004 08:00 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(EhttpSrv) Eset HTTP Server [On_Demand | Stopped]
[02/20/2008 11:14 AM | 00,019,200 | ---- | M] (ESET) - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

(ekrn) Eset Service [Auto | Running]
[02/20/2008 11:08 AM | 00,472,320 | ---- | M] (ESET) - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

(GoogleDesktopManager) GoogleDesktopManager [Disabled | Stopped]
[04/23/2007 04:18 PM | 00,069,120 | ---- | M] (Google) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe

(InCDsrv) InCD Helper [Auto | Running]
[09/07/2004 05:25 PM | 01,151,090 | ---- | M] (Ahead Software AG) - C:\Program Files\Ahead\InCD\InCDsrv.exe

(LexBceS) LexBce Server [Auto | Running]
[08/18/2003 06:37 AM | 00,303,104 | ---- | M] (Lexmark International, Inc.) - C:\WINDOWS\system32\LEXBCES.EXE

(YPCService) YPCService [Disabled | Stopped]
[05/19/2003 05:07 PM | 00,086,016 | ---- | M] (Yahoo! Inc.) - C:\WINDOWS\system32\YPcservice.exe

===== Driver Services - Non-Microsoft Only =====

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [On_Demand | Running]
[10/13/2006 06:31 PM | 04,022,528 | R--- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\alcxwdm.sys

(AR5523) 802.11 Wireless Network Adapter Service [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\ar5523.sys

(ATHFMWDL) 802.11 USB Wireless Adapter Bootloader driver [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\Drivers\ATHFMWDL.sys

(dmboot) dmboot [Disabled | Stopped]
[08/04/2004 08:00 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[08/04/2004 08:00 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[08/04/2004 08:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(E100B) Intel® PRO Network Connection Driver [On_Demand | Running]
[01/12/2006 05:27 PM | 00,163,328 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys

(eamon) eamon [Auto | Running]
[02/20/2008 11:01 AM | 00,039,944 | ---- | M] (ESET) - C:\WINDOWS\system32\drivers\eamon.sys

(easdrv) easdrv [System | Running]
[02/20/2008 11:02 AM | 00,029,704 | ---- | M] (ESET) - C:\WINDOWS\system32\drivers\easdrv.sys

(epfw) epfw [Auto | Running]
[02/20/2008 11:11 AM | 00,071,176 | ---- | M] (ESET) - C:\WINDOWS\system32\drivers\epfw.sys

(Epfwndis) Eset Personal Firewall [On_Demand | Running]
[02/20/2008 11:11 AM | 00,030,728 | ---- | M] (ESET) - C:\WINDOWS\system32\drivers\epfwndis.sys

(epfwtdi) epfwtdi [System | Running]
[02/20/2008 11:11 AM | 00,054,280 | ---- | M] (ESET) - C:\WINDOWS\system32\drivers\epfwtdi.sys

(ialm) ialm [On_Demand | Running]
[06/21/2005 06:12 PM | 00,807,998 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmnt5.sys

(InCDfs) InCD File System [Disabled | Running]
[09/07/2004 05:27 PM | 00,091,136 | ---- | M] (Ahead Software AG) - C:\WINDOWS\System32\drivers\InCDfs.sys

(InCDPass) InCDPass [System | Running]
[09/07/2004 05:27 PM | 00,028,544 | ---- | M] (Ahead Software AG) - C:\WINDOWS\system32\drivers\InCDpass.sys

(pfc) Padus ASPI Shell [On_Demand | Running]
[04/01/2004 04:30 PM | 00,010,368 | ---- | M] (Padus, Inc.) - C:\WINDOWS\system32\drivers\pfc.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/04/2004 08:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 06:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(sptd) sptd [Boot | Running]
[07/03/2008 09:25 AM | 00,717,296 | ---- | M] () - C:\WINDOWS\system32\drivers\sptd.sys

(symlcbrd) symlcbrd [Auto | Running]
[11/12/2006 12:10 AM | 00,010,344 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symlcbrd.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui" = "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [02/20/2008 11:06 AM | 01,443,072 | ---- | M] (ESET)
"SoundMan" = SOUNDMAN.EXE [08/03/2006 06:12 AM | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.)
"TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [09/14/2007 07:40 AM | 00,185,632 | ---- | M] (RealNetworks, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"" =
"Installed" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"" =
"Installed" = 1
"NoChange" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"" =
"Installed" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater" = C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [03/01/2007 10:37 AM | 02,321,600 | R--- | M] (Adobe Systems Incorporated)
"PowerBar" = "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime [04/21/2004 11:26 AM | 00,086,016 | ---- | M] (Cyberlink, Corp.)
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [09/12/2007 03:04 PM | 04,670,704 | ---- | M] (Yahoo! Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" =

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" =

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-1454471165-492894223-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater" = C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [03/01/2007 10:37 AM | 02,321,600 | R--- | M] (Adobe Systems Incorporated)
"PowerBar" = "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime [04/21/2004 11:26 AM | 00,086,016 | ---- | M] (Cyberlink, Corp.)
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [09/12/2007 03:04 PM | 04,670,704 | ---- | M] (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1454471165-492894223-682003330-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

[baljot Startup Folder - C:\Documents and Settings\baljot\Start Menu\Programs\Startup]

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
HKLM CLSID: (Yahoo! Toolbar Helper) - [10/26/2006 12:28 PM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [10/22/2006 11:08 PM | 00,062,080 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
HKLM CLSID: (Yahoo! IE Services Button) - [10/31/2006 05:33 PM | 00,198,136 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [10/12/2006 04:25 AM | 00,434,279 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
HKLM CLSID: (SidebarAutoLaunch Class) - [02/03/2005 06:07 PM | 00,124,032 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [10/26/2006 12:28 PM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{C4069E3A-68F1-403E-B40E-20066696354B}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [10/26/2006 12:28 PM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_USERS\S-1-5-21-1454471165-492894223-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{C4069E3A-68F1-403E-B40E-20066696354B}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_USERS\S-1-5-21-1454471165-492894223-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [10/26/2006 12:28 PM | 00,440,384 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"ShowSuperHidden" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" = 1
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}" = 1073741857
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}" = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"CDRAutoRun" = 1
"NoDriveTypeAutoRun" = 149
"NoRecentDocsHistory" = 1
"ClearRecentDocsOnExit" = 1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-21-1454471165-492894223-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"CDRAutoRun" = 1
"NoDriveTypeAutoRun" = 149
"NoRecentDocsHistory" = 1
"ClearRecentDocsOnExit" = 1

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 08:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 12:34 PM | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe [10/02/2007 06:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 08:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 08:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe [10/13/2004 12:24 PM | 01,694,208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [09/12/2007 03:04 PM | 04,670,704 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe [08/30/2007 06:43 PM | 00,091,376 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 12:34 PM | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe [10/02/2007 06:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe [08/15/2008 03:45 PM | 00,267,056 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe [05/17/2007 05:45 PM | 04,277,608 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe [05/17/2007 05:45 PM | 00,279,912 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 08:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 06:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/04/2004 08:00 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 08:00 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/25/2007 11:36 PM | 08,454,656 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 08:00 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00F6107]
"DllName" = File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\449b0e6b382]
"DllName" = C:\WINDOWS\system32\__c00B5BFF.dat [08/23/2008 09:12 AM | 00,074,240 | ---- | M] ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\WINDOWS\system32\igfxsrvc.dll [06/21/2005 05:44 PM | 00,348,160 | ---- | M] (Intel Corporation)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
"GoogleDesktopManager" = 3
"ERSvc" = 2
"YPCService" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk File not found
"backup" = C:\WINDOWS\pss\Microsoft Office.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Microsoft Office\Office10\OSA.EXE [02/13/2001 02:01 AM | 00,083,360 | ---- | M] (Microsoft Corporation)
"item" = Microsoft Office

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = Reader_sl
"hkey" = HKLM
"command" = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [05/11/2007 03:06 AM | 00,040,048 | ---- | M] (Adobe Systems Incorporated)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\system32\ctfmon.exe [08/04/2004 08:00 AM | 00,015,360 | ---- | M] (Microsoft Corporation)
"hkey" = HKCU
"command" = C:\WINDOWS\system32\ctfmon.exe [08/04/2004 08:00 AM | 00,015,360 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = daemon
"hkey" = HKCU
"command" = C:\Program Files\DAEMON Tools Lite\daemon.exe [04/01/2008 05:39 AM | 00,486,856 | ---- | M] (DT Soft Ltd)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Desktop Search]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = GoogleDesktop
"hkey" = HKCU
"command" = C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [03/02/2007 07:48 PM | 00,120,320 | ---- | M] ()
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\system32\hkcmd.exe [06/21/2005 05:44 PM | 00,126,976 | ---- | M] (Intel Corporation)
"hkey" = HKLM
"command" = C:\WINDOWS\system32\hkcmd.exe [06/21/2005 05:44 PM | 00,126,976 | ---- | M] (Intel Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\system32\igfxtray.exe [06/21/2005 05:48 PM | 00,155,648 | ---- | M] (Intel Corporation)
"hkey" = HKLM
"command" = C:\WINDOWS\system32\igfxtray.exe [06/21/2005 05:48 PM | 00,155,648 | ---- | M] (Intel Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InCD]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = InCD
"hkey" = HKLM
"command" = C:\Program Files\Ahead\InCD\InCD.exe [09/07/2004 09:25 AM | 01,400,944 | ---- | M] (Ahead Software AG)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = dumprep 0 -k
"hkey" = HKLM
"command" = %systemroot%\system32\dumprep 0 -k
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lexmark X1100 Series]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = lxbkbmgr
"hkey" = HKLM
"command" = C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [08/19/2003 06:43 AM | 00,057,344 | ---- | M] (Lexmark International, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LifeCam]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = LifeExp
"hkey" = HKLM
"command" = C:\Program Files\Microsoft LifeCam\LifeExp.exe [05/17/2007 05:45 PM | 00,279,912 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Works Update Detection]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = WkUFind
"hkey" = HKLM
"command" = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [06/07/2003 07:32 AM | 00,050,688 | ---- | M] (Microsoft® Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = msnmsgr
"hkey" = HKCU
"command" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 12:34 PM | 05,724,184 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NapsterShell]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = napster
"hkey" = HKLM
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBJ]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = NBJ
"hkey" = HKCU
"command" = C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [09/22/2004 05:10 PM | 01,871,872 | ---- | M] (Ahead Software AG)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\system32\NeroCheck.exe [07/09/2001 12:50 PM | 00,155,648 | ---- | M] (Ahead Software Gmbh)
"hkey" = HKLM
"command" = C:\WINDOWS\system32\NeroCheck.exe [07/09/2001 12:50 PM | 00,155,648 | ---- | M] (Ahead Software Gmbh)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\osCheck]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = osCheck
"hkey" = HKLM
"command" = C:\PROGRA~1\Symantec\osCheck.exe File not found
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PowerBar]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = PowerBar
"hkey" = HKCU
"command" = C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe [04/21/2004 11:26 AM | 00,086,016 | ---- | M] (Cyberlink, Corp.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RamBooster]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = Rambooster
"hkey" = HKCU
"command" = C:\Program Files\RamBooster 2.0\Rambooster.exe [11/17/2005 07:32 AM | 00,561,664 | ---- | M] (J.Pajula)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = PDVDServ
"hkey" = HKLM
"command" = C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [12/08/2003 06:35 PM | 00,032,768 | ---- | M] (Cyberlink Corp.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RogersAgent]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = rogersagent
"hkey" = HKCU
"command" = c:\Program Files\Rogers\SelfHealing\RogersAgent.exe [04/23/2007 04:51 PM | 00,478,968 | ---- | M] (Rogers Cable Communications)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SHS]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = SHS
"hkey" = HKCU
"command" = C:\Program Files\Rogers\SelfHealing\SHS.exe [10/12/2007 04:30 PM | 05,166,392 | ---- | M] (Rogers Cable Communications)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = jusched
"hkey" = HKLM
"command" = C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [10/12/2006 04:10 AM | 00,049,263 | ---- | M] (Sun Microsystems, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = realsched
"hkey" = HKLM
"command" = C:\Program Files\Common Files\Real\Update_OB\realsched.exe [09/14/2007 07:40 AM | 00,185,632 | ---- | M] (RealNetworks, Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Update Manager]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = UpdateManager
"hkey" = HKCU
"command" = C:\Program Files\Rogers\Update Manager\UpdateManager.exe [10/12/2007 04:30 PM | 00,136,504 | ---- | M] (Rogers Cable Communications Inc. )
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VX1000]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\WINDOWS\vVX1000.exe [04/10/2007 05:46 PM | 00,709,992 | ---- | M] (Microsoft Corporation)
"hkey" = HKLM
"command" = C:\WINDOWS\vVX1000.exe [04/10/2007 05:46 PM | 00,709,992 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WMPNSCFG]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = WMPNSCFG
"hkey" = HKCU
"command" = C:\Program Files\Windows Media Player\wmpnscfg.exe [10/18/2006 09:05 PM | 00,204,288 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = YahooMessenger
"hkey" = HKCU
"command" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [09/12/2007 03:04 PM | 04,670,704 | ---- | M] (Yahoo! Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YOP]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = yop
"hkey" = HKLM
"command" = C:\Program Files\Yahoo!\YOP\yop.exe [06/26/2007 02:48 PM | 00,509,224 | ---- | M] (Yahoo! Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 2
"startup" = 2

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{4D39D953-B982-48CD-815F-B1CD4CC30D49}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{6A019242-C362-4256-AC47-7CCD4B9CDC2E}]
Servers: | Description: Intel® PRO/100 VE Network Connection

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"DependOnGroup" = SCSI miniport;
"ErrorControl" = 1
"Group" = SCSI CDROM Class
"Start" = 1
"Tag" = 2
"Type" = 1
"DisplayName" = CD-ROM Driver
"ImagePath" = C:\WINDOWS\system32\drivers\cdrom.sys [08/04/2004 08:00 AM | 00,049,536 | ---- | M] (Microsoft Corporation)
"AutoRun" = 1
"AutoRunAlwaysDisable" = NEC MBR-7 ;NEC MBR-7.4 ;PIONEER CHANGR DRM-1804X;PIONEER CD-ROM DRM-6324X;PIONEER CD-ROM DRM-624X ;TORiSAN CD-ROM CDR_C36;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum]
"0" = IDE\CdRomATAPI_DVD_DUAL_16X4X12__________________G8C9____\39393542314e3035334333343034373732305053
"Count" = 3
"NextInstance" = 3
"1" = SCSI\CdRom&Ven_VO7562V&Prod_TKZ354P&Rev_1.01\5&36e5972&0&000
"2" = SCSI\CdRom&Ven_VO7562V&Prod_TKZ354P&Rev_1.01\5&36e5972&0&010
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] - [11/11/2006 09:51 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

===== CDRom AutoRun Settings =====

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
"BaseClass" = Drive

===== Hosts File =====

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts



[Files/Folders - Created Within 90 days]
[08/21/2008 08:51 PM | ---D | C] - C:\Config.Msi
[07/30/2008 05:28 PM | ---D | C] - C:\Temp
[07/03/2008 09:25 AM | 00,717,296 | ---- | M] () - C:\WINDOWS\System32\drivers\sptd.sys
[08/21/2008 11:06 AM | 00,000,080 | RHS- | M] () - C:\WINDOWS\System32\9B09F35911.dll
[07/28/2008 05:45 PM | ---D | C] - C:\WINDOWS\System32\en-US
[2 C:\WINDOWS\System32\*.tmp files]
[07/28/2008 10:28 AM | ---D | C] - C:\WINDOWS\System32\NtmsData
[08/07/2007 11:32 AM | 00,057,344 | ---- | M] (NexiTech, Inc.) - C:\WINDOWS\System32\Wnaspint.dll
[08/23/2008 09:12 AM | 00,074,240 | ---- | M] () - C:\WINDOWS\System32\__c00B5BFF.dat
[07/28/2008 05:23 PM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[3 C:\WINDOWS\*.tmp files]
[07/28/2008 05:19 PM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[08/07/2008 05:51 PM | -HSD | C] - C:\WINDOWS\CSC
[07/14/2008 07:10 PM | -HSD | C] - C:\WINDOWS\ftpcache
[08/05/2008 09:35 PM | -H-D | C] - C:\WINDOWS\ie7
[08/14/2008 03:15 AM | ---D | C] - C:\WINDOWS\ie7updates
[07/29/2008 01:17 PM | ---D | C] - C:\WINDOWS\Minidump
[08/05/2008 09:20 PM | ---D | C] - C:\WINDOWS\network diagnostic
[01/07/2008 02:29 PM | 00,000,352 | -H-- | M] () - C:\WINDOWS\nod32fixtemdono.reg
[08/06/2008 09:52 AM | 00,000,000 | ---- | M] () - C:\WINDOWS\nsreg.dat
[07/27/2008 02:20 PM | ---D | C] - C:\WINDOWS\pss
[07/30/2008 02:17 PM | 00,000,105 | ---- | M] () - C:\WINDOWS\sme.INI
[04/10/2007 05:46 PM | 00,015,498 | ---- | M] () - C:\WINDOWS\VX1000.ini
[04/10/2007 05:46 PM | 00,013,023 | ---- | M] () - C:\WINDOWS\VX1000.src
[08/05/2008 09:39 PM | ---D | C] - C:\WINDOWS\WBEM
[06/24/2008 02:40 PM | 00,000,274 | -H-- | M] () - C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
[07/03/2008 09:27 AM | 00,000,178 | -H-- | M] () - C:\WINDOWS\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
[08/12/2008 12:31 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Acoustica
[07/30/2008 05:23 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Adobe Systems
[08/21/2008 12:17 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\ESET
[06/23/2008 09:11 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Napster
[08/21/2008 11:04 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Protexis
[08/23/2008 09:11 AM | 00,000,013 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\020000006e0645bbC.manifest
[08/23/2008 09:11 AM | 00,000,011 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\020000006e0645bbO.manifest
[08/23/2008 09:11 AM | 00,000,359 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\020000006e0645bbP.manifest
[08/23/2008 09:11 AM | 00,000,007 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\020000006e0645bbR.manifest
[08/23/2008 09:11 AM | 00,000,011 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\020000006e0645bbS.manifest
[08/22/2008 09:45 AM | 00,000,000 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\76487-OEM-0042456-91665C.manifest
[08/22/2008 10:31 AM | 00,000,011 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\76487-OEM-0042456-91665O.manifest
[08/22/2008 10:31 AM | 00,000,359 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\76487-OEM-0042456-91665P.manifest
[08/22/2008 09:45 AM | 00,000,000 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\76487-OEM-0042456-91665R.manifest
[08/22/2008 09:45 AM | 00,000,000 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\76487-OEM-0042456-91665S.manifest
[08/12/2008 12:46 PM | ---D | C] - C:\Documents and Settings\baljot\Application Data\Acoustica
[07/03/2008 09:25 AM | ---D | C] - C:\Documents and Settings\baljot\Application Data\DAEMON Tools
[08/21/2008 11:46 AM | ---D | C] - C:\Documents and Settings\baljot\Application Data\Digital Support
[08/21/2008 12:21 PM | ---D | C] - C:\Documents and Settings\baljot\Application Data\ESET
[08/07/2008 07:10 PM | ---D | C] - C:\Documents and Settings\baljot\Application Data\MetaProducts
[06/19/2008 12:17 PM | ---D | C] - C:\Documents and Settings\baljot\Application Data\Mozilla
[06/23/2008 09:06 PM | ---D | C] - C:\Documents and Settings\baljot\Application Data\Roxio
[07/03/2008 10:26 AM | ---D | C] - C:\Documents and Settings\baljot\Application Data\vlc
[08/22/2008 09:12 AM | ---D | C] - C:\Documents and Settings\baljot\Local Settings\Application Data\ESET
[07/28/2008 09:50 AM | ---D | C] - C:\Documents and Settings\baljot\Local Settings\Application Data\Identities
[06/19/2008 12:17 PM | ---D | C] - C:\Documents and Settings\baljot\Local Settings\Application Data\Mozilla
[06/30/2008 03:25 PM | ---D | C] - C:\Documents and Settings\baljot\My Documents\2008
[08/06/2008 04:55 PM | ---D | C] - C:\Documents and Settings\baljot\My Documents\computer fixers
[08/06/2008 03:18 AM | 00,000,077 | -HS- | M] () - C:\Documents and Settings\baljot\My Documents\desktop.ini
[08/18/2008 03:56 PM | ---D | C] - C:\Documents and Settings\baljot\My Documents\important-old-documents
[08/22/2008 03:35 PM | R--D | C] - C:\Documents and Settings\baljot\My Documents\LifeCam Files
[08/18/2008 07:50 PM | ---D | C] - C:\Documents and Settings\baljot\My Documents\My Chat Logs
[08/22/2008 10:01 PM | 00,000,575 | ---- | M] () - C:\Documents and Settings\baljot\My Documents\My Sharing Folders.lnk
[08/15/2008 10:09 AM | ---D | C] - C:\Documents and Settings\baljot\My Documents\new mixes
[08/21/2008 02:13 PM | ---D | C] - C:\Documents and Settings\baljot\My Documents\Setups
[06/30/2008 03:11 PM | 00,127,488 | -HS- | M] () - C:\Documents and Settings\baljot\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
[07/30/2008 04:45 PM | ---D | C] - C:\Documents and Settings\baljot\My Documents\Unused Desktop Shortcuts
[08/21/2008 02:12 PM | ---D | C] - C:\Documents and Settings\baljot\My Documents\VirtualDJ
[08/21/2008 04:55 PM | 00,064,804 | ---- | M] () - C:\Documents and Settings\baljot\My Documents\yyyyyyyy.jpg
@Alternate Data Stream - 304 bytes -> %UserProfile%\My Documents\yyyyyyyy.jpg:SummaryInformation
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\yyyyyyyy.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
[07/21/2008 05:06 PM | 07,786,755 | ---- | M] () - C:\Documents and Settings\baljot\My Documents\[Đc] 10 - Gippy Grewal - Mere Yaar Ne (By.Soldi-tank-wala) [DholCutz.net].mp3
[05/31/2008 05:07 PM | 00,000,162 | -H-- | M] () - C:\Documents and Settings\baljot\My Documents\~$Am Sam.doc
[07/30/2008 09:22 PM | 00,001,732 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Audition 1.5.lnk
[07/03/2008 09:38 AM | 00,000,733 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[06/24/2008 09:22 AM | 00,001,886 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Microsoft LifeCam.lnk
[06/19/2008 12:16 PM | 00,001,602 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[07/03/2008 10:25 AM | 00,000,719 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[08/22/2008 01:53 PM | 02,720,466 | ---- | M] () - C:\Documents and Settings\baljot\Desktop\ComboFix.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier
[07/29/2008 04:29 PM | 00,001,596 | ---- | M] () - C:\Documents and Settings\baljot\Desktop\DC++.lnk
[08/22/2008 01:50 PM | 00,812,344 | ---- | M] (Trend Micro Inc.) - C:\Documents and Settings\baljot\Desktop\HJTInstall.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier
[08/23/2008 09:16 AM | 01,399,296 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\baljot\Desktop\OTViewIt.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTViewIt.exe:Zone.Identifier
[08/22/2008 01:55 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\baljot\Desktop\TheDoc.exe.lnk
[07/03/2008 08:04 AM | 00,000,704 | ---- | M] () - C:\Documents and Settings\baljot\Desktop\WinRAR.lnk
[08/12/2008 10:31 AM | 00,000,630 | ---- | M] () - C:\Documents and Settings\baljot\Desktop\µTorrent.lnk
[07/30/2008 05:18 PM | ---D | C] - C:\Program Files\Common Files\Adobe Systems Shared
[08/21/2008 11:52 AM | ---D | C] - C:\Program Files\Common Files\Filseclab
[08/21/2008 02:09 PM | ---D | C] - C:\Program Files\Acoustica Mixcraft 4
[08/12/2008 12:46 PM | ---D | C] - C:\Program Files\Acoustica Shared Effects
[07/28/2008 10:27 AM | 16,546,22207 | ---- | M] () - C:\Program Files\Backup-Of-Everything.bkf
[07/03/2008 09:38 AM | ---D | C] - C:\Program Files\DAEMON Tools Lite
[08/22/2008 09:42 AM | ---D | C] - C:\Program Files\DC++
[08/18/2008 08:30 AM | ---D | C] - C:\Program Files\Digital Support
[08/21/2008 08:40 PM | ---D | C] - C:\Program Files\ESET
[06/24/2008 09:22 AM | ---D | C] - C:\Program Files\Microsoft LifeCam
[08/23/2008 09:11 AM | ---D | C] - C:\Program Files\Mozilla Firefox
[08/06/2008 04:49 PM | ---D | C] - C:\Program Files\RamBooster 2.0
[08/07/2008 09:59 PM | ---D | C] - C:\Program Files\StartUp Organizer
[08/22/2008 01:51 PM | ---D | C] - C:\Program Files\Trend Micro
[08/12/2008 10:34 AM | ---D | C] - C:\Program Files\uTorrent
[08/12/2008 10:34 AM | ---D | C] - C:\Program Files\utorrent setup
[07/03/2008 10:24 AM | ---D | C] - C:\Program Files\VideoLAN
[07/29/2008 12:17 PM | ---D | C] - C:\Program Files\WinRAR(2)

[Files/Folders - Modified Within 90 days]
[08/08/2008 10:39 AM | 00,000,211 | -HS- | M] () - C:\boot.ini
[08/21/2008 08:51 PM | ---D | M] - C:\Config.Msi
[07/15/2008 08:05 AM | ---D | M] - C:\Documents and Settings
[08/22/2008 01:51 PM | R--D | M] - C:\Program Files
[08/15/2008 09:53 AM | -HSD | M] - C:\RECYCLER
[07/19/2008 07:12 PM | 00,000,268 | -H-- | M] () - C:\sqmdata09.sqm
[07/19/2008 07:12 PM | 00,000,244 | -H-- | M] () - C:\sqmnoopt01.sqm
[07/28/2008 12:41 PM | -HSD | M] - C:\System Volume Information
[07/30/2008 05:28 PM | ---D | M] - C:\Temp
[08/21/2008 08:56 PM | ---D | M] - C:\WINDOWS
[07/03/2008 09:25 AM | 00,717,296 | ---- | M] () - C:\WINDOWS\System32\drivers\sptd.sys
[08/21/2008 11:06 AM | 00,000,080 | RHS- | M] () - C:\WINDOWS\System32\9B09F35911.dll
[06/11/2008 03:04 PM | ---D | M] - C:\WINDOWS\System32\appmgmt
[2 C:\WINDOWS\System32\*.tmp files]
[08/07/2008 10:06 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/22/2008 10:58 AM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[07/28/2008 01:04 PM | 00,000,016 | ---- | M] () - C:\WINDOWS\System32\coh.cache
[08/07/2008 10:00 PM | ---D | M] - C:\WINDOWS\System32\config
[06/24/2008 09:16 AM | ---D | M] - C:\WINDOWS\System32\DirectX
[08/14/2008 03:33 AM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/21/2008 08:51 PM | ---D | M] - C:\WINDOWS\System32\drivers
[06/24/2008 09:23 AM | ---D | M] - C:\WINDOWS\System32\DRVSTORE
[07/28/2008 05:45 PM | ---D | M] - C:\WINDOWS\System32\en-US
[07/30/2008 09:29 PM | 00,256,656 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[07/28/2008 10:28 AM | ---D | M] - C:\WINDOWS\System32\NtmsData
[08/07/2008 10:00 PM | ---D | M] - C:\WINDOWS\System32\wbem
[08/20/2008 10:50 PM | 00,013,646 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/23/2008 09:12 AM | 00,074,240 | ---- | M] () - C:\WINDOWS\System32\__c00B5BFF.dat
[08/14/2008 03:30 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[3 C:\WINDOWS\*.tmp files]
[07/28/2008 05:23 PM | -H-D | M] - C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[07/28/2008 05:19 PM | -H-D | M] - C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[08/22/2008 10:57 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[06/26/2008 07:33 PM | 00,000,825 | ---- | M] () - C:\WINDOWS\cdplayer.ini
[08/07/2008 05:51 PM | -HSD | M] - C:\WINDOWS\CSC
[08/15/2008 12:55 PM | ---D | M] - C:\WINDOWS\Downloaded Installations
[08/21/2008 01:50 PM | R-SD | M] - C:\WINDOWS\Fonts
[07/14/2008 07:10 PM | -HSD | M] - C:\WINDOWS\ftpcache
[07/28/2008 06:58 PM | ---D | M] - C:\WINDOWS\Help
[08/05/2008 09:35 PM | -H-D | M] - C:\WINDOWS\ie7
[08/14/2008 03:15 AM | ---D | M] - C:\WINDOWS\ie7updates
[08/14/2008 03:32 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/21/2008 08:51 PM | -H-D | M] - C:\WINDOWS\inf
[08/21/2008 08:51 PM | -HSD | M] - C:\WINDOWS\Installer
[08/11/2008 11:59 AM | 00,000,379 | ---- | M] () - C:\WINDOWS\lexstat.ini
[07/28/2008 05:32 PM | ---D | M] - C:\WINDOWS\Media
[07/29/2008 01:17 PM | ---D | M] - C:\WINDOWS\Minidump
[08/22/2008 03:26 PM | 00,000,116 | ---- | M] () - C:\WINDOWS\NeroDigital.ini
[08/05/2008 09:20 PM | ---D | M] - C:\WINDOWS\network diagnostic
[08/06/2008 09:52 AM | 00,000,000 | ---- | M] () - C:\WINDOWS\nsreg.dat
[08/23/2008 09:16 AM | ---D | M] - C:\WINDOWS\Prefetch
[07/27/2008 02:20 PM | ---D | M] - C:\WINDOWS\pss
[08/07/2008 10:00 PM | ---D | M] - C:\WINDOWS\Registration
[07/28/2008 10:28 AM | ---D | M] - C:\WINDOWS\repair
[08/15/2008 03:40 PM | ---D | M] - C:\WINDOWS\security
[07/30/2008 02:17 PM | 00,000,105 | ---- | M] () - C:\WINDOWS\sme.INI
[08/08/2008 10:39 AM | 00,000,227 | ---- | M] () - C:\WINDOWS\system.ini
[08/23/2008 09:12 AM | ---D | M] - C:\WINDOWS\system32
[08/15/2008 12:53 PM | --SD | M] - C:\WINDOWS\Tasks
[08/23/2008 09:12 AM | ---D | M] - C:\WINDOWS\Temp
[06/24/2008 09:25 AM | ---D | M] - C:\WINDOWS\twain_32
[08/05/2008 09:39 PM | ---D | M] - C:\WINDOWS\WBEM
[08/08/2008 10:39 AM | 00,000,604 | ---- | M] () - C:\WINDOWS\win.ini
[06/21/2008 08:09 AM | ---D | M] - C:\WINDOWS\WinSxS
[08/23/2008 08:38 AM | 00,000,256 | ---- | M] () - C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[06/24/2008 02:40 PM | 00,000,274 | -H-- | M] () - C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
[07/03/2008 09:27 AM | 00,000,178 | -H-- | M] () - C:\WINDOWS\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
[08/22/2008 10:57 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/12/2008 12:31 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Acoustica
[07/30/2008 09:09 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Adobe
[07/30/2008 05:23 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Adobe Systems
[08/21/2008 12:17 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\ESET
[07/28/2008 10:24 AM | --SD | M] - C:\Documents and Settings\All Users\Application Data\Microsoft
[06/23/2008 09:11 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Napster
[08/21/2008 11:04 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Protexis
[06/21/2008 08:09 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\YAHOO
[08/23/2008 09:11 AM | 00,000,013 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\020000006e0645bbC.manifest
[08/23/2008 09:11 AM | 00,000,011 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\020000006e0645bbO.manifest
[08/23/2008 09:11 AM | 00,000,359 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\020000006e0645bbP.manifest
[08/23/2008 09:11 AM | 00,000,007 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\020000006e0645bbR.manifest
[08/23/2008 09:11 AM | 00,000,011 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\020000006e0645bbS.manifest
[08/22/2008 09:45 AM | 00,000,000 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\76487-OEM-0042456-91665C.manifest
[08/22/2008 10:31 AM | 00,000,011 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\76487-OEM-0042456-91665O.manifest
[08/22/2008 10:31 AM | 00,000,359 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\76487-OEM-0042456-91665P.manifest
[08/22/2008 09:45 AM | 00,000,000 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\76487-OEM-0042456-91665R.manifest
[08/22/2008 09:45 AM | 00,000,000 | -HS- | M] () - C:\Documents and Settings\baljot\Application Data\76487-OEM-0042456-91665S.manifest
[08/12/2008 12:46 PM | ---D | M] - C:\Documents and Settings\baljot\Application Data\Acoustica
[07/30/2008 09:20 PM | ---D | M] - C:\Documents and Settings\baljot\Application Data\Adobe
[07/03/2008 09:25 AM | ---D | M] - C:\Documents and Settings\baljot\Application Data\DAEMON Tools
[08/21/2008 11:46 AM | ---D | M] - C:\Documents and Settings\baljot\Application Data\Digital Support
[08/21/2008 12:21 PM | ---D | M] - C:\Documents and Settings\baljot\Application Data\ESET
[08/07/2008 07:10 PM | ---D | M] - C:\Documents and Settings\baljot\Application Data\MetaProducts
[07/30/2008 08:52 AM | --SD | M] - C:\Documents and Settings\baljot\Application Data\Microsoft
[06/19/2008 12:17 PM | ---D | M] - C:\Documents and Settings\baljot\Application Data\Mozilla
[06/23/2008 09:06 PM | ---D | M] - C:\Documents and Settings\baljot\Application Data\Roxio
[08/21/2008 08:44 PM | ---D | M] - C:\Documents and Settings\baljot\Application Data\uTorrent
[07/03/2008 10:26 AM | ---D | M] - C:\Documents and Settings\baljot\Application Data\vlc
[08/11/2008 11:58 AM | 00,032,274 | ---- | M] () - C:\Documents and Settings\baljot\Application Data\wklnhst.dat
[07/29/2008 05:23 PM | ---D | M] - C:\Documents and Settings\baljot\Local Settings\Application Data\Adobe
[08/21/2008 08:28 PM | 00,042,496 | ---- | M] () - C:\Documents and Settings\baljot\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/22/2008 09:12 AM | ---D | M] - C:\Documents and Settings\baljot\Local Settings\Application Data\ESET
[07/30/2008 09:30 PM | 00,076,696 | ---- | M] () - C:\Documents and Settings\baljot\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[08/21/2008 08:55 PM | 10,177,942 | -H-- | M] () - C:\Documents and Settings\baljot\Local Settings\Application Data\IconCache.db
[07/28/2008 09:50 AM | ---D | M] - C:\Documents and Settings\baljot\Local Settings\Application Data\Identities
[08/17/2008 09:06 PM | ---D | M] - C:\Documents and Settings\baljot\Local Settings\Application Data\Microsoft
[06/19/2008 12:17 PM | ---D | M] - C:\Documents and Settings\baljot\Local Settings\Application Data\Mozilla
[06/21/2008 08:09 AM | ---D | M] - C:\Documents and Settings\baljot\Local Settings\Application Data\Yahoo
[06/30/2008 03:25 PM | ---D | M] - C:\Documents and Settings\baljot\My Documents\2008

Edited by babacomp, 23 August 2008 - 09:41 AM.

  • 0

#6
babacomp

babacomp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
rest of OTViewIT.txt
[08/06/2008 04:55 PM | ---D | M] - C:\Documents and Settings\baljot\My Documents\computer fixers
[05/29/2008 07:51 AM | ---D | M] - C:\Documents and Settings\baljot\My Documents\CyberLink
[08/06/2008 03:18 AM | 00,000,077 | -HS- | M] () - C:\Documents and Settings\baljot\My Documents\desktop.ini
[08/22/2008 11:41 PM | ---D | M] - C:\Documents and Settings\baljot\My Documents\Downloads
[08/18/2008 03:56 PM | ---D | M] - C:\Documents and Settings\baljot\My Documents\important-old-documents
[08/15/2008 10:23 PM | ---D | M] - C:\Documents and Settings\baljot\My Documents\Jaskarens folder only
[08/22/2008 03:35 PM | R--D | M] - C:\Documents and Settings\baljot\My Documents\LifeCam Files
[08/18/2008 07:50 PM | ---D | M] - C:\Documents and Settings\baljot\My Documents\My Chat Logs
[08/06/2008 03:18 AM | R--D | M] - C:\Documents and Settings\baljot\My Documents\My Music
[08/19/2008 09:25 AM | ---D | M] - C:\Documents and Settings\baljot\My Documents\My PSP8 Files
[08/10/2008 02:08 PM | ---D | M] - C:\Documents and Settings\baljot\My Documents\My Received Files
[08/22/2008 10:01 PM | 00,000,575 | ---- | M] () - C:\Documents and Settings\baljot\My Documents\My Sharing Folders.lnk
[08/15/2008 10:09 AM | ---D | M] - C:\Documents and Settings\baljot\My Documents\new mixes
[08/21/2008 02:13 PM | ---D | M] - C:\Documents and Settings\baljot\My Documents\Setups
[06/30/2008 03:11 PM | 00,127,488 | -HS- | M] () - C:\Documents and Settings\baljot\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
[07/30/2008 04:45 PM | ---D | M] - C:\Documents and Settings\baljot\My Documents\Unused Desktop Shortcuts
[08/21/2008 02:12 PM | ---D | M] - C:\Documents and Settings\baljot\My Documents\VirtualDJ
[08/21/2008 04:55 PM | 00,064,804 | ---- | M] () - C:\Documents and Settings\baljot\My Documents\yyyyyyyy.jpg
@Alternate Data Stream - 304 bytes -> %UserProfile%\My Documents\yyyyyyyy.jpg:SummaryInformation
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\yyyyyyyy.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
[07/21/2008 05:06 PM | 07,786,755 | ---- | M] () - C:\Documents and Settings\baljot\My Documents\[Đc] 10 - Gippy Grewal - Mere Yaar Ne (By.Soldi-tank-wala) [DholCutz.net].mp3
[05/31/2008 05:07 PM | 00,000,162 | -H-- | M] () - C:\Documents and Settings\baljot\My Documents\~$Am Sam.doc
[07/30/2008 09:22 PM | 00,001,732 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Audition 1.5.lnk
[07/03/2008 09:38 AM | 00,000,733 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[06/24/2008 09:22 AM | 00,001,886 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Microsoft LifeCam.lnk
[06/19/2008 12:16 PM | 00,001,602 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[07/03/2008 10:25 AM | 00,000,719 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[08/22/2008 01:53 PM | 02,720,466 | ---- | M] () - C:\Documents and Settings\baljot\Desktop\ComboFix.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier
[07/29/2008 04:29 PM | 00,001,596 | ---- | M] () - C:\Documents and Settings\baljot\Desktop\DC++.lnk
[08/22/2008 01:50 PM | 00,812,344 | ---- | M] (Trend Micro Inc.) - C:\Documents and Settings\baljot\Desktop\HJTInstall.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier
[08/23/2008 09:16 AM | 01,399,296 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\baljot\Desktop\OTViewIt.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTViewIt.exe:Zone.Identifier
[08/22/2008 01:55 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\baljot\Desktop\TheDoc.exe.lnk
[07/03/2008 08:04 AM | 00,000,704 | ---- | M] () - C:\Documents and Settings\baljot\Desktop\WinRAR.lnk
[08/12/2008 10:31 AM | 00,000,630 | ---- | M] () - C:\Documents and Settings\baljot\Desktop\µTorrent.lnk
[07/30/2008 05:18 PM | ---D | M] - C:\Program Files\Common Files\Adobe
[07/30/2008 05:18 PM | ---D | M] - C:\Program Files\Common Files\Adobe Systems Shared
[08/21/2008 11:52 AM | ---D | M] - C:\Program Files\Common Files\Filseclab
[06/23/2008 08:59 PM | ---D | M] - C:\Program Files\Common Files\InstallShield
[07/29/2008 12:17 PM | ---D | M] - C:\Program Files\Common Files\Symantec Shared

< End of report >
  • 0

#7
babacomp

babacomp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
EXTRAS
OTViewIt Extras logfile created on: 8/23/2008 9:17:11 AM - Run 1
OTViewIt by OldTimer - Version 1.0.0.7 Folder = C:\Documents and Settings\baljot\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

253.80 Mb Total Physical Memory | 77.61 Mb Available Physical Memory | 30.58% Memory free
1008.23 Mb Paging File | 446.41 Mb Available in Paging File | 44.28% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.78 Gb Total Space | 29.79 Gb Free Space | 41.51% Space Free | Partition Type: NTFS
Drive D: | 2.74 Gb Total Space | 0.52 Gb Free Space | 18.94% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = YBrowser.HTML] - [09/20/2006 07:05 PM | 00,668,152 | ---- | M] (Yahoo!, Inc.) - C:\Program Files\Yahoo!\browser\ybrowser.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}" = Security Update for CAPICOM (KB931906)
"{111A3D14-7596-43B0-92BA-418435C90672}" = Intel® PRO Network Connections
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{24960CD0-661D-4957-9D5F-D2905A30EDB1}" = Jasc Paint Shop Photo Album 5
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}" = ArcSoft PhotoImpression 4
"{6ECB944F-D027-4E8A-9906-70E77C005AD5}" = ESET Smart Security
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}" = RamBooster
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Acoustica Effects Pack" = Acoustica Effects Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"CardsPlus" = Sierra CardsPlus
"DC++" = DC++ 0.707
"Google Desktop" = Google Desktop Search
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InCD!UninstallKey" = InCD
"KB873339" = Windows XP Hotfix - KB873339
"KB884020" = Windows XP Hotfix - KB884020
"KB885626" = Windows XP Hotfix - KB885626
"KB885835" = Windows XP Hotfix - KB885835
"KB885836" = Windows XP Hotfix - KB885836
"KB885884" = Windows XP Hotfix - KB885884
"KB886185" = Windows XP Hotfix - KB886185
"KB887472" = Windows XP Hotfix - KB887472
"KB888302" = Windows XP Hotfix - KB888302
"KB890046" = Security Update for Windows XP (KB890046)
"KB890859" = Windows XP Hotfix - KB890859
"KB891781" = Windows XP Hotfix - KB891781
"KB893756" = Security Update for Windows XP (KB893756)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB894391" = Update for Windows XP (KB894391)
"KB896358" = Security Update for Windows XP (KB896358)
"KB896423" = Security Update for Windows XP (KB896423)
"KB896424" = Security Update for Windows XP (KB896424)
"KB896428" = Security Update for Windows XP (KB896428)
"KB898461" = Update for Windows XP (KB898461)
"KB899587" = Security Update for Windows XP (KB899587)
"KB899589" = Security Update for Windows XP (KB899589)
"KB899591" = Security Update for Windows XP (KB899591)
"KB900485" = Update for Windows XP (KB900485)
"KB900725" = Security Update for Windows XP (KB900725)
"KB901017" = Security Update for Windows XP (KB901017)
"KB901214" = Security Update for Windows XP (KB901214)
"KB902400" = Security Update for Windows XP (KB902400)
"KB904706" = Security Update for Windows XP (KB904706)
"KB904942" = Update for Windows XP (KB904942)
"KB905414" = Security Update for Windows XP (KB905414)
"KB905749" = Security Update for Windows XP (KB905749)
"KB908519" = Security Update for Windows XP (KB908519)
"KB908531" = Update for Windows XP (KB908531)
"KB910437" = Update for Windows XP (KB910437)
"KB911280" = Update for Windows XP (KB911280)
"KB911562" = Security Update for Windows XP (KB911562)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 10 (KB911565)
"KB911567" = Security Update for Windows XP (KB911567)
"KB911927" = Security Update for Windows XP (KB911927)
"KB912919" = Security Update for Windows XP (KB912919)
"KB913433" = Security Update for Windows XP (KB913433)
"KB913580" = Security Update for Windows XP (KB913580)
"KB914388" = Security Update for Windows XP (KB914388)
"KB914389" = Security Update for Windows XP (KB914389)
"KB914440" = Hotfix for Windows XP (KB914440)
"KB915865" = Hotfix for Windows XP (KB915865)
"KB916595" = Update for Windows XP (KB916595)
"KB917344" = Security Update for Windows XP (KB917344)
"KB917422" = Security Update for Windows XP (KB917422)
"KB917734_WMP9" = Security Update for Windows Media Player 9 (KB917734)
"KB917953" = Security Update for Windows XP (KB917953)
"KB918118" = Security Update for Windows XP (KB918118)
"KB918439" = Security Update for Windows XP (KB918439)
"KB918899" = Security Update for Windows XP (KB918899)
"KB919007" = Security Update for Windows XP (KB919007)
"KB920213" = Security Update for Windows XP (KB920213)
"KB920214" = Security Update for Windows XP (KB920214)
"KB920670" = Security Update for Windows XP (KB920670)
"KB920683" = Security Update for Windows XP (KB920683)
"KB920685" = Security Update for Windows XP (KB920685)
"KB920872" = Update for Windows XP (KB920872)
"KB921398" = Security Update for Windows XP (KB921398)
"KB921503" = Security Update for Windows XP (KB921503)
"KB921883" = Security Update for Windows XP (KB921883)
"KB922582" = Update for Windows XP (KB922582)
"KB922616" = Security Update for Windows XP (KB922616)
"KB922760" = Security Update for Windows XP (KB922760)
"KB922819" = Security Update for Windows XP (KB922819)
"KB923191" = Security Update for Windows XP (KB923191)
"KB923414" = Security Update for Windows XP (KB923414)
"KB923694" = Security Update for Windows XP (KB923694)
"KB923980" = Security Update for Windows XP (KB923980)
"KB924191" = Security Update for Windows XP (KB924191)
"KB924270" = Security Update for Windows XP (KB924270)
"KB924496" = Security Update for Windows XP (KB924496)
"KB924667" = Security Update for Windows XP (KB924667)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB925454" = Security Update for Windows XP (KB925454)
"KB925486" = Security Update for Windows XP (KB925486)
"KB925902" = Security Update for Windows XP (KB925902)
"KB926239" = Hotfix for Windows XP (KB926239)
"KB926255" = Security Update for Windows XP (KB926255)
"KB926436" = Security Update for Windows XP (KB926436)
"KB927779" = Security Update for Windows XP (KB927779)
"KB927802" = Security Update for Windows XP (KB927802)
"KB927891" = Update for Windows XP (KB927891)
"KB928090" = Security Update for Windows XP (KB928090)
"KB928255" = Security Update for Windows XP (KB928255)
"KB928843" = Security Update for Windows XP (KB928843)
"KB929123" = Security Update for Windows XP (KB929123)
"KB929338" = Update for Windows XP (KB929338)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB929969" = Security Update for Windows Internet Explorer 7 (KB929969)
"KB930178" = Security Update for Windows XP (KB930178)
"KB930916" = Update for Windows XP (KB930916)
"KB931261" = Security Update for Windows XP (KB931261)
"KB931768" = Security Update for Windows XP (KB931768)
"KB931784" = Security Update for Windows XP (KB931784)
"KB931836" = Update for Windows XP (KB931836)
"KB931906" = Security Update for CAPICOM (KB931906)
"KB932168" = Security Update for Windows XP (KB932168)
"KB932823-v3" = Update for Windows XP (KB932823-v3)
"KB933360" = Update for Windows XP (KB933360)
"KB933566" = Security Update for Windows XP (KB933566)
"KB933729" = Security Update for Windows XP (KB933729)
"KB935839" = Security Update for Windows XP (KB935839)
"KB935840" = Security Update for Windows XP (KB935840)
"KB936021" = Security Update for Windows XP (KB936021)
"KB936357" = Update for Windows XP (KB936357)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB937143" = Security Update for Windows XP (KB937143)
"KB937894" = Security Update for Windows XP (KB937894)
"KB938127" = Security Update for Windows XP (KB938127)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB938828" = Update for Windows XP (KB938828)
"KB938829" = Security Update for Windows XP (KB938829)
"KB939653" = Security Update for Windows XP (KB939653)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941202" = Security Update for Windows XP (KB941202)
"KB941568" = Security Update for Windows XP (KB941568)
"KB941569" = Security Update for Windows XP (KB941569)
"KB941644" = Security Update for Windows XP (KB941644)
"KB941693" = Security Update for Windows XP (KB941693)
"KB942615" = Security Update for Windows XP (KB942615)
"KB942763" = Update for Windows XP (KB942763)
"KB942840" = Update for Windows XP (KB942840)
"KB943055" = Security Update for Windows XP (KB943055)
"KB943460" = Security Update for Windows XP (KB943460)
"KB943485" = Security Update for Windows XP (KB943485)
"KB944338" = Security Update for Windows XP (KB944338)
"KB944533" = Security Update for Windows XP (KB944533)
"KB944653" = Security Update for Windows XP (KB944653)
"KB945553" = Security Update for Windows XP (KB945553)
"KB946026" = Security Update for Windows XP (KB946026)
"KB946627" = Update for Windows XP (KB946627)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864" = Security Update for Windows XP (KB947864)
"KB948590" = Security Update for Windows XP (KB948590)
"KB948881" = Security Update for Windows XP (KB948881)
"KB950749" = Security Update for Windows XP (KB950749)
"KB950759" = Security Update for Windows XP (KB950759)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"Lexmark X1100 Series" = Lexmark X1100 Series
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOD32 v3.x FiX 1.1 by TemDono_is1" = NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"RealPlayer 6.0" = RealPlayer
"Rogers Yahoo! Applications" = Rogers Yahoo! Applications
"Shockwave" = Shockwave
"ShockwaveFlash" = Adobe Flash Player 9
"SHS" = Rogers Self Healing Software (remove only)
"Sierra Utilities" = Sierra Utilities
"Update Manager" = Update Manager (remove only)
"VLC media player" = VideoLAN VLC media player 0.8.6h
"WGA" = Windows Genuine Advantage Validation Tool (KB892130)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

===== Uninstall List =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

===== Uninstall List =====


===== Uninstall List =====


===== Uninstall List =====


===== Uninstall List =====


===== Uninstall List =====

[HKEY_USERS\S-1-5-21-1454471165-492894223-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

===== Winsock2 Catalogs =====

===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Handlers =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

===== Protocol Filters =====

Edited by babacomp, 23 August 2008 - 09:47 AM.

  • 0

#8
babacomp

babacomp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
almost forgot here is the log files from nod32 not really necessary i think but if it helps you then ok...
8/23/2008 10:38:36 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
Event occurred on a file modified by the application: \??\C:\WINDOWS\system32\winlogon.exe.

8/23/2008 10:19:17 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM
Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.

8/23/2008 10:09:34 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM
Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.

8/23/2008 10:00:50 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM
Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.

8/23/2008 9:57:58 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM
Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.

8/23/2008 9:55:13 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM
Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.

8/23/2008 9:55:08 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM
Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.

8/23/2008 9:34:00 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM
Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.

8/23/2008 9:31:53 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM
Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.

8/23/2008 9:29:47 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM
Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.

8/23/2008 9:19:27 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM
Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.

8/23/2008 9:12:25 AM Startup scanner file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting (after the next restart) - quarantined RANDHAWA-B8CDF4\baljot

8/23/2008 6:38:11 AM Real-time file system protection file C:\WINDOWS\SYSTEM32\__C00B5BFF.DAT Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.

8/23/2008 5:38:07 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
Event occurred on a new file created by the application: \??\C:\WINDOWS\system32\winlogon.exe.

8/23/2008 5:38:04 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
Event occurred on a new file created by the application: \??\C:\WINDOWS\system32\winlogon.exe.

8/23/2008 5:38:01 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
Event occurred on a new file created by the application: \??\C:\WINDOWS\system32\winlogon.exe.

8/23/2008 5:37:58 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
Event occurred on a new file created by the application: \??\C:\WINDOWS\system32\winlogon.exe.

8/23/2008 5:37:57 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
Event occurred on a new file created by the application: \??\C:\WINDOWS\system32\winlogon.exe.

8/23/2008 5:37:55 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
Event occurred on a new file created by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/23/2008 5:37:53 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
Event occurred on a new file created by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/23/2008 5:37:51 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
Event occurred on a new file created by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/23/2008 5:37:49 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
Event occurred on a new file created by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/23/2008 5:37:47 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
Event occurred on a new file created by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/23/2008 5:37:45 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
Event occurred on a new file created by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/23/2008 5:37:43 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
Event occurred on a new file created by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/23/2008 5:37:41 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
Event occurred on a new file created by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/23/2008 5:37:39 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
Event occurred on a new file created by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/23/2008 5:37:37 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
Event occurred on a new file created by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/23/2008 5:37:35 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
Event occurred on a new file created by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/23/2008 5:37:33 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
Event occurred on a new file created by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/23/2008 5:37:32 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
Event occurred on a new file created by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/23/2008 5:37:30 AM Real-time file system protection file C:\WINDOWS\system32\__c00B5BFF.dat Win32/TrojanDownloader.Agent.ODD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM
Event occurred on a new file created by the application: \??\C:\WINDOWS\system32\winlogon.exe.
  • 0

#9
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Delete your version of Combofix.

Then:
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

  • 0

#10
babacomp

babacomp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ok i already have combofix read all of that and have the recovery console got it from same site. and here is my new hjt log and combofix log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:54:04 PM, on 8/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\TheDoc.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.client.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.liv...es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1163301321307
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1163301307526
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 6402 bytes
  • 0

Advertisements


#11
babacomp

babacomp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
combofix log(the one i did before with some1 else)
ComboFix 08-08-21.02 - baljot 2008-08-23 14:00:28.2 - NTFSx86
Running from: C:\Documents and Settings\baljot\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.

2008-08-23 13:22 . 2008-08-23 13:22 <DIR> d-------- C:\_OTMoveIt
2008-08-22 13:51 . 2008-08-22 13:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-21 20:54 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-08-21 20:40 . 2008-08-21 20:40 <DIR> d-------- C:\Program Files\ESET
2008-08-21 12:21 . 2008-08-21 12:21 <DIR> d-------- C:\Documents and Settings\baljot\Application Data\ESET
2008-08-21 12:17 . 2008-08-21 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-21 11:04 . 2008-08-21 11:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Protexis
2008-08-12 12:46 . 2008-08-12 12:46 <DIR> d-------- C:\Program Files\Acoustica Shared Effects
2008-08-12 12:46 . 2008-08-12 12:46 <DIR> d-------- C:\Documents and Settings\baljot\Application Data\Acoustica
2008-08-12 12:46 . 2007-08-07 11:32 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll
2008-08-12 12:31 . 2008-08-12 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Acoustica
2008-08-12 12:30 . 2008-08-21 14:09 <DIR> d-------- C:\Program Files\Acoustica Mixcraft 4
2008-08-12 10:34 . 2008-08-12 10:34 <DIR> d-------- C:\Program Files\utorrent setup
2008-08-12 10:31 . 2008-08-12 10:34 <DIR> d-------- C:\Program Files\uTorrent
2008-08-07 19:10 . 2008-08-07 21:59 <DIR> d-------- C:\Program Files\StartUp Organizer
2008-08-07 19:10 . 2008-08-07 19:10 <DIR> d-------- C:\Documents and Settings\baljot\Application Data\MetaProducts
2008-08-06 16:49 . 2008-08-06 16:49 <DIR> d-------- C:\Program Files\RamBooster 2.0
2008-08-06 16:16 . 2008-08-21 11:46 <DIR> d-------- C:\Documents and Settings\baljot\Application Data\Digital Support
2008-08-06 16:15 . 2008-08-18 08:30 <DIR> d-------- C:\Program Files\Digital Support
2008-08-06 09:52 . 2008-08-06 09:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-05 21:47 . 2008-06-23 12:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-05 21:47 . 2008-06-23 12:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-05 21:47 . 2008-06-23 12:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-05 21:47 . 2008-06-23 12:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-05 21:47 . 2008-06-23 12:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-05 21:47 . 2008-06-23 05:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-05 21:46 . 2008-06-23 12:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-30 17:26 . 2008-07-30 17:28 <DIR> d-------- C:\Temp
2008-07-30 17:23 . 2008-07-30 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-30 17:18 . 2008-07-30 17:18 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-30 14:17 . 2008-07-30 14:17 105 --a------ C:\WINDOWS\sme.INI
2008-07-29 16:29 . 2008-08-22 09:42 <DIR> d-------- C:\Program Files\DC++
2008-07-28 17:41 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-28 17:41 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-28 16:54 . 2008-07-29 12:17 <DIR> d-------- C:\Program Files\WinRAR(2)
2008-07-28 13:26 . 2008-08-21 11:52 <DIR> d-------- C:\Program Files\Common Files\Filseclab
2008-07-28 10:24 . 2008-07-28 10:28 <DIR> d-------- C:\WINDOWS\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-22 00:44 --------- d-----w C:\Documents and Settings\baljot\Application Data\uTorrent
2008-08-11 15:58 32,274 ----a-w C:\Documents and Settings\baljot\Application Data\wklnhst.dat
2008-08-08 01:59 --------- d-----w C:\Program Files\Yahoo!
2008-07-30 21:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-29 16:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-28 17:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-28 14:27 5,949,589,504 ----a-w C:\Program Files\Backup-Of-Everything.bkf
2008-07-10 21:58 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-07-03 14:26 --------- d-----w C:\Documents and Settings\baljot\Application Data\vlc
2008-07-03 14:24 --------- d-----w C:\Program Files\VideoLAN
2008-07-03 13:38 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-07-03 13:25 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-03 13:25 --------- d-----w C:\Documents and Settings\baljot\Application Data\DAEMON Tools
2008-06-24 13:22 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-06-24 01:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-06-24 01:06 --------- d-----w C:\Documents and Settings\baljot\Application Data\Roxio
2008-06-24 00:59 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-03 16:59 75,536 ------w C:\Documents and Settings\baljot\Application Data\GDIPFONTCACHEV1.DAT
2007-01-23 18:34 4,670 -c----w C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2007-01-02 21:54 56,336 -c----w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2004-03-11 18:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-09-12 15:04 4670704]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 11:26 86016]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-14 07:40 185632]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-02-20 11:06 1443072]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 06:12 577536 C:\WINDOWS\soundman.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ShowSuperHidden"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 05:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-03-02 19:48 120320 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-06-21 17:44 126976 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-06-21 17:48 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2004-09-07 09:25 1400944 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 06:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2007-05-17 17:45 279912 C:\Program Files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2003-06-07 07:32 50688 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2004-09-22 17:10 1871872 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
--------- 2004-04-21 11:26 86016 C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RamBooster]
--a------ 2005-11-17 07:32 561664 C:\Program Files\RamBooster 2.0\Rambooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 18:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RogersAgent]
--a------ 2007-04-23 16:51 478968 c:\Program Files\Rogers\SelfHealing\RogersAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SHS]
--a------ 2007-10-12 16:30 5166392 C:\Program Files\Rogers\SelfHealing\SHS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-10-12 04:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-09-14 07:40 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager]
--a------ 2007-10-12 16:30 136504 C:\Program Files\Rogers\Update Manager\UpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2007-04-10 17:46 709992 C:\WINDOWS\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-09-12 15:04 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2007-06-26 14:48 509224 C:\PROGRA~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GoogleDesktopManager"=3 (0x3)
"ERSvc"=2 (0x2)
"YPCService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 17:45]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 17:46]
S3 AR5523;802.11 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5523.sys []
S3 ATHFMWDL;802.11 USB Wireless Adapter Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a0ae250-d4d3-11dc-b417-0011112206c8}]
\Shell\AutoRun\command - F:\LaunchU3.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-23 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

2008-06-24 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 17:45]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\baljot\Application Data\Mozilla\Firefox\Profiles\8obcjnn5.default\
FF -: plugin - C:\Program Files\Java\jre1.5.0_09\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_09\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_09\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_09\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_09\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_09\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 14:04:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-23 14:10:13
ComboFix-quarantined-files.txt 2008-08-23 18:09:35
ComboFix2.txt 2008-08-23 17:54:31

Pre-Run: 36,372,267,008 bytes free
Post-Run: 36,361,519,104 bytes free

212 --- E O F --- 2008-08-14 07:34:24

Edited by babacomp, 23 August 2008 - 01:57 PM.

  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts

combofix log(the one i did before with some1 else)

ARe you being helped on another forum?
  • 0

#13
babacomp

babacomp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
yea but they stopped right here now im stuck i dont know what to do
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Well since you have posted on three or four different forums then let them continue to help you as it is a waste of time to have multiple people help you at once.
Inform them that you were also getting help here and that it has been discontinued.
  • 0

#15
babacomp

babacomp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
so you telling me that you are not going to help me??i had to because it took them so long to tell me the instructions.and i will tell them and is there anything wrong should imanually delete the files are they important?

Edited by babacomp, 23 August 2008 - 02:13 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP