Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot install/uninstall mcafee/ Hijack this/ any antivius

Started by Darwin69 , Sep 13 2008 11:35 AM

  • Please log in to reply

#1
Darwin69
Posted 13 September 2008 - 11:35 AM

Darwin69

    New Member

  • Member
  • Pip
  • 2 posts
My sister got something on her computer, and I am hoping to not have to reformat. Mcafee says protection is turned off, and when you try to launch the Mcafe control panel, it just vanishes as soon as it appears on screen. I tried installing HiJack this, that just disappears immediately as well. This occurs in safe mode as well. If I try to go to any anti-spyware or anti-virus website, it closes the web browser. Very frustrating. I was able to install Malwarebytes while in safe mode, so I ran that. Also ran the OTScanIT.

Attached are the logs.. edit. Could not attach the OTSCanIT log, it is 1 MB.

Any ideas???

Malwarebytes' Anti-Malware 1.28
Database version: 1145
Windows 5.1.2600 Service Pack 3

9/13/2008 12:43:16 PM
mbam-log-2008-09-13 (12-43-16).txt

Scan type: Full Scan (C:\|)
Objects scanned: 134148
Time elapsed: 23 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/minibugtransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchwbbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchwbbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchwbbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchwbbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchwbtoolbar.temperaturebarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchwbtoolbar.temperaturebarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{933ed98e-57e9-11dd-bf82-a36255d89593} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{933ed98e-57e9-11dd-bf82-a36255d89593} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\Documents and Settings\Barbara Frank\Local Settings\Temporary Internet Files\Content.IE5\MLWUDMMX\u171[1].exe (Trojan.[bleep]a) -> Quarantined and deleted successfully.
C:\Documents and Settings\Barbara Frank\Local Settings\Temporary Internet Files\Content.IE5\R6O3C61Z\u925[1].exe (Trojan.[bleep]a) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\[bleep]a.dll (Trojan.BHO) -> Quarantined and deleted successfully.


  • 0

Advertisements

#2
Darwin69
Posted 13 September 2008 - 11:37 AM

Darwin69

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Got the OTScanIT log...

[quote]OTScanIt logfile created on: 9/13/2008 1:40:38 PM
OTScanIt by OldTimer - Version 1.0.19.0 Folder = E:\SmitFraud Fix\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2248;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.31 Gb Total Space | 23.53 Gb Free Space | 33.00% Space Free | Partition Type: NTFS
Drive D: | 91.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 3.83 Gb Total Space | 2.80 Gb Free Space | 73.03% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BARB
Current User Name: Barbara Frank
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Whitelist: On

[Processes - Non-Microsoft Only]

[Win32 Services - Non-Microsoft Only]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\SYSTEM32\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 2/9/2006 9:05:00 PM | Attr = ]
(ITMRTSVC) CA Pest Patrol Realtime Protection Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\CA\PPRT\bin\ITMRTSVC.exe -> CA, Inc. [Ver = 1.1.0.13 | Size = 263696 bytes | Modified Date = 9/13/2006 3:40:42 PM | Attr = ]
(LicCtrlService) LicCtrl Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\Runservice.exe -> [Ver = | Size = 2560 bytes | Modified Date = 6/20/2008 5:27:14 PM | Attr = ]
(SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\SiteAdvisor\6261\SAService.exe -> [Ver = | Size = 345376 bytes | Modified Date = 5/24/2008 10:38:28 AM | Attr = ]
(wltrysvc) Broadcom Wireless LAN Tray Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\SYSTEM32\WLTRYSVC.EXE -> [Ver = | Size = 20992 bytes | Modified Date = 4/24/2006 11:51:08 PM | Attr = ]
(WMP300NSvc) WMP300NSvc [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Wireless-N PCI Adapter\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 9 | Size = 53307 bytes | Modified Date = 7/4/2005 4:46:04 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Administrator.BARB Startup Folder > -> C:\Documents and Settings\Administrator.BARB\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Barbara Frank Startup Folder > -> C:\Documents and Settings\Barbara Frank\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 8:12:19 PM | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\SYSTEM32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 8:12:38 PM | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\SYSTEM32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 8:12:24 PM | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\SYSTEM32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\SYSTEM32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 8:12:41 PM | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006] > -> HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
eaabeccecebfbf -> %SystemRoot%\SYSTEM32\eaabeccecebfbf.dll -> [Ver = | Size = 302096 bytes | Modified Date = 5/17/2005 3:15:33 AM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
Reg Error: Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
Reg Error: Key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
Reg Error: Key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> ->
Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 ->
Reg Error: Key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006] > -> HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
Reg Error: Key HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> ->
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\SYSTEM32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 2:40:46 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 0 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
< Drives with AutoRun files > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 8/10/2004 3:04:08 PM | Attr = ]
autorun.inf [[AutoRun] | icon=bootcd\wintools\autorun.exe | open=bootcd\wintools\autorun.exe | ] -> D:\autorun.inf [ CDFS ] -> [Ver = | Size = 77 bytes | Modified Date = 2/16/2008 7:38:31 PM | Attr = RH ]
autorun.inf [[AutoRun] | shellexecute=E:\m.exe /s | Action=Autorun | ] -> E:\autorun.inf [ FAT32 ] -> [Ver = | Size = 53 bytes | Modified Date = 9/13/2008 1:30:48 PM | Attr = H ]
< HOSTS File > (759 bytes and 20 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
HPC815D9 HP001B78C815D9
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft...p...&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft...p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.dell4me.com/mywaybiz ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.aol.com ->
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.dell4me.com/mywaybiz ->
HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.dell4me.com/mywaybiz ->
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.dell4me.com/mywaybiz ->
HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.dell4me.com/mywaybiz ->
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\] > -> ->
HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\: Main\\Default_Page_URL -> http://www.dell4me.com/mywaybiz ->
HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\: Main\\Start Page -> http://www.aol.com ->
HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\: Search\\SearchAssistant -> http://www.google.com/ie ->
HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
objects_aol.com [*] -> Out of zone range - ( 5 ) ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\] > -> HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
objects_aol.com [*] -> Out of zone range - ( 5 ) ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\] > -> HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr = ]
{089FD14D-132B-48FC-8861-0048AE113215} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 927008 bytes | Modified Date = 5/16/2008 12:49:40 PM | Attr = ]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\GetRight\xx2gr.dll [IE to GetRight Helper] -> Headlight Software, Inc. [Ver = 6.3a | Size = 246848 bytes | Modified Date = 7/18/2007 3:54:28 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/6/2004 3:05:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 4:21:52 PM | Attr = ]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar Launcher] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 4:35:30 PM | Attr = ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.14.0.0.366.x86 | Size = 58688 bytes | Modified Date = 11/9/2007 12:09:08 PM | Attr = ]
{8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MyWebSearchWB\bar\1.bin\W6BAR.DLL [My Web Search Bar BHO] -> My Web Search [Ver = 2, 0, 4, 1 | Size = 278528 bytes | Modified Date = 1/19/2008 9:17:43 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll [McAfee SiteAdvisor] -> [Ver = | Size = 927008 bytes | Modified Date = 5/16/2008 12:49:40 PM | Attr = ]
{8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MyWebSearchWB\bar\1.bin\W6BAR.DLL [WeatherBug Browser Bar - powered by MyWebSearch] -> My Web Search [Ver = 2, 0, 4, 1 | Size = 278528 bytes | Modified Date = 1/19/2008 9:17:43 AM | Attr = ]
{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 4:35:30 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 4:35:30 PM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\] > -> HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 4:35:30 PM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_10\bin\NPJPI150_10.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 11/9/2006 4:21:53 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 4:21:52 PM | Attr = ]
{3369AF0D-62E9-4bda-8103-B4C75499B578}:{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 4:35:30 PM | Attr = ]
{669B269B-0D4E-41FB-A3D8-FD67CA94F646}:Exec -> [ComcastHSI] -> File not found
{8828075D-D097-4055-AA02-2DBFA9D85E8A}:Exec -> [Support] -> File not found
{97809617-3937-4F84-B335-9BB05EF1A8D4}:Exec -> [Help] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_10\bin\NPJPI150_10.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 11/9/2006 4:21:53 PM | Attr = ]
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 4:35:30 PM | Attr = ]
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{669B269B-0D4E-41FB-A3D8-FD67CA94F646} [HKEY_LOCAL_MACHINE] -> [ComcastHSI] -> File not found
CmdMapping\\{8828075D-D097-4055-AA02-2DBFA9D85E8A} [HKEY_LOCAL_MACHINE] -> [Support] -> File not found
CmdMapping\\{97809617-3937-4F84-B335-9BB05EF1A8D4} [HKEY_LOCAL_MACHINE] -> [Help] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&AOL Toolbar Search -> %ProgramFiles%\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html -> [Ver = | Size = 747 bytes | Modified Date = 9/7/2006 4:59:50 PM | Attr = ]
&Search -> Reg Error: Value does not exist or could not be read. -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_10\bin\NPJPI150_10.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 11/9/2006 4:21:53 PM | Attr = ]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_10\bin\NPJPI150_10.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 11/9/2006 4:21:53 PM | Attr = ]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\] > -> HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_10\bin\NPJPI150_10.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 11/9/2006 4:21:53 PM | Attr = ]
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 4:35:30 PM | Attr = ]
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{669B269B-0D4E-41FB-A3D8-FD67CA94F646} [HKEY_LOCAL_MACHINE] -> [ComcastHSI] -> File not found
CmdMapping\\{8828075D-D097-4055-AA02-2DBFA9D85E8A} [HKEY_LOCAL_MACHINE] -> [Support] -> File not found
CmdMapping\\{97809617-3937-4F84-B335-9BB05EF1A8D4} [HKEY_LOCAL_MACHINE] -> [Help] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\] > -> HKEY_USERS\S-1-5-21-2048386667-4258411543-2397727971-1006\Software\Microsoft\Internet Explorer\MenuExt\ ->
&AOL Toolbar Search -> %ProgramFiles%\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html -> [Ver = | Size = 747 bytes | Modified Date = 9/7/2006 4:59:50 PM | Attr = ]
&Search -> Reg Error: Value does not exist or could not be read. -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{2D6C3482-2DC6-4729-8A21-6CFEF9F3EDC3} -> (Linksys Wireless-N PCI Adapter WMP300N) ->
{91B57188-B41D-4414-8678-BCB972D96EB9} -> (Intel® PRO/100 VE Network Connection) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll[Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 927008 bytes | Modified Date = 5/16/2008 12:49:40 PM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft....k/?linkid=39204[Windows Genuine Advantage Validation Tool] ->
{341FF14B-00CB-49F5-A427-A164DF1D5E1F}[HKEY_LOCAL_MACHINE] -> http://musicstore.co...ALStreaming.cab[Reg Error: Key does not exist or could not be opened.] ->
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}[HKEY_LOCAL_MACHINE] -> http://www.fileplane...C_2.3.6.108.cab[CDownloadCtrl Object] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.micros...ntent/opuc3.cab[Office Update Installation Engine] ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://download.mcaf...96/mcinsctl.cab[McAfee.com Operating System Class] ->
{549F957E-2F89-11D6-8CFE-00C04F52B225}[HKEY_LOCAL_MACHINE] -> http://smartsource2....oad/cscmv5X.cab[Reg Error: Key does not exist or could not be opened.] ->
{5AE58FCF-6F6A-49B2-B064-02492C66E3F4}[HKEY_LOCAL_MACHINE] -> http://catalog.updat...b?1187709864656[MUCatalogWebControl Class] ->
{6B75345B-AA36-438A-BBE6-4078B4C6984D}[HKEY_LOCAL_MACHINE] -> http://h20270.www2.h...ctDetection.cab[HpProductDetection Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.micros...b?1187709145703[MUWebControl Class] ->
{78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC}[HKEY_LOCAL_MACHINE] -> http://us-download.m...ted/mvt/mvt.cab[Reg Error: Key does not exist or could not be opened.] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.5.0_10] ->
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}[HKEY_LOCAL_MACHINE] -> http://download.mcaf...,26/mcgdmgr.cab[DwnldGroupMgr Class] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.5.0_06] ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.5.0_09] ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.5.0_10] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.5.0_10] ->
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB}[HKEY_LOCAL_MACHINE] -> http://ax.phobos.app.../ITDetector.cab[Reg Error: Key does not exist or could not be opened.] ->
{FA9740A2-5802-42E2-B509-81186EEB3C42}[HKEY_LOCAL_MACHINE] -> https://www.linkedin...cab/wabctrl.cab[Reg Error: Key does not exist or could not be opened.] ->
{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1}[HKEY_LOCAL_MACHINE] -> http://dlm.tools.aka...vex-2.2.3.0.cab[DLM Control] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/at3dec.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/at3dec.dll\\.Owner -> {341FF14B-00CB-49F5-A427-A164DF1D5E1F} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/at3dec.dll\\{341FF14B-00CB-49F5-A427-A164DF1D5E1F} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/atxdec.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/atxdec.dll\\.Owner -> {341FF14B-00CB-49F5-A427-A164DF1D5E1F} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/atxdec.dll\\{341FF14B-00CB-49F5-A427-A164DF1D5E1F} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CpnMgr.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CpnMgr.dll\\.Owner -> {549F957E-2F89-11D6-8CFE-00C04F52B225} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CpnMgr.dll\\{549F957E-2F89-11D6-8CFE-00C04F52B225} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/detect.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/detect.dll\\.Owner -> {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/detect.dll\\{78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DLMControl.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DLMControl.dll\\.Owner -> {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DLMControl.dll\\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DownloadManagerV2.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DownloadManagerV2.ocx\\.Owner -> {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DownloadManagerV2.ocx\\{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ITDetector.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ITDetector.ocx\\.Owner -> {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ITDetector.ocx\\{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Manager.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Manager.exe\\.Owner -> {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Manager.exe\\{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MVT.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MVT.dll\\.Owner -> {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MVT.dll\\{78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SMALPlaybackComp.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SMALPlaybackComp.dll\\.Owner -> {341FF14B-00CB-49F5-A427-A164DF1D5E1F} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SMALPlaybackComp.dll\\{341FF14B-00CB-49F5-A427-A164DF1D5E1F} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SMALPlaybackCtrl.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SMALPlaybackCtrl.ocx\\.Owner -> {341FF14B-00CB-49F5-A427-A164DF1D5E1F} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SMALPlaybackCtrl.ocx\\{341FF14B-00CB-49F5-A427-A164DF1D5E1F} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wabctrl.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wabctrl.dll\\.Owner -> {FA9740A2-5802-42E2-B509-81186EEB3C42} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wabctrl.dll\\{FA9740A2-5802-42E2-B509-81186EEB3C42} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DAntivirus.cfg\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DAntivirus.cfg\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI.VXD\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI.VXD\\.Owner -> {EB387D2F-E27B-4D36-979E-847D1036C65D} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI.VXD\\{EB387D2F-E27B-4D36-979E-847D1036C65D} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI2.sys\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI2.sys\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT.sys\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT.sys\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT.VXD\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT.VXD\\.Owner -> {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT.VXD\\{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/MicrosoftUpdateCatalogWebControl.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/MicrosoftUpdateCatalogWebControl.dll\\.Owner -> {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/MicrosoftUpdateCatalogWebControl.dll\\{5AE58FCF-6F6A-49B2-B064-02492C66E3F4} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\\{78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msxml4.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msxml4.dll\\.Owner -> {88D969C0-F192-11D4-A65F-0040963251E5} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msxml4r.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msxml4r.dll\\.Owner -> {88D969C0-F192-11D4-A65F-0040963251E5} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/muweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> ->



[Files/Folders - Created Within 30 days]
SmitFraud Fix -> %SystemDrive%\SmitFraud Fix -> [Folder | Created Date = 9/13/2008 11:27:28 AM | Attr = ]
1 C:\*.tmp files -> C:\*.tmp ->
ativmc20.cod -> %SystemRoot%\System32\drivers\ativmc20.cod -> [Ver = | Size = 64352 bytes | Created Date = 8/21/2008 8:28:50 PM | Attr = ]
cxthsfs2.cty -> %SystemRoot%\System32\drivers\cxthsfs2.cty -> [Ver = | Size = 129045 bytes | Created Date = 8/21/2008 8:28:56 PM | Attr = ]
netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img -> [Ver = | Size = 67866 bytes | Created Date = 8/21/2008 8:29:31 PM | Attr = ]
AudioCDBurnerActiveX -> %SystemRoot%\System32\AudioCDBurnerActiveX -> [Folder | Created Date = 8/28/2008 2:09:14 PM | Attr = ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
bits -> %SystemRoot%\System32\bits -> [Folder | Created Date = 8/22/2008 8:03:42 AM | Attr = ]
en -> %SystemRoot%\System32\en -> [Folder | Created Date = 8/22/2008 8:03:42 AM | Attr = ]
pid.inf -> %SystemRoot%\System32\pid.inf -> [Ver = | Size = 1261 bytes | Created Date = 8/21/2008 8:29:08 PM | Attr = ]
scripting -> %SystemRoot%\System32\scripting -> [Folder | Created Date = 8/22/2008 8:03:44 AM | Attr = ]
tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 1140 bytes | Created Date = 9/13/2008 11:30:13 AM | Attr = ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Created Date = 8/22/2008 7:51:45 AM | Attr = H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
EHome -> %SystemRoot%\EHome -> [Folder | Created Date = 8/22/2008 7:51:39 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Created Date = 9/11/2008 3:36:15 PM | Attr = ]
l2schemas -> %SystemRoot%\l2schemas -> [Folder | Created Date = 8/22/2008 8:03:44 AM | Attr = ]
LMI2D.tmp -> %SystemRoot%\LMI2D.tmp -> [Folder | Created Date = 9/11/2008 3:37:37 PM | Attr = ]
LMI45.tmp -> %SystemRoot%\LMI45.tmp -> [Folder | Created Date = 9/11/2008 3:28:20 PM | Attr = ]
LMI81.tmp -> %SystemRoot%\LMI81.tmp -> [Folder | Created Date = 9/11/2008 3:15:10 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 8/22/2008 8:15:01 AM | Attr = ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Created Date = 8/22/2008 8:00:33 AM | Attr = ]
McAfee Cleanup.job -> %SystemRoot%\tasks\McAfee Cleanup.job -> [Ver = | Size = 770 bytes | Created Date = 9/13/2008 1:24:33 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
BOOT.INI -> %SystemDrive%\BOOT.INI -> [Ver = | Size = 211 bytes | Modified Date = 9/13/2008 11:23:34 AM | Attr = RHS]
1 C:\*.tmp files -> C:\*.tmp ->
NTLDR -> %SystemDrive%\NTLDR -> [Ver = | Size = 250048 bytes | Modified Date = 8/22/2008 7:56:52 AM | Attr = RHS]
VETlog.dmp -> %SystemDrive%\VETlog.dmp -> [Ver = | Size = 89078 bytes | Modified Date = 9/8/2008 11:15:22 AM | Attr = ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 211288 bytes | Modified Date = 8/22/2008 8:14:39 AM | Attr = ]
mmf.sys -> %SystemRoot%\System32\mmf.sys -> [Ver = | Size = 1265 bytes | Modified Date = 9/13/2008 1:21:41 PM | Attr = HS]
PERFC009.DAT -> %SystemRoot%\System32\PERFC009.DAT -> [Ver = | Size = 93006 bytes | Modified Date = 8/23/2008 3:11:18 AM | Attr = ]
PERFH009.DAT -> %SystemRoot%\System32\PERFH009.DAT -> [Ver = | Size = 507264 bytes | Modified Date = 8/23/2008 3:11:18 AM | Attr = ]
PerfStringB

Edited by Darwin69, 13 September 2008 - 11:39 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP